Tech News - Cloud & Networking

Stripe, the payments infrastructure company, has received a whopping $100 million in funding from Tiger Global Management and now its valuation stands at $22.5 billion as reported by The Information on Tuesday. Last year in September, it also secured $245 million through its funding round, also led by Tiger Global Management. Founded in 2010 by the Irish brothers, Patrick and John Collision, Stripe has now become one of the most valuable “unicorns”, a term used for firms worth more than $1 billion, in the U.S. The company also boasts an impressive list of clients, recently adding Google and Uber to its stable users. The company is now planning to expand its platform by launching a point-of-sale payments terminal package targeted at online retailers making the jump to offline. A Stripe spokesperson told CNBC, “Stripe is rapidly scaling internationally, as well as extending our platform into issuing, global fraud prevention, and physical stores with Stripe Terminal. The follow-on funding gives us more leverage in these strategic areas.” The company is also expanding its team. On Tuesday, Patrick Collision announced that Diane Greene, who is an Alphabet board of directors member will be joining the Stripe’s board of directors. Along with Greene, joining the team are Michael Moritz, a partner at Sequoia Capital, Michelle Wilson, former general counsel at Amazon, and Jonathan Chadwick, former CFO of VMware, McAfee, and Skype. https://twitter.com/patrickc/status/1090386301642141696 In addition to Tiger Global Management, the start-up has also being supported by various other investors including Sequoia Capital, Khosla Ventures, Andreessen Horowitz, and PayPal co-founders Peter Thiel, Max Levchin, and Elon Musk. For more details, read the full story on The Information website. PayPal replaces Flow with TypeScript as their type checker for every new web app After BitPay, Coinbase bans Gab accounts and its founder, Andrew Torba Social media platforms, Twitter and Gab.com, accused of facilitating recent domestic terrorism in the U.S.

Yesterday, the Oath network automation team open sourced Panoptes, a distributed system for collecting, enriching and distributing network telemetry. This pluggable, distributed and high-performance data collection system supports multiple polling formats, including SNMP and vendor-specific APIs. It also supports emerging streaming telemetry standards including gNMI. Panoptes is written primarily in Python. It leverages multiple open-source technologies to provide the most value for the least development effort. Panoptes Architecture Source: Yahoo Developers The architecture is designed to enable easy data distribution and integration with other systems. The plugin to push metrics into InfluxDB allows Panoptes to evolve with industry standards. Teams can quickly set up a fully-featured monitoring environment because of the combination of Grafana and the InfluxData ecosystem. There were multiple issues inherent in legacy polling systems, including overpolling due to multiple point solutions for metrics, a lack of data normalization, consistent data enrichment and integration with infrastructure discovery systems. Panoptes aims to overcome all these issues. Check scheduling is accomplished using Celery, which is a horizontally scalable, open-source scheduler that utilizes a Redis data store. Panoptes ships with a simple, CSV-based discovery system. It can be integrated with a CMDB. From there, Panoptes will manage the task of scheduling polling for the desired devices. Users can also develop custom discovery plugins to integrate with their CMDB and other device inventory data sources. Vendors are moving towards a more streamlined model of telemetry. Panoptes’ flexible architecture will minimize the effort required to adopt these new protocols. The metric bus at the center of the model is implemented on Kafka. All data plane transactions flow across this bus. Discovery plugins publish devices to the bus and polling plugins publish metrics to the bus. Similarly, numerous clients read the data off of the bus for additional processing and forwarding. This architecture enables easy data distribution and integration with other systems. The team at Oath has deployed Panoptes in a tiered, federated model. They have developed numerous custom applications on the platform, including a load balancer monitor, a BGP session monitor, and a topology discovery application. All this was done at a reduced cost, thanks to Panoptes. This open-source release is packaged for easy deployment into any Linux-based environment and available on Github. You can head over to Yahoo Developer Network for deeper insights into this news. Performing Vehicle Telemetry job analysis with Azure Stream Analytics tools Anaconda 5.3.0 released, takes advantage of Python’s Speed and feature improvements Arm releases free Cortex-M processor cores for FPGAs, includes measures to combat FOSSi threat

