Twitter
Home Blog Page 537

And Now, A Brief Definition of the Web

By
Flipboard
-

What exactly is the web? It seems like a stupid question because we all know the answer: the web is the thing Tim Berners-Lee invented in 1989. It’s not the same thing as “the internet,” which is what we use to access the web, apps, and streaming video. It’s what we visit every day with our web browsers on our phones and laptops. Simple, right?

Well, no. Traditionally, we think of the web as a combination of a set of specific technologies paired with some core philosophical principles. The problem — the reason this question even matters — is that there are a lot of potential replacements for the parts of the web that fix what’s broken with technology, while undermining the principles that ought to go with it.

Read more at Flipboard

30 Best Practices for Software Development and Testing

By
OpenSource.com
-

Joining any new company—with an established culture and programming practices—can be a daunting experience. When I joined the Ansible team, I decided to write up the software engineering practices and principles I’ve learned over the years and to which I strive to work. This is a non-definitive, non-exhaustive list of principles that should be applied with wisdom and flexibility.

My passion is for testing, as I believe that good testing practices can both ensure a minimum quality standard (sadly lacking in many software products), and can guide and shape development itself. Many of these principles relate to testing practices and ideals. Some of these principles are Python-specific, but most are not. (For Python developers, PEP 8 should be your first stop for programming style and guidelines.)

Read more at OpenSource.com

Linux Foundation Grows So Much it Hires a Chief of Staff

By
SDx Central
-

The Linux Foundation hired Sheryl Chamberlain to fill the newly-created position of chief of staff. She’ll oversee operational activities for the foundation and be the point of contact between executive management and stakeholders in its numerous open source projects.

Previously, Chamberlain was a partner VP at the consulting company Capgemini where she led activities to assist Dell Technologies. Prior to joining Capgemini, she worked at EMC in a variety of roles, including chief operations officer in the corporate office of the CTO.

At the Linux Foundation, Chamberlain will help take the organization’s knowledge on topics such as governance, development processes, community outreach, and intellectual property management and share it across projects.

Read more at SDxCentral

Automotive, Security, and the Future of the Xen Project at The Xen Project Developer and Design Summit

By
Xen Project
-

The Xen Developer and Design Summit schedule is now live! This conference combines the formats of the Xen Project Developer Summits with the Xen Project Hackathons. If you are part of the Xen Project’s community of developers and power users, come join us in Budapest, Hungary, July 11 – 13 for this must-attend event!

pandas-656890_1920

The conference will cover many different topic areas including community, embedded/automotive, performance, tooling, hardware, security and more. The format will include traditional panels and presentation, as well as design and problem solving sessions.

Design and problem solving session proposals will be accepted until July 7. This is a great way to meet other developers face-to-face to:

  • Discuss and advance the design and architecture of future functionality
  • Coordinate and plan upcoming features
  • Discuss and share best practices and ideas on how to improve community collaboration
  • Hear interactive sessions covering lessons learned from contributors, users and vendor

Submit your design and problem solving ideas here.

Keynotes this year are coming from Lars Kurth, Xen Project Chairperson and Director of Open Source Solutions at Citrix; Oleksandr Andrushchenko, Lead Software Engineer at EPAM Systems; Stefano Stabellini, Virtualization Architect at Aporeto; and Wei Liu, Senior Software Engineer at Citrix.

Here’s a small sampling of other speaking sessions during the conference:

Automotive

  • Dedicated Secure Domain as an Approach for Certification of Automotive Sector Solutions from Iurii Mykhalskyi of GlobalLogic
  • Harmony of CPU Scheduling Between RT Guest OS and Rich Guest OS in Automotive Virtualization from Sangyun Lee of LG Electronics

Security

  • Hypervisor-Based Security: Bringing Virtualized Exceptions Into the Game from Mihai Dontu of Bitdefender
  • Uniprof: Transparent Unikernel Performance Profiling and Debugging from Florian Schmidt of NEC

Future of Xen

  • Intel GVT-g: From Production to Upstream from Zhi Wang of Intel
  • Recent and Ongoing Xen Related Work in the Linux Kernel from Jürgen Groß of SUSE

General Hypervisor

  • Bring up PCI Passthrough on ARM from Julien Grall of ARM
  • EFI Secure Boot, Shim and Xen: Current Status of Developments from Daniel Kiper of Oracle

You can view the entire schedule here. Early bird specials for tickets (price is $250) are available until May 31st.

A special thank you to our Diamond Sponsor Citrix and Gold sponsors ARM, Intel and Superfluidity. We look forward to seeing you at the event in July, and please stay informed on Xen Project updates by following us on social (Twitter and Facebook) and registering to our xen-announce mailing list.

