Twitter
Home Blog Page 509

Open Source Summit: It’s Bigger on the Inside, with Workshops, Hackathon, Security Summit, and More

By
The Linux Foundation
-

The upcoming Open Source Summit NA — Sept. 11-14 in Los Angeles — offers many exciting keynote presentations and technical talks covering a wide array of topics, including cloud computing, containers, networking, diversity, and more. And, it’s also host to several co-located events that provide even more opportunities for collaboration and learning. Here are some of the events taking place.

Hacking for Humanity — A Social Innovation Hackathon with Girls in Tech

The Linux Foundation has teamed up with Girls in Tech Los Angeles for a unique two-day hackathon program to tackle global challenges. We invite women and men across all fields, including developers, designers, product developers, and entrepreneurs to participate.

Date/Time: Thursday, September 14, 10:00 am – Friday, September 15, 6:00 pm

Location: Plaza I/II, JW Marriott LA Live

Registration Cost: Complimentary. Register Here!

How to Build Habit-Forming Products Workshop

Learn how to build repeat engagement in this in-depth product development strategy workshop presented by Nir Eyal, author of Hooked: How to Build Habit-Forming Products. Eyal has constructed a practical framework and process for designing better products that gives product managers, designers, and marketers a new way for thinking of the necessary components of changing user behavior. Although no previous background is required, attendees are encouraged to come to the workshop with a product or business idea in mind.

Date: Thursday, September 14

Time: 6:30 – 9:30 pm

Location: Georgia I-II, JW Marriott LA Live

Registration Cost: $199 USD. Click here to register!

Kubernetes Core Concepts Live Training

This one-day course presented by Sebastien Goasguen serves as a crash course to learn the basics of Kubernetes. It is suitable for beginners and aimed at developers and system administrators who want to get started with Kubernetes. You will discover the Kubernetes architecture and how to install it. You will then learn how to use its basic primitives (i.e., pods, deployments and services) to build your own distributed application.

The course will be a mix of lectures, demos and hands-on exercises aimed at administrators and application developers who want to understand the overall architecture of a Kubernetes cluster and learn how to use Docker images in a Kubernetes cluster.

Date: Thursday, September 14

Time: 8:30 am – 5:00 pm

Location: Olympic 1, JW Marriott LA Live

Registration Cost: $429 USD. Pre-registration is required. Add this training to your existing Open Source Summit NA registration here.

Linux Security Summit

The Linux Security Summit (LSS) is a technical forum for collaboration between Linux developers, researchers, and end users. Its primary aim is to foster community efforts in analyzing and solving Linux security challenges.

Date: Thursday, September 14 – Friday, September 15

Time: 9:00 am – 5:00 pm (subject to change)

Location: Gold 4, JW Marriott LA Live

Registration Cost: $100 USD. You can add Linux Security Summit to your existing registration here. If you would like to attend Linux Security Summit only, please register here.

Moby Summit

The Moby Summit is a small collaborative event taking place on Thursday, September 14 alongside Open Source Summit North America. This summit is for container users who are actively maintaining, contributing or generally involved in the design and development of the Moby Project and its components: runC/ containerd, LinuxKit, Infrakit, SwarmKit, HyperKit, DataKit, VPNKit, Notary, libnetwork, etc.

Date: Thursday, September 14

Time: 8:00 am – 7:00 pm

Location: Diamond Ballroom 8/9/10, JW Marriott LA Live

Registration Cost: Purchase tickets for Moby Summit here! All revenue from ticket sales will be donated to a non-profit organization promoting diversity in the tech industry.

Open Source Entrepreneur Network Symposium

This one-day symposium is presented by John Mark Walker, Founder, Open Source Entrepreneur Network. Everyone uses open source now. It’s not so much a question of whether you use open source but how you optimize your usage and contributions. In this symposium, we will discuss the myriad of business models for selling open source-based products and services, investigate potential legal landmines around contributing to and using open source software, and look at best practices for incorporating the best of upstream open source innovation into your organization.

