Home Blog Page 695

Why Good Linux Sysadmins Use Markdown

By
Carla Schroder
-

The Markdown markup language is perfect for writing system administrator documentation: it is lightweight, versatile, and easy to learn, so you spend your time writing instead of fighting with formatting.

The life of a Linux system administrator is complex and varied, and you know that documenting your work is a big time-saver. A documentation web server shared by you and your colleagues is a wonderful productivity tool. Most of us know simple HTML, and can whack up a web page as easily as writing plain text. But using Markdown is better.

Markdown is designed for writing text articles for the web, a writing tool rather than a publishing tool. Markdown files are designed to be easy to read, with a minimum of tag clutter, and with tags that flow naturally with your text. Blockquotes look like quotes, lists look like lists, and I think everyone is familiar with using *asterisks* for emphasis.

My favorite Markdown feature is its handling of special characters: there aren’t any. You don’t have to worry about using HTML special character codes for left angle braces and ampersands, which exist to make life difficult for people who write for the web, and a special nightmare when you’re trying to write a web document to teach HTML.

If Markdown is missing some HTML formatting that you want, no worries, just use the HTML tags right in your Markdown document.

Markdown Quickstart

Check out this example Markdown document:

# A Nice H1 Heading

## A Nice H2 Heading

### H3… Get it? This goes up to H6.

Paragraphs are easy! Just start typing, then separate them with a blank line. No muss, no fuss.

Who uses Markdown? Students, teachers, scientists, GitHub, Stackoverflow, Drupal, WordPress, Doxygen… It is supported in many programming languages, including Python, Perl, JavaScript, Haskell, Awk, C, C++, and many more.

Several Markdown extensions support advanced formatting, so if you want all kinds of fancy tables, image management, math equations, and multiple output document formats check out [PHP Markdown Extra](https://michelf.ca/projects/php-markdown/extra/) and [MultiMarkdown](http://fletcherpenney.net/multimarkdown/). See the nice way of creating hyperlinks? No hassling with wrapping multiple tags for a single link.

> Blockquotes are paragraphs that start with an angle brace.
>
>> Go wild and make nested blockquotes.
>
> Then return to your first level.

> You can create a multiple-line blockquote with a single angle brace, and then load it up with as much text as you want, being all verbose and windy and everything.

> Or, use hard line breaks and
> start every line with an angle
> brace for more formatting
> control in your Markdown file.
> This won’t affect your HTML conversion.

Making bulleted lists is so easy you will weep with happiness. Unordered bulleted lists use hyphens, plus signs, or asterisks, whatever your whim desires. After conversion to HTML you get nice bullets no matter which one you used:

* You can
– even mix
+ them up.

Numbered lists use numbers followed by periods:

1. Like this
2. Numbered
3. List

List items can span multiple lines. The easy way is to not worry about identation:

* If you’re still reading this and thinking “Oh gosh, I know that keeping a sysadmin notebook is a good idea, but I never have time! And nobody will ever use it anyway, not even me!”

* I fear you are sadly mistaken. Tis true that many bosses are sadly impressed by drama and emergencies, rather than calm, smoothly running systems. It is also true that keeping everything in your head is faster than consulting documentation.

Or you can use indentation and line breaks, although when you convert to HTML it looks the same as without indentation and line breaks. But it’s more readable in your source Markdown file:

* But relying on memory becomes chancier
  as your systems become more complicated,
  and your memory is no good to anyone else
  if you’re not there.

* I think that being indispensable is a
  bad idea if you ever want any time off.

Wrapping words with *single asterisks* make italics, and **double asterisks** make bold. My favorite Markdown feature is not having to hassle with pairs of tags as much as in HTML. Mostly you just tag ’em once and move on. Paragraphs need no tags at all, which is glorious.

