Connect with us

Technology

A largely dry and corporate affair where the best bits involved a spot of Kubernetes-hacking roleplay • The Register

Voice Of EU

Published

on

Kubecon A session on how to hack into a Kubernetes cluster was among the highlights of a Kubecon where the main events were generally bland and corporate affairs, perhaps indicative of the technology now being a de facto infrastructure standard among enterprises.

Kubecon Europe took place online last week with more than 27,000 attendees, according to Chris Aniszczyk, CTO of the Cloud Native Computing Foundation (CNCF), which hosts the Kubernetes project among many others.

That is a substantial increase on the reported 13,000 or so at last year’s event, which was also virtual. Kubernetes is huge, and if there was an underlying theme at the event it was that Kubernetes is becoming the standard runtime platform.

There was plenty of strong technical content at the event, though attendees were left in no doubt that Kubernetes is big business and there was a dry corporate flavour to much of the keynote content along with the usual mutual backslapping.

CNCF introduced 27 new members, and observability specialist New Relic became a Platinum member, highlighting the significance of the OpenTelemetry project for collecting and analysing metrics, logs and traces from Kubernetes deployments. New Relic’s Zain Asgar joined the CNCF Governing Board. Asgar is CEO of Pixie Labs, acquired by New Relic in December 2020, and Pixie, a native Kubernetes observability product, has been open-sourced and will be contributed to CNCF.

“We wanted to make the observability product ubiquitous… it’s very hard to have a commercial offering that’s going to get to play everywhere,” Asgar told us.

“The goal behind Pixie is for it to be a vendor-neutral thing that everyone can use.” The commercial aspect is that Pixie is a data source that New Relic’s platform can consume, and the company also hosts Pixie Cloud as an option for managing the technology.

Spotify walked off with a “CNCF End User Award” for its work on Backstage, software that makes it easier to manage multiple services and share information. Spotify has 1,600 engineers, 14,000 software components and 1,400 microservices in production, according to web engineer Emma Indal who spoke at Kubecon, which explains why it came up with Backstage, and maybe why the Spotify app is no longer the simple, quick affair for streaming music that it was when first became popular.

Hacking Kubernetes: a story

As so often, the best content was not in the keynotes but in low-profile sessions. A highlight was a short piece on Hacking into Kubernetes by Ellen Körbes, head of product at Title, and Tabitha Sable, systems security engineer at Datadog. Körbes played the part of a developer at a fictional company where Sable was grandly called “Director of DevSecOps Enforcement”.

The story began when Körbes was annoyed by another developer using her port on the cluster. “I’m not calling the security people, they’re not fun, I’ll do this on my own,” she said.

She had limited RBAC (role-based access control) rights to the cluster, but that did not stop her. She got a shell on a pod that ran in a namespace with higher permissions, and performed the necessary command from there. The breach was discovered, but Körbes sat back and thought: “If the development cluster was out of commission all day, I would get the rest of the day off.”

She spotted CVE-2019-11253, “improper input validation in the Kubernetes API server… allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable.”

Tilt's Ellen Körbes poses as a Kubernetes hacker at Kubecon Europe

Tilt’s Ellen Körbes poses as a Kubernetes hacker at Kubecon Europe

DevSecOps ups the security to control its wayward developers but Körbes disliked being spied on and decided to go in and delete her logs. “Nobody is auditing anything.” Enter CVE-2020-15257 – “the containerd-shim API is improperly exposed to host network containers.” Körbes figured: “If I use a vulnerability in something Kubernetes is running on top of, I can bypass all Kubernetes security completely.”

A reverse shell and a bit of (unpublished) code later, she was in. Kubernetes vulnerabilities “don’t come around very often, but when they do they can ruin your day,” she mused. There is more: we will not spoil the story completely as it will be published for all to enjoy from 14 May.

“I struggled a lot to learn how to make talks engaging. The way to keep people engaging is with story,” explained Körbes at the wrap-up later, while Sable said: “We realised, Kubernetes security is complex because it’s the union of Linux security and network security and usually cloud provider security, and also Kubernetes has its own additional layer of complication there especially around RBAC and tying your shoes together with RBAC… I believe this is the first public demonstration of that Containerd exploit against Kubernetes.”

Too complex?

