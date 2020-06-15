Fedora, Red Hat and Kubernetes
Fedora Developers Are Looking At Better Managing Retired Packages
A change proposal for Fedora 33 would introduce the concept of "fedora-retired-packages" for removing retired packages when upgrading Fedora.
Retired packages are those packages that are not required by any other packages and are no longer maintained upstream and then no longer packaged by Fedora maintainers. Currently, when upgrading Fedora Linux, these retired Fedora packages remain installed albeit with the older installed RPM.
Fedora has the concept of fedora-obsoletes-package for retiring packages that would otherwise cause issues on upgrades, but nothing for the common packages that are retired / no longer being maintained.
Enable Eclipse MicroProfile applications on Red Hat JBoss Enterprise Application Platform 7.3
In this article, we show you how to install Red Hat JBoss Enterprise Application Platform (JBoss EAP) XP 1.0.0.GA and enable Eclipse MicroProfile support on JBoss EAP. Once you have MicroProfile support enabled, you can start using the quickstart examples or start developing your own application.
Enterprise Kubernetes development with odo: The CLI tool for developers
Kubernetes conversations rarely center the developer’s perspective. As a result, doing our job in a k8s cluster often requires building complicated YAML resource files, writing custom shell scripts, and understanding the countless options that are available in kubectl and docker commands. On top of all of that, we have the learning curve of understanding Kubernetes terminology and using it the way that operations teams do.
To address these challenges, the Red Hat Developer Tools team created odo (OpenShift Do), a command-line interface (CLI) tool built for developers and designed to prioritize the things that developers care about. In this article, I will use a hands-on example to introduce you to the benefits of using odo in conjunction with Kubernetes.
Kubernetes Starboard Project Offers Security Scanning from Kubectl
The project, licensed under Apache 2.0 and created by Aqua Security, among others, uses custom resource definitions (CRDs) to integrate security tools and make the results accessible via the Kubernetes API.
Hard lessons learned about Kubernetes garbage collection
Some time ago, I learned an important Kubernetes lesson the hard way. The story begins with Kubernetes Operators, which is a method of packaging, deploying, and managing a Kubernetes application. The thing I tripped up on was garbage collection in the cluster, which cleans up objects that no longer have an owner object (but more on that later).
Programming Leftovers
Graphics: AMDGPU, RADV, GLSL
Threat to Windows and Linux cannot be really put in the same basket
Twice in the space of three months, researchers from BlackBerry have put out studies pushing claims about malware and ransomware that is alleged to attack Linux, giving the impression that this operating system is also under as much threat as Windows. But both studies contained little to justify these conclusions; the second, issued in the first week of June, contained the word Linux thrice, in two sentences. One of these was the line: "Tycoon is a multi-platform Java ransomware targeting Windows and Linux that has been observed in-the-wild since at least December 2019." And the other was: "The malicious JRE build contains both Windows and Linux versions of this script, suggesting that the threat actors are also targeting Linux servers." The rest of the study, that runs to about 1500 words (not counting text in illustrations and tables), was solely about the Windows version of what the researchers claimed was a new form of ransomware known as Tycoon. The earlier study, issued in April, claims that groups connected to China were targeting Linux servers with malware, with the claim resting on the reported discovery of a previously unidentified Linux malware toolset which included two kernel-level rootkits that made it difficult to identify executables. But the study contained no information as to how this malware gained a foothold on these servers, surely an important step in the attack process. On asking, this response was elicited: "The rootkits were installed by way of an interactive bash script, which in some cases reached out to an online build server to determine particulars about the target system (distro, kernel version, etc) before delivering a bespoke rootkit and backdoor." The vulnerabilities in the Linux kernel that were remotely exploited in this manner were not specified; it must be noted that such a class of flaws are very rare for Linux. The reply added: "There are several ways in which the installation script could have landed on the server, including brute force SSH attack (a technique reportedly used by the botnet to spread itself), physical access to the server (espionage operations are not always exclusively digital), or any other of the myriad ways in which admin credentials for servers are compromised and then used to log in."
today's howtos
