We have a list of numbers or strings, and we want to sort the items in this list. Basically, we can either use sort method or sorted function to achieve what we want.

The difference between sort and sorted is that sort is a list method that modifies the list in place and we can’t use sort method with another object like tuple whereas sorted is a built-in function that creates a new list and the original one didn’t change.

In this article, we will mention how to use these functions to sort, in an ascending or descending manner, a list of numbers, strings, tuples, or literally any object.

We will also mention how to define your own custom sort functions.

1) Sorting a list of numbers

By sort method, we can sort list of numbers whether integer or float.

Note: the method comes after the object as example below

>>> Lst = [20, 25.4, 12, -16, -3.14, 3, -5, 7]
>>> Lst.sort()
>>> Lst
[-16, -5, -3.14, 3, 7, 12, 20, 25.4]

As you see the order of the object Lst has been changed.

But if we want to keep the original list without changing and assigns the new order to new list, we will use sorted function as below.

>>> Lst = [20, 25.4, 12, -16, -3.14, 3, -5, 7]
>>> Sorted_Lst = sorted(Lst)
>>> Sorted_Lst
[-16, -5, -3.14, 3, 7, 12, 20, 25.4]

If we want to sort the list in a descending order, we will use keyword reverse and assigning to it True as below.

>>> Lst = [20, 25.4, 12, -16, -3.14, 3, -5, 7]
>>> Sorted_Lst = sorted(Lst, reverse = True)
>>> Sorted_Lst
[25.4, 20, 12, 7, 3, -3.14, -5, -16]

2) Sorting a list of strings

We will use sort or sorted for sorting strings

>>> Lst = [‘bmw’,’ford’,’audi’,’toyota’]
>>> Lst.sort()
>>> Lst
[‘audi’, ‘bmw’, ‘ford’, ‘toyota’]

Also we still use the reverse keyword to sort in a descending order.

>>> Lst = [‘bmw’,’ford’,’audi’,’toyota’]
>>> Lst.sort(reverse=True)
>>> Lst
[‘toyota’, ‘ford’, ‘bmw’, ‘audi’]

Note: Python treats all uppercase letters before lowercase letters

We will see that on the example below.

>>> Lst = [‘bmw’,’ford’,’audi’,’Toyota’]
>>> Lst.sort()
>>> Lst
[‘Toyota’, ‘audi’, ‘bmw’, ‘ford’]

But we can sort a list of strings in a case insensitive manner by using keyword key=str.lower for sort method as below.

>>> Lst = [‘bmw’,’ford’,’audi’,’Toyota’]
>>> Lst.sort(key=str.lower)
>>> Lst
[‘audi’, ‘bmw’, ‘ford’, ‘Toyota’]

3) Sorting a list of tuples

We should know that tuple is immutable object when list is mutable object, also when we sort two tuples, we start out by comparing the first elements of the tuples and if they are not equal, this is the result of the comparison.

>>> (5, 7) >> (5, 7) > (5, 9)
False

Of course we can use sort method or sorted function for sorting tuples as below.

>>> sorted([(5, 4), (3, 3), (3, 10)])
[(3, 3), (3, 10), (5, 4)]

>>> sorted([(‘watermelon’, ‘green’), (‘apple’, ”), (‘banana’, ”)])
[(‘apple’, ”), (‘banana’, ”), (‘watermelon’, ‘green’)]

Note: We can sort tuple by second element

we will use lambda to define our own key function as below.

>>> Lst = [(“Amanda”, 35), (“John”, 30), (“Monica”, 25)]
>>> Lst.sort(key=lambda x: x[1])
>>> print(Lst)
[(‘Monica’, 25), (‘John’, 30), (‘Amanda’, 35)]

4) Sorting a list of objects

Objects are type of data types for Python, to sort this type of data type, we should put this objects in a list as below.
Assume we have a Student class has name and age methods that looks like this:-

class Student:
def __init__(self, name, age):
self.name = name
self.age = age

Now we will create some Student objects and add them to a list for sorting them.

>>> John = Student(‘John’, 30)
>>> Amanda = Student(‘Amanda’, 35)
>>> Monica = Student(‘Monica’, 25)
>>> Lst = [John, Amanda, Monica]

If we sort the list upon name method.

>>> Lst.sort(key=lambda x: x.name)
>>> print([item.name for item in Lst])
[‘Amanda’, ‘John’, ‘Monica’]

If we sort the list upon age method.

>>> Lst.sort(key=lambda x: x.age)
>>> print([item.name for item in Lst])
[‘Monica’, ‘John’, ‘Amanda’]

Python has many built-in functions and methods helping us to solve problems,sort and sorted are used to sort any list of numbers, strings, tuples and objects.

Read Also:

• How to Use Python raw_input Function with Examples
• How to Setup Python Virtual Environment on Ubuntu 18.04

Source

NSA to Open Source its Reverse Engineering Tool GHIDRA

Last updated January 8, 2019 By Ankush Das

GHIDRA – NSA’s reverse engineering tool is getting ready for a free public release this March at the RSA Conference 2019 to be held in San Francisco.

