ODPi: Test Less, Build More Applications With Hadoop

By

-

June 8, 2016

Testing applications against Hadoop distributions is not fun, either for application developers or end users, and it takes up too much precious time.

According to Alan Gates, co-founder of Hortonworks and ODPi member, that’s the issue the Open Data Platform initiative (ODPi) is here to solve: create a single test specification that works across all Hadoop distributions so developers can get back to creating innovative applications and end users can get back to making money, or curing cancer, or sending people into space.

“That’s where ODPi sees itself bringing value,” Gates said. “Specifying not what’s in this software, or writing competitive software, but specifying how this software is installed where it can be used regardless of which distribution it is, how is it configured — all of those questions, which maybe aren’t as exciting as developing new software, but they’re questions you have to answer well in order for people to use your code.”

Gates gave a keynote session about the nonprofit organization at Apache Big Data in Vancouver in May. ODPi, which now has 29 member companies and 35 maintainers, released its first runtime specification on March 31 of this year.

It’s also working on an operations specification around using Apache Ambari that is slated to launch July of this year.

“Those specifications are frankly a little boring,” Gates said. “It’s just [saying things like]: here is how to lay out the directory so people can find the config files; here’s the environment variables that must be set so people know where you put the binaries; don’t move the binaries around on people and don’t take some away; don’t change public APIs; don’t rename .JARs.

“None of this is rocket science — despite the little rocket in our logo — but it’s all very necessary,” Gates said.

Gates sees three main constituencies for whom the ODPi is trying to make the Hadoop ecosystem a better place:

End users: “We want [end users] to be able to run ODPi-compliant distributions with ODPi compliant applications on top and be able to mix and match and not worry about who they bought which piece from.
Application developers and ISVs: “We want them to ‘test once, run anywhere’ and reduce the cost of building the applications. The more applications they build, the faster the ecosystem grows and everyone is happier.”
Distribution providers: “We want to give them guidelines on how to install and set up their software so the two groups above get their benefits.”

Gates said the ODPi doesn’t write much code, but any code it does write is contributed back to the Apache foundation’s projects. Ambari and Bigtop have see the most commits from ODPi, he said.

“We are very committed to making sure all that work that we do feeds back up into the Apache communities and is used by them,” Gates said.

Watch the complete video below.

https://www.youtube.com/watch?v=mf5KKAsPyJc?list=PLGeM09tlguZQ3ouijqG4r1YIIZYxCKsLp

Real Hackers Don’t Wear Hoodies (Cybercrime is Big Business)

By

Mikko Hypponen

-

June 8, 2016

Most people probably have an idea about what a hacker looks like. The image of someone sitting alone at a computer, with their face obscured by a hoodie, staring intently at lines of code in which their particular brand of crime or mischief is rooted, has become widely associated with hackers. You can confirm this by simply doing an image search for “hackers” and seeing what you come up with.

After decades of researching hackers, I’ve decided that this picture is distorting how people need to see today’s threats. It makes some very misleading implications about the adversaries that people and businesses need to focus on. It’s a mistake to take the old “hacker-in-a-hoodie” stereotype and think it applies to the cyber crime and nation-state attacks we’re facing today.

When I see a news article with a stock photo of a hacker-in-a hoodie, I feel like I’m being lead to believe that hackers work in isolation. And that hacking is a hobby one indulges in when they’re not working or studying. My takeaway from this image is that hackers are portrayed as pursuing a casual interest rather than working to achieve goals. But the idea that such unprofessional adversaries are responsible for things like Stuxnet or ransomware is incredibly naïve. Why don’t we see pictures of hackers wearing a suit and tie? Or a uniform?

Hacking is now a marketable skill that’s commodified as products and services, and sold to criminals, companies and governments. Hackers now have their own networks, both technical and social, that they use to buy, sell, and trade hacking services and malicious software. They pool resources and coordinate efforts, giving threats far greater capabilities than any individual hacker could develop on their own. After all, there wouldn’t be an exploit industry enabling cyber attacks if it weren’t for the networks connecting hackers, companies, governments, and other organizations.

