IBM/Red Hat/Fedora Leftovers
-
Fedora Community Blog: Outreachy final blog post
My internship of 3 months with Fedora has come to an end. From submitting the form 2 times and finally making it the 3’rd time, the journey has been quite challenging. My project “Improve Fedora QA dashboard” motive was to make the dashboard more impactful so that it will be simplified for the newcomers and they can easily understand and contribute without any complexity.
[...]
The journey of Outreachy was very great. I learned lots of things, no more a noob now. My mentors were Lukas and Josef. Whenever I got stuck into something they always sought to help me. I didn’t even have the confidence in myself that I would be able to complete the tasks, but eventually, I did. I knew JavaScript, basic ReactJS, and Vanilla Js, however, the project was not about all this, I have implemented the things for the first time like react-i18n, docker, etc, the beginning of the internship was very smooth and easy going but as I came to the second task it was a bit challenging for me as I had to implement the same page twice with two different approaches so that mentors can choose the better one but what matters here was my learning, I feel the more complicating the tasks are, the more you build up yourself while making it easy, learned how to google finally, more about ReactJs and flourished my skills.
-
Leader election in Kubernetes using Apache Camel
When deploying applications on Kubernetes, certain platform characteristics strongly influence the application's architecture. In a greenfield setting, it's all about harnessing the ephemeral nature of stateless applications. Applications are built to run in scenarios where there is an expectation of high availability via horizontal scaling. Not only can the application scale out, but Kubernetes' orchestration characteristics emphasize that no individual pod is safe from destruction. Kubernetes is the epitome of the old U.S. Navy Seal saying: "Two is one, and one is none."
Workloads on Kubernetes don't always fit this model, however. Some workloads are singular in nature, and parallelization isn't an option. For example, suppose an application connects out to an external service and receives information asynchronously via a TCP socket or websocket. As part of this process, the application receives data, transforms the structure, and publishes that data into an Apache Kafka topic. In this case, only a single connection can be active at one time because of the possibility of publishing duplicate data (see Figure 1).
-
What is ethical Artificial Intelligence (AI)? 7 questions, answered
Do you have some anxiety about Artificial Intelligence (AI) bias or related issues? You’re not alone. Nearly all business leaders surveyed for Deloitte’s third State of AI in the Enterprise report expressed concerns around the ethical risks of their AI initiatives.
There is certainly some cause for uneasiness. Nine out of ten respondents to a late 2020 Capgemini Research Institute survey were aware of at least one instance where an AI system had resulted in ethical issues for their businesses. Nearly two-thirds have experienced the issue of discriminatory bias with AI systems, six out of ten indicated their organizations had attracted legal scrutiny as a result of AI applications, and 22 percent have said they suffered customer backlash because of these decisions reached by AI systems.
As Capgemini leaders pointed out in their recent blog post: “Enterprises exploring the potential of AI need to ensure they apply AI the right way and for the right purposes. They need to master Ethical AI.”
-
Authenticated Boot and Disk Encryption on Linux
Linux has been supporting Full Disk Encryption (FDE) and technologies such as UEFI SecureBoot and TPMs for a long time. However, the way they are set up by most distributions is not as secure as they should be, and in some ways quite frankly weird. In fact, right now, your data is probably more secure if stored on current ChromeOS, Android, Windows or MacOS devices, than it is on typical Linux distributions.
Generic Linux distributions (i.e. Debian, Fedora, Ubuntu, …) adopted Full Disk Encryption (FDE) more than 15 years ago, with the LUKS/cryptsetup infrastructure. It was a big step forward to a more secure environment. Almost ten years ago the big distributions started adding UEFI SecureBoot to their boot process. Support for Trusted Platform Modules (TPMs) has been added to the distributions a long time ago as well — but even though many PCs/laptops these days have TPM chips on-board it's generally not used in the default setup of generic Linux distributions.
How these technologies currently fit together on generic Linux distributions doesn't really make too much sense to me — and falls short of what they could actually deliver. In this story I'd like to have a closer look at why I think that, and what I propose to do about it.
[...]
Many of the mechanisms explained above taken individually do not require UEFI. But of course the chain of trust suggested above requires something like UEFI SecureBoot. If your system lacks UEFI it's probably best to find work-alikes to the technologies suggested above, but I doubt I'll be able to help you there.
-
Lennart: Linux Comes Up Short Around Disk Encryption, Authenticated Boot Security [Ed: All those proprietary software OSes have back doors in their 'encryption' (see e.g. [1, 2]) so quit helping their propaganda]
Most Linux distributions are currently coming up short from offering adequate security around full disk encryption and authenticated boot. Prominent Linux developer Lennart Poettering even argues that your data is "probably more secure if stored on current ChromeOS, Android, Windows or macOS devices."
Lead systemd developer Lennart Poettering wrote a lengthy blog post today around the state of authenticated boot and disk encryption on Linux. While many Linux distributions offer full-disk encryption, offer UEFI SecureBoot, and begun embracing TPMs, many of the technologies aren't being used to their best potential yet especially now by default / out-of-the-box.
- Login or register to post comments
- Printer-friendly version
- 1998 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago