Language Selection

English French German Italian Portuguese Spanish

Server

Why I use Ingress Controllers to expose Kubernetes services

Filed under
Server

The meteoric rise of containerization and microservices has been necessary to meet the growing demand for applications, but getting it right means overcoming some critical network orchestration challenges. Out of the complexities that developers of cloud-native applications face, strategically utilizing Kubernetes ingress controllers is among the most difficult components to understand—and among the most important.

Before diving into ingress controllers, you need to understand why networking is so important to developer workflows.

It is common for development teams to create backend API services to enable connectivity for external applications and users. In early development phases, teams often use implementations of container environments on local development machines, which more simply rely on direct container invocations through Docker Compose or similar local orchestrators for access.

However, when the time comes to shift to a shared development or staging environment and match the configuration that will be used in production, these direct-access stopgaps are no longer sufficient. The access patterns often assume trusted access, which can't be assumed in production, or they rely on static values that are likely to change in a cloud infrastructure.

Read more

Journey of a Linux DevOps engineer

Filed under
GNU
Linux
Red Hat
Server

After navigating the streets of Manhattan and finding a parking spot, we walked down the block to what turned out to be a large bookstore. You've seen bookstores like this on TV and in the movies. It looks small from the outside, but once you walk in, the store is endless. Walls of books, sliding ladders, tables with books piled high—it was pretty incredible, especially for someone like me who also loves reading.

But in this particular store, there was something curious going on. One of the tables was surrounded by adults, awed and whispering among each other. Unsure of what was going on, we approached. After pushing through the crowd, I saw something that drew me in immediately. On the table, surrounded by books, was a small grey box—the Apple Macintosh. It was on, but no one dared approach it—no one, that is, except me. I was drawn like a magnet, immediately grokking that the small puck-like device moved the pointer on the screen. Adults gasped and murmured, but I ignored them all and delved into the unknown. The year was, I believe, 1984.

Somewhere around the same time, though likely a couple of years before, my father brought home a TI-99/4A computer. From what I remember, the TI had just been released, so this had to be somewhere around 1982. This machine served as the catalyst for my love of computer technology and was one of the first machines I ever cut code on.

My father tells a story about when I first started programming. He had been working on an inventory database, written from scratch, that he had built for his job. I would spend hours looking over his shoulder, absorbing everything I saw. One time, he finished coding, saved the code, and started typing the command to run his code ("RUN"). According to him, I stopped him with a comment that his code was going to fail. Ignoring me, as I was only five or six at the time, he ran the code, and, as I had predicted, it failed. He looked at me with awe, and I merely looked back and replied, "GOSUB but no RETURN."

Read more

Also: Authorizing multi-language microservices with Louketo Proxy

Sysadmin Appreciation Day and More Homage to Sysadmins

Filed under
GNU
Linux
Server

  • Celebrate Sysadmin Appreciation Day today

    Happy Sysadmin Appreciation Day, and thank you for all you do. When email is flowing, databases just work as they should, and the network is screaming (in a good way), you can focus on more challenging things, like how to automate tasks to make your sysadmin life easier.

    But when things break, and we know they will, it's all hands on deck to fix the problem and find the root cause, so it doesn't happen again. Sometimes, you'll find that elusive answer, and sometimes you put your hands up and move on to the next fire.

    Here at Enable Sysadmin, we're building a great community of authors who want to share their stories, their expertise, and learn from each other. In May 2020, we officially launched our Sudoers program to recognize our core contributors, and we invite you to check it out and join us.

  • Celebrate Sys Admin Appreciation Day with Special Free Issue from ADMIN Magazine

    System Administrator Appreciation Day is a special day dedicated to system administrators around the world. This year, FOSSlife and ADMIN Network & Security are partnering to provide another installment of the ADMIN "Terrific Tools" series, dedicated to the tireless professionals who keep our networks alive and well.

    Celebrate System Administrator Appreciation Day with this collection of articles on free tools for IT professionals. This special digital issue includes useful utilities that will help you search out rootkits, monitor network traffic, generate easy-to-use passwords, and much more. Bonus articles explore hidden command-line tools and describe how to find resource bottlenecks with eBPF.

  • July 31, 2020: Celebrate “System Administrator Appreciation Day” Today

    Ted Kekatos, a System Administrator by profession got inspired by an Advertisement in Hewlett-Packard Magazine where an Administrator is greeted in the form of flowers and fruit-baskets by thankful co-workers for their new printer installed.

    Kekatos idea was further recognized and promoted by lots of IT organizations and professional including the ‘League of Professional System Administrator‘, SAGE/USENIX, etc.

    The first System Administrator Appreciation Day was celebrated on July 28, 2000. And since then celebrating System Administrator Appreciation Day every year gets a worldly recognition and today we reached the figure 21st.

