Observability requires the right data at the right time for the right consumer (human or piece of software) to make the right decision. In the context of Kubernetes, having best practices for cluster observability across all Kubernetes components is crucial.
Are Kubernetes clusters fit to run many of the applications being deployed on them? That question became the focal point of a panel discussion yesterday in Seattle, Washington, hosted by Tetrate, a provider of an instance of the Istio service mesh. Kelsey Hightower, principal engineer for Google Cloud, said one
The kernel project does not host much user-space code in its repository, but there are exceptions. One of those, currently found in the tools/include/nolibc directory, has only been present since the 5.1 release. The nolibc project aims to provide minimal C-library emulation for small, low-level workloads. Read on for an overview of nolibc, its history, and future direction written by its principal contributor.
The nolibc component actually made a discreet entry into the 5.0 kernel as part of the RCU torture-test suite ("rcutorture"), via commit 66b6f755ad45 ("rcutorture: Import a copy of nolibc"). This happened after Paul McKenney asked: "Does anyone do kernel-only deployments, for example, setting up an embedded device having a Linux kernel and absolutely no userspace whatsoever?"
Back in 2019, a high-profile container vulnerability led to the adoption of some complex workarounds and a frenzy of patching. The immediate problem was fixed, but the incident was severe enough that security-conscious developers have continued to look for ways to prevent similar vulnerabilities in the future. This patch set from Giuseppe Scrivano takes a rather simpler approach to the problem.
The 2019 incident, which came to be known as CVE-2019-5736, involved a sequence of steps that culminated in the overwriting of the runc container-runtime binary from within a container. That binary should not have even been visible within the container, much less writable, but such obstacles look like challenges to a determined attacker. In this case, the attack was able to gain access to this binary via /proc/self/exe, which always refers to the binary executable for the current process.
Specifically, the attack opens the runc process's /proc/self/exe file, creating a read-only file descriptor — inside the container — for the target binary, which lives outside that container. Once runc exits, the attacker is able to reopen that file descriptor for write access; that descriptor can subsequently be used to overwrite the runc binary. Since runc is run with privilege outside of the container runtime, this becomes a compromise of the host as a whole; see the above-linked article for details.
This vulnerability was closed by having runc copy its binary image into a memfd area and sealing it; control is then be passed to that image before entering the container. Sealing prevents modifying the image, but even if that protection fails, the container is running from an independent copy of the binary that will never be used again, so overwriting it is no longer useful. It is a bit of an elaborate workaround, but it plugged the hole at the time.
Code that is added to the kernel can stay there for a long time; there is code in current kernels that has been present for over 30 years. Nothing is forever, though. The kernel development community is currently discussing the removal of two architectures and one filesystem, all of which seem to have mostly fallen out of use. But, as we will see, removal of code from the kernel is not easy and is subject to reconsideration even after it happens.
While there are still systems with both byte orders, little-endian has largely "won" the battle at this point since the vast majority of today's systems store data with the least-significant byte first (at the lowest address). But when the X11 protocol was developed in the 1980s, there were lots of systems of each byte order, so the X protocol allowed either order and the server (display side) would swap the bytes to its byte order as needed. Over time, the code for swapping data in the messages, which was written in a more-trusting era, has bit-rotted so that it is now a largely untested attack surface that is nearly always unused. Peter Hutterer has been doing some work to stop using that code by default, both in upstream X.org code and in downstream Fedora.
A Fedora 38 change proposal to disable support for byte-swapped clients by default in the X server was posted in mid-December. It is owned by Hutterer, who proposed adopting the work he was doing for the X.org server into Fedora. At the time, it was unclear whether the upstream changes would land in time, so the Fedora proposal was contingent on that happening. It turns out that Hutterer merged the changes on January 5, so that would not be an impediment to Fedora being an early adopter of the feature.
RapidDisk is an advanced Linux RAM Disk which consists of a collection of modules and an administration tool.