Date: Thursday, September 14

Time: 9:00 am – 4:00 pm

Location: Georgia I-II, JW Marriott LA Live

Registration Cost: $150 USD. Pre-registration is required. Add this symposium to your existing Open Source Summit NA registration here.

You can see the full schedule for Open Source Summit here.

Save $150 through July 30. Linux.com readers save an additional $47 with discount code LINUXRD5. Register now!

Get an OpenStack Instance Up and Running in 40 Minutes or Less

By
Sander van Vugt
-

Once you have followed the previous tutorial and have OpenStack installed using the distribution of your choice, it’s time to get some instances running.

First, you’ll want to choose how you’d like to work with OpenStack:

  • Using the Horizon Browser User Interface (BUI), which provides easy authentication and accessibility to all components.

  • Using the OpenStack Command from the command line interface (CLI), in which case you’ll need to set up some items before you can get started in the user credential file.

I like to work from the CLI, because the openstack command gives access to all of the available options, whereas when working from the BUI you’ll notice that some of the advanced options are not available.

Create a Credentials File

Before you can start working with instances, you’ll need to to create a Project or Tenant. A project (which previously was referred to as a Tenant) is the environment that is created for a customer in OpenStack. This needs to be done as the OpenStack admin user, and to keep it easy on yourself, I’d recommend creating this user from the Horizon web interface. Make sure you’re logged in as admin, and next under Identity you’ll be able to add a project, a user in that project and assign the user as a member to the project.

Screen Shot 2017-05-23 at 10.32.32.png

For working with OpenStack, it’s important to realize which set of credentials you should use. In OpenStack, Admin credentials are typically used to create infrastructure while Tenant user credentials are typically used to create instances. So to spin off an instance, you’ll need to make sure that you have user credentials.

Before you can do anything with the CLI, you’ll need to create a credentials file that sets Linux shell variables and then source that file so that the environment variables will become available in your current shell environment. Such a credentials file can have the following contents, assuming you want to create a project with the name project1, in which a user with the name user1 and password “password” can do his work:

unset SERVICE_TOKEN SERVICE_ENDPOINT

export OS_USERNAME=user1

export OS_TENANT_NAME=project1

export OS_PASSWORD=password

export OS_AUTH_URL=http://server1.example.com:35357/v2.0/

export PS1='[u@h W(keystone_user1)]$ 

source ~/keystonerc_user1

Steps to Creating an OpenStack Instance

Now we’re ready to create an instance. An instance is based on an image that is joined with a flavor and a volume and connected to a private network. To implement it, some steps need to be applied:

  • Get an image (Glance)

  • Assign a Template

  • Find out which internal network you can use to connect the instance to

  • Assign a Security Group

  • Add an SSH Key

  • Add a Floating IP address

  • Boot the instance

Here are the OpenStack commands to carry out the steps, above:

  1. source /root/keystonerc_user: This command will give you the required credentials to work as user in OpenStack.

  2. openstack keypair create key1 > /root/key1: This command creates an SSH key-pair and includes it in OpenStack, so that users can later log in to the instance using the SSH key.

  3. openstack security group create mysecgroup: Use this command to create a security group, which basically is a firewall.

  4. nova secgroup-add-rule mysecgroup tcp 22 22 0.0.0.0/0: This command opens the security group firewall rules for SSH traffic.

  5. wget https://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img: This downloads a bootable Cirros image to your local machine.

  6. glance image-create --name cirros1 --disk-format qcow2 --container-format bare --file cirros[Tab] : Use this to import the image file you’ve just downloaded into Glance so that you can use it to spin of your instance.

  7. nova flavor-list : A flavor is a hardware profile. Use this command to display a list of flavors and select the flavor you want to use. For a small test environment, I’d recommend the m1.tiny flavor as it has the minimal settings that are required to boot an instance.

  8. neutron net-list : Notice the ID of the private network to which you are going to connect the instance.

