The New Stack Icon

The New Stack

The New Stack covers the services and infrastructures that developers build.
thenewstack.io • 22 Stories
All Sources

The New Stack Icon The New Stack

An open source leader is gone, a remembrance of Dan Kohn

Thanks to Alex Williams over at The New Stack for doing a great write up remembering Dan Kohn and the tremendous mark he has left on open source and Cloud Native. Of course Dan had help along the way, but by-and-large the CNCF and “cloud native” as we know it are the direct result of Dan’s vision and leadership.

Thank you Dan. You will be missed.

We knew little in 2016 about what Dan was up to but we soon got a hint. The CNCF was already established but what it represented was still a bit unclear. If anything, Dan was a businessman and a computer scientist. He knew the economic importance of at-scale computing and the technical complexity that made it so fascinating.

The technical community was ready for someone like Dan — they needed help. Open source cloud native projects were growing but the resources were essential to keep progress moving. He was there to make sure the work got done that technologists should not have to do: Building awareness, supporting the publicity of new projects and perhaps most of all, smoothly running the conferences.

We’ve had Dan on The Changelog a few times. Go back and listen to episode #276 and episode #314 to hear from Dan himself about the journey of the CNCF and Cloud Native.

An open source leader is gone, a remembrance of Dan Kohn

Joab Jackson The New Stack

Microsoft gradually switching to Rust to build its infrastructure software

No matter how much investment software companies may put into tooling and training their developers, “C++, at its core, is not a safe language,” said Ryan Levick, Microsoft cloud developer advocate, during the AllThingsOpen virtual conference last month, explaining, in a virtual talk, why Microsoft is gradually switching to Rust to build its infrastructure software, away from C/C++. And it is encouraging other software industry giants to consider the same.

This sounds SO familiar, as heard from Josh Aas recently on The Changelog (listen here).

We certainly should not be writing any new code in C and C++. The opportunity for vulnerabilities – I mean, it absolutely will have vulnerabilities, and we need to get that type of code away from our networks to start with, and then probably away from most other things, too… So I would hope that in 10-20 years we think it’s crazy to be deploying major (or maybe even minor) pieces of software that are written in languages that are not memory-safe.

So we’re trying to remove code written in C and C++ from our infrastructure at Let’s Encrypt. I think that’s just a basic part of diligence applied to secure infrastructure. If your stack is some giant pile of C++ or C at the network edge, followed by OpenSSL written in C, followed by a Linux kernel written in C, glibc - your whole pathway has got all this code that you just know is full of security holes. It absolutely is. You just can’t claim that those are even close to secure systems. They’re absolutely not. We’re gonna look back on this and say “That was crazy. We have better options today.”

Lawrence Hecht The New Stack

Few testers have programming skills

Some interesting analysis by Lawrence Hecht for The New Stack:

The 2020 version of JetBrains’ State of the Developer Ecosystem does quantify the extent to which this specialty has disappeared. One finding is that 43% of teams or projects have less than one tester or QA engineer per 10 developers. This is not necessarily a problem if most testing is automated, but that is only true among 38% of those surveyed.

38% is far too low a percentage of folks doing automated testing.

The New Stack Icon The New Stack

How git changed the way we code

The New Stack takes us on a fun trip down memory lane:

Fifteen years ago a number of the Linux kernel developers tossed their hands in the air and gave up on their version control system, BitKeeper. Why? The man who held the copyright for BitKeeper, Larry McVoy, withdrew free use of his product on claims that one of the kernel devs had reverse engineered one of the BitKeeper protocols.

Linux creator Linus Torvalds sought out a replacement to house the Linux kernel code. After careful consideration, Torvalds realized none of the available options were efficient enough to meet his needs:

The New Stack Icon The New Stack

Why I moved my personal projects to GitLab

To answer the question in the headline:

  1. I find the GitLab UI to be cleaner in general and easier to find my way around. However, this is purely a matter of taste and probably not a strong reason to move.
  2. I also like how GitLab is open source. I am far from an open source zealot, but I do prefer to write and use open source software. While Github is full of Open Source projects, Github itself is proprietary. In contrast, Gitlab has a well-supported open source version.
  3. The project import feature worked very well, so it was trivially easy to move the code, branches and issues over.

The author goes on to describe why GitLab’s project management workflow works well for him.

The New Stack Icon The New Stack

The rise of RISC-V

John Cassel from The New Stack lays out the quiet-yet-effective push toward open source hardware. We first heard about RISC-V from Ron Evans on Go Time. He was very excited about its potential, saying:

it’s an open source set of silicon designs, so that you can build your own custom chips the same way that we’ve been able to build our own custom operating systems; either pieces of Linux to create their own Linux distros - we’ll be able to do the same exact things with custom silicon

The New Stack Icon The New Stack

Why Bruce Perens is proposing "coherent open source"

This is a solid (text) interview with Bruce Perens, former member of the OSI:

… a recognized pioneer of the Open Source movement, 62-year-old Bruce Perens is still thinking about ways to protect the freedoms of software users. “Most people who develop open source don’t have access to lawyers” Perens told the Register last month. “One of the goals for open source was you could use it without having to hire a lawyer. You could put [open source software] on your computer and run it and if you don’t redistribute or modify it, you don’t really have to read the license.”

Bruce suggests we all limit ourselves to just three licenses: AGPL 3, LGPL 3, and Apache 2. He’s a fascinating guy with lots to say on the matter. It’s an exciting time in software licensing, which is a sentence I never expected to write in my life.

The New Stack Icon The New Stack

WireGuard VPN protocol coming the Linux kernel soon

Dan Guido mentioned this might be a thing on our Algo VPN episode. Turns out he was right (once version 5.6 of the Linux kernel hits package mirrors for download).