The National Security Agency (NSA) did not officially announce this – however – a senior NSA advisor, Robert Joyce’s session description on the official RSA conference website revealed about it before any official statement or announcement.

Here’s what it mentioned:

Image Credits: Twitter

In case the text in the image isn’t properly visible, let me quote the description here:

NSA has developed a software reverse engineering framework known as GHIDRA, which will be demonstrated for the first time at RSAC 2019. An interactive GUI capability enables reverse engineers to leverage an integrated set of features that run on a variety of platforms including Windows, Mac OS, and Linux and supports a variety of processor instruction sets. The GHISDRA platform includes all the features expected in high-end commercial tools, with new and expanded functionality NSA uniquely developed. and will be released for free public use at RSA.

What is GHIDRA?

GHIDRA is a software reverse engineering framework developed by NSA that is in use by the agency for more than a decade.

Basically, a software reverse engineering tool helps to dig up the source code of a proprietary program which further gives you the ability to detect virus threats or potential bugs. You should read how reverse engineering works to know more.

The tool is is written in Java and quite a few people compared it to high-end commercial reverse engineering tools available like IDA.

A Reddit thread involves more detailed discussion where you will find some ex-employees giving good amount of details before the availability of the tool.

GHIDRA was a secret tool, how do we know about it?

The existence of the tool was uncovered in a series of leaks by WikiLeaks as part of Vault 7 documents of CIA.

Is it going to be open source?

We do think that the reverse engineering tool to be released could be made open source. Even though there is no official confirmation mentioning “open source” – but a lot of people do believe that NSA is definitely targeting the open source community to help improve their tool while also reducing their effort to maintain this tool.

This way the tool can remain free and the open source community can help improve GHIDRA as well.

You can also check out the existing Vault 7 document at WikiLeaks to come up with your prediction.

Is NSA doing a good job here?

The reverse engineering tool is going to be available for Windows, Linux, and Mac OS for free.

Of course, we care about the Linux platform here – which could be a very good option for people who do not want to or cannot afford a thousand dollar license for a reverse engineering tool with the best-in-class features.

Wrapping Up

If GHIDRA becomes open source and is available for free, it would definitely help a lot of researchers and students and on the other side – the competitors will be forced to adjust their pricing.

What are your thoughts about it? Is it a good thing? What do you think about the tool going open source? Let us know what you think in the comments below.

About Ankush Das

A passionate technophile who also happens to be a Computer Science graduate. He has had bylines at a variety of publications that include Ubergizmo & Tech Cocktail. You will usually see cats dancing to the beautiful tunes sung by him.

Source

Have you upgraded your kernel and redhat-release packages and you are encountering some issues. Do you want to downgrade to a lower minor release. In this article, we will describe how to do downgrade RHEL or CentOS version to previous minor version.

Note: The following steps will only work for downgrades within the same major version (such as from RHEL/CentOS 7.6 to 7.5) but not between major versions (such as from RHEL/CentOS 7.0 to 6.9).

A minor version is a release of RHEL that does not (in most cases) add new features or content. It focuses on solving minor problems, typically bugs or security issues. Most of what makes a specific minor version is included in the kernel, so you will need to find out which kernels are supported as part of the minor version you are targeting.

For the purpose of this article, we will show how to downgrade from 7.6 to 7.5. Before we proceed, note that the kernel version for 7.5 is 3.10.0-862. Got to Red Hat Enterprise Linux Release Dates for a complete list of minor releases and associated kernel versions.

Let’s check if the required kernel packages “kernel-3.10.0-862” is installed or not, using the following yum command.

 
# yum list kernel-3.10.0-862*

If the output of the previous command shows that the kernel package is not installed, you need to install it on the system.

# yum install kernel-3.10.0-862.el7

Once the kernel installation is compete, to apply the changes, you need to reboot the system.

Then downgrade the redhat-release package to complete the process. The command below targets the latest minor version that is lower than the current running one, such as from 7.6 to 7.5, or from 7.5 o 7.4.

# yum downgrade redhat-release

Finally, confirm the downgrade by checking the contents of /etc/redhat-release using the cat command.

# cat /etc/redhat-release

That’s all! In this article, we have explained how to downgrade RHEL or CentOS distribution to a lower minor release. If you have any queries, use the feedback form below to reach us.

Source

Install Apache Tomcat on CentOS

Apache Tomcat is an opensource web server used to server Java Applications. It is an opensource implementation of Java Servlet, Java Server Pages and Java Expression Language. In this tutorial, you are going to learn how to Install Apache Tomcat on CentOS 7.

Prerequisites

Before you start to install Apache Tomcat on CentOS 7. You must have the non-root user account on your system with sudo privileges.

Install Java with OpenJDK

It required to have Java installed on your system before we start to install Tomcat. Run following commands to install Java.

First, check if Java is already installed on your system running following command.

java -versionCopy

If Java does not installed on your system install it by running following command.

sudo yum install java-1.8.0-openjdk-develCopy

Now Java is installed on your system.