In this tutorial, we will show you how to install Brave Browser on Rocky Linux 9. For those of you who didn’t know, Brave is a free and open-source web browser developed by Brave Software, Inc.
It is easily the most popular and best-supported emulator for the console on Linux.
In this guide, we will show you how to install Kodi Media Server in AlmaLinux, CentOS and RockyLinux servers. Kodi€ (formerly€ XBMC) is a€ free and open-source media player€ software application developed by the XBMC Foundation, a€ non-profit€ technology€ consortium. Kodi is available for multiple operating systems and hardware platforms, with a software€ 10-foot user interface€ for use with televisions and€ remote controls.
In this guide, we will show you how to install Mattermost Desktop on CentOS/AlmaLinux and RockyLinux systems.
A pacemaker with apache high-availability€ cluster management tool in Red Hat Enterprise Linux 8 that monitors and manages services running on Apache servers. It provides failover capabilities for system failures. Pacemaker combines with httpd using a resource agent.
VirtualBox makes it easy to run multiple operating system guests on a single host. One feature you should be regularly using is snapshots. Here's what they are and how to use them.
The Wine development release 8.1 is now available.
What's new in this release: - Windows version set to Windows 10 for new prefixes. - Many code cleanups that were deferred during code freeze. - Various bug fixes.
The source is available at:
https://dl.winehq.org/wine/source/8.x/wine-8.1.tar.xz
Binary packages for various distributions will be available from:
https://www.winehq.org/download
You will find documentation on https://www.winehq.org/documentation
You can also get the current source directly from the git repository. Check https://www.winehq.org/git for details.
Wine is available thanks to the work of many people. See the file AUTHORS in the distribution for the complete list.
The Fedora Project is participating in the upcoming round ofOutreachy. We need more project ideas and mentors! The last day topropose a projector toapply as a general mentoris February 24, 2023, at 4pm UTC.
MLOps (short for machine learning operations) is slowly evolving into an independent approach to the machine learning lifecycle that includes all steps – from data gathering to governance and monitoring. It will become a standard as artificial intelligence is moving towards becoming part of everyday business, rather than an innovative activity.
This Linux-based phone is filled with promise -- and headaches.
Eduponics Mini v2.0 is a Smart Agriculture IoT kit based on the ESP32 wireless microcontroller with built-in sensors to measure temperature, humidity, barometric pressure, and ambient light, and interfaces to connect water level and soil moisture sensors.
When it comes to operating systems and now CPU instruction sets, there is proprietary, there is licensable and modifiable with a standard base of functionality with room for some originality, and there is true open source.
Sometimes you get a hankering for a snack, but there is no snack within arm's reach. Such a situation is a tragedy and exactly what we built society and technology to avoid.
The Twitter/Mastodon saga "might seem like drama that concerns mostly our Silicon Valley neighbors," writes Tomás Guarna, "but it very much concerns us all."
The 2023 LPC PC is pleased to announce that we’ve begun exclusive negotiations with the Omni Hotel in Richmond, VA to host Plumbers 2023 from 13-15 November. Note: These dates arenot yet final(nor is the location; we have had one failure at this stage of negotiations from all the Plumbers venues we’ve chosen). We will let you know when this preliminary location gets finalized (please don’t book irrevocable travel until then).
I recently had to help a friend debug a Word issue where fonts would randomly change to Greek symbols. It got me thinking about theories of debugging in general. At my last job, I was the Debugging Guy.
The Python community is currently struggling with a longtime difficulty in its ecosystem: how to develop, package, distribute, and maintain libraries and applications. The current situation is sub-optimal in several dimensions due, at least in part, to the existence of multiple, non-interoperable mechanisms and tools to handle some of those needs. Last week, we had an overview of Python packaging as a prelude to starting to dig into the discussions. In this installment, we start to look at the kinds of problems that exist—and the barriers to solving them.