Last week, Pivotal announced the ‘Pivotal Function Service’ (PFS)  in alpha. Until now, Pivotal has focussed on making open-source tools for enterprise developers but has lacked a serverless component to its suite of offerings. This aspect changes with the launch of PFS. PFS is designed to work both on-premise and in the cloud in a cloud-native fashion while being open source. It is a Kubernetes-based, multi-cloud function service offering customers a single platform for all their workloads on any cloud. Developers can deploy and operate databases, batch jobs, web APIs, legacy apps, event-driven functions, and many other workloads the same way everywhere, all because of the Pivotal Cloud Foundry (PCF) platform. This is comprised of Pivotal Application Service (PAS), Pivotal Container Service (PKS), and now, Pivotal Function Service (PFS). Providing the same developer and operator experience on every public or cloud, PFS is event-oriented with built-in components that make it easy to architect loosely coupled, streaming systems. Its buildpacks simplify packaging and are operator-friendly providing a secure, low-touch experience running atop Kubernetes. The fact that Pivotal can work on any cloud as an open product, makes it stand apart from cloud providers like Amazon, Google, and Microsoft, which provide similar services that run exclusively on their clouds. Features of PFS PFS is built on Knative, which is an open-source project led by Google that simplifies how developers deploy functions atop Kubernetes and Istio. PFS runs on Kubernetes and Istio and helps customers take advantage of the benefits of Kubernetes and Istio, abstracting away the complexity of both technologies. PFS allows customers to use familiar, container-based workflows for serverless scenarios. PFS Event Sources helps customers create feeds from external event sources such as GitHub webhooks, blob stores, and database services. PFS can be connected easily with popular message brokers such as Kafka, Google Pub/Sub, and RabbitMQ; that provide a reliable backing services for messaging channels. Pivotal has continued to develop the riff invoker model in PFS, to help developers deliver both streaming and non-streaming function code using simple, language-idiomatic interfaces. The new package includes several key components for developers, including a native eventing ability that provides a way to build rich event triggers to call whatever functionality a developer requires within a Kubernetes-based environment. This is particularly important for companies that deploy a hybrid use case to manage the events across on-premise and cloud in a seamless way. Head over to Pivotal’s official Blog to know more about this announcement. Google Kubernetes Engine was down last Friday, users left clueless of outage status and RCA Introducing Alpha Support for Volume Snapshotting in Kubernetes 1.12/ ‘AWS Service Operator’ for Kubernetes now available allowing the creation of AWS resources using kubectl  

Fedora 29 Beta was made available yesterday. It is the next big step towards a stable release of the Linux distribution. The stable version will be available late October. This beta brings features like modularity for all, support for GNOME 3.30 and some other changes. Modularity Modular repositories were introduced in Fedora 28 for the Fedora Server Edition. In Fedora 29 beta, modularity is available in all the editions, spins and labs. Modularity makes multiple versions of important packages available in parallel. It will work with the familiar Dandified YUM (DNF) package. With modularity, users can update their OS to the latest version while maintaining the required version of an application for proper functionality. GNOME 3.30 Fedora 29 Workstation Beta comes with the latest version of GNOME. GNOME 3.30 streamlines performance and adds a new application for Podcasts. It also automatically updates Flatpaks in Software Center. Other changes There are also many other updates included in the Fedora 29. Fedora Atomic Workstation is now rebranded as Fedora Silverblue. The GRUB menu will be hidden where only a single OS is installed as it does not provide any useful functionality in those cases. The latest version of Fedora also brings updates to many popular packages including MySQL, GNU C Library, Python, and Perl. Some architecture changes include dropping as an alternative architecture, initial support for field programming gate array (FPGAs), and packages are now built with SSE2 support. Many projects including Eclipse have dropped support for the big endian ppc64 architecture. So now Fedora will have to discontinue producing any ppc64 content. Fedora Scientific will now be shipped as vagrant boxes which were previously delivered as ISO files. Vagrant boxes will give potential users a friendlier option to try Fedora Scientific while keeping the current operating system. For a full list of changes, visit the Fedora website. GIMP gets $100K of the $400K donation made to GNOME GNOME 3.30 released with improved Desktop performance, Screen Sharing, and more Linus Torvalds is sorry for his ‘hurtful behavior’, is taking ‘a break (from the Linux community) to get help’