Create Tomcat User

Becuase of security reason Tomcat should not run as root user. So now you should create a non-root user for Tomcat typing following command.

sudo useradd -r -m -U -d /opt/tomcat -s /bin/false tomcatCopy

Now you are ready to install Tomcat on CentOS 7.

Install Tomcat

To install Tomcat 9 you need to download latest binaries from Tomcat Download Page. At the time creating this tutorial latest version is 9.0.14. But you can use the latest stable version.

First navigate insode /tmp directory.

cd /tmpCopy

To download Tomcat run following command.

wget http://www-eu.apache.org/dist/tomcat/tomcat-9/v9.0.14/bin/apache-tomcat-9.0.14.tar.gz -PCopy

After downloading extract Tomcat archive and move to /opt/tomcat directory.

sudo tar xf /apache-tomcat-9*.tar.gz -C /opt/tomcatCopy

Now create a symbolic link for installation directory so if you want to migrate to next Tomcat version you need to only change this symbolic link.

sudo ln -s /opt/tomcat/apache-tomcat-9.0.14 /opt/tomcat/enabledCopy

Set Permissions

As Tomcat should run under tomcat user created previously. You need to give permissions to tomcat user to access tomcat installation directory.

Run following command to give installation directory ownership to tomcat user and tomcat group.

sudo chown -RH tomcat: /opt/tomcat/enabledCopy

Set non executable flag for bin directory.

sudo chmod o+x /opt/tomcat/enabled/bin/Copy

Create Systemd Unit File

To run Tomcat as a service you need to create a new unit file.

Run following command to create tomcat.service unit file inside /etc/systemd/system/ directory;

sudo nano /etc/systemd/system/tomcat.serviceCopy

Copy the following code and paste it inside the above file.
NOTE: Modify JAVA_HOME path if it does not match with the value found on your system.

[Unit]
Description=Tomcat 9 servlet container
After=network.target

[Service]
Type=forking

User=tomcat
Group=tomcat

Environment="JAVA_HOME=/usr/lib/jvm/default-java"
Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom -Djava.awt.headless=true"

Environment="CATALINA_BASE=/opt/tomcat/latest"
Environment="CATALINA_HOME=/opt/tomcat/latest"
Environment="CATALINA_PID=/opt/tomcat/latest/temp/tomcat.pid"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"

ExecStart=/opt/tomcat/latest/bin/startup.sh
ExecStop=/opt/tomcat/latest/bin/shutdown.sh

[Install]
WantedBy=multi-user.targetCopy

Now reload systemd daemon to notify new file created.

sudo systemctl daemon-reloadCopy

Now start the Tomcat service running following command.

sudo systemctl start tomcatCopy

Check the status if tomcat running using the following command.

sudo systemctl status tomcatCopy

If everything is ok then run the following command to autostart Tomcat after boot.

sudo systemctl enable tomcatCopy

Update The Firewall Settings

If you are running Firewall then update settings then you should open port 8080 to access Tomcat from outside of your local system.

Run following command to allow traffic on port 8080:

sudo firewall-cmd --zone=public --permanent --add-port=8080/tcp
sudo firewall-cmd --reloadCopy

Configure Tomcat Web Management Interface

To use manager web app you should edit tomcat-users.xml file. This file contains users and roles. Edit tomcat-users.xml file by running following command:

sudo nano /opt/tomcat/latest/conf/tomcat-users.xmlCopy

Now add username and password for admin-gui and manager-gui. Make it sure you are setting strong username and password.

....
....
<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<user username="admin" password="admin_password" roles="admin-gui,manager-gui"/>Copy

Now save and close the above file opened.

By default, Apache Tomcat restricts access to Manager and Host Manager apps to connections coming from the server also. You should remove these restrictions.

To change IP address restriction open following files.

Open Manager app context file using below command.

sudo nano /opt/tomcat/latest/webapps/manager/META-INF/context.xmlCopy

Open Host Manager app context file using below command.

sudo nano /opt/tomcat/latest/webapps/host-manager/META-INF/context.xmlCopy

Add commnets as given in following file.

<Context antiResourceLocking="false" privileged="true" >
<!--
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
-->
</Context>Copy

Save and close the file and restart the Tomcat server.

sudo systemctl restart tomcatCopy

NOTE: You can add only IP address to the file to allow connection as given below. In following file for example 192.0.0.0 IP address added.

<Context antiResourceLocking="false" privileged="true" >
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|192.0.0.0" />
</Context>
Copy

Testing Tomcat

Open browser and visit following link : http://YOUR_SERVER_DOMAIN_OR_IP_ADDRESS:8080

You should get the following output for the successful installation.

Now use Manager App visiting http://YOUR_SERVER_DOMAIN_OR_IP_ADDRESS:8080/manager/html. Now to login enter username and password you have created in tomcat-users.xml file.

The Virtual Host Manager App is available at http://YOUR_SERVER_DOMAIN_OR_IP_ADDRESS:8080/host-manager/html. By using this app you can manage virtual hosts.

Conclusion

You have successfully installed Tomcat 9 on CentOS 7. If you have any queries regarding this please don’t forget to comment below.

