Open-source News

Chrome Browser version 100 is out now on Windows, Mac, Linux, Android and iOS  Times Now

TheServerHost Launched New York VPS Server Hosting Plans with Linux and Windows OS  EIN News

TheServerHost Launched New York VPS Server Hosting Plans with Linux and Windows OS  EIN News

Right now under Linux it isn't quick and easy to figure out if the likes of (Transparent) Secure Memory Encryption are enabled and working but a new patch series will more easily expose the security attributes of the AMD Platform Security Processor (PSP) to users on Linux. Among the information to be exposed will also include whether the CPU is fused in the name of tampering prevention...

GParted 1.4: New version of live partition-manipulation tool  The Register

Back in January Intel engineers released SVT-AV1 0.9 with significant speed-ups to this open-source AV1 encoder while now as we roll into Q2, SVT-AV1 v1.0 is being readied for launch...

Part of the mainline kernel has been Tegra-VDE as an originally reverse-engineered NVIDIA Tegra video decode driver. After much work on that driver by developer Dmitry Osipenko, it's been promoted out of "staging" with Linux 5.18 among other media subsystem changes...

5 things open source developers should know about cloud services providers Seth Kenlon Wed, 03/30/2022 - 03:00 Up 1 reader likes this

"The cloud" refers to both the collective computing power of an interconnected array of servers and the software layer enabling those computers to work together to create dynamically defined infrastructure. Because many consider the cloud the new frontier of computing, it's dominated the software industry for the past several years. Still, your individual level of involvement with it probably depends on your career and how much you acknowledge that you're using the cloud in your computing.

If you're a programmer, you might be looking to move your development onto the cloud, either for work or for fun, but it doesn't take long to realize that choosing a cloud provider can be an overwhelming prospect, especially for an open source enthusiast. I've written about the importance of an open cloud in the past. Luckily, there are very direct ways you, as a developer, regardless of your experience, can help ensure that the cloud fosters and strengthens open source.

Here are five things developers should know about cloud providers and what the cloud means for open source.

Explore the open source cloud Free online course: Developing cloud-native applications with microservices eBook: Modernize your IT with managed cloud services Try for 60 days: Red Hat OpenShift Dedicated What is Kubernetes? Understanding edge computing Latest articles for IT architects The cloud provider doesn't have to define your platform

To develop software on the cloud, you have two choices. You can build your own miniature cloud, or you can buy time on somebody else's cloud.

Building your own is fun. Given enough contributors to your cluster, it can also be effective. But, if you need your software to grow without practical limits, it's probably not realistic to run your own cloud. Buying into a cloud doesn't have to mean you lose control of your computing. A cloud provider essentially is a vendor between you and virtual infrastructure. You need computing power, and cloud providers are eager to sell it to you.

Just like when you buy a new laptop off the shelf, however, nobody's going to force you to use the closed source bloatware that happens to come along with it. When you rent space on the cloud, you can run as many Linux containers as you want, but the interface you use to create and deploy those containers, and the infrastructure those containers connect to, may not be open source. You can think of your cloud interface as the OS and your containers as your choice of Apache httpd, Postfix, Dovecot, and so on.

To run an open source interface, choose to run an open source console, such as OpenShift (based on the upstream OKD project.) If the cloud provider you end up on doesn't directly offer an open source console, look at a service like Red Hat OpenShift Service on AWS (ROSA) that puts your choices in platform first. 

The cloud is just somebody else's computer, so trust your provider

If you work with, on, or around computers, even tangentially, you're probably dealing with the cloud already. You probably have at least some understanding that when an application is running inside of a browser, it's essentially running on somebody else's computer (that is, a company's array of servers).

There are plenty of reasons to think strongly about whose hardware houses your personal, organizational, and customer data. However, as a developer, there's also reason to consider the toolchain you build your workflow on. Just because you sign up with a cloud provider doesn't mean you can be forced into a specific toolchain. You should never feel hesitant to migrate from a service because you're afraid of having to rebuild your own development environment. Choose a provider that gives you the flexibility to build your environment, your CI/CD pipeline, and your release model in a way that's sustainable for you.

Developing on the cloud still means developing on your computer

If you haven't developed anything on the cloud yet, it may seem foreign to you, but developing on the cloud isn't all that different than developing on your computer. If anything, it enforces really good development practices that you may have been meaning to institute for years.

Whether it's on the cloud or just inches away from your keyboard, you have a development environment to consider. You have libraries you need to track, manage, and update. You have an IDE that helps you with syntax, consistency, variable names, functions and methods, and so on. A good cloud provider lets you use the tools you want to use, whether it's a text editor, a container-friendly IDE, or cloud-aware IDE.