  • What sysadmins wish their co-workers knew about their jobs

    You have a problem, and reach out to the help desk or your friendly neighborhood admin. It's a quick fix, you're sure, but ugh they want you to file a ticket! What a pain, right? It might sound like they're giving you the cold shoulder but that's (usually) not the case. Admins want users to file tickets for a number of reasons.

    First of all, it helps them manage their time. It's hard to focus on longer projects when you are pelted with "this will just take five minutes" requests all day. Also, other people have been waiting for their ticket to be handled.

    Secondly, admins may need to account for their work and demonstrate that they are -- in fact -- busy and not just playing Doom Eternal all afternoon.

    Also, it helps keep track of problems that crop up frequently and assists with institutional memory. A well-kept ticketing system with a good search tool can help admins identify long-term problems that need fixing, and reduce the time to fix problems in the future by documenting how they were fixed today.

  • The sysadmin's journey: A series of unexpected events

    As part of the 21st annual System Administrator Appreciation Day celebration, I want to share these four pillars to help you improve your skills, just as they did with me.

Linux runs on 500 of the top 500 supercomputers

Filed under
GNU
Linux
Server

One of the primary testaments to the success of Linux is its amazing dominance in the area of supercomputing. Today, all 500 of the world’s top 500 supercomputers are running Linux. In fact, this has been the case since Nov 2017. I know this because the TOP500 organization has been tracking the 500 most powerful commercially available computer systems since 1993 and their data documenting Linux’ takeover of supercomputing since 1998 is nothing short of inspiring. A graph of Linux' ascension is available on this TOP500 page.

Read more

New Security Patches and New UEFI 'Secure' Boot Catastrophe

Filed under
Server
Security
  • Security updates for Thursday

    Security updates have been issued by Arch Linux (webkit2gtk), CentOS (GNOME, grub2, and kernel), Debian (firefox-esr, grub2, json-c, kdepim-runtime, libapache2-mod-auth-openidc, net-snmp, and xrdp), Gentoo (chromium and firefox), Mageia (podofo), openSUSE (knot and tomcat), Oracle (grub2, kernel, postgresql-jdbc, and python-pillow), Red Hat (firefox, grub2, kernel, and kernel-rt), SUSE (grub2), and Ubuntu (firefox, grub2, grub2-signed, and librsvg).

  • Grub2 updates for Red Hat systems are making some unbootable

    As reported in the comments on the Grub2 secure-boot vulnerabilities report, the updates for grub2 for RHEL 8 and CentOS 8 are making some systems unbootable. The boot problems are seemingly unrelated to whether the system has secure boot enabled. It may be worth waiting a bit for that to shake out.

  • Servers at risk from “BootHole” bug – what you need to know

    That’s our tongue-in-cheek name for a cybersecurity vulnerability that not only gets assigned an identifier like CVE-2020-10713, but also acquires an impressive name plus a jaunty logo (and even, in one intriguing case, a theme tune).

    This month’s bug with an impressive name (see what we did there?) is called BootHole, and its logo rather cheekily shows a boot with a worm sticking out of a hole in the toecap.

    The bad news is that this bug affects the integrity of bootup process itself, meaning that it provides a way for attackers to insert code that will run next time you restart your device, but during the insecure period after you turn on the power but before the operating system starts up.

    The good news for most of us is that it relies on a bug in a bootloader program known as GRUB, short for Grand Unified Boot Loader, which is rarely found on Windows or Mac computers.

  • Why the GRUB2 Secure Boot Flaw Doesn’t Affect Purism Computers

    To understand why this flaw does not affect Purism computers, it helps to understand why UEFI Secure Boot exists to begin with, and how it and the security exploit works. Attacks on the boot process are particularly nasty as they occur before the system’s kernel gets loaded. Attackers who have this ability can then compromise the kernel before it runs, allowing their attack to persist through reboots while also hiding from detection. UEFI Secure Boot is a technology that aims to protect against these kinds of attacks by signing boot loaders like GRUB2 with private keys controlled ultimately by Microsoft. UEFI Firmware on the computer contains the public certificate counterparts for those private keys. At boot time UEFI Secure Boot checks the signatures of the current GRUB2 executable and if they don’t match, it won’t allow the executable to run.

    If you’d like to understand the GRUB2 vulnerability in more detail, security journalist Dan Goodin has a great write-up at Ars Technica. In summary, an attacker can trigger a buffer overflow in GRUB2 as it parses the grub.cfg configuration file (this file contains settings for the GRUB2 menu including which kernels to load and what kernel options to use). This buffer overflow allows the attacker to modify GRUB2 code in memory and execute malicious code of their choice, bypassing the protection UEFI Secure Boot normally would have to prevent such an attack.