Source

RubyMine is a powerful Ruby IDE from JetBrains. Like all the other JetBrains IDE, Ruby mine also has intelligent auto completion and many other tools to help you write and debug your Ruby application fast. In this article, I will show you how to install RubyMine on Ubuntu. The procedures shown here should work on Ubuntu 16.04 LTS and later. I will be using Ubuntu 18.04 LTS for the demonstration. So, let’s get started.

In order to run Ruby programs on RubyMine, you must have Ruby programming language installed on your machine.

On Ubuntu, you can install Ruby programming language with the following command:

$ sudo apt install ruby-full

Now, press y and then press <Enter> to continue.

Ruby should be installed.

Installing RubyMine:

On Ubuntu 16.04 LTS and later, RubyMine is available as a SNAP package. So, you can install the latest version of RubyMine on Ubuntu 16.04 LTS and later from the official SNAP package repository of Ubuntu.

To install RubyMine SNAP package on Ubuntu 16.04 LTS and later, run the following command:

$ sudo snap install rubymine –classic

Now, type in the password of your login user and press <Enter> to continue.

RubyMine snap package is being downloaded.

RubyMine is installed.

Initial Configuration of RubyMine:

Now, you can start RubyMine from the Application Menu of Ubuntu as you can see in the screenshot below.

As you’re running RubyMine for the first time, you may not have any settings to import. Just select Do not import settings and click on OK.

Now, you have to accept the JetBrains User Agreement. To do that, check I confirm that I have read and accept the terms of this User Agreement checkbox and click on Continue.

Now, select an UI theme and click on Next: Keymaps.

Now, select the keymap that you’re comfortable with and click on Next: default plugins.

Now, you can enable/disable certain features to tune RubyMine to your needs. Once you’re done, click on Next: Featured plugins.

Now, JetBrains will suggest you some popular plugins for RubyMine. If you like/need any of them, just click on Install to install it. Once you’re done, click on Start using RubyMine.

Now, you have to activate RubyMine. RubyMine is not free. In order to use RubyMine, you have to buy a license from JetBrains. Once you have the credentials, you can activate RubyMine from here.

If you want to try out RubyMine before you buy a license, you can do so for 30 days at the time of this writing. To do that, select Evaluate for free and click on Evaluate.

RubyMine is being loaded.

This is the dashboard of RubyMine. From here, you can create new projects and manage existing projects.

Creating a Ruby Project with RubyMine:

In this section, I will show you how to create a new Ruby project with RubyMine and run a simple Ruby program. So, let’s get started.

First, start RubyMine and click on Create New Project.

Now, select your project type. I selected Empty Project. Now, set your project Location (where RubyMine will save the files for this project) and make sure the Ruby SDK is correct. Once you’re done, click on Create.

A new project should be created.

Now, create a new file hello.rb and type in the following lines as shown in the screenshot below.

Once you’re done, click on the Play button as marked in the screenshot below to run the hello.rb Ruby program.

At times, the Play button I showed you earlier may be grayed out. Don’t worry. You can also run your favorite Ruby program from Rub > Run… as you can see in the screenshot below.

Now, select your Ruby program from the list.

Your desired Ruby program should be executed and the correct output should be displayed as you can see in the screenshot below.

So, that’s how you install RubyMine Ruby IDE from JetBrains on Ubuntu. Thanks for reading this article.

Source

Wednesday, December 12, 2018

Kubernetes Federation Evolution

Authors: Irfan Ur Rehman (Huawei), Paul Morie (RedHat) and Shashidhara T D (Huawei)

Deploying applications to a kubernetes cluster is well defined and can in some cases be as simple as kubectl create -f app.yaml. The user’s story to deploy apps across multiple clusters has not been that simple. How should an app workload be distributed? Should the app resources be replicated into all clusters, or replicated into selected clusters or partitioned into clusters? How is the access to clusters managed? What happens if some of the resources, which user wants to distribute pre-exist in all or fewer clusters in some form.

In SIG multicluster, our journey has revealed that there are multiple possible models to solve these problems and there probably is no single best fit all scenario solution. Federation however is the single biggest kubernetes open source sub project which has seen maximum interest and contribution from the community in this problem space. The project initially reused the k8s API to do away with any added usage complexity for an existing k8s user. This became non-viable because of problems best discussed in this community update.

What has evolved further is a federation specific API architecture and a community effort which now continues as Federation V2.

Conceptual Overview

Because federation attempts to address a complex set of problems, it pays to break the different parts of those problems down. Let’s take a look at the different high-level areas involved:

Federating arbitrary resources

One of the main goals of Federation is to be able to define the APIs and API groups which encompass basic tenets needed to federate any given k8s resource. This is crucial due to the popularity of Custom Resource Definitions as a way to extend Kubernetes with new APIs.

The workgroup did arrive at a common definition of the federation API and API groups as ‘a mechanism that distributes “normal” Kubernetes API resources into different clusters’. The distribution in its most simple form could be imagined as simple propagation of this ‘normal Kubernetes API resource’ across the federated clusters. A thoughtful reader can certainly discern more complicated mechanisms, other than this simple propagation of the Kubernetes resources.

