Connect with us

Technology

A largely dry and corporate affair where the best bits involved a spot of Kubernetes-hacking roleplay • The Register

Voice Of EU

Published

on

Kubecon A session on how to hack into a Kubernetes cluster was among the highlights of a Kubecon where the main events were generally bland and corporate affairs, perhaps indicative of the technology now being a de facto infrastructure standard among enterprises.

Kubecon Europe took place online last week with more than 27,000 attendees, according to Chris Aniszczyk, CTO of the Cloud Native Computing Foundation (CNCF), which hosts the Kubernetes project among many others.

That is a substantial increase on the reported 13,000 or so at last year’s event, which was also virtual. Kubernetes is huge, and if there was an underlying theme at the event it was that Kubernetes is becoming the standard runtime platform.

There was plenty of strong technical content at the event, though attendees were left in no doubt that Kubernetes is big business and there was a dry corporate flavour to much of the keynote content along with the usual mutual backslapping.

CNCF introduced 27 new members, and observability specialist New Relic became a Platinum member, highlighting the significance of the OpenTelemetry project for collecting and analysing metrics, logs and traces from Kubernetes deployments. New Relic’s Zain Asgar joined the CNCF Governing Board. Asgar is CEO of Pixie Labs, acquired by New Relic in December 2020, and Pixie, a native Kubernetes observability product, has been open-sourced and will be contributed to CNCF.

“We wanted to make the observability product ubiquitous… it’s very hard to have a commercial offering that’s going to get to play everywhere,” Asgar told us.

“The goal behind Pixie is for it to be a vendor-neutral thing that everyone can use.” The commercial aspect is that Pixie is a data source that New Relic’s platform can consume, and the company also hosts Pixie Cloud as an option for managing the technology.

Spotify walked off with a “CNCF End User Award” for its work on Backstage, software that makes it easier to manage multiple services and share information. Spotify has 1,600 engineers, 14,000 software components and 1,400 microservices in production, according to web engineer Emma Indal who spoke at Kubecon, which explains why it came up with Backstage, and maybe why the Spotify app is no longer the simple, quick affair for streaming music that it was when first became popular.

Hacking Kubernetes: a story

As so often, the best content was not in the keynotes but in low-profile sessions. A highlight was a short piece on Hacking into Kubernetes by Ellen Körbes, head of product at Title, and Tabitha Sable, systems security engineer at Datadog. Körbes played the part of a developer at a fictional company where Sable was grandly called “Director of DevSecOps Enforcement”.

The story began when Körbes was annoyed by another developer using her port on the cluster. “I’m not calling the security people, they’re not fun, I’ll do this on my own,” she said.

She had limited RBAC (role-based access control) rights to the cluster, but that did not stop her. She got a shell on a pod that ran in a namespace with higher permissions, and performed the necessary command from there. The breach was discovered, but Körbes sat back and thought: “If the development cluster was out of commission all day, I would get the rest of the day off.”

She spotted CVE-2019-11253, “improper input validation in the Kubernetes API server… allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable.”

Tilt's Ellen Körbes poses as a Kubernetes hacker at Kubecon Europe

Tilt’s Ellen Körbes poses as a Kubernetes hacker at Kubecon Europe

DevSecOps ups the security to control its wayward developers but Körbes disliked being spied on and decided to go in and delete her logs. “Nobody is auditing anything.” Enter CVE-2020-15257 – “the containerd-shim API is improperly exposed to host network containers.” Körbes figured: “If I use a vulnerability in something Kubernetes is running on top of, I can bypass all Kubernetes security completely.”

A reverse shell and a bit of (unpublished) code later, she was in. Kubernetes vulnerabilities “don’t come around very often, but when they do they can ruin your day,” she mused. There is more: we will not spoil the story completely as it will be published for all to enjoy from 14 May.

“I struggled a lot to learn how to make talks engaging. The way to keep people engaging is with story,” explained Körbes at the wrap-up later, while Sable said: “We realised, Kubernetes security is complex because it’s the union of Linux security and network security and usually cloud provider security, and also Kubernetes has its own additional layer of complication there especially around RBAC and tying your shoes together with RBAC… I believe this is the first public demonstration of that Containerd exploit against Kubernetes.”

Too complex?

That was a great session, and also a neat illustration of what remains the big issue with Kubernetes: its complexity makes it hard to learn and easy to get wrong. There is no consensus on how this will be resolved, or whether it should be. We spoke to Mark Boost, CEO of Civo, a UK company offering hosted Kubernetes based on the lightweight K3S distribution (about which we hear more and more).

