Libral provides a uniform management API across system resources and serves as a solid foundation for scripting management tasks and building configuration-management systems.
Linux, in keeping with Unix traditions, doesn’t have a comprehensive systems management API. Instead, management is done through a variety of special-purpose tools and APIs, all with their own conventions and idiosyncrasies. That makes scripting even simple systems-management tasks difficult and brittle.
For example, changing the login shell of the “app” user is done by running usermod -s /sbin/nologin app. This works great until it is attempted on a system that does not have an app user. To fix the ensuing failure, the enterprising script writer might now resort to:
Less than two weeks ago, the Wannacry ransomware attack compromised thousands of computers, causing considerable losses to big companies and individuals alike. That, along with other widespread vulnerabilities found in recent years (such as the Shellshock bug), highlight the importance of staying on top of your mission-critical systems.
Although vulnerabilities often target one specific operating system or software component, examining the traffic that goes in and out of your network can be a significant help to protect the assets you are responsible for.
In previous excerpts of the new, self-paced Containers Fundamentals course from The Linux Foundation, we discussed what containers are and are not. Here, we’ll take a brief look at the history of containers, which includes chroot, FreeBSD jails, Solaris zones, and systemd-nspawn.
Chroot was first introduced in 1979, during development of Seventh Edition Unix (also called Version 7), and was added to BSD in 1982. In 2000, FreeBSD extended chroot to FreeBSD Jails. Then, in the early 2000s, Solaris introduced the concept of zones, which virtualized the operating system services.
With chroot, you can change the apparent root directory for the currently running process and its children. After configuring chroot, subsequent commands will run with respect to the new root (/). With chroot, we can limit the processes only at the filesystem level, but they share the resources, like users, hostname, IP address, etc. FreeBSD Jails extended the chroot model by virtualizing users, network sub-systems, etc.
systemd-nspawn has not been around as long as chroot and Jails, but it can be used to create containers, which would be managed by systemd. On modern Linux operating systems, systemd is used as an init system to bootstrap the user space and manage all the processes subsequently.
This training course, presented mainly in video format, is aimed at those who are new to containers and covers the basics of container runtimes, container storage and networking, Dockerfiles, Docker APIs, and more.
You can learn more in the sample course video below, presented by Neependra Khare (@neependra), Founder and Principal Consultant at CloudYuga, Docker Captain, and author of the Docker Cookbook:
Developing secure, robust web applications in the cloud is hard, very hard. If you think it is easy, you are either a higher form of life or you have a painful awakening ahead of you.
If you have drunk the MVP Kool-aid and believe that you can create a product in one month that is both valuable and secure — think twice before you launch your “proto-product”. After you review the checklist below, acknowledge that you are skipping many of these critical security issues. At the very minimum, be honest with your potential users and let them know that you don’t have a complete product yet and are offering a prototype without full security.
With JavaScript and the V8 engine at the core, an event-driven architecture, and scalability out of the box, Node.js has quickly become the new de facto standard for creating web applications and SaaS products. Many frameworks like Express, Sails, and Socket.IO enable users to quickly bootstrap applications and focus only on the business logic.
Of course Node.js owes much to JavaScript for its enormous popularity. JavaScript is a multiparadigm language that supports many different styles of programming, including functional programming, procedural programming, and object-oriented programming. It allows the developer to be flexible and take advantage of the various programming styles.
Right now, Docker is an excellent tool to manage distributed applications. This is the result of quite a bit of evolution; in its earlier stages, Docker focused mainly on managing containers themselves. Thinking back to two or three years ago, getting started with Docker was a bit of a pain because there weren’t very mature developer tools in the ecosystem. Instead you were left with documentation and really long “docker run” commands, and you really had to know what was happening at the container level. Now Docker has grown and evolved a bit to where the container is just an implementation detail, allowing you as an engineer to focus on what’s really important: the services themselves.
The emerging serverless computing architecture alleviates several server-oriented security risks, but it also requires new threat analysis and prevention, asserted Snyk CEO and co-founder Guy Podjarny said at the Serverlessconf conference in Austin recently.
In his presentation, Podjarny broke serverless security threats into three categories: Those threats diminished (but still present) in serverless environments, threats that remain the same, and new risks that come from not having to manage servers.
Nmap is short for Network Mapper. It is an open source security tool for network exploration, security scanning and auditing. However, nmap command comes with lots of options that can make the utility more robust and difficult to follow for new Linux users.
The purpose of this post is to introduce a user to the nmap command line tool to scan a host and/or network, so to find out the possible vulnerable points in the hosts. You will also learn how to use Nmap for offensive and defensive purposes.
Amin Vahdat, Fellow & Technical Lead For Networking at Google, talks about networking challenges we’ll face over the next decade at Open Networking Summit.
At the recent Embedded Linux Conference, IBM IoT/Mobile software engineer Kalonji Bankole and IBM Cloud & Watson developer Prashant Khanal detailed Big Blue’s spin on serverless, called IBM Bluemix OpenWhisk.