  9. nova boot --flavor m1.tiny --image cirros1--key-name key1 --security-group mysecgroup --nic net-id=<NET-ID> myvm1 : This command will boot the instance, using the components that were discussed earlier in this procedure.

  10. nova list : This command verifies that the instance has indeed booted successfully. Notice that it may take a few seconds before the instance will show “Up” in its state.

Conclusion

Now that you’ve installed OpenStack and started some instances, let’s talk about how to enable Docker containers in OpenStack. Containers are ready-to-run applications, including the entire stack that’s required to run them. Learning how to run and manage containers is key to making the most of the OpenStack platform for scale-out applications — a topic that we’ll explore in part 3 of this series.

Now updated for OpenStack Newton! Our Essentials of OpenStack Administration course teaches you everything you need to know to create and manage private and public clouds with OpenStack. Download a sample chapter today!

vkmark: More Than a Vulkan Benchmark

By
Mark Filion
-

Say hello to vkmark, a Vulkan benchmarking tool providing an extensible suite of targeted, configurable benchmarking scenes.

Written by Alexandros Frantzis, Senior Software Engineer at Collabora.

Ever since Vulkan was announced a few years ago, the idea of creating a Vulkan benchmarking tool in the spirit of glmark2 had been floating in my mind. Recently, thanks to my employer, Collabora, this idea has materialized! The result is the vkmark Vulkan benchmark, hosted on github:

https://github.com/vkmark/vkmark

Like its glmark2 sibling project, vkmark’s goals are different from the goals of big, monolithic and usually proprietary benchmarks. Instead of providing a single, complex benchmark, vkmark aims to provide an extensible suite of targeted, configurable benchmarking scenes. Most scenes exercise specific Vulkan features or usage patterns (e.g., desktop 2.5D scenarios), although we are also happy to have more complex, visually intriguing scenes.

Benchmarking scenes can be configured with options that affect various aspects of their rendering. We hope that the ease with which developers can use different options will make it painless to perform targeted tests and eventually provide best practices advice.

A few years ago we were pleasantly surprised to learn that developers were using glmark2 as a testing tool for driver development, especially in free (as in freedom) software projects. This is a goal that we want to actively pursue for vkmark, too. The flexible benchmarking approach is a natural fit for this kind of development; the developer can start with getting the simple scenes working and then, as the driver matures, move to scenes that use more advanced features. vkmark has already proved useful in this regard, being an valuable testing aid for my own experiments in the Mesa Vulkan WSI implementation.

With vkmark we also want to be on the cutting edge of software development practices and tools. vkmark is a modern, C++14 codebase, using the vulkan-hpp bindings, the Meson build system and the Catch test framework. To ensure a high quality codebase, the core of vkmark is developed using test-driven development.

It is still early days, but vkmark already has support for X11, Wayland and DRM/KMS, and provides two simple scenes: a “clear” scene, and a “cube” scene that renders a simple colored cube based on the vkcube example (which is itself based on kmscube). The future looks bright!

We are looking forward to getting more feedback on vkmark and, of course, contributions are always welcome!

Google’s OSS-Fuzz Tool Helps Secure Open Source Projects

By
Sam Dean
-

At the end of last year, Google announced OSS-Fuzz, an open source threat detection tool focused on making open source applications and platforms more secure and stable. The tool itself is open and available on GitHub, and there are now solid numbers showing that this security tool has made a remarkable difference for some well-known open source projects.

By the Numbers

According to Google developers, Fuzz has found more than 1,000 bugs (264 of which are potential security vulnerabilities) in widely used open source projects, some of them major. The bugs have been uncovered in projects ranging from LibreOffice to WireShark, and Google notes the following:

We believe that user and internet security as a whole can benefit greatly if more open source projects include fuzzing in their development process. To this end, we’d like to encourage more projects to participate and adopt the ideal integration guidelines that we’ve established.”

Once an open source project is integrated with OSS-Fuzz, it does continuous and automated scanning so that it can reveal problems only hours after changes go into an upstream repository, before any users are affected.