Despite the company’s focus on Kubernetes, Boost said he thinks fewer organisations will tangle with it directly in future. “Kubernetes is a great product but in the future it will be more under the hood, still be running Kubernetes, but there’ll be these layers on top which are just doing management on top to make things simple.”

Do we then end up back at Heroku, a revolutionary service when it was launched in 2007 as a way to run Ruby applications in the cloud (it has evolved since to support other runtimes) without managing the infrastructure? “In some ways, we do,” said Boost.

It seems that while many agree that using Kubernetes could and should be easier, other users would rather put up with the complexity for flexibility and control. “As more teams start modernising their applications, anything you can do to lower the cognitive cost of entry is good,” said Justin Turner, director of engineering at H-E-B, speaking at a Kubecon panel on the future of cloud native development.

“But there is a point where if you put too much abstraction on top of it, you lose a lot of control. You lose the ability to run operators… if we had too many layers of abstraction it may be hard to understand that those options are available.”

Jason McGee, CTO of IBM Cloud, said: “The lesson of Kubernetes is that there’s a diversity of workloads. People are moving towards an as-a-service consumption model and Kubernetes is evolving to have different personalities on how you consume the platform depending on what you are trying to do. Heroku, or the Cloud Foundry style of push code, lots of people want that. But maybe one of the lessons of that generation was that the platform doesn’t do everything.

“To me the power of Kubernetes is, if I’m building a simple app I can use that style, if I need to drop down and mess with the details of the application run stateful things, I can do that, all in one environment. I think we’ll add that to the ways Kubernetes is consumed. The question is whether we’ll do that in one way or whether there’s going to be 35 ways for that to happen.”

Most likely 35 ways, which makes the consensus around Kubernetes itself all the more remarkable. “For the first time in the industry we have standardised on the infrastructure with Kubernetes being that de facto control plane,” said Aniszczyk. ®



Source link

Technology

Agtech start-up tackling emissions gets backing from Bill Gates’ fund

Voice Of EU

Published

on

Iron Ox aims to reduce the carbon footprint of farming using robotics and AI.

Silicon Valley agtech start-up Iron Ox has secured $53m in Series C funding led by Breakthrough Energy Ventures.

Founded in 2015, Iron Ox has now raised $98m to date for its autonomous farming technologies.

The ultimate goal for Iron Ox is to rebuild the agricultural model so that fruit and veg can be produced locally and sustainably with a lower carbon footprint. Using robotics and AI to support a data-driven approach to farming, Iron Ox claims to create 30 times more produce per acre using 90pc less water than conventional field farms.

Food from its farms in northern California can be purchased in stores across the San Francisco Bay area, and the company expects to further its reach later this year after breaking ground on a new 535,000 sq ft indoor farm in Texas.

Existing investors in Iron Ox include Crosslink Capital, R7 Partners, Amplify Partners and Y Combinator. This is a first round of investment from Breakthrough Energy Ventures, a fund established by Bill Gates and a coalition of private investors in 2015.

With more than $2bn in committed capital, Breakthrough Energy targets its investments at companies and innovations that can help reach a goal of net-zero carbon emissions by 2050. This week, it was announced that the fund had secured investments from Microsoft, BlackRock, General Motors, American Airlines, Boston Consulting Group, Bank of America and ArcelorMittal.

Emissions from agriculture have been shown to be a significant contributor to the climate crisis. According to global research non-profit World Resources Institute, without intervention, greenhouse gas emissions from agricultural production could increase by 58pc by 2050.

The recent report from the Intergovernmental Panel on Climate Change warned that unless there are immediate and large-scale reductions in greenhouse gas emissions, limiting global heating to 1.5 degrees Celsius above pre-industrial levels, as outlined in the 2015 Paris Agreement, will be “beyond reach”.

“World-class investors know that humanity’s most important pursuit is to reverse climate change,” said Iron Ox CEO and co-founder Brandon Alexander. “To get there, we can’t settle for incrementally more sustainable crops – and we can’t ask consumers to compromise on taste, convenience or value.”

Iron Ox’s technology sets out to minimise the amount of land, water and energy needed for everyday produce. “The team at Iron Ox will not stop until we achieve our long-term mission of making the produce sector carbon negative,” said Alexander.

The start-up will use this Series C round to expand its retail presence and accelerate hiring. In particular, it’s seeking plant scientists, engineers, roboticists and greenhouse operators to join the team. The company also plans to boost its R&D programmes, accelerate its manufacturing scale-up and expand its operations across the US.