    Unfortunately, UEFI Secure Boot doesn’t extend its signature checks into configuration files like grub.cfg. This means you can change grub.cfg without triggering Secure Boot and the attack exploited that limitation to modify grub.cfg in a way that would then exploit the running GRUB2 binary after it had passed the signature check.

    Further complicating the response to this vulnerability is the fact that it’s not enough to patch GRUB2. Because the vulnerable GRUB2 binaries have already been signed by Microsoft’s certificate, an attacker could simply replace a patched GRUB2 with the previous, vulnerable version. Patching against this vulnerability means updating your UEFI firmware (typically using reflashing tools and firmware provided by your vendor) so that it can add the vulnerable GRUB2 binary signatures to its overall list of revoked signatures.

Self-Hosted and Open-Source Alternatives to Popular Services

Filed under
Server
OSS

The internet is a prominent place. And while it may feel like a few huge names like Netflix, Dropbox, and Facebook run the show, they are far from the only option you have available. It’s now easier than ever to find a self-hosted alternative to just about any online platform.

What does self-hosted mean? Self-hosted platforms are apps that function through their web hosting instead of a major option like Amazon Web Services. Generally, they’re not only open-source (a.k.a. free) but full of different content, features, and other things worth checking out.

And here’s the best part—they’re often cheaper! Here are some of the best self-hosted alternatives to popular services.

Read more

Also: Ideal Linux webhosting services of 2020

Server and CMS: Kubernetes, openSUSE MicroOS, TiddlyWiki and WordPress

Filed under
Server
Misc

  • Music and math: the Kubernetes 1.17 release interview

    Every time the Kubernetes release train stops at the station, we like to ask the release lead to take a moment to reflect on their experience. That takes the form of an interview on the weekly Kubernetes Podcast from Google that I co-host with Craig Box. If you're not familiar with the show, every week we summarise the new in the Cloud Native ecosystem, and have an insightful discussion with an interesting guest from the broader Kubernetes community.

    At the time of the 1.17 release in December, we talked to release team lead Guinevere Saenger. We have shared the transcripts of previous interviews on the Kubernetes blog, and we're very happy to share another today.

    Next week we will bring you up to date with the story of Kubernetes 1.18, as we gear up for the release of 1.19 next month. Subscribe to the show wherever you get your podcasts to make sure you don't miss that chat!

  • New default: tmpfs on /tmp

    We made an important change for our Container Host OS openSUSE MicroOS, which our Kubernetes platform openSUSE Kubic will inherit since it is based on openSUSE MiceroOS: we use now tmpfs for /tmp.

    tmpfs is a temporary filesystem that resides in memory. Mounting directories as tmpfs can be an effective way of speeding up accesses to their files and to ensure that their contents are automatically cleared upon reboot.

    A fresh installation will use tmpfs for /tmp by default. Old installations needs to be converted to this manually, but it is still possible to switch back to use disk space for /tmp. This is especially useful and important, if big files are stored in /tmp.

  • TiddlyWiki, 12 Use-cases and 5 Tips for New Users.

    I have been using TiddlyWiki for years, mainly as personal memo, to-do organizer and encrypted data reserve (to keep track about some of my patients, or while learning). I always recommend this amazing project to my friends, colleagues doctors and developers alike, because I believe the value it gives is far so great than its minimal size and humble look.

    As a self-learner, TiddlyWiki was my main choice and companion to record what I learn, links I collect, code snippets, medical cases and algorithms. It's the only tool I am still using for more than decade.

    I consider a TiddlyWiki is a masterpiece, not in coding but its simplicity and flexibility, needless to say its rich features list.

  • WordPress 5.5 Beta 4

    WordPress 5.5 Beta 4 is now available!

    This software is still in development, so it’s not recommended to run this version on a production site. Consider setting up a test site to play with the new version.

    [...]

    WordPress 5.5 is slated for release on August 11th, 2020, and we need your help to get there!

    Thank you to all of the contributors who tested the beta 3 development release and gave feedback. Testing for bugs is a critical part of polishing every release and a great way to contribute to WordPress.

The 6 Best Open Source Web Servers

Filed under
Server
OSS

Apache HTTP Server, colloquially known as Apache or httpd in Red Hat distributions is a free and opensource web server developed by Apache Software Foundation under Apache License version 2. Released in 1995, Apache has grown in leaps and bounds to become one of the most popular and widely used web servers, powering over 37% of all the websites.

Apache is written in C language and is a highly customizable webserver thanks to its tons of modules that extend the web server’s functionality. These include mod_file_cache for caching, mod_ftp to provide FTP support for file uploads and downloads, and mod_ssl that allows support for SSL / TLS encryption protocols, and many more.