Easily Test It Yourself

You can quickly test an HTML conversion by copying the above example document into a plain text editor, and name it with an .md extension, for example “testmarkdown.md”. Then convert it to HTML with Python:

$ python -m markdown testmarkdown.md > testmarkdown.html

Open it in a web browser and behold! A simple, nicely formatted web page.

There are many converters and Markdown extensions. Start with John Gruber’s Markdown documentation, because as one of the inventors of Markdown he ought to know a thing or two about it. Then to find information about extensions and Markdown implementations with expanded features, try a Wikipedia search.

Then be a good sysadmin and start writing things down.

To learn more, check out the Essentials of System Administration course from The Linux Foundation.

The Rise of the Helpful Operational Bots: ChatOps

By
RedMonk
-

Over the last number of years, the idea of a conversational interface to technology has entered the mainstream conscience. As is often the case, many of the ideas that get neatly packaged up into consumer facing technology have been knocking around for a long time, and conversational interfaces are no different. For the rise of conversational bots, we need to step back a little and think about bots in general, and in particular their most common manifestation in technology teams – that of ChatOps.

While some of the concepts surrounding ChatOps has been around for a long time, it is fair to say that the idea only really began to get traction within technical communities when Jesse Newland gave a talk on ChatOps at Github during  PuppetConf 2012. Since 2012 we have seen a growth in interest in the new use of bots within operations.

Read more at Red Monk

A Primer on OVN

By
Dustin Spinhirne
-

OVN is a virtual networking platform developed by the fine folks over at openvswitch.org. The project has been in the works for nearly two years now and is starting to mature to the point of being production ready. In this posting I’ll walk through the basics of configuring a simple layer-2 overlay network between 3 hosts. But first, a brief overview of how the system functions.

OVN works on the premise of a distributed control plane where components are co-located on each node in the network. The roles within OVN are:

  • OVN Central – Currently a single host supports this role and this host acts as a central point of API integration by external resources such as a cloud management platform. The central control houses the OVN northbound database, …

Read more at Dustin Spinhirne Blog

Ubuntu’s Shuttleworth Explains Why Not All Containers are the Same

By
Datamation
-

As container use continues to grow, Mark Shuttleworth provides some definition on why he’s backing Kubernetes but isn’t a fan of OpenStack Magnum.

Mark Shuttleworth, the founder of Ubuntu Linux, was an early backer of OpenStack as well as containers. This week, Shuttleworth’s company Canonical announced new commercial support for Kubernetes, which is a widely deployed container orchestration and management engine.  In an interview with Datamation Shuttleworth emphasized that it’s important to understand the different use cases for containers and what the different types of container systems are all about.  

“There are going to be different types of container co-ordination systems,” Shuttleworth said. “There will trucks, tractors and cars.”

Read more at Datamation

Why Deep Learning Is Suddenly Changing Your Life

By
Fortune
-

Neural nets aren’t new. The concept dates back to the 1950s, and many of the key algorithmic breakthroughs occurred in the 1980s and 1990s. What’s changed is that today computer scientists have finally harnessed both the vast computational power and the enormous storehouses of data—images, video, audio, and text files strewn across the Internet—that, it turns out, are essential to making neural nets work well. “This is deep learning’s Cambrian explosion,” says Frank Chen, a partner at the Andreessen Horowitz venture capital firm, alluding to the geological era when most higher animal species suddenly burst onto the scene.

Think of deep learning as a subset of a subset. “Artificial intelligence” encompasses a vast range of technologies—like traditional logic and rules-based systems—that enable computers and robots to solve problems in ways that at least superficially resemble thinking. Within that realm is a smaller category called machine learning, which is the name for a whole toolbox of arcane but important mathematical techniques that enable computers to improve at performing tasks with experience. Finally, within machine learning is the smaller subcategory called deep learning.