Cyber crime has industrialized hacking. It’s created structures for hackers to operate within, and objectives (usually financial) to achieve. We are aware of several organized cyber crime gangs that have made tens of millions of dollars in profit with their attacks. And now, with nation-states becoming increasingly active participants in the threat landscape, we’re only going to see more growth and opportunities in hacking.

In the past year I’ve been speaking about the potential existence of Cyber Crime Unicorns – cyber crime ventures that could be valued at over one billion dollars. I can admit the comparison is problematic because a criminal enterprise could never be valued in the same way as a legitimate business. But comparing today’s hackers with the old stereotypes is even more problematic. The hacker-in-a-hoodie is a great picture of the hobbyist hackers from the past, and it’s still relevant today when discussing hacktivist groups like Anonymous. But the Cyber Crime Unicorn represents the relatively unimpeded growth of cyber crime, which is a far greater threat. Continuing to perpetuate the stereotypes allows the hobbyist hacker threats of history to distract us from the cyber threats of today, and ignoring such misdirection will only cause problems in the future.

I’ll be discussing these topics, and how they apply to open source systems and to service providers further in my keynote (“Complexity: The enemy of Security”) at the OPNFV Summit in Berlin on June 22-23. See you in Berlin!

Mikko Hypponen is the Chief Research Officer for F-Secure.

VMware Unveils New Version of Integrated OpenStack Product

By

Virtualization Review

-

June 8, 2016

VMware has released a new version of its vSphere-friendly configuration of OpenStack, the popular open source cloud platform.

VMware Integrated OpenStack (VIO) 2.5 hit general availability yesterday. VMware calls it “…the easiest and fastest route to build an OpenStack cloud on top of vSphere, NSX and Virtual SAN.”

According to a blog posting by Pete Cruz, the chief upgrades in the new version include easier integration with the underlying vSphere stack; a less cumbersome management control plane, …

Gathering Insights from Data: An Overview of the Elastic Stack

By

OpenSource.com

-

June 8, 2016

The Elastic stack is a versatile collection of open source software tools that make gathering insights from data easier. Formerly referred to as the ELK stack (in reference to Elasticsearch, Logstash, and Kibana), the growing list of tools that integrate with the platform (such as Beats) have outgrown the acronym but provide ever-growing capability for users and developers alike.

At the upcoming Southeast Linuxfest 2016, I’ll be covering some of the steps to get started using each of these parts of the stack. In this article, we’ll look at each in turn to summarize the capabilities, requirements, and interesting use cases that apply to each.

Announcing The Qt Automotive Suite

By

Qt Blog

-

June 8, 2016

The idea for the Qt Automotive Suite was born when The Qt Company, Pelagicore and KDAB sat down and shared their experiences of projects using Qt for In-vehicle Infotainment (IVI). With cumulative experience from over 20 automotive projects it was noted how Qt is really well suited to the needs of building IVIs and Instrument Clusters, that there were already millions of vehicles on the road with Qt inside, and that there were a lot of ongoing projects. There was though a feeling that things could be even better, that there were still a few things holding back the industry, contributing to the sense that shipped IVI systems could be built faster, cheaper and with a higher quality.

One observation was that additional infrastructure components and tooling were being created. While it is great to see software being built on top of Qt, from an industry perspective it is inefficient with duplication of work, little reuse across projects and engineering resources being used to maintain them rather than focusing on differentiating features. So we’ve added some of these components to the Qt Automotive Suite and will continue to add more over time.

Implementing Mandatory Access Control with SELinux or AppArmor in Linux

By

Tecmint

-

June 8, 2016

To overcome the limitations of and to increase the security mechanisms provided by standard ugo/rwx permissions and access control lists, the United States National Security Agency (NSA) devised a flexible Mandatory Access Control (MAC)…

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

MesosCon North America 2016 Video Sessions

By

Nicole Pribicevic

-

June 8, 2016

Thank you for your interest in the recorded sessions from MesosCon North America 2016! View more than 60 sessions from the event below.