Rackspace recently announced the launch of its Kubernetes-as-a-Service offering which would be  implemented to its private cloud clients worldwide, this month. It claims this service would be soon coming to public cloud later this year. Rackspace, which is a managed-cloud computing company, revealed that it will fully operate and manage the Kubernetes deployment, including the infrastructure. It also claimed that users can save up to 50% when compared to other open source system deployments. So, if you are looking at automating deployments, scaling, and managing containerized applications then, Kubernetes is your open-source option. It is the most efficient way of running online software across a vast range of machines. Kubernetes is becoming a leading player in cloud container orchestration, where bigger players like Microsoft Azure and Cisco have started adopting its services. Not all businesses comply with the internal resources and expertise needed to effectively manage a Kubernetes environment on their own. By delivering a fully managed Kubernetes-as-a-Service, Rackspace allows organizations to focus more on building and running their applications. With the new service, Rackspace delivers an enhanced level of ongoing operations management and support for the entire technology stack. This support ranges from the hardware to the Infrastructure as a Service (IaaS) to Kubernetes. Rackspace also claims that the key benefits of this offering include Support for operations such as Updates, Upgrades, Patching and security hardening, and The ability to use a single platform to deploy Kubernetes clusters across private and public clouds. Ensures that a customer always has access to an entire team of specialists 24*7*365 Rackspace experts fully validate and inspect each component of the service, provide static container scanning and enable customers to restrict user access to the environment. This is just an overview of Rackspace’s  extended support to Kubernetes-as-a-Service. You can know more about this new offering from the Rackspace blog. What Google, RedHat, Oracle, and others announced at KubeCon + CloudNativeCon 2018 How to secure a private cloud using IAM Google’s kaniko – An open-source build tool for Docker Images in Kubernetes, without a root access

Microsoft released a new Chamber of Secrets named as ‘Immutable Blob Storage’.  This storage service safeguards sensitive data and is built on the Azure Platform. It is the latest addition to Microsoft’s continuous development towards the industry-specific cloud offerings. This service is mainly built for the financial sector but can be utilized for other sectors too by helping them in managing the information they own. The Immutable Blob Storage is a specialized version of Azure’s existing object storage and includes a number of added security features, which include: The ability to configure an environment such that the records inside it are not easily deleted by anyone; not even by the administrators who maintain the deployment. Enables companies to block edits to existing files. This setting can assist banks and other heavily regulated organizations to prove the validity of their records during audits. The service costs of Immutable Blob Storage is as same as Azure’s regular object service and the two products are integrated with another. Immutable Blob Storage can be used for both standard and immutable storage. This means  IT no longer needs to manage the complexity of a separate archive storage solution. These features come on top of the ones that have been carried over to Immutable Blob Storage from the standard object service. This also includes a data lifecycle management tool that allows organizations to set policies for managing their data. Read more about this new feature on Microsoft Azure’s blog post. How to migrate Power BI datasets to Microsoft Analysis Services models [Tutorial] Microsoft releases Open Service Broker for Azure (OSBA) version 1.0 Microsoft Azure IoT Edge is open source and generally available!

Kubernetes 1.12 will be released on Tuesday, the 25th of September 2018. This updated release comes with improvements to security and storage, cloud provider support and other internal changes. Let’s take a look at the four domains that will be majorly impacted by this update. #1 Security Stability provided for Kubelet TLS bootstrap The Kubelet TLS bootstrap will now have a stable version. This was also covered in the blog post Kubernetes Security: RBAC and TLS. The kubelet can generate a private key and a signing request (CSR) to get the corresponding certificate. Kubelet server TLS certificate automatic rotation (Beta) The kubelets are able to rotate both client and/or server certificates. They can be automatically rotated through the respective RotateKubeletClientCertificate and RotateKubeletServerCertificate feature flags in the kubelet that are enabled by default now. Egress and IPBlock support for Network Policy NetworkPolicy objects support an egress or to section to allow or deny traffic based on IP ranges or Kubernetes metadata. NetworkPolicy objects also support CIDR IP blocks to be configured in the rule definitions. Users can combine Kubernetes-specific selectors with IP-based ones both for ingress and egress policies. Encryption at rest Data encryption at rest can be obtained using Google Key Management Service as an encryption provider. Read more about this on KMS providers for data encryption. #2 Storage Snapshot / restore volume support for Kubernetes VolumeSnapshotContent and VolumeSnapshot API resources can be provided to create volume snapshots for users and administrators. Topology aware dynamic provisioning, Kubernetes CSI topology support (Beta) Topology aware dynamic provisioning will allow a Pod to request one or more Persistent Volumes (PV) with topology that are compatible with the Pod’s other scheduling constraints- such as resource requirements and affinity/anti-affinity policies. While using multi-zone clusters, pods can be spread across zones in a specific region. The volume binding mode handles the instant at which the volume binding and dynamic provisioning should happen. Automatic detection of Node type When the dynamic volume limits feature is enabled in Kubernetes, it automatically determines the node type. Kubernetes supports the appropriate number of attachable volumes for the node and vendor. #3 Support for Cloud providers Support for Azure Availability Zones Kubernetes 1.12 brings support for Azure availability zones. Nodes within each availability zone will be added with label failure-domain.beta.kubernetes.io/zone=<region>-<AZ> and Azure managed disks storage class will be provisioned taking this into account. Stable support for Azure Virtual Machine Scale Sets This feature adds support for Azure Virtual Machine Scale Sets. This technology lets users create and manage a group of identical load balanced virtual machines. Add Azure support to cluster-autoscaler (Stable) This feature adds support for Azure Cluster Autoscaler. The cluster autoscaler allows clusters to grow as resource demands increase. The Cluster Autoscaler does this scaling  based on pending pods. #4 Better support for Kubernetes internals Easier installation and upgrades through ComponentConfig In earlier Kubernetes versions, modifying the base configuration of the core cluster components was not easily automatable. ComponentConfig is an ongoing effort to make components configuration more dynamic and directly reachable through the Kubernetes API. Improved multi-platform compatibility Kubernetes aims to support the multiple architectures, including arm, arm64, ppc64le, s390x and Windows platforms. Automated CI e2e conformance tests have been deployed to ensure compatibility moving forward. Quota by priority scopeSelector can be used to create Pods at a specific priority. Users can also control a pod’s consumption of system resources based on a pod’s priority. Apart from these four major areas that will be upgraded in Kubernetes 1.12, additional features to look out for are Arbitrary / Custom Metrics in the Horizontal Pod Autoscaler, Pod Vertical Scaling, Mount namespace propagation, and much more! To know about all the upgrades in Kubernetes 1.12, head over to Sysdig’s Blog Google Cloud hands over Kubernetes project operations to CNCF, grants $9M in GCP credits Kubernetes 1.11 is here! VMware Kubernetes Engine (VKE) launched to offer Kubernetes-as-a-Service  