Our overview just scratched the surface of the Python packaging world, so we will pick up some of the other pieces as we go along. The recent discussions seem to largely stem from Brett Cannon's mid-November post to renominate himself to the steering council (SC) for the 2023 term; that thread also served to highlight the role of the Python Packaging Authority (PyPA) and its relationship to the Python core developers. Up until relatively recently, the PyPA was an informal organization with a membership that was not well-defined; it had an ad hoc style of governance. That changed in 2019 with the advent of PEP 609 ("Python Packaging Authority (PyPA) Governance"); the PEP formalized the governance of the PyPA.
As of my starting to write this post, there are 25 minutes left until midnight here in the UK. This is the first year that I have actively thought about Groundhog Day throughout the day.
The history of everyone’s favorite attempt to keep the suspense going for just a little bit longer, the spoiler alert. People who spoil things are obviously evil. Obviously.
A 319 million-year-old ray-finned fish fossil at U-M provides new information about early evolutionary history. The fossil was pulled from a coal mine in England more than a century ago.
Like peeking through time.
Finnish schools have separate Finnish-language teaching for students who need extra help — but often pupils are sent there when they don't need it.
Shares of€ Qualcomm Inc. fell in extended trading today after the smartphone chipmaker delivered lower-than-expected fiscal first-quarter revenue and offered weak guidance for the coming quarter. The company reported earnings before certain costs such as stock compensation of $2.37 per share on revenue of $9.46 billion, down 12% from a year earlier.
Kit Knightly Last week professional-software developer and amateur epidemiologist Bill Gates admitted that the mRNA Covid “vaccines” had “three problems”, including that they don’t prevent transmission. But what appears at first glance to be a frank admission is really about protecting the narrative and setting up a new market for new vaccines. Speaking at a …
By studying tissues from deceased people, a team found that women have more rhythmical gene expression and that this molecular rhythmicity decreases with age.
Google announces an expansion of its OSS-Fuzz rewards program to help find software vulnerabilities before they are exploited.
A high-severity format string vulnerability in F5 BIG-IP can be exploited to cause a DoS condition and potentially execute arbitrary code.
The LockBit ransomware gang has claimed responsibility for an attack on financial services company ION Trading UK Ltd.
CISA released six Industrial Control Systems (ICS) advisories on February 2, 2023.
Defense officials claim that a Chinese surveillance balloon has been drifting over the northern part of the United States for the past several days.
The Austrian Foreign Ministry has announced the expulsion of four Russian diplomats for what it said were actions incompatible with their diplomatic status, adding that they must leave the country.
Ukraine's military says there are clear signs that Russian forces are getting ready for a major push in the east, where a stalemate continues despite months-long heavy fighting and intensive daily shelling by Moscow's troops.
French naval forces in January seized thousands of assault rifles, machine guns, and anti-tank missiles in the Gulf of Oman coming from Iran and heading to Yemen's Huthi rebels.
A majority of Finns want to go it alone and join Nato without Sweden, if the latter country's membership is delayed, a poll suggested on Thursday, after Turkey said it could accept Finland without Sweden.
Almost one year after Russia’s invasion of Ukraine, the war is entering a new phase.
The European Commission will announce a new aid package for Ukraine and discuss the prospects of the country's EU membership during its visit to Kyiv, Lithuanian EC member Virginijus SinkeviÃÂius, who is part of the EC delegation, says.
The European Union says it plans to hit Russia with a fresh package of punitive measures -- the 10th since the start of its unprovoked invasion of Ukraine almost one year ago -- as the bloc prepares to hold a summit with Ukraine's leadership in the capital, Kyiv.
The US Congress cannot support the $20 billion sale of F-16 fighter jets to Turkey€ until Ankara ratifies the NATO memberships of Sweden and€ Finland, a bipartisan group of senators said on Thursday.
Ukrainian President Volodymyr Zelensky said on Thursday his war-torn country deserved to start EU accession talks already "this year". Follow our live blog below for all the latest developments. All times are in Paris time (GMT+1).