Keynotes
Keynote: Welcome Address – Benjamin Hindman, Founder and Chief Architect, Mesosphere Keynote: The New Open Source Data Center – Joshua Bernstein, Vice President of Technology, EMC {code} Keynote: A Real-Time Cloud for the Internet of Things – Professor Ken Birman, Cornell University Keynote: Verizon Calls Mesos – Larry Rau, Director of Architecture and Infrastructure, Verizon Labs	Keynote: Day 2 Welcome and Special Demo – Benjamin Hindman, Founder and Chief Architect, Mesosphere Keynote: Spark 2.0 – Matei Zaharia, Apache Spark Creator and CTO of Databricks Keynote: Bringing Mesos to the World – Florian Leibert, Founding CEO, Mesosphere Keynote: Platform Infrastructure at Twitter: The Past, Present and Future – Chris Pinkham, VP of Engineering, Twitter
Frameworks Track
Building Highly Available Mesos Frameworks – Neil Conway, Mesosphere Optimistic Offer – What Does it Mean to Apache Mesos Framework – Yong Feng, IBM Canada Ltd. Redis on Apache Mesos, A New Framework – Dhilip Kumar S, Huawei Technologies Managing Large SQL Database Clusters with the Apache Mesos Crate Framework – Aslan Bakirov & Christian Lutz, Crate.IO	Frameworks in Harmony – How to Implement Quotas, Roles, Weights and Reservations in Production – Vishnu Mohan, Mesosphere Building a Machine Learning Orchestration Framework on Apache Mesos – Antony Arokiasamy & Kedar Sadekar, Netflix Building Frameworks with the New HTTP APIs – Vladimir Vivien, EMC {code} Maintenance: Automating Collaboration Between Frameworks and Operators – Joseph Wu, Mesosphere
Developer Track
Containers in Apache Mesos: Present and Future – Jie Yu & Tim Chen, Mesosphere Contributing to Apache Mesos: Where to Begin – Joris Van Remoortere & Michael Park, Mesosphere Apache Mesos 1.0 – Vinod Kone & Anand Mazumdar, Mesosphere Apache Mesos on Windows: Status and the Roadmap – Alex Clemmer & Daniel Pravat, Microsoft minimesos – The Experimentation and Testing Tool for Apache Mesos – Frank Scholten, Container Solutions Upgrading a Mesos Cluster – Greg Mann, Mesosphere A Novel Approach for Distributing and Managing Container Images: Integrating CernVM File System and Mesos – Jakob Blomer, CERN; Jie Yu & Artem Harutyunyan, Mesosphere Running Cassandra on Apache Mesos Across Multiple Datacenters at Uber – Abhishek Verma & Matthias Eichstaedt & Teng Xu, Uber Be a Microservices Hero – Dragos Dascalita Haut, Adobe Efficient Usage of Apache Mesos using Container Hibernation – Kamalakannan Muralidharan, Paypal CI and CD at Scale: Scaling Jenkins with Docker and Apache Mesos – Carlos Sanchez, CloudBees	Spark on Apache Mesos: The State of the Art – Tim Chen, Mesosphere Quota – Reliable Guarantees – Jörg Schad & Joris Van Remoortere, Mesosphere GPU Support in Apache Mesos – Kevin Klues, Mesosphere Resource Allocation in Apache Mesos: Present and Future – Benjamin Mahler, Mesosphere Integrating Storage and Apache Mesos: Anatomy of a Framework – Jörg Schad, Mesosphere & Björn Kolbeck, Quobyte Yammer Datacenter Story – On-Premise, GFS, Azure – Tobias Haag, Microsoft; Kyle Gordon, Yammer / Microsoft A Declarative Approach to Building Stateful Frameworks – Gabriel Hartman, Mesosphere Self-Healing Systems on Elastic Mesos in the Cloud – Mike Sells, Oracle Data Cloud Finagle, linkerd, and Apache Mesos: Magical Operability Sprinkles for Microservices – Oliver Gould, Buoyant Persistence Primitives in Action 2.0 – Max Neunhöffer, ArangoDB; Jörg Schad & Neil Conway, Mesosphere
Operations Track
Federated Mesos Clusters for Global Data Center Designs – Krishna Kumar, Huawei Lessons from Netflix Mesos Clusters – Sharma Podila, Netflix Throw Away Your Firewalls and Make Your Applications More Secure – Casey Davenport, Project Calico Apache Mesos Security Best Practices (2016) – Adam Bordelon & Alexander Rojas, Mesosphere A Seamless Monitoring System for Apache Mesos Clusters – Drew Gassaway, Bloomberg LP Container Network Interface (CNI) Support in Apache Mesos – Jie Yu & Avinash Sridharan, Mesosphere; Qian Zhang, IBM No One Puts Java in the Container – Ken Sipe, Mesosphere	Autoscaling Microservices with Apache Mesos and Marathon – David Arnold, Tendril Monitoring Microservices: Docker, Mesos and DCOS Visibility at Scale – Loris Degioanni, Sysdig The Architecture of Mantl – Steven Borrelli, Asteris, LLC Lessons Learned from Running Heterogeneous Workload on Apache Mesos – Imran Shaikh, Yellow Pages Migrating 200+ Load Balancers into Apache Mesos – Stephen Salinas, HubSpot All Marathons Need a Runner. Introducing Pheidippides – James Humphrey & John Dennison, Activision Publishing
Wildcard Track
It’s Complicated, Okay (or Let’s Talk Openly about Apache Mesos’ OSS Neighbors, Friends and Rivals) – Aaron Williams, Mesosphere How We Built a Chargeback System for Twitter’s Compute Platform (Mesos/Aurora) That Incentives Higher Resource Utilization – Micheal Benedict & Jeyappragash Jeyakeerthi, Twitter Apache Mesos Ecosystem at Allegro – First Year of Production Use – Tomasz Ziarko and Wojciech Lesicki, Allegro	How to Stand Up a 600 Node Bare Metal Mesos Cluster in Two Weeks – Craig Neth, Verizon Labs Marathon Meets External Storage – Steven Wong, EMC(code); Jörg Schad & Matthias Eichstedt, Mesosphere Workload Co-Location Has Just Begun: Sub-Millisecond Quality of Service at Scale – Maciej Patelczyk & Murali Sundar, Intel
Lightning Talks
Lightning Talk: Welcome/Intro – Alex Williams, The New Stack Lightning Talk: Raspberry Pi’s run containers using Apache Mesos – Sharma Podila, Netflix Lightning Talk: An off-the-network approach to monitoring microservices – Sahil Bansal, Netsil Lightning Talk: Mesos Integration for Detector-Based Alerting – Janet Yu, SignalFx	Lightning Talk: Introducing Blazar: an out-of-this-world CI environment built on Mesos – Tom Petr, HubSpot Lightning Talk: Enabling Docker apps to use platform security features using Mesos and Marathon – Dr. Abhishek Gupta, Intel
Apache, Apache Mesos, and Mesos are either registered trademarks or trademarks of the Apache Software Foundation (ASF) in the United States and/or other countries. MesosCon is run in partnership with the ASF.