Open standards still matter

Don’t let the compute nodes fool you. Just because bits are being crunched offsite doesn't mean you have to commit your data to a black box. The work of OpenStack is ensuring that the very foundation of the cloud can be open, which brings cloud development and management closer to your desktop than ever. The work of the Open Container Initiative has enabled applications like Podman and LXC to keep containers open (and daemonless and rootless). Open standards and open specifications empower you as a developer to choose the best solution for your work.

When choosing a cloud provider, don't settle for anything less.

We can build an open cloud

The cloud already powers much of the internet, but it has even greater potential the more open it becomes. Supporting open cloud providers using open source technology is important, but it's just as important to help build it. The cloud, just like our personal computers, the internet, and even our day-to-day communities, is only as open as we choose to make it.

Develop using open source and release open source, on the cloud, on the desktop, and everywhere.

Develop using open source and release open source, on the cloud, on the desktop, and everywhere.

Image by:

CC BY 3.0 US Mapbox Uncharted ERG

Cloud Kubernetes What to read next This work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License. Register or Login to post a comment.

How Aqua Security is approaching DevSecOps in 2022 Gaurav Kamathe Wed, 03/30/2022 - 03:00 Up 1 reader likes this

I recently took the opportunity to discuss open source and security challenges with Itay Shakury of Aqua Security. What follows is a fascinating discussion about current issues, the future, and specific cloud-native tools that address the concerns of today's Chief Information Security Officers (CISOs).

Itay, could you please introduce yourself to our readers?

Itay Shakury, Director of Open Source at Aqua Security. I have nearly 20 years of experience in tech, spent across engineering, software architecture, IT, product management, consulting, and more. In recent years, my career path has led me to cloud-native technologies and open source software.

Explore the open source cloud Free online course: Developing cloud-native applications with microservices eBook: Modernize your IT with managed cloud services Try for 60 days: Red Hat OpenShift Dedicated What is Kubernetes? Understanding edge computing Latest articles for IT architects

Tell us about Aqua Security and what problems is it trying to address?

Aqua is pioneering cloud security with its integrated cloud-native application protection platform (CNAPP) that provides prevention, detection, and response automation across the entire application lifecycle. Our suite of solutions enables organizations to secure the supply chain, cloud infrastructure, and running workloads. Aqua's family of open source projects is an accessible entry-point that allows anyone to get started with cloud-native security immediately and at no cost while at the same time driving innovation for our commercial offerings.

As Director of Open Source at Aqua Security, what are your major responsibilities?

My primary responsibility is developing and executing on open source strategy. The strategy includes refining the OSS projects' roadmap, identifying community initiatives for engagement, and making open source viable for commercial use. As an engineering manager, I am leading Aqua's open source teams. Our OSS group is globally distributed and remote-first. This group of talented open source engineers is turning our OSS vision into reality, and I'm fortunate enough to have been part of it.

What challenges do companies face in securing Kubernetes? How should they approach this problem?

One challenge is addressing security across the complete application lifecycle. In the past few years, more and more responsibilities have been put in developers' hands, especially with Kubernetes and cloud-native technologies. We are seeing this across different fields like quality, operations, support, and security. This "shift left" approach is introducing security controls early (or "left") in the development lifecycle, which obviously is a welcome change, but it leaves the organization with the challenge of bridging these newly added controls with preexisting production security (or "right" side).

[ Download the free eBook: A guide to implementing DevSecOps ]

Aqua Security has a variety of popular open source projects. Can you tell us about them?

We have a portfolio of tools and solutions across three domains: security scanning, Kubernetes security, and runtime security.

For security scanning, our open source project Trivy is leading the way. Trivy scans container images and code repositories for known vulnerabilities in packages and libraries. In addition to that, Trivy scans Infrastructure as Code files for misconfigurations and common security issues. Trivy is very well received in the industry and has a robust and supportive community of contributors, which makes it so successful. We recently celebrated a milestone of crossing 10,000 GitHub stars!

In Kubernetes security, Aqua's Starboard assesses your Kubernetes clusters' security posture. It is powered by our other project, kube-bench, which is already a staple of Kubernetes security. Since Starboard is a Kubernetes operator, it will continuously and automatically detect changes to the cluster and application state and maintain an up-to-date report of your security posture.

Runtime security is about detecting and preventing suspicious behavior during production. Our project Tracee achieves that by leveraging cutting-edge technology–eBPF—and is leading the way for how that technology can be applied in this use case.

