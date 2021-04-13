IBM/Red Hat and Clone Operating Systems
Rocky Linux release candidate is now available and is exactly what CentOS admins are looking for
If I didn't know the new Rocky Linux ISO image was a release candidate (RC), I'd have thought it to be a final release. It's not, and the developer wants to make sure everyone is aware this first unleashing is not ready for production environments. For all the warnings, the Rocky Linux RC is remarkably stable and gives us a clear view of what's to come from the original creator of CentOS.
[...]
The Rocky Linux RC1 release is available for x86_64 and AArch64 architecture and can be downloaded as a minimal, boot and full installation. Kurtzer opted to go with the same installer as CentOS, RHEL and AlmaLinux (Anaconda), so installation will be instantly familiar to anyone who's installed any of the aforementioned Linux distributions.
Red Hat and IBM Research Launch the Konveyor Project
Kubernetes, supported by a vibrant open source community, can drive outstanding innovation. To help in Kubernetes adoption, Red Hat and IBM Research have created Konveyor, an open source project aimed at helping modernize and migrate applications for open hybrid cloud by building tools, identifying patterns and providing advice on how to bring cloud-native transformation across IT. Konveyor also supports a growing number of tools, such as Crane, Forklift, Move2Kube, Tackle, and Pelorus, designed to accelerate Kubernetes adoption.
Across industries, system administrators and developers are often the point teams driving digital transformation, helping the overall business benefit from modernized IT infrastructure, applications and services.
MLCommons seeks to simplify sharing ML models with MLCube
Since the launch of MLCommons, Red Hat has been an active participant in the MLCube project hosted by the Best Practices Working Group. Red Hat employees are contributing to the design and development of this exciting project which aims to reduce friction around creating and consuming machine learning (ML) models.
10 great sysadmin articles you might have missed from April 2021
April 2021 was a great month for Enable Sysadmin. We published 30 articles and received 549,684 pageviews from over 370k unique visitors. Today, we are looking back at our top ten articles to give readers a chance to catch up on any of the great content they may have missed. In this list, you will see various topics covered and we are confident that some, if not all will be of interest to you.
May the Fourth be with you via Podman
Happy May Fourth, everyone! A few weeks after Star Wars first released, I was lucky enough to see it in a Dolby theatre in Denver, CO. I was hooked, completely, and totally hooked. Over the past decade or so, I’ve built a really nice large screen television with surround sound setup and rarely go to the movies anymore. I wait for them to be streamed or hit Blue-Ray. I make an exception for Star Wars movies. Those I go see at least once at a theatre. Then yes, I buy a copy to watch at home when available.
[...]
So after a colleague said I should run it from a container, I thought I’d try doing so. I made a few attempts at getting it to run but ran into issues with Telnet both in the container and on my host. Google to the rescue. I discovered the ascii-telnet-server project.
Rocky Linux, AlmaLinux, CentOS & syslog-ng
Last year, the CentOS project announced a major shift in strategy. Until recently, CentOS Linux has been a rebuild of Red Hat Enterprise Linux (RHEL) sources, each RHEL release was quickly followed by a corresponding CentOS Linux release. While CentOS 7 keeps working this way, CentOS 8 will reach its end of life by the end of this year. The CentOS project is focusing on CentOS Stream. It is a continuous stream of bug fixes and new features.
Some of the users were not happy about the change, that is how Rocky Linux and AlmaLinux were born.
As about 80% of syslog-ng Open Source Edition (OSE) installations run on CentOS and RHEL (if we do not count Kindle devices…), support for CentOS Stream and CentOS Linux alternatives is a returning question. From this blog, you can learn about CentOS Stream and CentOS Linux alternatives and how the situation is affecting syslog-ng OSE users.
Compliance clarity with Red Hat Insights
Compliance and security management are interdependent. Compliance depends on security rules for enforcement. Security depends on clear compliance guidelines. Any lack of visibility to the enforcement of security policies as related to specific regulations can expose an organization to risk. With increased regulation, new business processes due to COVID, and reduced budgets, CIOs, compliance officers, system administrators and legal teams are seeking ways to work together to reduce risk.
Organizations routinely conduct audits to identify gaps as regulations increase, but audits are not the best way to discover issues. Audits create stress for all. Red Hat Insights for Red Hat Enterprise Linux (RHEL) simplifies the management of compliance and security. Insights helps organizations address compliance in a systematic fashion and reduce operational costs. Insights can help enforce a variety of cybersecurity policies, (including PCI-DSS, HIPAA, CIS, etc.) that your organization needs to meet.
Event-driven APIs and schema governance for Apache Kafka: Get ready for Kafka Summit Europe 2021
As a developer, I’m always excited to attend the Kafka Summit, happening this year from May 11 to 12. There are so many great sessions addressing critical challenges in the Apache Kafka ecosystem. One example is how changes to event-driven APIs are leading developers to focus on contract-first development for Kafka.
In preparation for the upcoming Kafka Summit, this article discusses the journey Kafka users have taken to get on the API bandwagon and how developers are using contracts to describe brokers without losing control of their data in the cluster. A critical component for effective schema governance is having a schema registry such as Apicurio Registry. See the end of the article for information about Red Hat’s sessions during the Kafka Summit Europe 2021.
[...]
Implementing an event-driven architecture using Apache Kafka alongside the traditional API approach has brought new challenges and expectations. The conventional code-first workflow (of implementing the code first and then sharing the resulting API specification) includes many bottlenecks that prevent efficient progress. Developers are seeking a new direction for discoverability and access to event-stream endpoints.
Red Hat Announces The Open Source StackRox Community
Red Hat has announced the StackRox community, the upstream project that will work to open source and manage the code that powers Red Hat Advanced Cluster Security for Kubernetes.