Google reports: “OSS-Fuzz has found numerous security vulnerabilities in several critical open source projects: 10 in FreeType2, 17 in FFmpeg, 33 in LibreOffice, 8 in SQLite 3, 10 in GnuTLS, 25 in PCRE2, 9 in gRPC, and 7 in Wireshark, etc. We’ve also had at least one bug collision with another independent security researcher (CVE-2017-2801).”

OSS-Fuzz’s utility is not limited to security, either. It has reported over 300 timeout and out-of-memory failures (75% of which got fixed, according to Google). While not every project treats these as bugs, fixing them improves performance and stability.

A Rewards Program

Google also announced that it is expanding its existing Patch Rewards program to include rewards for the integration of fuzz targets into OSS-Fuzz. To qualify for these rewards, a project needs to have a large user base and/or be critical to global IT infrastructure. Eligible projects will receive $1,000 for initial integration, and up to $20,000 for ideal integration (the final amount is at Google’s discretion). Project leaders have the option of donating these rewards to charity instead, and Google will double the amount.

To qualify for the ideal integration reward, projects must show that:

  • Fuzz targets are checked into their upstream repository and integrated in the build system with sanitizer support (up to $5,000).

  • Fuzz targets are efficient and provide good code coverage (>80%) (up to $5,000).

  • Fuzz targets are part of the official upstream development and regression testing process (i.e., they are maintained) run against old known crashers and the periodically updated corpora (up to $5,000).

  • The last $5,000 is a bonus that Google may reward at our discretion for projects that the company feels have gone the extra mile or done something really awesome.

Google is doing some outreach to project leaders to encourage participation in the rewards program, but you may also reach out to participate. Meanwhile, leaders of open source projects may want to look into implementing OSS-Fuzz for more hardened security.

Connect with the open source development community at Open Source Summit NA, Sept. 11-14 in Los Angeles. Save $150 on registration through July 30. Linux.com readers save an additional $47 with discount code LINUXRD5. Register now!

Free Webinar: Join Jono Bacon for Open Source Community Tips and Tricks

By
The Linux Foundation
-

Community manager and author Jono Bacon will provide tips for building and managing open source communities in a free webinar on Monday, July 24 at 9:30am Pacific.

In this webinar, Bacon will answer questions about community strategy and share an in-depth look at this exciting new conference held in conjunction with this year’s Open Source Summit North America, happening Sept. 11-14 in Los Angeles.

The Open Community Conference provides presentations, panels, and Birds-of-a-Feather sessions with practical guidance for building and engaging productive communities and is an ideal place to learn how to evolve your community strategy. The webinar will provide event details as well as highlights from the conference schedule, which includes such talks as:

  • Building Open Source Project Infrastructures – Elizabeth K. Joseph, Mesosphere

  • Scaling Open Source – Lessons Learned at the Apache Software Foundation – Phil Steitz, Apache Software Foundation

  • Why I Forked My Own Project and My Own Company – Frank Karlitschek, ownCloud

  • So You Have a Code of Conduct… Now What? – Sarah Sharp, Otter Tech

  • Fora, Q&A, Mailing Lists, Chat…Oh My! – Jeremy Garcia, LinuxQuestions.org / Datadog

Also, if you post questions on Twitter with the #AskJono hashtag about community strategy, leadership, open source, or the conference, you’ll get a chance to win a free ticket to the event (including all the sessions, networking events, and more).

Join us July 24, 2017 at 9:30am Pacific to learn more about community strategy from Jono Bacon. Sign Up Now »

Building Docker Images Without Docker

By
Bitnami Perspectives
-

Building a Docker image is actually all about building a root filesystem that a process will use. So there should be a relatively simple way to build a Docker image without having to rely on the Docker daemon !!! Shouldn’t there be ?

There are approaches like source to image but recently I have looked at Bazel and its Docker rules.