The use of the eBPF technology is growing in security applications and tooling (tracee). Has it reached a point where it can go mainstream?

eBPF has been around for a while and has seen real-world usage in some of the biggest technology companies in the world. The technology is solid (especially its recent editions), but it's still not so accessible for developers who are programming with it, nor for users who are adopting it. One of the biggest challenges currently is with building and distributing eBPF-powered applications. Unlike "normal" applications, which the vendor would build and then ship the resulting artifact to users, eBPF-based applications are much more sensitive to environmental nuances and therefore are commonly shipped as source code that the user needs to compile on-site. We have been working with the community and industry colleagues to solve these challenges upstream so that eBPF can be more widely available and accessible. This actually resulted in another open source project we released called "btfhub."

Supply chain security is currently one of the topmost items for CISOs worldwide. What other security issues do you think need our collective focus and attention?

Supply chain is definitely getting a lot of attention. At Aqua, we identified the security gaps that many organizations face, and we acquired a company specializing in supply chain security–Argon Security. Aqua and Argon are working together to address these challenges, and I'm sure that our open source family will soon benefit from it.

Most supply chain solutions rely on implementing tools and practices early in the software development lifecycle. This is part of the movement to "shift left," moving security from production to the developers. I think this movement is great, but stitching together the different tools that the organization adopts across the "left" and "right" side of the house is still a challenge, and this is usually next on a CISO's desk.

Security is a growing field, with many wanting to make it a career. What are the top skills/traits that you prioritize while hiring?

Curiosity is something that I think helps people in engineering but especially in InfoSec. Being intrinsically curious and having the drive to investigate and understand how things work is very helpful for a security engineer.

In open source specifically, we are looking for engineers with an additional layer of skills on top of the core technological proficiency. In particular, we value softer skills that contribute to our approach that the open source engineers not only write the code but also plan the product roadmap, speak about it, promote it, and build a community around it.

What does Itay enjoy doing in his free time?

Technology is a big part of my life, and I'm also drawn to it in my free time. But besides that, spending time with my wife and son, hikes, and good food. I also never miss my morning yoga routine.

I'd like to thank Itay for taking the time to discuss the security concerns we all face in today's cloud-native, containerized world. He has provided some great insights and shows just how many solutions open source software provides.

I sit down with Aqua Security's Director of Open Source to discuss cloud trends, Kubernetes security, hiring for InfoSec jobs, and everything in between.

Image by:

JanBaby, via Pixabay CC0.

Security and privacy Containers Cloud Kubernetes DevOps What to read next This work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License. Register or Login to post a comment.

How to reset Ubuntu 22.04 LTS root password  Linux Shout

The post How to Connect to Remote Database via SSH Tunnel in pgAdmin4 and DBeaver first appeared on Tecmint: Linux Howtos, Tutorials & Guides .

SSH allows two computers to communicate and encrypts the shared data. It’s a commonly used method for securely accessing remote server terminals and for file transfer. SSH can also be used to create a

The post How to Connect to Remote Database via SSH Tunnel in pgAdmin4 and DBeaver first appeared on Tecmint: Linux Howtos, Tutorials & Guides.

How to Install and Play Steam Games on a Chromebook  BollyInside

The post How to Create Custom 404 Error Page in NGINX first appeared on Tecmint: Linux Howtos, Tutorials & Guides .

Every time NGINX encounters an error as it attempts to process a client’s request, it returns an error. Each error includes an HTTP response code and a short description. The error usually is displayed

The post How to Create Custom 404 Error Page in NGINX first appeared on Tecmint: Linux Howtos, Tutorials & Guides.

The first release candidate of systemd 251 is now available for testing as a rather large update to this Linux init system and service manager...

In continuation of last week's article that the GCC steering committee approved landing of LoongArch as a new port to this MIPS-derived Chinese CPU architecture, the code was merged on Tuesday...

How to Use Android 12L on Windows PC, Mac, and Chromebook  BollyInside

How to clear DNS cache in Windows, macOS and Linux  BollyInside

Samsung and Western Digital Begin Far-Reaching Collaboration To Drive Standardization of Next-generation Storage Technologies for Broader Ecosystem Support and Customer Adoption  Samsung Global Newsroom

It's coming a week late due to a scheduling mishap but in any event today marks the first stable point release to the Mesa 22.0 series for open-source OpenGL/Vulkan drivers...

Arduino goes pro with Linux and a big chip on its latest board  Stacey on IoT