Microsoft yesterday released a statement condemning the forcible separation of families at the U.S. border. The statement was made in response to public criticism of Microsoft after a blog post published earlier this year surfaced. In it, Microsoft's Azure Government team explained that it was supporting ICE - and was 'proud' to do so. In the statement, Microsoft said: Microsoft is not working with U.S. Immigration and Customs Enforcement or U.S. Customs and Border Protection on any projects related to separating children from their families at the border, and contrary to some speculation, we are not aware of Azure or Azure services being used for this purpose. As a company, Microsoft is dismayed by the forcible separation of children from their families at the border.  However, despite Microsoft's comment, it's clear that Azure Government is being used by ICE. In a post published in January, Tom Keane, a General Manager at Microsoft, wrote: ICE's decision to accelerate IT modernization using Azure Government will help them innovate faster while reducing the burden of legacy IT. The agency is currently implementing transformative technologies for homeland security and public safety, and we're proud to support this work with our mission-critical cloud. Clearly, Microsoft is distancing itself from the actions of ICE, but it may be too late. While it's unclear if Azure Government is being used by ICE as it implements the current wave of child incarceration, the link has already been formed in the minds of the public and Microsoft employees. Keane's words now have a chilling subtext. When he writes that Azure Government can help ICE employees 'make more informed decisions faster' and allow them 'to utilize deep learning capabilities to accelerate facial recognition and identification,' it's hard not to think about how the 'innovation' Microsoft is helping government agencies embrace is actually simply supporting state sanctioned violence against children. ICE has been cosying up to the tech world in 2018. Earlier this year, in April, ICE CTO spoke at a conference hosted by GitHub in Washington D.C. Although the incident was criticised in certain corners, it largely went unnoticed in the public domain. Given Microsoft's acquisition of GitHub in early June, this incident now takes on a new complexion in this strange narrative. Microsoft faces criticism from employees over relationship with ICE Gizmodo reported serious dissent from Microsoft employees. One employee told the website "this is the sort of thing that would make me question staying." Another is quoted as saying that they will "seriously consider leaving if I’m not happy with how they handle this.” The incident mirrors a number of other cases this year where employees of other major tech firms have criticized their organizations for government contracts. In May, for example, a number of Google employees quit over artificial intelligence ties to the Pentagon. However it's likely that things could get worse for Microsoft. For Google, the incident was largely internal. But given horrific reports from the U.S. border, questions around tech complicity in government actions will be propelled to the forefront of international debate.