An Introduction to Basic Motion Detection on Linux

By

Falko Timme

-

June 8, 2016

Setting up a motion detection system on Linux is fairly easy and simple. All that we need is a webcam (or laptop), the motion package, and a few minutes to set everything up. The purpose for doing this may be private space surveillance, enhancement of personal security, or simply a fun project. Whatever the case, this quick guide is not intended to promote illegal activities such as unauthorized video recording of people and their activities. That said, please use the knowledge offered here with ethical conduct.

Managing Code Debt in Team Foundation Server with SonarQube

By

DevX

-

June 8, 2016

SonarQube is a popular open source platform for managing quality in the scope of an application life cycle that covers the seven axes of code quality.

What is DevOps? Kris Buytaert Explains

By

Dawn Foster

-

June 7, 2016

Kris Buytaert is known as one of the instigators of the current DevOps movement and organizer of several related conferences, including DevOpsDays and Config Management Camp. He is a long-time Linux and open source consultant who often claims that everything is a freaking DNS problem. You can find him speaking at events and consulting as the CTO (Chief Trolling Officer) at Inuits on everything from Infrastructure as Code to Continuous Delivery.

Kris Buytaert is an organizer of DevOpsDays and Config Management Camp.

Linux.com: Why are so many organizations embracing DevOps?