That was a great session, and also a neat illustration of what remains the big issue with Kubernetes: its complexity makes it hard to learn and easy to get wrong. There is no consensus on how this will be resolved, or whether it should be. We spoke to Mark Boost, CEO of Civo, a UK company offering hosted Kubernetes based on the lightweight K3S distribution (about which we hear more and more).

Despite the company’s focus on Kubernetes, Boost said he thinks fewer organisations will tangle with it directly in future. “Kubernetes is a great product but in the future it will be more under the hood, still be running Kubernetes, but there’ll be these layers on top which are just doing management on top to make things simple.”

Do we then end up back at Heroku, a revolutionary service when it was launched in 2007 as a way to run Ruby applications in the cloud (it has evolved since to support other runtimes) without managing the infrastructure? “In some ways, we do,” said Boost.

It seems that while many agree that using Kubernetes could and should be easier, other users would rather put up with the complexity for flexibility and control. “As more teams start modernising their applications, anything you can do to lower the cognitive cost of entry is good,” said Justin Turner, director of engineering at H-E-B, speaking at a Kubecon panel on the future of cloud native development.

“But there is a point where if you put too much abstraction on top of it, you lose a lot of control. You lose the ability to run operators… if we had too many layers of abstraction it may be hard to understand that those options are available.”

Jason McGee, CTO of IBM Cloud, said: “The lesson of Kubernetes is that there’s a diversity of workloads. People are moving towards an as-a-service consumption model and Kubernetes is evolving to have different personalities on how you consume the platform depending on what you are trying to do. Heroku, or the Cloud Foundry style of push code, lots of people want that. But maybe one of the lessons of that generation was that the platform doesn’t do everything.

“To me the power of Kubernetes is, if I’m building a simple app I can use that style, if I need to drop down and mess with the details of the application run stateful things, I can do that, all in one environment. I think we’ll add that to the ways Kubernetes is consumed. The question is whether we’ll do that in one way or whether there’s going to be 35 ways for that to happen.”

Most likely 35 ways, which makes the consensus around Kubernetes itself all the more remarkable. “For the first time in the industry we have standardised on the infrastructure with Kubernetes being that de facto control plane,” said Aniszczyk. ®



Source link

Technology

Elon Musk’s Twitter lawsuit: what you need to know | Elon Musk

Voice Of EU

Published

on

Elon Musk did not become the world’s wealthiest person through a lack of confidence.

But the Tesla CEO revealed on Tuesday that he had sold $6.9bn (£5.7bn) worth of shares in the carmaker, in case he loses his attempt to walk away from a $44bn takeover of Twitter.

Twitter is suing Musk in Delaware over his abandonment of the deal and wants to make him buy the company.

In a countersuit released last week, Musk put his side of the argument. According to him: Twitter misled investors; it breached the agreement by failing to provide enough information on spam accounts; another breach occurred when Twitter failed to consult with him on business moves such as firing senior employees; and its misstatement of user numbers constitutes a material adverse effect, which substantially alters Twitter’s value and therefore invalidates the deal agreement.

Here is a breakdown of Musk’s suit.

The relationship between both sides remains poor

There is $44bn at stake and the language in Musk’s countersuit is just as punchy as Twitter’s in the original lawsuit, when the company described his behaviour as “a model of bad faith”. In the preliminary statement Twitter is accused of making financial disclosures to the US financial watchdog that were “far from true”.

“Instead, they contain numerous, material misrepresentations or omissions that distort Twitter’s value and caused the Musk parties to agree to acquire the company at an inflated price. Twitter’s complaint, filled with personal attacks against Musk and gaudy rhetoric more directed at a media audience than this court, is nothing more than an attempt to distract from these misrepresentations,” said the lawsuit.

Strong words, but Musk will need strong evidence as well to convince the judge.

Musk’s core argument is about user numbers

From the moment the deal started to go sour, the focus was on the veracity of Twitter’s numbers. It is at the centre of Musk’s countersuit as well. He argues that the number of monetisable daily average users (mDAUs) – authentic, active accounts that can see adverts (hence monetisable) – is falsely inflated by Twitter miscounting the number of false and spam accounts on the platform. As well as being a threat to the ad income on which Twitter depends, Musk said his plan to introduce a subscription service for Twitter would be affected because there would be fewer customers to target than first thought.