Read more at Fortune

ICANN Grinds Forward on Crucial DNS Root Zone Signing Key Update

By
Tech Target
-

The Internet Corporation for Assigned Names and Numbers is moving — carefully — to upgrade the DNS root zone key by which all domains can be authenticated under the DNS Security Extensions protocol.
ICANN is the organization responsible for managing the Domain Name System, and DNS Security Extensions (DNSSEC) authenticates DNS responses, preventing man-in-the-middle attacks in which the attacker hijacks legitimate domain resolution requests and replaces them with fraudulent domain addresses.

DNSSEC still relies on the original DNS root zone key generated in 2010. That 1024-bit RSA key is scheduled to be replaced with a 2048-bit RSA key next October. Although experts are split over the effectiveness of DNSSEC, the update of the current root zone key signing key (KSK) is long overdue.

Read more at Tech Target

Tencent: Transforming Networks with SDN

By
Greg Whelan
-

“SDN can really transform the way we do networks,” said Tom Bie, VP of Technology & Operation of Data Center, Networking and Server, Tencent, during his Wednesday keynote address at the Open Daylight Summit. The China telecom giant should know about the issues of massive scale networks: they have more than 200 million users for QQ instant messaging, 300 million users of their payment service, and more than 800 million users of their VChat service.  Bie noted that Tencent also operates one of the largest gaming networks in the world, along with video services, audio services, online literature services, news portals, and a range other digital content services.

Tencent has a three-pronged core communication strategy based on “connecting everything.” They focus on people to people, people to services, and people to devices (IoT). The foundation is an open platform for partners to connect to public clouds. Here, third parties can run their applications on top of the infrastructure designed for the massive scale that Tencent deals with every day.  Today, millions of applications are running along the “beachhead” applications of Tencent. To ensure they have a steady flow of new and interesting services, they’ve created an innovation space for startup companies to develop and commercialize new services.  Bie noted that there are currently 4 million startups involved with the innovation space.

Working at such massive scale has forced Tencent to look for new solutions and innovations in networking technology to overcome their challenges. These challenges, Bie noted, include Agility and Scalability, End-to-End Quality of Service (QoS), Global View, Deep Insights, Automation, and Intelligence. The first two are driven from the business perspective. Services must always be available and of sufficient quality — and Tencent must be able to scale fast. The next two are from an operational perspective.  A key concern here is the need to quickly find a problem anywhere in the network to minimize the impact on services and on their business. Having a global view of the entire network with real-time deep insights enables a rapid response to network anomalies and failures. Today, the information provided to the controller or management plane is not fast enough or good enough to enable a rapid response.

This massive scale requires automation, said Bie. People, he noted, are too slow and too error prone. Automation must apply throughout the life cycle of the service and include provisioning, operations, and finally decommissioning. Bringing intelligence to the network is key.  With programmable networks, massive amounts of data can be generated and acted upon by analytics and even machine learning to drive actionable intelligence.

The first SDN use case Bie discussed was that of the Data Center Interconnect Backbone. Tencent has major datacenters in China and across Asia as well as on other continents.  Their backbone must support all of their applications so users can have quality services no matter where they are. This backbone is based on MPLS, MPLS-TE (Traffic Engineering), and MPLS VPNs. Currently, it is challenging to manage and to operate.  By adding ODL-based controllers, Tencent realizes global path optimization, fast convergence around failures or congestions, and end-to-end quality of service.

The second use case Bie discussed was managing the network within a datacenter. They use VxLANs over the fabric controller to control both the overlay networks and underlay networks. Bie noted the capability required to scale out firewalls. Here, Tencent uses flow-based load balancing, real-time monitoring, and automatic traffic schedule to scale out to up to 24 firewall pairs. The final use case involved their Internet-facing networks. A key feature Bie noted was the ability of the ODL controller to collect routes from BGP routers, determine the optimal path, and then overwrite the BGP routing tables.