Bazel, Basel or Basil

Bazel is a build system open sourced in 2015 by Google. It is the open sourced version of their internal Blaze system. With just a letter permutation in the name. I have no clue how to pronounce it properly, maybe it is Basel like for the Swiss town or maybe it is Basil like the culinary plant.

Bazel is used in Kubernetes and TensorFlow and we are seeing it pop-up in more and more projects. So no more ./configure, make, make install people, get with the Bazel it is 2017. Plus you want the speed, the cross language support, the reproducibility and the scale.

Read more at Bitnami

Facets: An Open Source Visualization Tool for Machine Learning Training Data

By
Google Open Source Blog
-

Getting the best results out of a machine learning (ML) model requires that you truly understand your data. However, ML datasets can contain hundreds of millions of data points, each consisting of hundreds (or even thousands) of features, making it nearly impossible to understand an entire dataset in an intuitive fashion. Visualization can help unlock nuances and insights in large datasets. A picture may be worth a thousand words, but an interactive visualization can be worth even more.



Working with the PAIR initiative, we’ve released Facets, an open source visualization tool to aid in understanding and analyzing ML datasets. Facets consists of two visualizations that allow users to see a holistic picture of their data at different granularities. Get a sense of the shape of each feature of the data using Facets Overview, or explore a set of individual observations using Facets Dive. These visualizations allow you to debug your data which, in machine learning, is as important as debugging your model. They can easily be used inside of Jupyter notebooks or embedded into webpages. In addition to the open source code, we’ve also created a Facets demo website. This website allows anyone to visualize their own datasets directly in the browser without the need for any software installation or setup, without the data ever leaving your computer. 

Read more at Google Research Blog

To the Moon? Blockchain’s Hiring Crunch Could Last Years

By
Coin Desk
-

In today’s blockchain market, raising money is the easy part.

As the headlines already attest, startups that have sold cryptographic tokens as part of a new wave of fundraisings are struggling to find qualified developers, but it’s a pain also shared by projects building public and private blockchains.

Even the enterprise consortia and corporates looking to cut costs and gain efficiencies through these platforms are not immune.

Now, that may not be a surprise given that it’s such a nascent industry. After all, there are only so many people who really understand the intricacies of blockchain, and they are hard to hire.

But that doesn’t mean companies aren’t finding strategies to attract and retain talent.

Read more at CoinDesk

The Risks of DNS Hijacking Are Serious and You Should Take Countermeasures

By
The New Stack
-

Editor’s Note: In a separate post, Lucian Constantin explains how a researcher hijacked .io top level domain nameserver and what exposures it has surfaced about registries for country-code top-level domains.

Over the years hackers have hijacked many domain names by manipulating their DNS records to redirect visitors to malicious servers. While there’s no perfect solution to prevent such security breaches, there are actions that domain owners can take to limit the impact of these attacks on their Web services and users.

Just last Friday, attackers managed to change the DNS records for 751 domain names that had been registered and managed through Gandi.net, a large domain registrar. Visitors to the affected domains were redirected to an attacker-controlled server that launched browser-based exploits to infect computers with malware.

Read more at The New Stack

Mageia 6 GNU/Linux Distribution Launches Officially with KDE Plasma 5, GRUB2

By
Softpedia
-

After a long wait, the final release of the Mageia 6 GNU/Linux operating system is finally here, and it looks like it comes with a lot of exciting new features and performance improvements.

According to Mageia contributor Rémi Verschelde, development of the major Mageia 6 release took longer than anticipated because the team wanted to transform it into their greatest release yet. Mageia 6 comes more than two years after the Mageia 5 series, and seven and a half months after Mageia 5.1.

“Though Mageia 6’s development was much longer than anticipated, we took the time to polish it and ensure that it will be our greatest release so far,” reads today’s announcement. “We thank our community for their patience, and also our packagers and QA team who provided an extended support for Mageia 5 far beyond the initial schedule.”

Read more at Softpedia

1...508509510...10,742Page 509 of 10,742