Twitter has consistently stated that it estimates the number of false or spam accounts on the platform to be less than 5% of its mDAUs base, which stands at just under 238 million currently.

The suit says that Musk became alarmed about how Twitter accounts for its mDAUs when, three days after signing the deal agreement, it admitted it had overstated its mDAU total for three years, by between 1.4 million and 1.9 million users per quarter. Twitter denies that the user change was a “restatement” (it describes the alteration as “updated values”) but admits it did not give the information to Musk prior to the deal being signed on 25 April.

Musk is not happy with Twitter’s verification processes

After agreeing to buy the business with minimal due diligence, the suit says Musk was “astonished” to learn about how “meagre” Twitter’s processes for identifying spam accounts were. It said 100 accounts a day were sampled by human reviewers in order to come up with the less-than-5% figure. Twitter’s CEO and chief financial officer were unable to explain how these accounts were selected to be a representative sample.

“Musk realised that, at best, Twitter’s reliance on and touting of its process was reckless; at worst, it was intentionally misleading,” says the suit.

Twitter argues that it uses a much more layered process for weeding out dodgy accounts, including using automated systems. It also pointed to the detailed explanations of how it polices spam accounts, which had been given to Musk, the press, the Securities and Exchange Commission and the public via a Twitter thread by CEO Parag Agrawal. In the most notorious episode of this takeover saga, Musk replied to the latter with a poo emoji.

But according to the countersuit at least Agrawal and Musk agreed on one thing. The document states that on 8 April Musk sent the CEO an example of a spam tweet saying: “I am so sick of stuff like this.” Agrawal replied, acknowledging “[w]e should be catching this.”

Musk’s counter-estimates

Citing “preliminary expert estimates”, the countersuit claims that in early July one-third of visible accounts may have been false or spam. This means that the true proportion of spam accounts among Twitter’s user base is at least 10%.

It says users that see zero or almost no ads account for almost all the growth in monetisable daily users. The majority of ads are served to less than 16 million users, the suit claims.

Twitter says that although not every user sees ads on a given day, in the first quarter “significantly more than” 229 million accounts contributed to Twitter’s average quarterly user number.

Regarding the 10% number, Twitter says it was based on a publicly available web tool, botometer, that has designated Musk’s own account as a likely bot.

Twitter made decisions without consulting Musk

One of the clauses in the merger agreement states Musk must be told when Twitter is deviating from its obligation to conduct its business in the “ordinary course”. In the countersuit, Musk claims that Twitter has made several “significant” changes – including firing two executives, starting a hiring freeze and initiating a legal clash with the Indian government – that occurred without his consent.

Twitter’s response is that axing employees or acting to protect users’ rights in foreign jurisdictions are part of the day-to-day business of running a company.

Information was not forthcoming

Musk is also claiming that Twitter failed to provide him with all the data and information that he requested “for any reasonable business purpose related to the consummation of the transaction”. The suit says Musk was sent reams of “stale data” that didn’t answer his questions.

It says, pointedly, that Twitter was happy to send data such as “a copy of its agreement with the Golden State Warriors for courtside basketball tickets and VIP parking”.

After more back-and-forth arguments over increasingly detailed information requests, the suit claims “the only conclusion the Musk parties could draw from Twitter’s obfuscation and delay was that Twitter knew that it had something to hide”.



Source link

Continue Reading

Technology

Economic uncertainty can’t stop cloud growth • The Register

Voice Of EU

Published

on

The hyperscalers and public cloud providers are barreling ahead, unfazed by a rapidly deteriorating economic outlook, according to a recent Dell’Oro Group report.

In fact, these internet behemoths stand to benefit from the current market conditions in more ways than one, analyst Baron Fung told The Register.

As chipmakers like Intel, Nvidia, Micron, and others face increased pricing pressure across their lineups due to declining demand, hyperscalers are well-positioned to take advantage of this and add more capacity on the cheap, he explained.

“Looking at the recent Q2 earnings, it was really pretty impressive from a growth standpoint,” Fung said of the cloud providers.

Amazon and Azure in particular saw robust revenue gains in their most recent quarters. AWS saw revenues climb 36 percent from the prior year, while Microsoft reported its cloud biz saw year-over-year growth of 40 percent. However, things weren’t as peachy for Google, which saw a otherwise strong quarter for cloud revenue tempered by a $858 million loss in income.