During the journey of defining building blocks of the federation APIs, one of the near term goals also evolved as ‘to be able to create a simple federation aka simple propagation of any Kubernetes resource or a CRD, writing almost zero code’. What ensued further was a core API group defining the building blocks as a Template resource, a Placement resource and an Override resource per given Kubernetes resource, a TypeConfig to specify sync or no sync for the given resource and associated controller(s) to carry out the sync. More details follow in the next section Federating resources: the details. Further sections will also talks about being able to follow a layered behaviour with higher level Federation APIs consuming the behaviour of these core building blocks, and users being able to consume whole or part of the API and associated controllers. Lastly this architecture also allows the users to write additional controllers or replace the available reference controllers with their own to carry out desired behaviour.

The ability to ‘easily federate arbitrary Kubernetes resources’, and a decoupled API, divided into building blocks APIs, higher level APIs and possible user intended types, presented such that different users can consume parts and write controllers composing solutions specific to them, makes a compelling case for Federation V2.

Federating resources: the details

Fundamentally, federation must be configured with two types of information: Which API types federation should handle Which clusters federation should target for distributing those resources. For each API type that federation handles, different parts of the declared state live in different API resources: A template type holds the base specification of the resource – for example, a type called FederatedReplicaSet holds the base specification of a ReplicaSet that should be distributed to the targeted clusters A placement type holds the specification of the clusters the resource should be distributed to – for example, a type called FederatedReplicaSetPlacement holds information about which clusters FederatedReplicaSets should be distributed to An optional overrides type holds the specification of how the template resource should be varied in some clusters – for example, a type called FederatedReplicaSetOverrides holds information about how a FederatedReplicaSet should be varied in certain clusters. These types are all associated by name – meaning that for a particular templateresource with name foo, the placement and override information for that resource are contained by the override and placement resources with the same name and namespace as that of the template.

Higher level behaviour

The architecture of federation v2 API allows higher level APIs to be constructed using the mechanics provided by the core API types (template, placementand override) and associated controllers for a given resource. In the community we could uncover few use cases and did implement the higher level APIs and associated controllers useful for those cases. Some of these types described in further sections also provide an useful reference to anybody interested in solving more complex use cases, building on top of the mechanics already available with federation v2 API.

ReplicaSchedulingPreference

ReplicaSchedulingPreference provides an automated mechanism of distributing and maintaining total number of replicas for deployment or replicasetbased federated workloads into federated clusters. This is based on high level user preferences given by the user. These preferences include the semantics of weighted distribution and limits (min and max) for distributing the replicas. These also include semantics to allow redistribution of replicas dynamically in case some replica pods remain unscheduled in some clusters, for example due to insufficient resources in that cluster. More details can be found at the user guide for ReplicaSchedulingPreferences.

Federated Services & Cross-cluster service discovery

kubernetes services are very useful construct in micro-service architecture. There is a clear desire to deploy these services across cluster, zone, region and cloud boundaries. Services that span clusters provide geographic distribution, enable hybrid and multi-cloud scenarios and improve the level of high availability beyond single cluster deployments. Customers who want their services to span one or more (possibly remote) clusters, need them to be reachable in a consistent manner from both within and outside their clusters.

Federated Service at its core contains a template (definition of a kubernetes service), a placement(which clusters to be deployed into), an override (optional variation in particular clusters) and a ServiceDNSRecord (specifying details on how to discover it).

Note: The Federated Service has to be of type LoadBalancer in order for it to be discoverable across clusters.

Discovering a Federated Service from pods inside your Federated Clusters

By default, Kubernetes clusters come preconfigured with a cluster-local DNS server, as well as an intelligently constructed DNS search path which together ensure that DNS queries like myservice, myservice.mynamespace, some-other-service.other-namespace, etc issued by your software running inside Pods are automatically expanded and resolved correctly to the appropriate service IP of services running in the local cluster.

With the introduction of Federated Services and Cross-Cluster Service Discovery, this concept is extended to cover Kubernetes services running in any other cluster across your Cluster Federation, globally. To take advantage of this extended range, you use a slightly different DNS name (e.g. myservice.mynamespace.myfederation) to resolve federated services. Using a different DNS name also avoids having your existing applications accidentally traversing cross-zone or cross-region networks and you incurring perhaps unwanted network charges or latency, without you explicitly opting in to this behavior.

Lets consider an example: (The example uses a service named nginx and the query name for described above)

A Pod in a cluster in the us-central1-a availability zone needs to contact our nginx service. Rather than use the service’s traditional cluster-local DNS name (nginx.mynamespace, which is automatically expanded to nginx.mynamespace.svc.cluster.local) it can now use the service’s Federated DNS name, which is nginx.mynamespace.myfederation. This will be automatically expanded and resolved to the closest healthy shard of my nginx service, wherever in the world that may be. If a healthy shard exists in the local cluster, that service’s cluster-local IP address will be returned (by the cluster-local DNS). This is exactly equivalent to non-federated service resolution.