Carmichael Roberts from Breakthrough Energy Ventures said that this investment aligns with the fund’s aim to accelerate innovations that can reduce global greenhouse gas emissions.

“Iron Ox is uniquely positioned to accelerate the shift towards climate-friendly agriculture, while increasing the accessibility and quality of fresh produce,” he said.

“It’s the type of solution that’s designed to scale quickly and has the potential to get us one big step closer to net zero.”

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Source link

Continue Reading

Technology

Henry Stone: the 10 funniest things I have ever seen (on the internet) | Comedy

Voice Of EU

Published

on

I write comedy and I direct comedy, and all of the money I make is from making comedy. However not all of the comedy I make is for making money. I like making things that are borne of nothing other than my fancy being tickled. I’m biased because I’m me and me is a perfect boy, but I’m pretty sure that this is the exactly correct way to approach your craft; one for you, one for them.

Ira Glass likes to talk about the taste gap and I like to talk about Ira Glass talking about the taste gap. It’s the mental chasm you find yourself in when you’re really into your chosen creative pursuit but you haven’t flexed your own muscle enough yet and you KNOW IT and it hurts cos you know you suck. I want to half-hijack my own funniest things list to celebrate the taste-gap-closing creative phase because I feel like its necessity is slowly being ignored.

This is a list of the funniest things on the internet that I know have been made only for the love of the process. No budgets or institutional support – simply really funny ideas explored to what appears to be the limit of the creators’ resources and abilities at the time. Has anyone laboured the ideology behind a selection criteria for a funny videos listicle as much as this? Probably not, but I’m trying to close up my opinion-piece-writing taste gap cos I’m thinking about starting a locky-d newsletter so like, forgive me?

1. Tiny Fuppets

Wow the Tiny Fuppets are AMAZE! I STAN TINY FUPPETS! If you don’t know about the Tiny Fuppets well they are simply just some Fuppets who are tiny teehee. This series started in 2011 and not too long after the creators became Conan writers.

2. Aunty Donna – GPS tries to kill man

Feels like you’re legally required to have an Aunty Donna video in your Guardian 10 funniest things list – they themselves had a list populated almost entirely with their own videos (due to the law I guess). Here we find the Donnas in 2012 being very funny and dumb and now we find them everywhere being funny and dumb cos they closed up their gap noice and toight.

3. F the Internet

A public-access-aping sketch that breaks out of the confines of its well-trodden framing with a confidently silly central performance and a clear willingness in the film-making to find the comedy on the day. This is 2015. Three years later star/writer/director Elizabeth Zephyrine McDonough started working for Full Frontal with Samantha Bee.

4. The New Pet Detectives

2013, my best friends Sam and Greg form the dream team of them, Tom Ward and Jonathan Schuster, to make a sketch for our shared YouTube. They’re in Melbourne and I’ve only just moved to Sydney so I wasn’t involved at all and therefore don’t feel grotty about putting it on my list. Eight years later, The New Pet Detectives makes me laugh every time and even though it ends with literally an apology for how shit they thought it was, all of them have closed up their gaps enough to continue to make comedy on bigger and crazier world stages.

5. Redfern Electrical

This one’s some red-hot 2021 business. John Cruckshank, beyond being a man of the people, is achingly funny and along with his film-making collaborator Luke Smith has the storytelling prowess to make this work of autofiction both hilarious moment-to-moment as well as structurally watertight. Together they’ve got more chops than Sam Kekovich and when viewed as a local sitcom it’s hard to argue that there’s anything better being made on Australia TV by people getting paid to do it. Off the back of this the Shank got tapped to be in the Big Lez Show as well as some other upcoming US animation stuff. If you’re sleeping on him, cut it out.

6. Just 2 Guyz

I don’t think it’s that necessary to go deep into why the Lonely Island are good. Just 2 Guyz was a standalone 2004 video that wound up in their failed 2005 sketch show pilot. Later that year they were all hired into Saturday Night Live. Two years after that, Hot Rod, my favourite comedy movie, comes out. I did toy with including the Stolen Footage: Jorm Dances video series in this list but those were made during SNL which disqualified them from being “for free” in my staunch opinion.

7. Laura’s Shock Attack

Sam (see: The New Pet Detectives) showed this to me and I commend its makers for at once nodding to the past with their use of French New Wave jump cuts while also being forward thinking by experimenting with unusual aspect ratios before your A24 johnny-come-lately’s like Jonah Hill and Robert Eggers ever did. Though it’s rudimentary you gotta crawl before you can walk oddly down steps (see: 40s mark).