Worsening macroeconomic factors may end up helping cloud providers as enterprises look for alternatives to capex-heavy server refreshes. We saw this phenomenon once before – in the early days of the pandemic.

These factors, combined with a wave of enabling technology – next-generation CPUs, GPUs, smartNICs, and CXL-enabled components to name a handful – will further accelerate hyperscaler spending, which is expected to grow 13 percent over the next five years, Fung said.

So it’s no surprise many chipmakers are optimistic about their cloud and datacenter-related revenues over the next few quarters, despite a slump in PC and gaming demand.

The analyst firm expects next-generation CPU platforms from the likes of Intel, AMD, and Ampere will be among the strongest drivers of hyperscale spending in the near term.

Intel and AMD are expected to launch their next-generation server processors later this year. Both of these chips pack a bevy of new features, including DDR5, and PCIe 5.0, in addition to having substantially higher core counts compared to the previous generation.

These chips are also among the first to support the CXL interconnect standard, “which will enable a new kind of paradigm in the datacenter,” according to Fung.

In its first iteration, the technology will allow systems builders to pack larger quantities of memory into servers than there are DIMM slots, using CXL memory-expansion modules. And in the years to come, the technology has provisions for tiered memory, memory pooling, and disaggregated compute architectures.

The operational and resource efficiencies enabled by the tech may eventually trickle down to customers in the form of lower prices, Fung added.

But it won’t just be the x86 stalwarts leading the charge in the datacenter. Fung also expects Arm chipmakers, like Ampere, to continue gaining traction in the hyperscale arena. Here, the chipmaker’s Altra and Altra Max processors have already attracted several high-profile customers including Microsoft Azure, Google, Cloudflare, and Oracle – to name just a few.

Finally, Dell’Oro predicts hyperscalers will drive edge infrastructure deployments – a market that Intel currently dominates – to 8 percent of the total datacenter infrastructure market by 2026. ®

Source link

Continue Reading

Technology

Limerick researchers’ findings show potential of food to treat heart disease

Voice Of EU

Published

on

The Irish-based study lead said food scientists, medical scientists and pharma companies must work together to produce functional foods to treat chronic conditions.

A team of researchers based at the Bernal Institute in University of Limerick (UL) have developed a new guide to designing functional foods to treat various chronic conditions.

Functional foods are foods that provide nutrition and act in a way that positively affects the body, similar to medicine.

According to the research, food has the potential to help in the treatment of heart diseases such as atherosclerosis.

“The capacity for our food to do more than provide us with nutrition is huge and relatively unexplored,” said study lead Daniel Granato, professor in food science and health at UL.

“Cardiovascular diseases are a main cause of death but they can be prevented. By bringing food scientists, medical scientists and pharma companies together we can employ the same methods used in producing medicinal drugs and produce foods that might mitigate health conditions,” Granato added.

The study has been published in Trends in Food Science & Technology, an academic journal. The UL researchers were joined on the project by academics from the Federal University of Alfenas and Universidade Federal de Minas Gerais in Brazil.

Granato and his team proposed an accurate computational approach to designing functional foods by predicting their bioactivity. This allowed the researchers to map how different food components benefit the body.

The study also drew attention to the potential of functional foods to treat illnesses and lessen the burden on the world’s health services. Functional foods are not too available on the market, despite their potential to help prevent conditions such as type-2 diabetes and glucose intolerance. These are both major contributors to heart disease.

Food science, cardiovascular disease therapy and computer modelling should be linked to produce functional foods that can mitigate atherosclerosis, according to Granato. He urged food and pharma companies to take note.

“This is critical to achieve United Nations Sustainable Development Goals in good health and wellbeing, as well as ensuring healthy lives and promoting wellbeing for all at all ages, by optimising discovery of bioactive compound sources, and reducing time to market for new functional foods,” he said.

Granato’s co-author and senior lecturer in the UL Department of Biological Sciences, Dr Andreas Grabrucker, said this approach could go far beyond heart disease.

“It will be the basis of a new research project at UL that aims to identify functional foods that lower the risk for neurodegenerative disorders such as Alzheimer’s disease,” he claimed.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!