Twitter
Home Blog Page 463

Introducing CRI-O 1.0

By
Red Hat
-

Last year, the Kubernetes project introduced its Container Runtime Interface (CRI) — a plugin interface that gives kubelet (a cluster node agent used to create pods and start containers) the ability to use different OCI-compliant container runtimes, without needing to recompile Kubernetes. Building on that work, the CRI-O project (originally known as OCID) is ready to provide a lightweight runtime for Kubernetes.

So what does this really mean?

CRI-O allows you to run containers directly from Kubernetes – without any unnecessary code or tooling. As long as the container is OCI-compliant, CRI-O can run it, cutting out extraneous tooling and allowing containers to do what they do best: fuel your next-generation cloud-native applications.

Read more at Red Hat

Linus Torvalds Says Targeted Fuzzing Is Improving Linux Security

By
ZDNet
-

Announcing the fifth release candidate for the Linux kernel version 4.14, Linus Torvalds has revealed that fuzzing is producing a steady stream of security fixes.

Fuzzing involves stress testing a system by generating random code to induce errors, which in turn may help identify potential security flaws. Fuzzing is helping software developers catch bugs before shipping software to users.

As Torvalds points out, Linux kernel developers have been using fuzzing programs since the beginning, such as tools like “crashme”, which was released in 1991 and nearly 20 years later was used by Google security researcher Tavis Ormandy to test how well shielded a host is when untrusted data is being processed in a virtual machine.

Read more at ZDNet

How to Deploy Multi-Cloud Serverless and Cloud Foundry APIs at Scale

By
OpenStack
-

Ken Parmelee, who leads the API gateway for IBM and Big Blue’s open source projects, has a few ideas about open-source methods for “attacking” the API and how to create micro-services and make them scale.

“Micro-services and APIs are products and we need to be thinking about them that way,” Parmelee says. “As you start to put them up people rely on them as part of their business. That’s a key aspect of what you’re doing in this space.”

Anyone can try out these serverless APIs in just 30 seconds at https://console.bluemix.net/openwhisk/ “This sounds very gimmicky, but it is that easy to do…We’re combining the work we’ve done with Cloud Foundry and released them in Bluemix under the OpenWhisk to provide security and scalability.”

Read more at OpenStack Superuser

Serious Flaw in WPA2 Protocol Lets Attackers Intercept Passwords and Much More

By
ArsTechnica
-

Researchers have disclosed a serious weakness in the WPA2 protocol that allows attackers within range of vulnerable device or access point to intercept passwords, e-mails, and other data presumed to be encrypted, and in some cases, to inject ransomware or other malicious content into a website a client is visiting.

The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that was scheduled for 8am Monday, East Coast time. A website disclosing the vulnerability said it affects the core WPA2 protocol itself and is effective against devices running Android, Linux, and OpenBSD, and to a lesser extent macOS and Windows, as well as MediaTek Linksys, and other types of devices. The site warned that attackers can exploit the flaw to decrypt a wealth of sensitive data that’s normally encrypted by the nearly ubiquitous Wi-Fi encryption protocol.

Read more at Ars Technica

Join The Linux Foundation at Open Source Summit EU for Booth Swag, Project Updates, and More

By
The Linux Foundation
-

Going to Open Source Summit EU in Prague? While you’re there, be sure stop by The Linux Foundation training booth for fun giveaways and a chance to win a one of three Raspberry Pi kits.

Giveaways include The Linux Foundation branded webcam covers, The Linux Foundation projects’ stickers, Tux stickers, Linux.com stickers, as well as free ebooks: The SysAdmin’s Essential Guide to Linux Workstation SecurityPractical GPL Compliance, and A Guide to Understanding OPNFV & NFV.

You can also enter the raffle for a chance to win a Raspberry Pi Kit. There will be 3 raffle winners: names will be drawn and prizes will be mailed on Nov. 2.

Read more at The Linux Foundation

DevOps Skills Are Key to Collaboration within Organizations

By
Esther Shein
-

DevOps is one of the most highly sought skills employers are seeking to fill among 57 percent of respondents in the 2017 Open Source Jobs Report, from Dice and The Linux Foundation. Specifically, firms are looking for developers (73 percent) and DevOps engineers (60 percent).

This comes as no surprise, given that DevOps professionals come with a blend of development and operations skills, providing the ability for organizations to create a more efficient and collaborative working environment. Unlike system administrators, which the DevOps role evolved from, DevOps requires greater flexibility. Consequently, DevOps professionals often wear different hats as they are tasked with multiple responsibilities, including designing and maintaining systems as well as making software development more efficient.

In addition to being versed in the latest enterprise technologies, DevOps professionals “also have the soft skills necessary to operate collaboratively across any given organization,’’ according to Dice’s annual Salary Survey for 2017. “They can finesse their way through every stage of the software-development lifecycle, all the way through implementation.”

The DevOps role requires not only writing an application, but also understanding how the code operates in production and maintaining it, being mindful of things like performance and stability. It emphasizes the ability to both communicate and collaborate.

A working DevOps pipeline is a thing of beauty to behold, and helps bring the vision of truly automated end-to-end application automation to life,’’ writes Bernard Golden in enterprise.nxt.

Overall, respondents say the use of open source technologies is becoming increasingly more important (42 percent) in a business strategy, with 58 percent of hiring managers stating they will hire more open source professionals in the next several months, the Open Source Jobs Report finds.