Linus had this to say about WireGuard:

“Can I just once again state my love for it and hope it gets merged soon? Maybe the code isn’t perfect, but I’ve skimmed it, and compared to the horrors that are OpenVPN and IPSec, it’s a work of art,”

The New Stack Icon The New Stack

Deploy a pod on CentOS with Podman

If you’ve been following along in the open source news cycle lately, you’ve probably heard that Red Hat has dropped the docker container runtime engine from both its Red Hat Enterprise Linux (RHEL) and CentOS Linux distributions.

I must not be following along, because that’s news to me.

That being the case, what do you do when you need to deploy containers? Fortunately, they’ve created a near drop-in replacement for docker, called Podman.

Podman is a rename from kpod, sorta. The new thing is actually called libpod, and Podman exists as the CLI for that library. It’s all a bit confusing, but what’s cool is none of this requires a daemon like the Docker Engine.

If you’d like to give it a go, this walk-through by The New Stack will get you started.

The New Stack Icon The New Stack

The 3 myths of observability

Arijit Mukherji on The New Stack:

We all have our favorite urban legends. From cow tipping to chupacabras, these myths persist despite a lack of definitive proof (and often evidence to the contrary). Technology isn’t immune to this phenomenon. It has its own set of urban legends and myths that emerge alongside new technologies and continue well into mass adoption. As organizations consider the shift from monitoring to Observability, I hear three common misperceptions. It’s time to debunk the myths.

Callback: Observability is for your unknown unknowns

The New Stack Icon The New Stack

New cryptojacking worm found in docker containers

Jack Wallen:

A new cryptojacking worm, named Graboid, has been spread into more than 2,000 Docker hosts, according to the Unit 42 researchers from Palo Alto Networks. This is the first time such a piece of malware has spread via containers within the Docker Engine (specifically docker-ce).

Scary stuff, and (at the moment) difficult to detect & prevent:

We’ve reached a point with containers where security must be constantly on the front burner. Antivirus and anti-malware applications currently have no means of analyzing and cleaning containers and container images. That’s the heart of the issue.

Graboid may be the first malware to target containers, but it certainly won’t be the last.

The New Stack Icon The New Stack

Capital One's cloud misconfiguration woes have been an industry-wide fear

Developers and IT decision-makers should not be surprised by the recent Capital One data breach: Misconfigurations have long been the top cloud security concern. A new StackRox survey of IT decision-makers supports this finding as 60% of respondents are more worried about misconfigurations or exposures, as compared to attacks and generic vulnerabilities.

We’re not 💯 on what exactly happened, but the evidence is pointing toward a misconfigured firewall.

The New Stack Icon The New Stack

Rust creator Graydon Hoare talks about security, history, and Rust

It’s hard to believe it’s already been 9 years since Rust was first announced to the world. The New Stack has a nice interview with Graydon Hoare

sharing his thoughts on everything from the state of systems programming, to the difficulty of defining safety on ever-more complex systems — and whether we’re truly more secure today, or confronting an inherited software mess that will take decades to clean up.

The New Stack Icon The New Stack

How Firecracker is going to set modern infrastructure on fire

One of the most exciting announcements from last week’s AWS re:Invent was Firecracker — an open source project that delivers the speed of containers with the security of VMs.

Firecracker’s focus is transient and short-lived processes, so it differs from containers in that it’s optimized for startup speed.

Why can’t we use containers? The answer is simple — slower cold start. While LXC and Docker are certainly faster and lighter than full-blown virtual machines, they still don’t match the speed expected by functions.

There are also some security wins with how Firecracker is architected:

Firecracker takes a radically different approach to isolation. It takes advantage of the acceleration from KVM, which is built into every Linux Kernel with version 4.14 or above. KVM, the Kernel Virtual Machine, is a type-1 hypervisor that works in tandem with the hardware virtualization capabilities exposed by Intel and AMD.

There’s a lot to be intrigued by here. We should probably line up an episode on Firecracker. In the meantime, click through to go deeper on the topic.

The New Stack Icon The New Stack

The people pushing for a decentralized web

David Cassel has a great recap of the recent Decentralized Web Summit and what it was all about.

It’s a follow-up to a similar event in 2016, though now “People are starting to show real working code and real projects. They’re building whole technology stacks that are more decentralized, in large part fueled by the excitement of the cryptocurrency systems. The altcoins and Bitcoins are proving that interesting and complicated systems are starting to work out there.”

Click through for lots of quotes and takeaways. I think Changelog might have to get involved if they do this again next year…

The New Stack Icon The New Stack

JavaScript breaks into IoT via JerryScript

Michelle Gienow:

The recent release of the Fitbit Ionic marked Fitbit’s first true smartwatch. More significant to the JavaScript developer community, though, is the fact that the Ionic was produced and shipped using JerryScript, a lightweight JavaScript engine built to power the Internet of Things.

I heard some hubbub about JerryScript last year at OSCON EU, but not much since. Fitbit using it in their first attempt at a production smart watch is a big vote of confidence for the project.

The New Stack Icon The New Stack

The inspiring life of John Perry Barlow

David Cassel:

It’s easy to list the achievements of John Perry Barlow — everything from co-founding the Electronic Frontier Foundation to writing lyrics for the Grateful Dead. But it’s harder to quantify the amount of inspiration he delivered to the internet in the early 1990s. In the truest spirit of the word pioneer, he created a vision that helped shape the world that was to come.

This is a great compilation of stories, quotes, and personal remembrances of a man to whom we all owe a debt of gratitude. Whether we know it or not.

0:00 / 0:00