Additionally, given its rich set of modules, Apache provides multi-protocol support such as both IPv4 and IPv6 support and the commonly used HTTP, HTTP/2, and HTTPS protocols.

Read more

aaPanel – An Open Source Alternative For cPanel

Filed under
Server
OSS

cPanel is the control panel for web hosting built by cPanel LTD. In the last article of the Linux cPanel series, I reviewed Virtualmin, a popular, free, and open-source control panel. aaPanel is also a free and open-source control panel for Linux. It’s easy to install & all the web hosting options are well-categorized for easily managing websites and databases.

cPanel is a very popular control panel for web hosting. Most web hosting companies including Hostgator, Bluehost, and GoDaddy provide cPanel to easily perform tasks on servers. But, it is not free.

In this series, I am hunting down the best open source control panels for web hosting. aaPanel is one of such hosting panels that provides an easy to use GUI interface with a great number of options and security features.

First of all, aaPanel is easily installable. It provides a single script to be run on a newly created server. The script installs all the tools, dependencies, and sets up a user account to log in.

It is highly recommended that you run the script on a fresh system. Still, if you want to run it on a server that already has a few user-installed programs running, use the –force option when executing the script. Anyway, enough talk. Let’s do some practical.

Read more

CNCF (Linux Foundation) and 10 Years of OpenStack

Filed under
Server
  • Linux Foundation Partners With CNCF on Kubernetes Certs, Training

    The Linux Foundation and Cloud Native Computing Foundation (CNCF) announced today they are collaboratively developing a Certified Kubernetes Security Specialist (CKS) certification expected to be available in November.

    At the same time, the two open source consortiums announced the availability of a training course dubbed “LFS244 – Managing Kubernetes Applications with Helm.” The CNCF is an arm of The Linux Foundation.

    Clyde Seepersad, senior vice president and general manager for training and certification at The Linux Foundation, says the Certified Kubernetes Security Specialist (CKS) certification will require IT professionals to be certified in Kubernetes management fundamentals as a prerequisite. The goal is to expand the amount of cybersecurity expertise IT professionals can bring to bear while also managing Kubernetes clusters, he says.

    The exam for the certification covers cluster setup, cluster hardening, system hardening, microservice vulnerabilities minimization, supply chain security, monitoring, logging and runtime security.

  • 10 Years of OpenStack
  • New Training Course Teaches Kubernetes Application Management with Helm
Syndicate content

More in Tux Machines

today's howtos

Kernel: Linux Plumbers and New in Linux 5.9

  • Linux Plumbers currently sold out

    Linux Plumbers is currently sold out of regular registration tickets. Although the conference is virtual this year our virtual platform cannot support an unlimited number of attendees, hence the cap on registration. We are currently reviewing our capacity limits to see if we can allow more people to attend without over burdening the virtual platform and potentially preventing discussion. We will make another announcement next week regarding registration.

  • Linux 5.9 Supports A Lot Of New Audio Hardware, Intel Silent Stream Added

    The Linux kernel continues supporting a lot more audio devices and much more punctual than a decade or two ago.

  • Linux 5.9 Networking Changes Are As Active As Ever

    Each kernel cycle the networking subsystem sees a lot of churn given the importance of network interconnect performance and reliability especially in high performance computing environments where Linux dominates.

5 of the Best Linux Laptops in 2020

If you’re shopping for a laptop and know you’re planning to run Linux, you can either get any laptop, reformat the hard drive and install your favorite Linux distro on it or just get a laptop that is running Linux right out of the box. Here are some of the best Linux laptops you can get in 2020. [...] These all come preloaded with Ubuntu 20.04 LTS, which is a solid base for any of the various flavors or just vanilla Ubuntu. Many of the drivers have been contributed upstream by Dell, so many distros that use newer kernels should be able to take full advantage of the Killer Wi-Fi cards and Intel Iris Plus Graphics. [...] Pine64 has been in the news often for its Pinephone, but the Pinebook Pro is another great product from them. It’s a 14” ARM laptop that weighs less than 3 lbs/1.5 KG and sips power. It’s a great little machine that helps to push Linux forward on the ARM platform and comes in just under $200. Read more

Richard Stallman: A Discussion on Freedom, Privacy & Cryptocurrencies

Dr. Richard Stallman is well-known for his free software movement activism. His speeches and work revolve around a term: freedom. And it is precisely that word that prompted Stallman to launch the GNU Project, founding the Free Software Foundation and releasing the GNU General Public License, among other projects, to promote the free software concept. RMS, as Dr. Stallman is also known, has some opinions regarding the concept of cryptocurrencies that have been widely discussed within the crypto community. Read more