The International Olympic Committee's decision to allow Russian athletes to compete at the 2024 Paris Olympics under a neutral flag has sparked outrage from critics who say it risks normalizing the genocidal invasion of Ukraine.
A judge has delayed next week’s scheduled execution of a man convicted of killing three teenagers while they slept in a Texas Panhandle home more than 25 years ago. Fifty-four-year-old John Balentine had been set to receive a lethal injection at the state prison in Huntsville on Feb. 8.
The Latvian Olympic Committee (LOK) on February 1 spoke out against allowing Russian and Belarusian athletes to compete in the 2024 Paris Olympic Games amid fears that the International Olympic Committee (IOC) is paving the way for that to happen.
As the war with Russia grinds on, Ukraine’s economy is under pressure and dependent on foreign aid. The average Ukrainian faces an uncertain future, but is still finding ways to persevere.
Authoritarian Turkish President Recep Tayyip Erdoßan defies his NATO partners, buying Russian weapons and blocking European nations from joining the alliance. How to manage ties with a leader NATO cannot do without?
On the 80th anniversary of a decisive Soviet triumph over the Nazis, President Vladimir V. Putin tried to cast Russia’s invasion as a virtuous endeavor. Back-to-back missile strikes hit the Ukrainian military hub of Kramatorsk as Kyiv warned of a new Russian offensive.
‘No one knows how the war in Ukraine will end, but there is one post-war certainty: there will be a prolonged and costly Cold War between the United States and Russia,’ – predicts Melvin A. Goodman, a former CIA analyst...
The European Union's investment bank has called for more budget guarantees from the bloc's 27 members to match or exceed this year the 2.2 billion euros ($2.4 billion) spent in Ukraine since the Russian invasion in February 2022.
At a joint press conference in Stockholm, Marin and Kristersson stressed that the two countries aim to join Nato by July.
Finland and Sweden remain committed to joining NATO at the same time despite Turkey's opposition to the Swedish candidacy, the two countries' prime ministers said in Stockholm
A news conference presents the official narrative but scant hard evidence, lawyers say.
The suicide bomber who killed more than 100 people at a mosque in a police compound in Peshawar this week wore a police uniform and entered the high-security area on a motorbike, a Pakistani provincial police chief said.
Iran blames Israel for a drone attack on a military factory near the central city of Isfahan, the semiofficial ISNA news agency said on February 2
A potentially record-breaking cold snap will descend on New England beginning tonight and lasting into Sunday, with wind chills approaching record low levels.
The city of Rovaniemi in Finnish Lapland experienced its warmest start to a year on record.
Plans for a new rail service running from Oslo and stopping in Gothenburg, Malmö and Copenhagen before arriving in Hamburg are in the works, Swedish state-owned rail operator SJ has said.
If you look closely, you'll find a lot of contradictions.
Biden sat in a truck that costs as much as $120,000 to promote a tax credit that only applies to electric vehicles retailing for up to $80,000.
The Chinese-owned Las Bambas mine in Peru, responsible for close to 2% of the world’s copper production, officially halted production on Feb. 1
Teamwork!
Marine debris likely contributed to the death of a sperm whale that washed up in Hawaii.
The work stoppage would hit food service providers for hospitals, elder housing, prisons, kindergartens and schools, as well as the Defence Forces.
The interest rates on the main refinancing operations and on the marginal lending facility and the deposit facility will be increased to 3 percent, 3.25 percent and 2.5 percent, respectively.
This is the tenth consecutive rate hike since December 2021 as the BoE continues its fight against inflation, which slowed to 10.5 percent in December 2022 from a 41-year high of 11.1 percent in October.
AMLO sent a foreign cabotage bill to Congress in December, which could grant foreign airlines the right to operate domestic routes.
Ford says its fourth-quarter net income fell 90% from a year earlier. That led company officials to say Thursday that the automaker's costs are too high and to pledge more belt-tightening this year. CEO Jim Farley said in a statement that Ford should have done better last year, and it left $2 billion in profits on the table. He said Ford will correct that with improved execution this year. Chief Financial Officer John Lawler told reporters the global shortage of computer chips and other parts hit Ford hard at the end of last year, costing it production of roughly 100,000 vehicles. He would not rule out further white-collar layoffs. Ford said it made $1.26 billion from October through December.