Yet, 89 percent of hiring managers say it is difficult to find the right mix of experience and skills, a similar finding to last year’s 87 percent, according to the report. Meanwhile, 86 percent of open source professionals believe that knowing open source has advanced their career, and 52 percent say it would be easy to find another job. Only 27 percent report they have not received a recruiting call in the past six months.

Emphasis on the cloud and open source

Among the other notable findings in the Open Source Jobs Report is the assumption that Linux is increasingly running underneath work involving cloud and DevOps. Chef, Puppet and Ansible are the most popular DevOps tools and were created as open source with Windows support added later.

As more and more workloads and applications are moved to into the cloud, demand is growing for skills in cloud administration, DevOps and continuous integration/continuous delivery. This is also fueling greater interest in training and certifications related to open source projects and tools that power the cloud, the report notes.  

Further illustrating the predominance of Linux in the cloud is the fact that the system underpins Google’s and Amazon’s public clouds. And, Microsoft has said that about 30 percent of Azure instances also run on Linux, with the percentage rising to as much as 50 percent on new workloads. The software giant continues to add to its open source footprint with Linux container and Kubernetes tools.



Agile development and DevOps are often commonly associated with cloud computing because both require immediate infrastructure availability, says Golden.

DevOps salaries paying off

DevOps positions command some of the highest paying salaries in tech, the 2017 Dice survey states. The starting salary for professionals with experience working with the Ansible platform is $121,382, according to Dice. The starting salary for Puppet knowledge is $112,883 and for Chef, $112,523.

The highest-paying DevOps skills are generally focused on automation and configuration management, the Dice salary survey finds. This makes sense, the survey points out, given that platforms including Ansible automate tasks like software provisioning, ensuring that DevOps professionals can perform their job regardless of thesize of the organization. 

Looking ahead

The good news is demand for DevOps engineers in North America is expected to continue to be high next year, according to the 2018 Robert Half Salary Guide for Technology Professionals. This is especially true if candidates have solid communication and interpersonal skills, the firm notes.

The report finds the hot vertical industries for next year are healthcare, financial services, and manufacturing.

Download the full 2017 Open Source Jobs Report now.

How to Define a Metrics Strategy for Your Community

By
OpenSource.com
-

In my experience, metrics serve three main functions: to increase awareness, to lead change, and to motivate.

  • Awareness helps you understand where you are in relation to specific policies and goals. For example, if you don’t know how many project contributions were made by under-represented minorities, you cannot determine whether workplace policies that aim to create a more inclusive and diverse work environment are successful.
  • Leading change focuses on determining a path. If a particular policy is implemented, for example, metrics will indicate whether KPIs increase or decrease.
  • Motivational actions help communities attract developers and help members achieve goals. For example, many communities reward developers who detect bugs in beta products. This benefits the community in two ways: The bugs are fixed, and looking for bugs becomes a priority for community members.

Learn more about metrics in Daniel Izquierdo’s talk, Defining a Metrics Strategy for your Community, at Open Source Summit EU, which will be held October 23-26 in Prague.

Read more at OpenSource.com

What’s in a Transport Layer?

By
O'Reilly
-

Microservices are small programs, each with a specific and narrow scope, that are glued together to produce what appears from the outside to be one coherent web application. This architectural style is used in contrast with a traditional “monolith” where every component and sub-routine of the application is bundled into one codebase and not separated by a network boundary. In recent years microservices have enjoyed increased popularity, concurrent with (but not necessarily requiring the use of) enabling new technologies such as Amazon Web Services and Docker. In this article, we will take a look at the “what” and “why” of microservices and at gRPC, an open source framework released by Google, which is a tool organizations are increasingly reaching for in their migration towards microservices.

Why Use Microservices?

To understand the general history and structure of microservices emerging as an architectural pattern, this Martin Fowler article is a good and fairly comprehensive read. It’s worth noting Fowler’s caveat near the end that:

Read more at O’Reilly

Kubernetes Implementations: The Good, the Bad, and the Ugly

By
The New Stack
-

[In this excerpt from The New Stack’s e-book The State of the Kubernetes Ecosystem, research director Lawrence Hecht asks readers to assess the challenges they may be facing in adopting Kubernetes in production for their organizations, and how they may be responding to them.]

Kubernetes’ perceived edge in the container orchestration market, as young as that market is today, is neither definitive nor definite. Its survival may yet depend on competitors’ ability to match customers’ expectations for the essential requirements for orchestration. In the future, enterprises may look for solutions that are bundled or included with larger platforms, or they may simply accept those solutions once they’ve discovered they were already bundled with the platforms in which they’ve already invested.

The Kubernetes development community needs to address the inhibitors to its adoption, especially among evaluators who have yet to commit.

As we’ve seen, agility is more important to people who evaluated Kubernetes in the past but chose another path. We explicitly asked this group, along with the group currently evaluating Kubernetes but not having yet committed to it, what is inhibiting their adoption?

Read more at The New Stack

KDE Celebrates 21st Anniversary with New Updates of KDE Applications, Frameworks

By
Softpedia
-

Today, the KDE Project celebrates the 21st anniversary of the well-known and widely used desktop environment for GNU/Linux and UNIX-like operating systems with new releases of its KDE Frameworks and KDE Applications software stacks.

KDE recently unveiled KDE Plasma 5.11 as the latest and most advanced version of the KDE desktop environment, and today they released KDE Applications 17.08.2 and KDE Frameworks 5.39.0, which are now available to download for users of the KDE Plasma 5 desktop environments, as well as GNU/Linux distros that use the KDE Stack.

Read more at Softpedia

1...462463464...10,742Page 463 of 10,742