If the service does not exist in the local cluster (or it exists but has no healthy backend pods), the DNS query is automatically expanded to nginx.mynamespace.myfederation.svc.us-central1-a.us-central1.example.com. Behind the scenes, this is finding the external IP of one of the shards closest to my availability zone. This expansion is performed automatically by cluster-local DNS server, which returns the associated CNAME record. This results in a traversal of the hierarchy of DNS records, and ends up at one of the external IP’s of the Federated Service near by.

It is also possible to target service shards in availability zones and regions other than the ones local to a Pod by specifying the appropriate DNS names explicitly, and not relying on automatic DNS expansion. For example, nginx.mynamespace.myfederation.svc.europe-west1.example.comwill resolve to all of the currently healthy service shards in Europe, even if the Pod issuing the lookup is located in the U.S., and irrespective of whether or not there are healthy shards of the service in the U.S. This is useful for remote monitoring and other similar applications.

Discovering a Federated Service from Other Clients Outside your Federated Clusters

For external clients, automatic DNS expansion described is currently not possible. External clients need to specify one of the fully qualified DNS names of the federated service, be that a zonal, regional or global name. For convenience reasons, it is often a good idea to manually configure additional static CNAME records in your service, for example:

SHORT NAME	CNAME
eu.nginx.acme.com	nginx.mynamespace.myfederation.svc.europe-west1.example.com
us.nginx.acme.com	nginx.mynamespace.myfederation.svc.us-central1.example.com
nginx.acme.com	nginx.mynamespace.myfederation.svc.example.com

That way your clients can always use the short form on the left, and always be automatically routed to the closest healthy shard on their home continent. All of the required failover is handled for you automatically by Kubernetes Cluster Federation.

As a further reading a more elaborate guide for users is available at Multi-Cluster Service DNS with ExternalDNS Guide

Try it yourself

To get started with Federation V2, please refer to the user guide hosted on github.
Deployment can be accomplished with a helm chart, and once the control plane is available, the user guide’s example can be used to get some hands-on experience with using Federation V2.

Federation V2 can be deployed in both cluster-scoped and namespace-scoped configurations. A cluster-scoped deployment will require cluster-admin privileges to both host and member clusters, and may be a good fit for evaluating federation on clusters that are not running critical workloads. Namespace-scoped deployment requires access to only a single namespace on host and member clusters, and is a better fit for evaluating federation on clusters running workloads. Most of the user guide refers to cluster-scoped deployment, with the Namespaced Federation section documenting how use of a namespaced deployment differs. Infact same cluster can host multiple federations and/or same clusters can be part of multiple federations in case of Namespaced Federation.

Source

Linksys WRT32X, the router that scored the highest in the Cyber-ITL security-focused case study.

Image: Linksys

Many of today’s most popular home router models don’t take full advantage of the security features that come with the Linux operating system, which many of them use as a basis for their firmware.

Security hardening features such as ASLR (Address Space Layout Randomization), DEP (Data Execution Prevention), RELRO (RELocation Read-Only), and stack guards have been found to be missing in a recent security audit of 28 popular home routers.

Security experts from the Cyber Independent Testing Lab (Cyber-ITL) analyzed the firmware of these routers and mapped out the percentage of firmware code that was protected by the four security features listed above.

“The absence of these security features is inexcusable,” said Parker Thompson and Sarah Zatko, the two Cyber-ITL researchers behind the study.

“The features discussed in this report are easy to adopt, come with no downsides, and are standard practices in other market segments (such as desktop and mobile software),” the two added.

While some routers had 100 percent coverage for one feature, none implemented all four. Furthermore, researchers also found inconsistencies in applying the four security features within the same brand, with some router models from one vendor rating extremely high, while others had virtually no protection.

According to the research team, of the 28 router firmware images they analyzed, the Linksys WRT32X model scored highest with 100 percent DEP coverage for all firmware binaries, 95 percent RELRO coverage, 82 percent stack guard coverage, but with a lowly 4 percent ASLR protection.

The full results for each router model are available below. Researchers first looked at the ten home routers recommended by Consumer Reports (table 1), but then expanded their research to include other router models recommended by other news publications such as CNET, PCMag, and TrustCompass (table 2).

Test results for Consumer Reports recommended routers

Test results for CNET, PCMag, TrustCompass recommended routers

As a secondary conclusion of this study, the results also come to show that the limited hardware resources found on small home routers aren’t a valid excuse for failing to ship router firmware without improved security hardening features like ASLR, DEP, and others.

It is clear that some companies can ship routers with properly secured firmware, and routers can benefit from the same OS hardening features that Linux provides to desktop and server versions.

Last but not least, the study also showed an inherent weakness in routers that use a MIPS Linux kernel. The Cyber-ITL team says that during their analysis of the 28 firmware images (ten of which ran MIPS Linux and 18 of which ran ARM Linux) they also discovered a security weakness in MIPS Linux kernel versions from 2001 to 2016.

“The issue from 2001 to 2016 resulted in stack based execution being enabled on userland processes,” the researchers said –issue which made DEP protection impossible.

The 2016 MIPS Linux kernel patch re-enabled DEP protection for MIPS Linux, researchers said, but also introduced another bug that allows an attacker to bypass both DEP and ASLR protections. Researchers detailed this MIPS Linux bug in more detail in a separate research paper available here.