Kris Buytaert: A lot of organizations want to be the cool kids on the block. They want to be like the DevOps poster children: the organizations that don’t have problems deploying new functionality for their users, that don’t have problems with stability, and that are looked at as nice places to work.

DevOps promises higher throughput for software delivery, a more stable platform, and better security. Doesn’t everyone want that?

But it was a trick question wasn’t it? Isn’t the real question, “why do so many organizations claim they are embracing DevOps, but none of them really are embracing it”?

Because DevOps is hard for most organizations, it requires a drastic change in culture, management style, organization, and software architecture. Usually management isn’t ready to make those changes, so they create a new silo in their organization called the DevOps team, put in place a semi automated deployment pipeline with no tests, implement some form of automation but keep doing manual changes in production, and implement standups so they can call their development methods agile too.

Linux.com: Why are individuals interested in participating?

Kris: A lot of individuals see the above mentioned goals as something that would reduce the workload, risk and stress that comes with their job. They see automation through collaboration as an option to reduce the risk, reduce the downtime, and get a better night’s sleep with the side effect of taking away the dull parts of their work, the manual repetitive work, to give them more time to focus on the aspects of their work they never had time for: e.g. really looking at how the application behaves, how users (ab)use it, or improving performance and security. So, they stand up and start the fight to improve their environment.

Linux.com: How can you tell if a company has truly adopted DevOps?

Kris: What does it mean to truly adopt DevOps? Is it 5 deploys a day? 1000 deploys? Is it having security embedded in your pipeline? It’s none of the above. DevOps is a journey. I don’t think you are ever done adopting DevOps. DevOps, much like security, is a lifestyle. If there is one thing that won’t change in today’s technology industry, it is the fact that change will happen all the time, so you’d better be prepared to adapt. An organisation that has figured out that it will be learning and will need to continuously be improving collaboration between people with different skills in order to improve their quality, whether they call it DevOps or not, is probably one that has truly adopted DevOps.

Linux.com: What is the overwhelming hurdle?

Kris: People and inertia. A lot of organizations have trained people for years to do X, and when those people suggested they do Y, or tried to do Z, many of them got “no” as an answer, or even worse, they got punished for it. We have a whole generation of people that are trained like this and now we want to see the opposite behaviour. Corporations have taught engineers not to solve problems for themselves, but to buy a 3rd party as insurance. However, this also won’t solve their problem; it’s just becomes not their problem anymore (often called proprietary software). And now, we want self-supporting teams that take responsibility for what they build and ship and who are expected to run and manage it themselves. It’s going to take a while for those people to break their habits and for their management to actually encourage them to change when the managers themselves will also need to change. That is the biggest hurdle for most organizations. It’s going to take a long time for some organizations to change, if they change at all.

Linux.com: What advice would you give to people who want to get started in DevOps?

Kris: The first part of my advice would be to find a local DevOps meetup or a local DevOpsDays event. These are put on by the community to teach people about DevOps. You’ll meet people there with experience and with ideas, but you’ll also meet other newcomers.

Secondly, a story told way too often is that the DevOps movement started out of the open source world back at the very first DevOpsDays in Ghent in 2009. Most of the people present had a strong background in open source, and most of the success stories were from people leveraging the power of these open source tools, but also the mindset of collaboration came out of the open source community.

So the best advice I can give to people is to start looking into those open source projects, yes there will be vendors trying to catch your attention, uh money, by claiming their 15 year-old legacy tool now is DevOps ready, but really everything you need is open.

Learn more about DevOps from leaders in the field.

Read this Q&A with Michael Ducy, co-host of the Goat Farm podcast and blog and Chef’s Manager of Solutions Architects.

Read this Q&A with Patrick Debois, best known as the founder of DevOpsDays and as a creator of the DevOps movement, which explains why some refer to him as the “Godfather of DevOps.”

Keynotes

Frameworks Track

Developer Track

Operations Track

Wildcard Track

Lightning Talks

Apache, Apache Mesos, and Mesos are either registered trademarks or trademarks of the Apache Software Foundation (ASF) in the United States and/or other countries. MesosCon is run in partnership with the ASF.