Kublr, a comprehensive Kubernetes platform for the enterprise, announced the release of Kublr 1.9.2 at the DevOpsCon, Berlin. Kublr provides a Kubernetes platform which makes it easy for Operations to deploy, run, and handle containerized applications. At the same time, it allows developers to use the development tools and the environment they wish to choose. Kublr 1.9.2 allows developers to deploy the complete Kublr platform and Kubernetes clusters in isolated environments without requiring access to the Internet. This comes as an advantage for organizations that have sensitive data, which should remain secure. However, while being secured and isolated this data also benefits from features such as auto-scaling, backup and disaster recovery, centralized monitoring and log collection. Slava Koltovich, CEO of Kublr, stated that,”We’ve learned from several financial institutions that there is a vital need for cloud-like capabilities in completely isolated environments. It became increasingly clear that, to be truly enterprise grade, Kublr needed to work in even the most secure environments. We are proud to now offer that capability out-of-the-box”. The Kublr 1.9.2 changelog includes the following key updates: Ability to deploy Kublr without access to Internet Support Docker EE for RHEL Support CentOS 7.4. Delete onprem clusters. Additional kubelet monitoring. The Changelog also includes some bug fixes of some known issues. Kublr further announced that it is now Certified Kubernetes for Kubernetes v1.10. To know more about Kublr 1.9.2 in detail, check the release notes. Why Agile, DevOps and Continuous Integration are here to stay: Interview with Nikhil Pathania, DevOps practitioner Kubernetes Containerd 1.1 Integration is now generally available Introducing OpenStack Foundation’s Kata Containers 1.0  

Yesterday, Puppet announced a vulnerability remediation solution called Puppet Remediate which aims to reduce the time taken by IT teams to identify, prioritize and rectify mission-critical vulnerabilities. Matt Waxman, head of product at Puppet said, “There is a major gap between sophisticated scanning tools that identify vulnerabilities and the fragmented and manual, error-prone approach of fixing these vulnerabilities.” He adds, “Puppet Remediate closes this gap giving IT the insight they need to end the current soul-crushing work associated with vulnerability remediation to ensure they are keeping their organization safe.” Puppet Remediate will produce faster remedial solution by taking support from security partners who have access to potentially sensitive vulnerability data. It will discover vulnerabilities depending on the type of infrastructure resources affected by them. Next, Puppet Remediate will render instant action “to remediate vulnerable packages without requiring any agent technology on the vulnerable systems on both Linux and Windows through SSH and WinRM”, says Puppet. Key features in Puppet Remediate Shared vulnerability data between security and IT Ops Puppet Remediate unifies infrastructure data and vulnerability data, to help IT Ops get access to vulnerability data in real-time, thus reducing delays and eliminating risks associated to manual handover of data. Risk-based prioritization It will assist IT teams to prioritize critical systems and identify vulnerabilities within the organization's systems based on infrastructure context. It will give IT teams more clarity on what to fix first. Agentless remediation IT teams will be able to take immediate action to rectify a vulnerability without requiring to leave the application or without the need of requiring any agent technology on the vulnerable systems. Channel partners will provide Puppet an established infrastructure and InfoSec practices Puppet have selected initial channel partners depending on their established infrastructure and InfoSec practices. The channel partners will help Puppet Remediate to bridge the gap between security and IT practices in enterprises. Fishtech, a cybersecurity solutions provider and Bitbone, a Germany based computer software store are the initial channel partners for Puppet Remediate. Sebastian Scheuring, CEO of Bitbone AG says, “Puppet Remediate offers real added value with its new functions to our customers. It drastically automates the workflow of vulnerability remediation through taking out the manual, mundane and error-prone steps that are required to remediate vulnerabilities. Continuous scans, remediation tasks and short cycles of update processes significantly increase the security level of IT environments.” Check out the website to know more about Puppet Remediate. Listen: Puppet’s VP of Ecosystem Engineering Nigel Kersten talks about key DevOps challenges [Podcast] Puppet announces updates in a bid to help organizations manage their “automation footprint” “This is John. He literally wrote the book on Puppet” – An Interview with John Arundel