8. This @jjjhack tweet

Half a decade late admin reveal: @jjjhack was run by Sophie Braham, Tom Cashman and myself. When we started it, Crikey wrote an article about the account’s follower rise without ever checking to see whether the followers were all eggs, which they were because I paid $60 to get 70,000 fake ones so that we aesthetically mirrored the real @triplejhack Twitter account as closely as possible. We made a pact with ourselves to only ever reply to any emails or tweets with a photo of George Rose from the Dragons which we just kind of plucked from the ether for no real reason. Highlights of the @jjjhack era were sending George Rose to Tom Tilley when he thanked us for the lols and duping Malcolm Turnbull into tagging us instead of the real account.

Again, I don’t feel grimy about sharing something I was involved in because this specific tweet was written by Tom or Soph as I quit writing on it long before they did. The three of us now do other things for fun I guess because we actually did age out of parodying the national youth broadcaster.

9. Side of Smooth

Nathan Fielder and Chris Locke in 2008, five years prior to Nathan For You.

10. Obedience

Fine, I’ll include my own proper one. I made this with Aaron Chen in 2017, it has very little sheen because the entire budget was me paying for lunch. It was knocked back by Tropfest – though I think that’s reasonable because I made it before the year’s theme of “Pineapple” was announced and then I pretended like having pine cones at the start and an apple at the end was an intentionally bookended approach to that theme, but they’d been duped one too many times.

To conclude this list in full earnestness, I wrote this sketch during one of my first ever bouts of depression, a time when I was deeply uncertain of my craft and incredibly distrustful of the local industry and the alleged experts working within it. Aaron, being the perpetually supportive friend he is, agreed to do the role and we got our friend Toby to bring his dog for Aaron to spit on. I think the sketch is pretty funny and is certainly helped to its feet through Chen being one of the most daftly captivating and to-the-core hilarious people this side of the River Murray. Through some twists and turns that reinvigorated my trust in the industry it fell into the laps of the people at Adult Swim and helped get our foot (feet?) in the door to make our short film for them last year. So yeah, it’s in the list because of how clearly it epitomises the cause-and-effect power of making your own stuff.

Remember to try to close up your gap, appreciate it when other people try to close up theirs and always revel in creating for creation’s sake!

Follow Henry Stone on Instagram



Source link

Continue Reading

Technology

New X.Org Server release candidate appears after long delay • The Register

Voice Of EU

Published

on

More than three years after X.Org Server 1.20, released in May 2018, a release candidate for 21.1.0 has been posted.

The Linux display server remains widely used despite the introduction of Wayland, first released in 2012 and intended to replace X.

The future of the software, in terms of significant new releases, was in doubt when project owner Adam Jackson declared the project “abandoned” last year, but Lithuanian developer Povilas Kanapickas (who formerly worked on the Unity game engine) stepped up and said:

“There are new features in the Xorg DDX that I would like to see released, so I’m volunteering to do the releasing work.”

XWayland, a compatibility piece that enabled X clients for Wayland display servers, is part of the X.Org project but in December maintainer Michel Dänzer proposed that “there are new Xwayland features that we’d like to ship to users. Since there’s currently no clear plan for a new major release of xserver as a whole, I’m volunteering to make releases of Xwayland only instead.”

This was met with approval, and in March there was a standalone release of XWayland 21.1.0. Kanapickas considered this separation “good practice” and therefore the new release candidate is X.Org-only.

Work is proceeding on the 21.1 release of X.Org Server

Work is proceeding on the 21.1 release of X.Org Server

Wayland use is increasing and it is the default in popular distributions including Fedora, Red Hat Enterprise Linux, and Debian. Ubuntu switched to Wayland as the default in version 21.04, a second attempt since it was default in 17.10 but reverted to X.Org for 18.04, which means that the current LTS edition, 20.04, remains on X for most users.

The same applies to distributions such as Linux Mint, based on Ubuntu LTS. Even where Wayland is the default, some users prefer to run X for compatibility or performance reasons.

The new release candidate includes variable refresh rate support, support for AMD GLAMOR acceleration in the Xvfb (X virtual framebuffer), touchpad gesture support, and correct reporting of display DPI “in more cases that may affect rendering of client applications on hi-DPI screens.” There is also full support for the Meson build system and the older autotools support will be dropped in future releases. Kanapickas has also helpfully listed all the fixes since version 1.20.0 which is a long list.

While many users will welcome a new X Server release, Jackson observed last year: “I’m of the opinion that keeping xfree86 alive as a viable alternative since Wayland started getting real traction in 2010ish is part of the reason those are still issues.” ®

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!