darthcamaro writes: Docker is about to get some real competition in the container runtime space, thanks to the official launch of rkt 1.0. CoreOS started building rkt in 2014 and after more than a year of security, performance and feature improvement are now ready to declare it 'production-ready.' While rkt is a docker runtime rival, docker apps will run in rkt, giving using a new runtime choice.
rkt will remain compatible with the Docker-specific image format, as well as its own native App Container Image (ACI). That means developers can build containers with Docker and run those containers with rkt. In addition, CoreOS will support the growing ecosystem of tools based around the ACI format.
darthcamaro writes: Starting this week, there is a new tool in the toolbox to secure Docker containers. In addition to SELinux (or AppArmor) and Namespaces — Docker 1.10 will now include a default SECCOMP profile. So what's the difference between SECCOMP and SELinux?
SELinux is the list of people you can talk to, while seccomp is the list of what words you can say, McCarty said. As an example, if a person could communicate with another person using only three or five words, it would very much limit what could be expressed and prevent most types of illicit activities, and applies in much the same way to Linux containers, he added.
darthcamaro writes: Docker Inc today announced that it is acquiring privately held Unikernel Systems. With a Unikernel, there is not need for a full general purpose operating system, like Linux, instead an application can be built together with its own OS-like libraries. While some might see this as a big challenge for Linux, Solomon Hykes, founder of Docker doesn't quite see it that way.
"It's not an either/or situation with unikernels, and for the foreseeable future, the vast majority of Docker containers will run on Linux," Hykes said. "We're big believers in Linux, and you should expect more Linux-oriented work to come from us."
darthcamaro writes: You can't go to any technology conference today without hearing the word Docker or containers. Docker is everywhere, but is anyone actually making money from it? Or is it another multi-billion dollar unicorn boondoggle? According to a newly posted video interview with Docker Inc CEO Ben Golub, Docker isn't yet profitable — but it will be — soon. As a freely available open-source technology many companies start with Docker in pilot projects.
"A lot of those pilots are now turning into serious revenue, which is nice," Golub said. "While we're certainly not profitable yet, I think what we're building is the foundation for a profitable business."
darthcamaro writes: Mark Shuttleworth, BDFL of Ubuntu is clearing the air about how Ubuntu will make use of.deb packages even in an era where it is moving to its own Snappy ('snaps') format of rapid updates. Fundamentally it's a chicken and egg issue.
We build Snappy out of the built deb, so we can't build Snappy unless we first build the deb," Shuttleworth said.
darthcamaro writes: Mozilla today publicly admitted that secured areas of bugzilla, where non-public zero days are stored, was accessed by an attacker. The attacker got access to as many as 185 security bugs before they were made public. The whole hack raises the issue of Mozilla's own security, since it was a user password that was stolen and the bugzilla accounts weren't using two-factor authentication.
darthcamaro writes: Though Jim Zemlin, executive director of the Linux Foundation was heckled at Linuxcon for holding up a Tux penguin with a Microsoft logo — he's supportive of Microsoft's open source efforts..
"Don't hold it [the Microsoft penguin]," an audience member shouted. "You might get cancer."
darthcamaro writes: At the Linuxcon conference in Seattle today, Linus Torvalds responded to questions about Linux security and about the next 10 years of Linux. For security, Torvalds isn't too worried as he sees it just being about dealing with bugs. When it comes to having a roadmap he's not worried either as he just leaves that to others.
"I'm a very plodding, pedestrian person and look only about six months ahead," Torvalds said. "I look at the current release and the next one, as I don't think planning 10 years ahead is sane."
darthcamaro writes: In one of the busiest sessions at this past weekend's DEF CON security conference, an Australian security researcher showed how it was possible to get someone legally declared dead, with a full death certificate. Among the victims, was the founder of DEF CON and Black Hat, Jeff Moss.
"I know it's not good form to kill your host, but this a death certificate for Jeff Moss," Security reseacher Chris Rock said as he showed a screenshot of an EDRS form with Moss' name on it as the audience erupted into laughter. "He doesn't know he's dead, he's still walking around, but on paper he's dead and that might be a problem for him when he travels."
darthcamaro writes: Last month, the ProxyHam project talk for DEFCON was mysteriously cancelled. In it's place as a later edition is a new talk, in which the ProxyHam approach will be detailed and debunked — in a session called '“HamSammich”. In a video preview of the talk, Rob Graham and Dave Maynor detail the flaws of ProxyHam and how to do the same thing with off the shelf gear, legally.
darthcamaro writes: Ok so we know that Chrysler cars will be hacked at Black Hat, Android will be hacked at DEFCON with Stagefright, and now word has come out that a pair of security researchers plan on bringing a BRINKS safe onstage at DEFCON to demonstrate how it can be digitally hacked. No this isn't some kind of lockpick, but rather a digital hack, abusing the safe's exposed USB port. And oh yeah, it doesn't hurt that the new safe is running Windows XP either.
darthcamaro writes: The Linux Foundation's Foundation as a Service model continues to ramp up, today announcing its latest open-source Foundation effort — the Cloud Native Computing Foundation, backed by AT&T, Box, Cisco, Cloud Foundry Foundation, CoreOS, Cycle Computing, Docker, eBay, Goldman Sachs, Google, Huawei, IBM, Intel, Joyent, Kismatic, Mesosphere, Red Hat, Switch SUPERNAP, Twitter, Univa, VMware and Weaveworks.
A key part of the new foundation is Google's donation of the open-source Kubernetes project to help become a 'foundational' component.
"It got to the point where it really makes sense to take Kubernetes to a foundation," Craig McLuckie, product manager at Google, told eWEEK. "The Cloud Native Computing Foundation isn't just about Kubernetes; it's about assembling a harmonized set of technologies that are generally available and accessible to people."
darthcamaro writes: DigitalOcean is the world's second largest cloud provider today, has just raised another $83 million in funding — and it doesn't use OpenStack. CEO Ben Uretsky also doesn't like OpenStack much and in fact is now considering open-sourcing his company's platform in order to provide an alternative to OpenStack in the market.
"At some point in the future, it would be good to see other open-source frameworks take a run at OpenStack, since today I feel like they [OpenStack] are the only game in town," Uretsky said. "We come from the open-source world and would like to be able to contribute a project that actually delivers real value."
darthcamaro writes: Red Hat CEO Jim Whitehurst bought a company called Gluster from Ben Golub in 2011 for $136 million. Now in 2015, Golub is the CEO of Docker Inc and Whitehurst might be considering buying another company from Golub — or not. In a video interview from the Red Hat Summit Whitehurst states that he's ok with how his company is doing on Docker on its own — but he adds that you should never say never when it comes to what could happen in the future.
darthcamaro writes: the great schism in the container world is now at an end. Today, Docker and CoreOS, announced along with Amazon Web Services, Apcera, Cisco, EMC, Fujitsu, Goldman Sachs, Google, HP, Huawei, IBM, Intel, Joyent, the Linux Foundation, Mesosphere, Microsoft, Pivotal, Rancher Labs, Red Hat and VMware the Open Container Project, as a Linux Foundation Collaborative Project. The new effort will focus specifically on libcontainer — providing a baseline for a container runtime.
"By participating with Docker and all the other folks in the OCP, we're getting the best of all worlds," Alex Polvi, CEO of CoreOS told eWEEK. "We're getting the contributions from Docker with the format and runtime that underpin container usage, and then we're also getting the shared standard and vendor neutrality aspects that we've designed with app container."