• IBM attempts to graft virtual machine security onto container flexibility

  IBM researchers have developed a new flavor of software container in an effort to create code that's more secure than Docker and similar shared kernel container systems.

  Docker and its ilk are considered less secure than VMs because the compromise of a shared kernel puts all associated containers at risk. With VMs, the kernel is separate from the host kernel, which reduces the risk of collateral damage.

• Using Linux Containers to Manage Embedded Build Environments

  Linux container technology has been proposed by companies like Resin.io as a simpler and more secure way to deploy embedded devices. And, Daynix Computing has developed an open source framework called Rebuild that uses Linux containers in the build management process of embedded IoT development. At the 2017 Open Source Summit, Daynix “virtualization expert” Yan Vugenfirer gave a presentation on Rebuild called “How Linux Containers can Help to Manage Development Environments for IoT and Embedded Systems.”

  Vugenfirer started by reminding the audience of the frustrations of embedded development, especially when working with large, complex projects. “You’re dealing with different toolchains, SDKs, and compilers all with different dependencies,” he said. “It gets more complicated if you need to update packages, or change SDKs, or run a codebase over several devices. The code may compile on your machine, but there may be problems in the build server or in the CI (continuous integration) server.”

• Building Containers with HPC Container Maker

  Containers package entire workflows, including software, libraries, and even data, into a single file. The container can then be run on any compatible hardware that can run the container type, regardless of the underlying operating system.

  Containers are finding increased utility in the worlds of scientific computing, deep learning, HPC, machine learning, and artificial intelligence, because they are reproducible, portable (mobility of compute), user friendly (admins don’t have to install everything), and simple, and they isolate resources, reduce complexity (reduction in dependencies), and make it easy to distribute the application and dependencies.

  Using containers, you have virtually everything you need in a single file, including a base operating system (OS), the application or workflow (multiple applications), and all of the dependencies. Sometimes the data is also included in the container, although it is not strictly necessary because you can mount filesystems with the data from the container.

By now you’ve probably heard about Yum and RPM, the new processes that IBM will use to deliver open source software to IBM i customers. But you may have questions about how the process works, and what the benefits will be. IT Jungle talked with IBM’s open source guru Jesse Gorzinski to get the low down on why the new tech is so important to the platform.

RPM, which stands for Red Hat Package Manager, is a piece of software created more than 20 years that allows customers in that Linux community to more easily distribute and install the various pieces of software required to create a working Linux environment. Over the years, RPM use has migrated beyond the Red Hat community to other Linux and Unix environments (including AIX), and has essentially become a de facto standard for distributing software in the open source world.

Also: Red Hat Announces Ansible Engine 2.6 with Simplified Connections to Network APIs and Automation across Windows & Cloud

• How The Update Framework Improves Software Distribution Security

  In recent years that there been multiple cyber-attacks that compromised a software developer's network to enable the delivery of malware inside of software updates. That's a situation that Justin Cappos, founder of The Update Framework (TUF) open-source project, has been working hard to help solve.

  Cappos, an assistant professor at New York University (NYU), started TUF nearly a decade ago. TUF is now implemented by multiple software projects, including the Docker Notary project for secure container application updates and has implementations that are being purpose-built to help secure automotive software as well.

• IBM's new Nabla containers are designed for security first

  Companies love containers because they enable them to run more jobs on servers. But businesses also hate containers, because they fear they're less secure than virtual machines (VM)s. IBM thinks it has an answer to that: Nabla containers, which are more secure by design than rival container concepts.

  James Bottomley, an IBM Research distinguished engineer and top Linux kernel developer, first outlines that there are two kind of fundamental kinds of container and virtual machine (VM) security problems. These are described as Vertical Attack Profile (VAP) and Horizontal Attack Profile (HAP).

• [Podcast] PodCTL #42 – Kubernetes 1.11 Released

  Like clockwork, the Kubernetes community continues to release quarterly updates to the rapidly expanding project. With the 1.11 release, we see a number of new capabilities being added across a number of different domains – infrastructure services, scheduling services, routing services, storage services, and broader CRD versioning capabilities that will improve the ability to not only deploy Operators for the platform and applications. Links for all these new features, as well as in-depth blog posts from Red Hat and the Kubernetes community are included in the show notes.

  As always, it’s important to remember that not every new feature being released is considered “General Availability”, so be sure to check the detailed release notes before considering the use of any feature in a production or high-availability environment.

• What are cloud-native applications?

  As cloud computing was starting to hit its stride six or seven years ago, one of the important questions people were struggling with was: "What do my apps have to look like if I want to run them in a public, private, or hybrid cloud?"

  There were a number of takes at answering this question at the time.

  One popular metaphor came from a presentation by Bill Baker, then at Microsoft. He contrasted traditional application "pets" with cloud apps "cattle." In the first case, you name your pets and nurse them back to health if they get sick. In the latter case, you give them numbers and, if something happens to one of them, you eat hamburger and get a new one.

• KubeCon + CloudNativeCon, Copenhagen

  I attended KubeCon + CloudNativeCon 2018, Europe that took place from 2nd to 4th of May. It was held in Copenhagen, Denmark. I know it’s quite late since I attended it, but still I wanted to share my motivating experiences at the conference, so here it is!

  I got scholarship from the Linux Foundation which gave me a wonderful opportunity to attend this conference. This was my first developer conference aboard and I was super-excited to attend it. I got the chance to learn more about containers, straight from the best people out there.