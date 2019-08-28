OSS and Security Leftovers
What Would it Take to Challenge DJI’s Dominance in the Drone Market?
Monday, CNN reported that Ellen Lord, the U.S. Undersecretary of Defense for Acquisition and Sustainment, told reporters that the department was seeking investors to develop U.S. manufactured drones so that the military would not be reliant upon Chinese-manufactured DJI products. That may be somewhat misleading – DJI certainly has never claimed to go after the military market, and accusations about “sending data back to China” remain vague and unproven. It is true, however, that drone manufacturers globally have struggled to compete with DJI’s rapid development cycles and manufacturing efficiencies: and there may be an argument that more competition in the commercial market could help to expand use cases and broaden the scope of drone innovation.
[...]
Understanding the Concept of an Open Source Platform for Drones
While adoption of the open source platform is growing rapidly, it’s still a confusing concept to many consumers or commercial drone pilots. The common comparison is between Apple and Android, with DJI as the iOS of the drone world. Auterion co-founder Kevin Sartori clarifies that the comparison isn’t entirely accurate: the drone industry is still in the very early stages of development towards its real potential.
“Our high level assumption is that drones are still feature phones,” says Sartori. “We might not be at smart phone stage, we’re still talking about Nokia,” he explains. “Drones aren’t connected yet. There is no easy way to distribute apps. With Auterion, we are building the infrastructure that will allow the industry to get there.”
How Open Source is Being Used Now – and Auterion’s Place in the Market
PX4 and open source tools are now being used to make new and innovative hardware products fly: from offerings from Chinese manufacturer Yuneec to new U.S. drone manufacturer Impossible Aerospace, developing a long endurance battery powered aircraft. Open source is allowing new drone companies and customers to focus on specific problems, says Sartori, without having to reinvent a way to make the drone fly: “Companies don’t actually build the whole solution, they focus on their added value,” he says. “It’s a natural evolution of the industry, and it helps the industry accelerate.”
The 13 Best Open Source Network Monitoring Tools
We at Solutions Review compiled a list of the best open source network performance monitoring tools currently on the market!
Platform9 Raises $25 Mn to Leverage Open-source Modern Technologies and Enhance Cloud-native Infrastructure
Platform9, the in SaaS-managed hybrid cloud company, announced that raised $25 million in Series D funding, bringing the total amount raised by the company to $61.5 million. This round was led by NGP Capital, with participation from Mubadala Ventures and all existing investors (Redpoint Ventures, Menlo Ventures, Canvas Ventures, and HPE Pathfinder). Rohini Chakravarthy, Partner at NGP Capital, joins Platform9’s board of directors with this round of financing.
Security updates for Friday
Security updates have been issued by Arch Linux (dovecot, gettext, go, go-pie, libnghttp2, and pigeonhole), Debian (djvulibre, dovecot, and subversion), Fedora (sleuthkit and wireshark), openSUSE (containerd, docker, docker-runc, and qbittorrent), Oracle (pango), SUSE (kernel, nodejs10, and python-SQLAlchemy), and Ubuntu (apache2).
This Week In Security: VPN Gateways, Attacks In The Wild, VLC, And An IP Address Caper
We'll start with more Black Hat/DEFCON news.
Announcing etcd 3.4
etcd v3.4 includes a number of performance improvements for large scale Kubernetes workloads. In particular, etcd experienced performance issues with a large number of concurrent read transactions even when there is no write (e.g. “read-only range request ... took too long to execute”). Previously, the storage backend commit operation on pending writes blocks incoming read transactions, even when there was no pending write. Now, the commit does not block reads which improve long-running read transaction performance. We further made backend read transactions fully concurrent. Previously, ongoing long-running read transactions block writes and upcoming reads. With this change, write throughput is increased by 70% and P99 write latency is reduced by 90% in the presence of long-running reads. We also ran Kubernetes 5000-node scalability test on GCE with this change and observed similar improvements. For example, in the very beginning of the test where there are a lot of long-running “LIST pods”, the P99 latency of “POST clusterrolebindings” is reduced by 97.4%. This non-blocking read transaction is now used for compaction, which, combined with the reduced compaction batch size, reduces the P99 server request latency during compaction. More improvements have been made to lease storage. We enhanced lease expire/revoke performance by storing lease objects more efficiently, and made lease look-up operation non-blocking with current lease grant/revoke operation. And etcd v3.4 introduces lease checkpoint as an experimental feature to persist remaining time-to-live values through consensus. This ensures short-lived lease objects are not auto-renewed after leadership election. This also prevents lease object pile-up when the time-to-live value is relatively large (e.g. 1-hour TTL never expired in Kubernetes use case).
Petty gripes about kernel versioning and tarballs
Today in gripes that about 5 people including me will have: it's really difficult to find a unified way to get a tarball from something on kernel.org to the Fedora dist-git in a way that meets the Fedora packaging guidelines. Let's start with my pettiest gripe: the lack of a trailing 0 on official releases. Official kernel releases are usually versioned like 5.1, 5.2. Note the lack of a trailing 0 there. Stable updates are 5.2.3, 5.2.3 etc. This would be okay except for if you look at the Makefile for stable releases, there's still a 0 in the SUBLEVEL filed where stable updates come from. "But Laura, there's macros to take care of that" yes, in the kernel itself. I'm working on going from the kernel to dist-git so this means I'm writing scripts which have to re-do this work and think about this when generating a version string. If I wanted to be really petty, I'd start a conversation about changing the kernel versioning completely. The 5.0 numbering means nothing. The bump from 4.x to 5.x was because the second number was getting to high. The numbers mean nothing at this point except they keep getting larger. I'd love to see the numbers correspond to a date since the kernel is basically on a time base release at this point anyway. Fedora has packaging guidelines describing how packages should work. It's to the benefit of everyone to follow these guidelines. The guidelines for Source recommend using tarballs and give a few other suggestions for how to set Source0 appropriately. The Fedora kernel generates 3 types of kernel releases: official releases (v5.2, v5.2.1), rc releases (v5.3-rc6), and snapshots that don't correspond to an official tag. Currently, the way we generate all these is starting with the base (e.g. 5.2) and then applying a patch on top of it (patch-5.3-rc6, patch-5.2.10). We do this by grabbing the individual tarballs and patches from kernel.org.
'Abandon Ship' on GNU/Linux
Wine 4.15