Today, Sumo Logic revealed the fourth edition of their “Continuous Intelligence Report: The State of Modern Applications and DevSecOps in the Cloud.” The primary goal of this report is to present data-driven insights, best practices and the latest trends by analyzing technology adoption among Sumo Logic customers. The data in the report is derived from 2000+ Sumo Logic customers running applications on cloud platforms like AWS, Azure, Google Cloud Platform, as well as, on-premise environments. This year, the Continuous Intelligence report finds that, with an increase of 50% in enterprise adoption and deployments of multi-cloud, Multi-cloud is growing faster than any other modern infrastructure category. In a statement, Kalyan Ramanathan, vice president of product marketing for Sumo Logic says, “the increased adoption of services to enable and secure a multi-cloud strategy are adding more complexity and noise,  which current legacy analytics solutions can’t handle. To address this complexity, companies will need a continuous intelligence strategy that consolidates all of their data into a single pane of glass to close the intelligence gap. Sumo Logic provides this strategy as a cloud-native, continuous intelligence platform, delivered as a service.” Key findings of the Modern App Report 2019 Kubernetes highly prevalent in multi-cloud environments Kubernetes offers broad multi-cloud support and can be used by many organizations to run applications across cloud environments. The 2019 Modern App survey reveals that 1 in 5 AWS customers use Kubernetes. Image Source: The Continuous Intelligence Report The report states, “Enterprises are betting on Kubernetes to drive their multi-cloud strategies. It is imperative that enterprises deploy apps on Kubernetes to easily orchestrate/manage/scale apps and also retain the flexibility to port apps across different clouds.” Open source has disrupted the modern application stack Open source has disrupted the modern application stack with open source solutions for containers like orchestration, infrastructure and application services leading in majority. 4 out of 6 application infrastructure platforms are dominated by open source now. One of the open source solution called the orchestration technologies are used to not only automate the deployment and scaling of containers, but also to ensure reliability of applications and workloads which are running on containers. Image Source: The Continuous Intelligence Report Adoption of individual IaaS services suggests enterprises are trying to avoid vendor lock-in The Modern App 2019 survey finds that typical enterprises are only using 15 out of 150+ discrete services marketed and available for consumption in AWS. The adoption of AWS services demonstrates that basic compute, storage, database, network, and identity services are some of the top 10 adopted services in AWS. It is also found that services like management, tooling, and advanced security services are adopted at a lower rate than the core infrastructure services (50% or less). Image Source: The Continuous Intelligence Report Serverless technology mainly AWS Lambda continue to rise Serverless technologies like AWS Lambda continues to grow steeply as it is a cost-effective option to speed cloud and DevOps deployment automation. The Modern App Report 2019 reveals that AWS Lambda adoption grew to 36% in 2019, up 24% from 2017. It is also being used in several non-production use cases. AWS Lambda continues to increase their cloud migration and digital transformation efforts which makes it one of the top 10 AWS services by adoption. “Lambda usage for application or deployment automation technology should be considered for every production application,” reads the report. Image Source: The Continuous Intelligence Report The 2019 Continuous Intelligence Report is the first industry report to quantitatively define the state of the Modern Application Stack and its implication to the growing technology. Professionals like cloud architects, Site Reliability Engineers (SREs), data engineers, operations teams, DevOps and Chief Information Security Officers (CISOs) can learn how to build, run and secure modern applications and cloud infrastructures by leveraging information from this report. If you are interested to know more, you can check out the full report at the Sumo Logic blog. Other news in Cloud and Networking Containous introduces Maesh, a lightweight and simple Service Mesh to ease microservices adoption Amazon announces improved VPC networking for AWS Lambda functions Kubernetes releases etcd v3.4 with better backend storage, improved raft voting process, new raft non-voting member and more

