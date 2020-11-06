today's howtos ROS 2 on Kubernetes: a simple talker and listener setup | Ubuntu Kubernetes and robotics make a great match. However, robots running ROS2 can be tricky to set up with individual components on Kubernetes. In this second part of our blog series about running ROS 2 on Kubernetes, we set up a simple, scalable talker / listener system using MicroK8s on Ubuntu. In order to understand some of the design choices for this configuration, be sure to review part one, “Exploring ROS 2 with Kubernetes“. MicroK8s brings a full Kubernetes install to your machine with a single command and the baseline ROS 2 Foxy docker image fits neatly into the Kubernetes configuration. Our challenge is to configure these projects to all work nicely together. This configuration creates ROS nodes in pods, and each pod runs a single docker container. The container is the official baseline ROS Foxy docker image maintained by Open Robotics. We launch two talkers and one listener which can be scaled up and down. Networked ROS devices outside the Kubernetes host can also access the ROS graph.

This is how I git | daniel.haxx.se Every now and then I get questions on how to work with git in a smooth way when developing, bug-fixing or extending curl – or how I do it. After all, I work on open source full time which means I have very frequent interactions with git (and GitHub). Simply put, I work with git all day long. Ordinary days, I issue git commands several hundred times. I have a very simple approach and way of working with git in curl. This is how it works. [...] The main curl development is done in the single curl/curl git repository (primarily hosted on GitHub). We keep the master branch the bleeding edge development tree and we work hard to always keep that working and functional. We do our releases off the master branch when that day comes (every eight weeks) and we provide “daily snapshots” from that branch, put together – yeah – daily. When merging fixes and features into master, we avoid merge commits and use rebases and fast-forward as much as possible. This makes the branch very easy to browse, understand and work with – as it is 100% linear.

Set up Minishift and run Jenkins on Linux | Opensource.com Minishift is a tool that helps you run OKD (Red Hat's open source OpenShift container platform) locally by launching a single-node OKD cluster inside a virtual machine. It is powered by Kubernetes, which is one of my favorite things to talk about. In this article, I will demonstrate how to get started with Minishift on Linux. This was written for Ubuntu 18.04, and you'll need sudo access on your Linux machine to run some commands.

Getting started with Stratis encryption - Fedora Magazine Stratis is described on its official website as an “easy to use local storage management for Linux.” See this short video for a quick demonstration of the basics. The video was recorded on a Red Hat Enterprise Linux 8 system. The concepts shown in the video also apply to Stratis in Fedora. Stratis version 2.1 introduces support for encryption. Continue reading to learn how to get started with encryption in Stratis.

DNF for APT users | Enable Sysadmin Take a look at a few common and useful DNF and APT operations.

IPS configuration recommendations for IPFire users Especially users in luxury of running IPFire on powerful hardware might sit back now, as their machines can easily handle any IPS configuration, no matter which amount of rules has been turned on and how demanding they are in terms of CPU load. The more common scenario, however, is IT staff already working to full capacity being told to run or activate an IPS on dated hardware. Sometimes, this is a desperate bid to compensate security issues in the networks behind the firewall or gateway machine, or due to a superior reading about IPS making things more secure in his or her glossy tech magazine. Both scenarios have something in common which virtually enforces spending more time and thoughts on your IPS' configuration: False Positives. The more IPS rules you enable, the more False Positives will arise. As mentioned in another post before, they might cause more damage to a networks' security than the attackers itself: After a series of False Positives, alerts because of True Positives are not given the attention they deserve anymore. While it might be certainly interesting to detect and analyse attacks against protocols for industrial control systems (such as SCADA) in terms of academic interest, those are simply irrelevant for people not administering the network of a power plant or production hall. Unless you are a telephone company, STCP scans in order to detect entry points to the SS7 network might be an interesting read, but do not really matter. Most users will observe the usual background noise: Port scanning en masse, brute force login attempts against popular services such as SSH, spam waves or open SMTP relay hijacking, or bots trying to infect other machines on the internet by using common exploits against known vulnerabilities.

What's the difference between orchestration and automation? | Opensource.com For the longest time, it seemed the only thing any sysadmin cared about was automation. Recently, though, the mantra seems to have changed from automation to orchestration, leading many puzzled admins to wonder: "What's the difference?" The difference between automation and orchestration is primarily in intent and tooling. Technically, automation can be considered a subset of orchestration. While orchestration suggests many moving parts, automation usually refers to a singular task or a small number of strongly related tasks. Orchestration works at a higher level and is expected to make decisions based on changing conditions and requirements. However, this view shouldn't be taken too literally because both terms—automation and orchestration—do have implications when they're used. The results of both are functionally the same: things happen without your direct intervention. But the way you get to those results, and the tools you use to make them happen, are different, or at least the terms are used differently depending on what tools you've used.

Adding DKIM support to OpenSMTPD with custom filters | Almost Secure If you, like me, are running your own mail server, you might have looked at OpenSMTPD. [...] You might want to add virtual user lists, aliases, SRS support, but it really doesn’t get much more complicated than this. The best practices are all there: no authentication over unencrypted connections, no relaying of mails by unauthorized parties, all of that being very obvious in the configuration. Compare that to Postfix configuration with its multitude of complicated configuration files where I was very much afraid of making a configuration mistake and inadvertently turning my mail server into an open relay. There is no DKIM support out of the box however, you have to add filters for that. The documentation suggests using opensmtpd-filter-dkimsign that most platforms don’t have prebuilt packages for. So you have to get the source code from some Dutch web server, presumably run by the OpenBSD developer Martijn van Duren. And what you get is a very simplistic DKIM signer, not even capable of supporting multiple domains. The documentation suggests opensmtpd-filter-rspamd as an alternative which can indeed both sign and verify DKIM signatures. It relies on rspamd however, an anti-spam solution introducing a fair deal of complexity and clearly overdimensioned in my case. So I went for writing custom filters. With dkimpy implementing all the necessary functionality in Python, how hard could it be?

OpenID Connect integration with Red Hat 3scale API Management and Okta - Red Hat Developer This article introduces you to using Red Hat 3scale API Management for OpenID Connect (OIDC) integration and compliance. Our goal is to secure an API in 3scale API Management using JSON Web Token (JWT), OIDC, and the Oauth2 Authorization Framework. We will set up the integration using Okta as our third-party OpenID Connect identity provider. An important part of the demonstration is establishing the 3scale API Management gateway’s connection with Okta. [...] For demonstration purposes, we will use 3scale API Management and Okta as self-managed services. If you don’t have them already, begin by creating free service accounts using 3scale.net and okta.com. [...] Thank you for taking the time to read this article and follow the demonstration. As you have seen, 3scale API Management works together with any OpenID provider in a way that is compliant with its specification. We’ve used Okta as our OpenID provider for this demonstration. I hope that breaking down the verification process and showing each party’s roles and responsibilities helped to demystify aspects of application security with JWT, OIDC, and Oauth2.

Program your microcontroller with MicroBlocks | Opensource.com If you like to tinker with technology, you may be familiar with programmable microcontroller boards, such as AdaFruit's Circuit Playground Express and the BBC Micro:bit. Now there's a new programming option for you to try: MicroBlocks. It's a simple Scratch-like programming interface that works well with several microcontrollers, including those two.