This article originally appeared on the Xen Project Blog.

Learn Next-Gen Networking Trends from these OPNFV Summit Keynotes

By
OPNFV
-

The countdown to this year’s OPNFV Summit is on! We’re headed to Beijing June 12-15 for four days of connecting global communities via tutorials, sessions, demos and keynotes targeted toward a diverse set of industry attendees. The largest gathering of OPNFV developers and community members from across the globe, OPNFV Summit is an ​annual ​conference ​to ​collaborate, ​innovate ​and ​explore ​the ​latest ​developments in open source Network Functions Virtualization (NFV). OPNFV is The Linux Foundation’s open source project for integrated testing of the full, next-generation networking stack. Will you join us? As a special offer to Linux.com readers, you can register here using code LNXCNOPNFV17 for 15% off.

With just a few weeks to go, we are pleased to announce our preliminary lineup of expert keynote speakers ready to share their insights and perspectives along the NFV journey.

The keynote presentations will cover a wide range of topics, including:

  • Accelerating the maturity and adoption of NFV

  • Turning networks to meet the needs of global communities

  • Deployment experience of vEPC in commercial networks

  • Cloudification of the telco network

Here are a few of the industry leaders participating as keynote speakers/panelists:

  • Heather Kirksey, Director, OPNFV

  • Zhang Fan, Chief Architect of Packet Core, ZTE

  • John Healy, VP, Data Center Group, GM, Datacenter Network Solutions Group, Intel

  • Susan James, Head of Product Line NFV Infrastructure, Ericsson

  • Forrest Lee, OPNFV Open Source Development Team Director, Huawei

  • Prodip Sen, CTO of NFV, HPE

  • Lingli Deng, Principal Engineer, China Mobile Research Institute

  • Chongfeng Xie, Director, IP and Future Network Research Center, CTBR

  • Eric Debeau, Head of R&D Team, Orange

  • Wei Leping, China SDN/NFV Alliance

Along with our featured keynote presentations, this year’s event will feature a diverse set of more than 65 presentations and demos spanning session tracks that include: Community and Upstream; Futures and Research; NFV Applications and Orchestration; NFV Platform Requirements; NFV Strategy and End User Stories; and Testing, Infrastructure and DevOps. You can view the full Summit agenda, including keynotes, breakout sessions, and demos, here: http://events.linuxfoundation.org/events/opnfv-summit/program/schedule

OPNFV Summit also includes a handful of co-located events, including those hosted by some of our upstream communities. Included in this year’s line-up are: OPNFV Orientation, Sunday, June 11; The OPNFV Developer Design Forum, Monday & Tuesday, June 12-13; FD.io and DPDK Mini-Summit, Tuesday, June 13;  OpenStack Upstream Institute, Wednesday & Thursday, June 14-15; the Open-NFP Developer Conference, Monday, June 12; ONAP Mini-SummitMonday, June 12; OpenDaylight Mini-Summit, Monday, June 12; CNCF Day at OPNFVTuesday, June 13; and more.

OPNFV Summit 2017 will be here in just a few weeks! Make your plans to join us now.

To register for the OPNFV Summit — including information on traveling, accomodations, and visas — please visit http://events.linuxfoundation.org/events/opnfv-summit/attend/registration (use code LNXCNOPNFV17 for 15% off). Members of the media who would like to reserve a complimentary press pass to OPNFV Summit should contact pr@opnfv.org.

Best Practices for 2-Factor Authentication and Password Creation on Linux

By
Konstantin Ryabitsev
-

As we mentioned in the previous article, web browsers present the largest and the most exposed attack surface on your Linux workstation. We’ve already discussed some best practices that Linux sysadmins can follow to reduce the impact of a compromised browser, such as upgrading to Wayland, using a different browser for work/high-security sites, and using Firejail to create a sandbox around Linux applications.

This time, we’ll cover a few more best practices involving 2-factor authentication and password creation and use.

Use Fido U2F for website 2-factor authentication

Fido U2F is a standard developed specifically to provide a mechanism for 2-factor authentication and combat credential phishing. Regular OTP (one-time password) mechanisms are ineffective in the case where the attacker is able to trick you into submitting your password and token into a malicious site masquerading as a legitimate service.

The U2F protocol will store site authentication data on the USB token that will prevent you from accidentally giving an attacker both your password and your one-time token if you try to use it on anything other than the legitimate website. See the following site for a curated list of services providing Fido U2F support:

dongleauth.info

Note, that not all browsers currently support U2F-capable hardware tokens, and if you use sandboxes or virtualization-based isolation around your browser, you may have to work extra hard to enable USB pass-through from the application to your USB token.