Bie concluded by noting that the Internet has always been empowered by what he called an open spirit. He called out the increasing scope and range of open source initiatives around the globe.  Lastly, he highlighted ODL for adding value to cluster performance and scale, southbound interfaces for load balancing, software maintenance including the mandatory ISSU (In Service Software Upgrades, aka Hitless upgrades), and northbound interfaces standardized on Yang Modeling.

Minijail: Running Untrusted Programs Safely by Jorge Lucangeli Obes, Google

By
The Linux Foundation
-

https://www.youtube.com/watch?v=oGmj6CUEup0?list=PLbzoR-pLrL6pq6qCHZUuhbXsTsyz1N1c0

This talk describes Minijail, a sandboxing and containment tool initially developed for Chrome OS and now used across Google, including client platforms (like Android) and server environments (like Chrome’s fuzzing infrastructure ClusterFuzz).

How to Find Your First OpenStack Job

By
Anne Bertucio
-

We’ve covered the growth of OpenStack jobs and how you can become involved in the community. Maybe that even inspired you to search for OpenStack jobs and explore the professional opportunities for Stackers. You probably have questions, so we’re here to answer the frequent questions about working on OpenStack professionally.

Am I qualified? How do I know?

Taking stock of your current skills can be difficult. Here’s a common method that will give you a generic barometer of your qualifications:

  1. Head to the OpenStack Jobs board, or a search for OpenStack on your preferred job posting aggregator (like Indeed, LinkedIn, Jobr, etc.), and pull down a handful of descriptions that pique your interest.

  2. Create a separate list of your current skills and rank them in strength (using an A-F grading system can be helpful here).

  3. Compare the requested experience to your list: Looking across the set of descriptions, is there a skill you’re constantly missing? Is there an area of “high priority” for the company that’s in your “weakest” category? Don’t let a one-off mismatch deter you, but if you’re continually missing a particular requirement or it’s constantly at the bottom of your skillset, that’s the area you’ll want to focus on building up.

As you gain more experience and improve your OpenStack skills, keep coming back to your checklist and adding new job descriptions to your set. When you have a passing grade for their requested skills, that’s a good time to apply!

How much Python do I need to know?

OpenStack is written in Python, but how proficient your Python skills need to be vary by your role. Developers will need more advanced Python, while operators can successfully work on OpenStack with more minimal Python knowledge. As always, the OpenStack community is here to help one another. It’s not uncommon to see sessions like “Python Basics for Operators Troubleshooting OpenStack” at Summits (the aforementioned talk was featured at the OpenStack Summit Austin).

Do I need to have a significant contribution history to get hired?

This answer varies by employer, but being a Project Team Lead (PTL) of an OpenStack project isn’t a hiring requirement! While a history of contributions never hurts, companies who have embraced OpenStack are equally as eager to find professionals who fit their technical culture. In transitioning to OpenStack, many companies have also shifted their tech cultures to be focused on open source, such as Walmart, who will be presenting about their transition at the OpenStack Summit Barcelona. Being passionate about open source and understanding how open source contributes to innovation will set you off on the right foot with any OpenStack ecosystem organization.

Where can I find OpenStack jobs?

The OpenStack community job board is located at openstack.org/jobs. Here you’ll find organizations hiring for roles like “OpenStack Developer,” “OpenStack Cloud Architect,” “OpenStack Cloud Administrator,” “Senior Software Engineer for Cloud Services.” The list goes on. Companies posting here are looking specifically for people familiar with OpenStack and who are actively involved in the OpenStack community.

Another great place to find an OpenStack job is at an OpenStack event. Networking is always your friend in securing a new job. In the previous post, we outlined the various OpenStack events. At the OpenStack Summit, companies will post a “We’re Hiring!” sign at their booth in the OpenStack Summit Marketplace if they have open positions. Take a spin around the Marketplace and shake a few hands. If you can’t make it to a Summit, your local OpenStack Days event or find a local user group, which are full of networking opportunities.   

I’ve played with OpenStack outside of work, I think I have the qualifications; how can I show I’m ready for an OpenStack job?    