“Ubuntu is now the world’s reference platform for AI engineering and analytics.” -Mark Shuttleworth, CEO of Canonical. Yesterday (on 18th October), Canonical announced the release of Ubuntu 18.10 termed as ‘Cosmic Cuttlefish’. This new release is focussed on multi-cloud deployments, AI software development, a new community desktop theme, and richer snap desktop integration. According to Mark, the new release will help accelerate developer productivity and help enterprises operate at a better speed whilst being scalable across multiple clouds and diverse edge appliances. [box type="shadow" align="" class="" width=""]Fun Fact : Ubuntu codenames are in incremental alphabetical order. Following the Ubuntu 18.04 Bionic Beaver, we now have the Cosmic Cuttlefish. These codenames are comprised of an adjective and an animal, both starting with the same letter.[/box] 5 major features of Ubuntu 18.10 #1 New compression algorithms for faster installation and boot Ubuntu 18.10 uses compression algorithms like LZ4 and ztsd, which support around 10% faster boot as compared to those used in its previous version. The algorithms also facilitate the installation process which takes around 5 minutes in offline mode. #2 Optimised for multi-cloud computing This new version is designed especially keeping in mind cloud based deployments. The Ubuntu Server 18.10 images are available on all major public clouds. For private clouds, the release supports OpenStack Rocky for AI and NFV hardware acceleration. It comes with Ceph Mimic to reduce storage overhead. Including the Kubernetes version 1.12, this new version brings increased security and scalability by automating the provisioning of clusters with transport layer encryption. It is more responsive to dynamic workloads through faster scaling #3 Improved gaming performance The new kernel has been updated to the 4.18 based Linux kernel. In addition to this, the updates in Mesa and X.org significantly improve game performance. Graphics support expands to AMD VegaM in the latest Intel Kabylake-G CPUs, Raspberry Pi 3 Model B, B+ and Qualcomm Snapdragon 845. Ubuntu 18.10 introduces the GNOME 3.30 desktop which has recently been released thus contributing to an overall gaming performance boost. #4 Startup time boost and XDG Portals support for Snap applications Canonical is bringing some useful improvements to its Snap packages. Snap applications will  start in lesser time. With XDG portal support, Snap can be installed in a few clicks from the Snapcraft Store website. Major public cloud and server applications like Google Cloud SDK, AWS CLI, and Azure CLI are now available in the new version. The new release allows accessing files on the host system through native desktop controls. #5 New default theme and icons Ubuntu 18.10 uses the Yaru community theme replacing their long-serving Ambiance and Radiance themes. It gives the desktop a fresh new look and feel. Other miscellaneous changes include: DLNA support connects Ubuntu with DLNA supported Smart TVs, tablets and other devices Fingerprint scanner is now supported Ubuntu Software removes dependencies while uninstalling software The default toolchain has moved to gcc 8.2 with glibc 2.28 Ubuntu 18.10 is also updated to openssl 1.1.1 and gnutls 3.6.4 with TLS1.3 support All these upgrades are causing waves in the Linux community. That being said, users are requested to check the release notes for issues that were encountered in this new version. You can head over to the official release page to download the new version of this OS. Alternatively, learn more about these new features at itsfloss.com. KUnit: A new unit testing framework for Linux Kernel Google Project Zero discovers a cache invalidation bug in Linux memory management, Ubuntu and Debian remain vulnerable The kernel community attempting to make Linux more secure

Yesterday, Rancher Labs announced K3s, a lightweight Kubernetes distribution to run Kubernetes in a resource-constrained environment. According to the official blog post, this project was launched to “address the increasing demand for small, easy to manage Kubernetes clusters running on x86, ARM64 and ARMv7 processors in edge computing environments”. To operate an edge computing on Kubernetes is a complex task. K3s will reduce the memory required to run Kubernetes and provide developers with a distribution of Kubernetes that requires less than 512 MB of RAM, ideally suited for edge use cases. Features of K3s #1 Simplicity of Installation K3s was designed to maximize the simplicity of installation and operations on a large scale Kubernetes cluster. It is a standards-compliant, Kubernetes distribution for “mission-critical, production use cases”. #2 Zero Host dependencies There is no requirement for an external installer to install Kubernetes--everything necessary to install it on any device is included in a single, 40MB binary.  A single command will enable the single-node k3s cluster to be provisioned or upgraded. Nodes can be simply added to the cluster running a single command on the new node, pointing it to the original server and passing through a secure token. #3 Automatic certificate and encryption key generation All of the certificates needed to establish TLS between the Kubernetes masters and nodes, as well as the encryption keys for service accounts are automatically created when a cluster is launched. #4 Reduces Memory footprint K3s reduces the memory required to run Kubernetes by removing old and non-essential code and any alpha functionality that is disabled by default. It also removes old features that have been deprecated, non-default admission controllers, in-tree cloud providers, and storage drivers. Users can add in any drivers they need. #5 Conservation of RAM Rancher’s K3s combines the processes that run on a Kubernetes management server into a single process. It also combines the Kubelet, kubeproxy and flannel agent processes that run on a worker node into a single process. Both of these techniques help in conserving RAM. #6 Reducing runtime footprint Rancher labs were able to cut down the runtime footprint significantly by using containerd instead of Docker as the runtime container engine. Functionalities like libnetwork, swarm, Docker storage drivers and other plugins have also been removed to achieve this aim. #7 SQLite as an optional datastore To provide a lightweight alternative to etcd, Rancher added SQLite as optional datastore in K3s. This was done because SQLite has “a lower memory footprint, as well as dramatically simplified operations.” Kelsey Hightower, a Staff Developer Advocate at Google Cloud Platform, commended Rancher Labs for removing features, instead of adding anything additional, to be able to focus on running clusters in low-resource computing environments. https://twitter.com/kelseyhightower/status/1100565940939436034 Kubernetes users have also welcomed the news with enthusiasm. https://twitter.com/toszos/status/1100479805106147330 https://twitter.com/ashim_k_saha/status/1100624734121689089 K3s is released with support for x86_64, ARM64 and ARMv7 architectures,  to work across any edge infrastructure. Head over to the K3s page for a quick demo on how to use the same. Red Hat announces CodeReady Workspaces, the first Kubernetes-Native IDE for easy collaboration among developers Introducing Platform9 Managed Kubernetes Service CNCF releases 9 security best practices for Kubernetes, to protect a customer’s infrastructure  