Password managers

Using strong, unique, randomly generated passwords should be a critical requirement for every member of your team. Credential theft is happening all the time — either via compromised computers, stolen database dumps, remote site exploits, or any number of other means. No credentials should be reused across different sites, ever.

In-browser password manager

Every browser has a mechanism for saving passwords that is fairly secure and can sync with vendor-maintained cloud storage while keeping the data encrypted with a user-provided passphrase. However, this mechanism has important disadvantages:

1. It does not work across browsers

2. It does not offer any way of sharing credentials with team members

Several well-supported, free or cheap password managers are well integrated into multiple browsers, work across platforms, and offer group sharing (usually as a paid service). Solutions can be easily found via search engines.

Standalone password manager

One of the major drawbacks of any password manager that comes integrated with the browser is the fact that it’s part of the application that is most likely to be attacked by intruders. If this makes you uncomfortable (and it should), you may choose to have two different password managers — one for websites that is integrated into your browser, and one that runs as a standalone application. The latter can be used to store high-risk credentials, such as root passwords, database passwords, other shell account credentials, etc.

It may be particularly useful to have such tool for sharing superuser account credentials with other members of your team (server root passwords, ILO passwords, database admin passwords, bootloader passwords, etc.).

A few tools can help you:

KeePassX, which improves team sharing in version 2

Pass, which uses text files and PGP and integrates with Git

Django-Pstore, which uses GPG to share credentials between admins

Hiera-Eyaml, which, if you are already using Puppet for your infrastructure, may be a handy way to track your server/service credentials as part of your encrypted Hiera data store

The next, and final, article of this series will cover how to secure SSH and PGP private keys — another essential step in guarding your Linux sysadmin workstation from potential attackers.

Workstation Security

Read more:

Part 7:  Best Practices for Web Browser Security on Your Linux Workstation

Part 1: 3 Security Features to Consider When Choosing a Linux Workstation

Make Sense of Edge Computing vs. Cloud Computing

By
InfoWorld
-

Edge computing will not replace cloud computing, though the two approaches can complement each other.

The internet of things is real, and it’s a real part of the cloud. A key challenge is how you can get data processed from so many devices. Cisco Systems predicts that cloud traffic is likely to rise nearly fourfold by 2020, increasing 3.9 zettabytes (ZB) per year in 2015 (the latest full year for which data is available) to 14.1ZB per year by 2020.

Read more at InfoWorld

DockerCon Hands-On Labs Now Online

By
Docker Blog
-

One of more popular activities at DockerCon is our Hands-on Labs, where you can learn to use the Docker tools you see announced on stage, or talked about in the breakout sessions. This year we had eight labs for people to work through, ranging from 20 minutes to an hour in length.

We’ve now moved these apps into the Docker Labs Repo so that everyone can use them. The Docker Labs Repo is where we put a bunch of learning content for people who want to learn Docker, from beginner to advanced security and networking labs.

Read more at Docker

 

First-Class Tests

By
Clean Code Blog
-

So first, some definitions. Pardon me for my hubris, but there are so many different definitions of “unit test” and “system test” and “acceptance test” out there that it seems to me someone ought to provide a single authoritative definition. I don’t know if these definitions will stick; but I hope some set of definitions does in the near future.

  • Unit Test: A test written by a programmer for the purpose of ensuring that the production code does what the programmer expects it to do. (For the moment we will ignore the notion that unit tests also aid the design, etc.)

  • Acceptance Test: A test written by the business for the purpose of ensuring that the production code does what the business expects it to do. The authors of these tests are business people, or technical people who represent the business. i.e. Business Analysts, and QA.

Read more at Clean Code Blog

 

Stronger Together: How Cloud Foundry Supports Other Communities

By
The New Stack
-

If you work in the technology industry, especially if you are paying attention to all of the exciting open source projects that come and go, it can be very easy to get distracted by the next exciting thing. The reality is that it rarely pays off to embrace something just because it’s new, and in fact this is a major risk for a project like Cloud Foundry. Our community is focused on end user productivity, above all else. This means that we work with other open source communities by first watching, then evaluating and finally participate where we believe it will benefit both groups. When the time is right in the evolution of a project — when technology is mature enough and proven in production — we then consider if and how we can adopt something into the Cloud Foundry platform.

The Cloud Foundry community’s approach to its Linux container runtime is a perfect example of our approach. So is the container networking interface.

Read more at The New Stack

1...536537538...10,742Page 537 of 10,742