Introducing the open source StackRox community
Red Hat is excited to introduce the StackRox community, the upstream project that will work to open source and manage the code that powers Red Hat Advanced Cluster Security for Kubernetes. We believe the StackRox community will help drive significant innovation and benefits for users when it comes to security -- an industry that has traditionally been dominated by proprietary solutions. Customers, partners and other interested contributors can learn more about joining the community at stackrox.io.
Since acquiring StackRox in February 2021, Red Hat has been actively working through the various considerations, both technical and legal, involved in the open sourcing process. At Red Hat, we believe using an open development model helps create more secure, stable and innovative technologies. This commitment to the tenets of open source is the core of our business model today, making our drive to fully open source the StackRox technology another example of how closely we hold the value of open code and development.
Custom policies in Red Hat 3scale API Management, Part 2: Securing the API with rate limit policies
In Part 1 of this series, we discussed the policy framework in Red Hat 3scale API Management—adding policies to the APIcast gateway to customize API request and response behavior. In this article, we will look at adding rate limiting, backend URL protection, and edge limiting policies to the APIcast gateway. We’ll also review which policies are appropriate to use for different use cases.
IT job hunt: 3 tips to get a recruiter's attention
There’s a skill shortage for tech talent. If you’re a developer or data scientist, you might think that puts you in the driver’s seat for most jobs. While supply and demand play a role, for top IT roles it’s still essential to stand out early in the process. Here are three ways to do that.
4 Artificial Intelligence (AI) skills IT pros must have
Artificial Intelligence (AI) has arguably become a household term in modern enterprises. By now, most companies have embraced some type of business initiative that includes AI in their digital transformation.
Artificial Intelligence is a broad term, but much current research and development focuses on machine learning (ML), a subdiscipline whereby machines learn from data as opposed to being explicitly programmed.
[...]
The essential question is whether such data has the potential to solve the business problem at hand. While the answer is not always immediately obvious, it begins with a hypothesis stemming from prior analysis or perhaps simply based on intuition. For example, a business experiencing high customer churn might hypothesize that recent changes in commercial activity could predict future attrition.
Optimizing the Clang compiler’s line-to-offset mapping
Recently, I’ve been trying to improve the speed of the Clang compiler for C and C++. When I profile the Clang pre-processing step on a large file, one function quickly stands out:
clang::LineOffsetMapping::get(llvm::MemoryBufferRef Buffer, llvm::BumpPtrAllocator &Alloc)
This function basically allocates a vector (through Alloc) that maps line numbers to offsets in a file (loaded in Buffer). That’s a surprisingly standalone function, so it’s easy to extract it in a micro-benchmark and go for an optimization journey. This article is a kind of log book of that trip.
Despite many false alarms, Linux malware scares still abound
Despite numerous false alarms from security firms in the past — which have been enthusiastically spread by technology writers — it still appears that all a security firm or group of researchers has to do to gain some headlines is to write a post mentioning Linux and malware in the same sentence. On 28 April, a Chinese research group NetLab published details about what it claimed was a "long live secret backdoor with 0 VT detection". The word Linux was not in the headline, but once one read the first paragraph, there it was in bold text: "A close look at the sample revealed it to be a backdoor targeting Linux X64 systems, a family that has been around for at least 3 years." [emphais as in original] Some basic questions were not answered – and they were asked by someone who posted a response to the blog. This user, who goes by the name John Mellor, asked: "Anyone can write an executable to do nefarious things, but what is the entry path onto the system? What compromise is used to install it? Who uses that package and has it misconfigured to allow this executable to be installed? Without this key information, this admittedly excellent analysis of the payload is useless. What is the CVE number?" Also: A Now-Patched Linux Kernel Vulnerability Could Lead To Data Leaks [Ed: Grossly overrated and mostly hyped up (at one time) by Microsoft-connected media, looking to distract from the back doors Microsoft puts in virtually everything]
Hardware: Arduino and NUC
Peter Robinson: Fedora on the Pinebook Pro
First thing to note here is that this is not limited to the Pinebook Pro, I’m just using it as the example for 64 bit Rockchip devices with SPI flash on Fedora. This post is focused on devices with SPI but I’ll do a separate follow-up post for other devices including details for writing to eMMC over USB. The story of Fedora on the Pinebook Pro, and other Rockchip devices, has been a sordid story of a lack of time, bugs, rabbit holes, more bugs and various other things. Not at all sordid at all really, mostly just a lack of time on my behalf, and nobody else stepping up to assist in a way to benefit all Fedora users, mostly they do one time hacks to sort themselves. Overall the support in Fedora for Rockchip devices has been quite solid for a number of releases. The problem has been with the early boot firmware, notable because without SPI flash it wants to splat itself across the first 8Mb of the disk, and if there was SPI flash it generally wasn’t overly stable/straight forward. Anyway we’re now in a place where devices with SPI flash should mostly work just fine, those devices without it will work with a little manual intervention, and while the support isn’t complete, and will need more polish, they’re all details we can polish with little interruption to users by standard package updates. By default users will have accelerated graphics and from my testing on GNOME 40 it’s by all accounts a pretty decent experience! Also: Community Blog monthly update: April 2021
GNOME 3.38.6 Desktop Environment Released with Various Bug Fixes
Coming one and a half months after GNOME 3.38.5, the GNOME 3.38.6 point release is here to update the Epiphany web browser with the ability to allow launching of external URLs when triggered by user action, as well as to update the File Roller archive manager to skip files with symlinks in parents. It also fixes a huge CPU consumption bug in the Gedit text editor, which occurred when a folder with content is deleted in the filebrower plugin. In addition, Gedit now uses the current document path when opening a new file to address a regression introduced in a previous version.