This is the game-winning question, and there’s lots to say! So much so, our entire fourth post will be dedicated to making the transition from “OpenStack hobbyist” to “OpenStack professional.”   

Want to learn the basics of OpenStack? Take the new, free online course from The Linux Foundation and EdX. Register Now!

The OpenStack Summit is the most important gathering of IT leaders, telco operators, cloud administrators, app developers and OpenStack contributors building the future of cloud computing. Hear business cases and operational experience directly from users, learn about new products in the ecosystem and build your skills at OpenStack Summit, Oct. 25-28, 2016, in Barcelona, Spain. Register Now!

Minijail: Google’s Tool To Safely Run Untrusted Programs

By
Pam Baker
-

Google’s Minijail sandboxing tool could be used by developers and sysadmins to run untrusted programs safely for debugging and security checks, according to Google Software Engineer Jorge Lucangeli Obes, who spoke last month at the Linux Security Summit. Obes is the platform security lead for Brillo, Google’s Android-based operating system for Internet-connected devices.

Minijail was designed for sandboxing on Chrome OS and Android, to handle “anything that the Linux kernels grew.” Obes shared that Google teams use it on the server side, for build farms, for fuzzing, and pretty much everywhere.

Since “essentially one bug separates you and any random attacker,” Google wanted to create a reliable means to swiftly identify problems with privileges and exploits in app development and easily enable developers to “do the right thing.”

The tool is designed to assist admins who struggle with deciding what permissions their software actually needs, and developers who are vexed with trying to second guess which environment the software is going to run in. In both cases, sandboxing and privilege dropping tends to be a hit or miss affair.

Even when developers use the privilege dropping mechanisms provided by the Linux kernel, sometimes things go awry due to numerous pitfalls along that path. One common example Obes cited was trying to ride a switch user function that will drop-root and then forgetting to check the result of the situation relief, or setuid function, afterwards.

In this scenario, the exploit is in causing the setuid call to fail which still allows the program to run with root privileges. This in turn will exploit another bug in the process. The best way to stop this kind of exploit is to create a fix that will abort the program in the case of a setuid call fail.

Find and Fix

While security pros may be quick to scoff at such a rudimentary mistake, it’s often the simplest oversights that lead to the biggest security problems. Rather than judge one another, Obes said, remember that the goal is to find and fix problems in the software. Although there will always be bugs, eradicating as many as possible, from the simple to the sophisticated, is always the goal.

Minijail first identifies and flags roots where problems exist. It is unnecessary for developers to understand all the intricacies of dropping privileges using Linux kernels because the tool provides a single library for privilege dropping code.

“By using Minijail, we turned the 15+ lines of sign-in capabilities to one or three, because of formatting,” he said. The system never fails to check the results, such as result of a setuid call, and it provides for unit and integration testing, too, to ensure the app always works.

Eventually the team realized that Minijail was roughly 85 percent of the way to building real containers so they took the tool the rest of the way. “Minijail is essentially underlying this new technology that Google added to Chrome OS which allows you to run Android applications, natively with no emulation or distortion,” he said. “It’s just an Android system running inside a container.” Thus, Minijail evolved to be both a sandboxing and containment helper.

It accomplishes this primarily by blocking some root permissions through the use of capabilities to partition the information. In this way, developers can “grant specific subsets of that functionality directly to a process without granting the whole function to do that process.”

Obes returned to his Bluetooth D example as it needs permissions to configure a network interface. “That shouldn’t give it permissions to, for example, reboot the system or mount things,” he explained.

Watch the full presentation below.

https://www.youtube.com/watch?v=oGmj6CUEup0?list=PLbzoR-pLrL6pq6qCHZUuhbXsTsyz1N1c0

linux-com_ctas_security_090716_452x150.jpg?itok=XsvIOO55

1...694695696...10,743Page 695 of 10,743