Source

Source

When you login to a Debian Linux system for the first time, before doing any work it is always a good idea to check what version of Debian is running on the machine.

Three releases of Debian are always actively maintained:

• Stable – The latest officially released distribution of Debian. At the time of writing this article the current stable distribution of Debian is version 9 (stretch). This is the version that is recommended for production environments.
• Testing – The preview distribution that will become the next stable release. It contains packages that are not ready for stable release yet, but they are in the queue for that. This release is updated continually until it is frozen and released as stable.
• Unstable, always codenamed sid – This is the distribution where the active development of Debian is taking place.

In this tutorial, we’ll show several different commands on how to check what version of Debian Linux is installed on your system.

Checking Debian Version from the Command Line

The lsb_release utility displays LSB (Linux Standard Base) information about the Linux distribution.

The preferred method to check your Debian version is to use the lsb_release utility which displays LSB (Linux Standard Base) information about the Linux distribution. This method will work no matter which desktop environment or Debian version you are running.

No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 9.5 (stretch)
Release: 9.5
Codename: stretch

Your Debian version will be shown in the Description line. As you can see from the output above I am using Debian GNU/Linux 9.5 (stretch).

Instead of printing all of the above information you can display the description line which shows your Debian version passing the -d switch.

Output should look similar to below:

Description: Debian GNU/Linux 9.5 (stretch)

Alternatively, you can also use the following commands to check your Debian version.

Checking Debian Version using the /etc/issue file

The following cat command will display the contents of the /etc/issue which contains a system identification text:

The output will look something like below:

Checking Debian Version using the /etc/os-release file

/etc/os-release is a file which contain operating system identification data, and can be found only on the newer Debian distributions running systemd.

This method will work only if you have Debian 9 or newer:

The output will look something like below:

PRETTY_NAME=”Debian GNU/Linux 9 (stretch)”
NAME=”Debian GNU/Linux”
VERSION_ID=”9″
VERSION=”9 (stretch)”
ID=debian
HOME_URL=”https://www.debian.org/”
SUPPORT_URL=”https://www.debian.org/support”
BUG_REPORT_URL=”https://bugs.debian.org/”

Checking Debian Version using the hostnamectl command

hostnamectl is a command that allows you to set the hostname but you can also use it to check your Debian version.

This command will work only on Debian 9 or newer versions:

Static hostname: debian9.localdomain
Icon name: computer-vm
Chassis: vm
Machine ID: a92099e30f704d559adb18ebc12ddac4
Boot ID: 4224ba0d5fc7489e95d0bbc7ffdaf709
Virtualization: qemu
Operating System: Debian GNU/Linux 9 (stretch)
Kernel: Linux 4.9.0-8-amd64
Architecture: x86-64

Conclusion

In this guide we have shown you how to find the version of Debian installed on your system. For more information on Debian releases visit the Debian Releases page.

Feel free to leave a comment if you have any questions.

Source

How Big Blue became an open-source company.

News that IBM
is buying Red Hat is, of course, a significant moment for the
world of free software. It’s further proof, as if any were needed,
that open source has won, and that even the mighty Big Blue must
make its obeisance. Admittedly, the company is not quite the
behemoth it was back in the 20th century, when “nobody
ever got fired for buying IBM“. But it remains a benchmark for
serious, mainstream—and yes, slightly boring—computing. Its
acquisition of Red Hat for the not inconsiderable sum of $34 billion,
therefore, proves that selling free stuff is now regarded as a
completely normal business model, acknowledged by even the most
conservative corporations.

Many interesting analyses have been and will be written about why
IBM bought Red Hat, and what it means for open source, Red Hat,
Ubuntu, cloud computing, IBM, Microsoft and Amazon, amongst other
things. But one aspect of the deal people may have missed is
that in an important sense, IBM actually began buying Red Hat 20
years ago. After all, $34 billion acquisitions do not spring
fully formed out of nowhere. Reaching the point where IBM’s
management agreed it was the right thing to do required a journey.
And, it was a particularly drawn-out and difficult journey, given IBM’s
starting point not just as the embodiment of traditional proprietary
computing, but its very inventor.

Even the longest journey begins with a single step, and for IBM, it
was taken on June 22, 1998. On that day, IBM announced it
would ship the Apache web server with the IBM WebSphere Application
Server, a key component of its WebSphere product family. Moreover,
in an unprecedented move for the company, it would offer “commercial,
enterprise-level support” for that free software.

When I was writing my book Rebel
Code: inside Linux and the open source revolution in 2000, I
had the good fortune to interview the key IBM employees who made
that happen. The events of two years before still were fresh in
their minds, and they explained to me why they decided to push IBM
toward the bold strategy of adopting free software, which ultimately
led to the company buying Red Hat 20 years later.