At its Cloud Next 2019 conference happening in Tokyo, Google unveiled new security capabilities that are coming to its enterprise products, G Suite Enterprise, Google Cloud, and Cloud Identity. These capabilities are intended to help its enterprise customers protect their “users, data, and applications in the cloud.” Google is hosting this two-day event (July 31- Aug 1) to showcase its cloud products. Among the key announcements made are Advanced Protection Program support for enterprise products that are rolling out soon, expanded availability of Titan Security Keys, improved anomaly detection in G Suite enterprise, and more. Advanced Protection Program for high-risk employees The Advanced Protection Program was launched in 2017 to protect the personal Google accounts of users who are at high risk of online threats like phishing. The program goes beyond the traditional two-step verification by enforcing you to use a physical security key in addition to your password for signing in to your Google account. The program will be available in beta in the coming days for G Suite, Google Cloud Platform (GCP) and Cloud Identity customers. It will enable enterprise admins to enforce a set of security policies for employees who are at high-risk of targeted attacks such as IT administrators, business executives, among others. The set of policies include enforcing the use of Fast Identity Online (FIDO) keys like Titan Security Keys, automatically blocking of access to non-trusted third-party apps, and enabling enhanced scanning of incoming emails. Wider availability of Titan Security Keys After looking at the growing demand for Titan Security Keys in the US, Google has now expanded its availability in Canada, France, Japan, and the United Kingdom (UK). These keys are available as bundles of two: USB/NFC and Bluetooth. You can use these keys anywhere FIDO security keys are supported including Coinbase, Dropbox, Facebook, GitHub, Salesforce, Stripe, Twitter, and more. Anomalous activity alerts in G Suite G Suite Enterprise and G Suite Enterprise for Education admins can now opt-in to receive anomalous activity alerts in the G Suite alert center. G Suite takes the help of machine learning to analyze security signals within Google Drive to detect potential security risks. These security risks include data exfiltration, policy violations when sharing and downloading files, and more. Google also announced that it will be rolling out support for password vaulted apps in Cloud Identity. Karthik Lakshminarayanan and Vidya Nagarajan from the Google Cloud team wrote in a blog post, “The combination of standards-based- and password-vaulted app support will deliver one of the largest app catalogs in the industry, providing seamless one-click access for users and a single point of management, visibility, and control for admins.” You can read the official announcement by Google to know more in detail. Google Project Zero reveals six “interactionless” bugs that can affect iOS via Apple’s iMessage Data Transfer Project: Now Apple joins Google, Facebook, Microsoft and Twitter to make data sharing seamless Understanding security features in the Google Cloud Platform (GCP)

On 11th March, Google Cloud team received a report of an issue with Google Cloud Console and Google Cloud Dataflow. Mitigation work to fix the issue was started on the same day as per Google Cloud’s official page. According to Google post, “Affected users may receive a "failed to load" error message when attempting to list resources like Compute Engine instances, billing accounts, GKE clusters, and Google Cloud Functions quotas.” As a workaround, the team suggested the use of gcloud SDK instead of the Cloud Console. No workaround was suggested for Google Cloud Dataflow. While the mitigation was underway, another update was posted by the team: “The issue is partially resolved for a majority of users. Some users would still face trouble listing project permissions from the Google Cloud Console.” The issue which began around 09:58 Pacific Time, was finally resolved around 16:30 Pacific Time on the same day. The team said that they will conduct an internal investigation of this issue and “make appropriate improvements to their systems to help prevent or minimize future recurrence. They will also provide a more detailed analysis of this incident once they have completed our internal investigation.”  There is no other information revealed as of today. This downtime affected a  majority of Google Cloud users. https://twitter.com/lukwam/status/1105174746520526848 https://twitter.com/jbkavungal/status/1105184750560571393 https://twitter.com/bpmtri/status/1105264883837239297 Head over to Google Cloud’s official page for more insights on this news. Monday’s Google outage was a BGP route leak: traffic redirected through Nigeria, China, and Russia Researchers input rabbit-duck illusion to Google Cloud Vision API and conclude it shows orientation-bias Elizabeth Warren wants to break up tech giants like Amazon, Google Facebook, and Apple and build strong antitrust laws