Starbucks reported lower-than-expected sales in its fiscal first quarter, hurt by COVID restrictions in China and lower consumer demand in other markets. Global same-store sales, or sales at stores open at least a year, were up 5% in the October-December period, but that was partly due to higher prices. Store transactions were down 2%. Starbucks fell short of Wall Street's forecast for same-store sales, according to analysts polled by FactSet. Starbucks said its revenue rose 8% to a record $8.7 billion, but that also fell short of analysts’ expectations.
Cheap money and privatization made housing unaffordable, but organizing can reverse the tide
Brian Deese, the top economic adviser to President Biden, will leave his role at the White House, the presidentsaid in a statementThursday.
Identity access management company Okta Inc. and online collaborative whiteboard startup Miro today became the latest two companies to announce layoffs amid the biggest layoffs in the tech industry in more than 20 years. Okta is laying off 5% of its workforce, about 300 employees, citing macroeconomic challenges as its motivating factor.
Apple Inc. disappointed investors today as it delivered its fiscal 2023 first-quarter results, missing expectations on revenue, profit and sales for many of its key business lines and sending its stock down in extended trading. Apple’s total sales fell 5.5% from a year earlier, the first time its quarterly revenue has declined since 2019.
Chainalysis Inc., a company that provides analytical data about cryptocurrency transactions for governments and banks to detect illicit activity, confirmed late Wednesday that the company intends to lay off less than 5% of its 900 employees as part of a reorganization.
TikTok has potential bans weighing heavy on its mind, so much so that it’s planning to completely remodel how it will decide to ban accounts that violate its policies.
As ByteDance Ltd.-owned TikTok stares down the barrel of a shotgun in the U.S., the company announced today that it’s introducing new moderation policies for creators and users.
The social media giant Twitter Inc. has announced that it intends to shutter free access to its application programming interface in a move to make more money for the platform.
TikTok is trying to make it easier for creators and others to navigate its rules, and understand what’s happening to their accounts.
A prominent Pakistani politician who is also a close ally of former Prime Minister Imran Khan was arrested after police raided his home near Islamabad.
The politically outspoken fashion designer was detained at ðstanbul Airport due to a warrant for "degrading the military and the police."
"It is of course the government who is responsible for the hunger," said Eren Erdem of CHP at the court.
Hong Kong has fallen three positions in the latest global democracy index compiled by the Economist Intelligence Unit (EIU), as the think tank attributed the decline to an exodus of experienced civil servants in response to the “deteriorating political situation” in the city.
IPSO needs someone with recent senior experience in national mass market newspapers.
Judge James Ho concurs, adding "I write separately to point out that our Founders firmly believed in the fundamental role of government in protecting citizens against violence, as well as the individual right to keep and bear arms—and that these two principles are not inconsistent but entirely compatible with one another."
What advice does the NSA have for operating dual-stack and new IPv6 networks?
Although Spotify reported a €231 million Q4 2022 operating loss earlier this week, its shares have rebounded by north of 20 percent since the performance analysis released. During today’s trading hours, the per-share value of Spotify stock (NYSE: SPOT) increased by about 3.71 percent from Wednesday’s close to finish at $122.57.
The Biden Administration thinks Apple and Google “act as gatekeepers” over their respective mobile ecosystems.
In re Google LLC(Fed. Cir. 2023)
This is another mandamus action win by Google on convenience grounds. The Federal Circuit has ordered the case moved out of the Western District of Texas (Waco) to the Northern District of California.
Moseley's treatise argues the multitude of benefits that come from drinking coffee, when the beverage was still relatively new to Europe.
* Gemini (Primer) links can be opened using Gemini software. It's like the World Wide Web but a lot lighter.