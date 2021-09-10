Memcg Performance Regression Fix in Linux 5.15 and BPF-based Firewall
-
As a follow-up to A Fix Is Pending For That Linux 5.15 Performance Regression, Linus Torvalds decided to pull the fix directly into Linux 5.15 Git today for addressing this real-world, measurable performance regression.
Linus commented on the proposed memcg change today, "Ok, I've applied this just to close the issue. If somebody comes up with more data and the delayed flushing or something is problematic, we'll revisit, but this looks all sane to me and fixes the regression."
-
Generating much excitement back in 2018 was bpfilter for the potential to better Linux's firewall and packet filtering by making it more robust and performance. Recently work on this BPF-based firewall solution was renewed and the performance potential over iptables and nftables is looking very good for the future.
This year the BPF-based firewall code work was taken up by Facebook's Dmitrii Banshchikov and he's trying to push the code along now. Ahead of the next iteration of these patches, Dmitrii presented at this week's Linux Plumbers Conference on the effort.
Canonical on Kubernetes and Grace Hopper 2021
-
Portainer announced the launch of its Portainer Business Charmed Operator, allowing for seamless integration with Canonical’s Charmed Kubernetes distribution.
The new Portainer charm allows users of Canonical’s Charmed Kubernetes distribution to automatically install and integrate Portainer Business as part of the Kubernetes cluster deployment process, using Juju, the Charmed Operator framework.
Portainer Business is a powerful operating platform that transforms any Kubernetes implementation into a ‘containers-as-a-service’ solution. With Portainer Business at the core, Platform Managers can use Portainer’s simple GUI to configure a range of security and governance policies –such as Role Based Access and resource quotas – that control how end users (typically Developers) interact with the environment.
Developers working in a Portainer-managed environment benefit from an easy-to-use GUI to deploy, manage, and monitor their applications or, equally, can connect any dashboard or CI/CD tool they like via Portainer. Without Portainer, Developers must use complex CLI commands to deploy and monitor their apps, which is hard and a major inhibitor in the overall K8s adoption trend.
-
Canonical is excited to announce our virtual attendance at the Grace Hopper Conference September 27th – October 1st, 2021. We are thrilled to sponsor, and once again attend, an event that aligns with our values of bringing enthusiastic, diverse, and talented employees into our rapidly-expanding global workforce.
During the Grace Hopper Conference 2021, Canonical aims for attendees to gain knowledge of our open positions and insights from various team members through a day in the life of a Canonical employee. Participants are encouraged to check our YouTube channel to learn about roles from Sales, Support, Field and IoT Engineering. There team members who are involved in our internal resource groups cover topics such as Women in Tech, parents, LGBTQIA+, and more. Engagement is encouraged company wide, and presented during onboarding procedures, allowing every new employee the chance for involvement from their first day.
IBM/Red Hat/Fedora: PHP, Digital Public Goods Alliance (DPGA), Kubernetes, and Istio 1.11.3
-
RPMs of PHP version 8.0.11 are available in remi repository for Fedora 35 and remi-php80 repository for Fedora 33-34 and Enterprise Linux (RHEL, CentOS).
RPMs of PHP version 7.4.23 are available in remi repository for Fedora 33-34 and remi-php74 repository Enterprise Linux (RHEL, CentOS).
RPMs of PHP version 7.3.30 are available in remi-php73 repository for Enterprise Linux (RHEL, CentOS).
-
In the Fedora Project community, we look at open source as not only code that can change how we interact with computers, but also as a way for us to positively influence and shape the future. The more hands that help shape a project, the more ideas, viewpoints and experiences the project represents — that’s truly what the spirit of open source is built from.
But it’s not just the global contributors to the Fedora Project who feel this way. August 2021 saw Fedora Linux recognized as a digital public good by the Digital Public Goods Alliance (DPGA), a significant achievement and a testament to the openness and inclusivity of the project.
We know that digital technologies can save lives, improve the well-being of billions, and contribute to a more sustainable future. We also know that in tackling those challenges, Open Source is uniquely positioned in the world of digital solutions by inherently welcoming different ideas and perspectives critical to lasting success.
But, we also know that many regions and countries around the world do not have access to those technologies. Open Source technologies can be the difference between achieving the Sustainable Development Goals (SDGs) by 2030 or missing the targets. Projects like Fedora Linux, which represent much more than code itself, are the game-changers we need. Already, individuals, organizations, governments, and Open Source communities, including the Fedora Project’s own, are working to make sure the potential of Open Source is realized and equipped to take on the monumental challenges being faced.
-
Among the reasons why Kubernetes has been so widely adopted are flexibility and lack of fragmentation.
-
This release contains bug fixes to improve robustness. This release note describes what’s different between Istio 1.11.2 and Istio 1.11.3
Security Lertovers
-
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities have been detected in exploits in the wild.
-
A report surfaced recently that at least some recent versions of macOS can be exploited to run arbitrary local applications using .inetloc files, which may allow a drive-by download to automatically kick off a vulnerable application and exploit it. Apple appeared to acknowledge the fault, but did not assign it a CVE; the reporter seems not to have found the putative fix satisfactory and public disclosure thus occurred two days ago.
-
Generally all of our Rust code are reproducible. If you build it in a fixed path, and also use SOURCE_DATE_EPOCH environment variable, the final library or executables will be producible. This is really helpful, for example while building cryptography python wheel, I can keep building it in a reproducible way even with the Rust dependencies.
A few days ago I saw shadow-rs, which can provide a lot of build time information. For example, in khata now I have a way to tell if I am using any custom build and also identify which one. I was a bit worried as shadow allows to store the build time too, but later found that the community already put in the patches so that it follows SOURCE_DATE_EPOCH.
Recent comments
1 min ago
1 hour 30 min ago
3 hours 33 min ago
4 hours 18 min ago
4 hours 20 min ago
4 hours 34 min ago
8 hours 46 min ago
9 hours 53 min ago
10 hours 15 min ago
11 hours 14 min ago