One of those people was James Barry, who was brought in to look at IBM’s lineup in
the web server sector. He found a mess there; IBM had around 50
products at the time. During his evaluation of IBM’s strategy, he
realized the central nature of the web server to all the other
products. At that time, IBM’s offering was Internet Connection
Server, later re-branded to Domino Go. The problem was that IBM’s
web server held just 0.2% of the market; 90% of web servers came
from Netscape (the first internet company, best known for its
browser), Microsoft and Apache. Negligible market share meant it
was difficult and expensive to find staff who were trained to use
IBM’s solution. That, in its turn, meant it was hard to sell IBM’s
WebSphere product line.

Barry, therefore, realized that IBM needed to adopt one of the
mainstream web servers. IBM talked about buying Netscape. Had
that happened, the history of open source would have been very
different. As part of IBM, Netscape probably would not have released
its browser code as the free software that became Mozilla. No
Mozilla would have meant no Firefox, with all the knock-on effects
that implies. But for various reasons, the idea of buying Netscape
didn’t work out. Since Microsoft was too expensive to acquire,
that left only one possibility: Apache.

For Barry, coming to that realization was easy. The hard part was
convincing the rest of IBM that it was the right thing to do. He tried
twice, unsuccessfully, to get his proposal adopted. Barry succeeded
on the third occasion, in part because he teamed up with someone
else at IBM who had independently come to the conclusion that Apache
was the way forward for the company.

Shan Yen-Ping was working on IBM’s e-business strategy in 1998 and,
like Barry, realized that the web server was key in this space.
Ditching IBM’s own software in favor of open source was likely to
be a traumatic experience for the company’s engineers, who had
invested so much in their own code. Shan’s idea to request his
senior developers to analyze Apache in detail proved key to winning
their support. Shan says that when they started to dig deep into
the code, they were surprised by the elegance of the architecture.
As engineers, they had to admit that the open-source project was
producing high-quality software. To cement that view, Shan asked
Brian Behlendof, one of the creators and leaders of the Apache
project, to come in and talk with IBM’s top web server architects.
They too were impressed by him and his team’s work. With the quality
of Apache established, it was easier to win over IBM’s developers
for the move.

Shortly after the announcement that IBM would be adopting Apache
as its web server, the company took another small but key step
toward embracing open source more widely. It involved the Jikes Java compiler that
had been written by two of IBM’s researchers: Philippe Charles and
Dave Shields. After a binary version of the program for GNU/Linux
was released in July 1998, Shields started receiving requests for
the source code. For IBM to provide access to the underlying code
was unprecedented, but Shields said he would try to persuade his
bosses that it would be a good move for the company.

A Jikes user suggested he should talk to Brian Behlendorf, who put
him in touch with James Barry. IBM’s recent adoption of Apache
paved the way for Shield’s own efforts to release the company’s
code as open source. Shields wrote his proposal in August 1998,
and it was accepted in September. The hardest part was not convincing
management, but drawing up an open-source license. Shields said
this involved “research attorneys, the attorneys at the software
division who dealt with Java, the trademark attorneys, patents
attorneys, contract attorneys”. Everyone involved was aware that
they were writing IBM’s first open-source license, so getting
it right was vital. In fact, the original Jikes license of December
1998 was later generalized into the IBM Public License in June 1999.
It was a key moment, because it made releasing more IBM code as
open source much easier, smoothing the way for the company’s
continuing march into the world of free software.

Barry described IBM as being like “a big elephant: very, very
difficult to move an inch, but if you point the elephant toward the
right direction and get it moving, it’s also very difficult to stop
it.” The final nudge that set IBM moving inexorably toward the
embrace of open source occurred on January, 10, 2000, when the company
announced that it would make all of its server platforms “Linux-friendly”,
including the S/390 mainframe, the AS/400 minicomputer and the
RS/6000 workstation. IBM was supporting GNU/Linux across its entire
hardware range—a massive vote of confidence in freely available
software written by a distributed community of coders.

The man who was appointed at the time as what amounted to a Linux
Tsar for the company, Irving
Wladawsky-Berger, said that there were three main strands to
that historic decision. One was simply that GNU/Linux was a platform
with a significant market share in the UNIX sector. Another was
the early use of GNU/Linux by the supercomputing community—something
that eventually led to every single one of
the world’s top 500 supercomputers running some form of Linux
today.

The third strand of thinking within IBM is perhaps the most
interesting. Wladawsky-Berger pointed out how the rise of TCP/IP
as the de facto standard for networking had made interconnection
easy, and powered the rise of the internet and its astonishing
expansion. People within IBM realized that GNU/Linux could do the
same for application development. As he told me back in 2000:

The whole notion separating application development
from the underlying deployment platform has been a Holy Grail of
the industry because it would all of the sudden unshackle the
application developers from worrying about all that plumbing. I
think with Linux we now have the best opportunity to do that. The
fact that it’s not owned by any one company, and that it’s open
source, is a huge part of what enables us to do that. If the answer
had been, well, IBM has invented a new operating system, let’s get
everybody in the world to adopt it, you can imagine how far that
would go with our competitors.

Far from inventing a “new operating system”, with its purchase of
Red Hat, IBM has now fully embraced the only one matters any more—GNU/Linux. In doing so, it confirms Wladawsky-Berger’s prescient
analysis and completes that fascinating journey the company began
all those years ago.

Source