Tag Archives: Universal

JFrog taps partners, adds features to bolster DevOps platform

JFrog continues to bolster its core universal repository platform with new features and strategic partnerships to provide developers with a secure, integrated DevOps pipeline.

The Sunnyvale, Calif. company’s continued evolution includes partnerships with established companies to provide services around JFrog’s flagship Artifactory universal repository manager. This week, JFrog partnered with RunSafe Security of McLean, Va. to help secure code as it is created.

Under the partnership, RunSafe’s security software will plug into users’ Artifactory repositories to protect binaries and containers in development. RunSafe’s Alkemist tool adds protection to all compiled binaries as developers add them to Artifactory, said Joe Saunders, founder and CEO of RunSafe.

Alkemist inserts in CI/CD pipelines at build or deploy time. The security software hardens third-party, open-source components, compiled code that developers originate themselves, and it hardens containers as part of the process, he said.

“We immunize software without developer friction to enable continuous delivery of code or product,” Saunders said.

How RunSafe works with JFrog

Rather than scanning and testing the code, RunSafe inserts protections into the code without changing the functionality, slowing it down, or introducing any overhead.

“We eliminate a major set of vulnerabilities that are often attributed to both open source and general compiled code,” Saunders said. “That is all the memory based attacks, things like buffer overflow, etc.”

RunSafe launched a beta program for developers to try out the Alkemist plugin, as memory corruption-based attacks can be devastating and stopping them is no trivial exercise in most development environments.

“When a determined attacker understands the layout and memory allocations within an application, they can craft targeted exploits to devastating effect,” said Chris Gonsalves, senior vice president of research at The 2112 Group in Port Washington, N.Y. “And they can keep using those attacks as long as the underlying binaries remain the same. What RunSafe does is bring reduced-friction binary hardening to app development.”

RunSafe uses a “moving target approach” that changes the underlying binary in a way that keeps the app’s functionality intact while destroying the effectiveness of previous attacks, Gonsalves said.

“Just when a hacker thinks they know precise location of a buffer overflow vulnerability and how to exploit it, boom, RunSafe’s Alkemist plugin for JFrog users switches things up and effectively neutralizes the attack,” he said. “This is hand-to-hand combat with the bad guys at the binary level. That it can be done with negligible performance overhead and zero change in app functionality makes it an effective and important layer of defense in DevSecOps.”

RunSafe employs a process known as binary randomization to thwart intruders. This process eliminates the footing that exploits need to find and identify vulnerabilities in code. Randomization is typically a runtime protection, but RunSafe has added it into the development process.

“What you see now, especially when you have to move faster, is a full integration with your security pipelines,” said Shlomi Ben Haim, CEO of JFrog. The goal is to be able to avoid or to quickly resolve any kind of bugs or violations of vulnerability or license compliance issues, he said. “We want to provide continuous deployment all the way to the edge, fully automated, with no script.”

JFrog-Tidelift deal assures open source integrity

Regarding open source license compliance, JFrog recently partnered with Boston-based Tidelift. The companies introduced an integration between the Tidelift Subscription, a managed open source subscription, and JFrog Artifactory.

Tidelift checks that open-source software it supports is clean and secure with no licensing issues. The combination of the Tidelift Subscription and JFrog Artifactory gives development teams assurance  that the open source components they are using in their applications ‘just work’ and are properly managed, said Matt Rollender, Tidelift’s vice president of global partners, strategic alliances and business development, in a blog post.

“Customers save time by being able to offload the complexity of managing open source components themselves, which means they can develop applications faster, spend less time managing security issues and build fails, while improving software integrity,” said Donald Fischer, CEO of Tidelift.

As more enterprises include large amounts of open-source code to their repertoires, companies like Tidelift allow developers to use open-source without having to think twice. While Tidelift is somewhat unique in its approach, its competitors could include Open Collective, License Zero, GuardRails and Eficode.

“Tidelift is taking a very interesting approach to developing a way to sustainably manage the maintenance on open source software components and tools that are used at enterprise development,” said Al Gillen, an analyst at IDC. “The company is filling a niche that is not readily addressed by any other solutions in the market today.”

The Tidelift Subscription ensures that all open-source software packages in the subscription are issue-free and are backed and managed by Tidelift and the open source maintainers who created them.

“This means comprehensive security updates and coordinated responses to zero-day vulnerabilities, verified-accurate open source licenses, indemnification, and actively maintained open source components,” Rollender said.

JFrog tool updates

At its SwampUp 2020 virtual conference in June, JFrog introduced several new offerings and updates to existing products.

The company introduced CDN-based and peer-to-peer software package distribution mechanisms to help companies that have to deliver large volumes of artifacts to internal teams and external clients. The company also released new features for its JFrog Pipelines CI/CD offering, expanding the number of pre-built common functions, known as “Native Steps.”

In addition, JFrog introduced ChartCenter, a free community repository that provides immutable Helm Chart management for developers. Helm charts are collections of files that describe a related set of Kubernetes resources.

While JFrog has made some good strategic moves, a lot of them only strengthen the company’s core business as a repository, said Thomas Murphy, a Gartner analyst.

“They have a solid footprint and are very robust, but the question is, over the next three years as we see a move from a toolchain of discrete tools to integrated pipelines and value stream tooling, what do they do to be bigger and broader?” Murphy said. “I think of the growth in ability of GitLab and GitHub, and the expansion of Digital.ai and CloudBees in contrast.”

Go to Original Article
Author:

Oracle’s GraalVM finds its place in Java app ecosystem

One year after its initial release for production use, Oracle’s GraalVM universal virtual machine has found validation in the market, evidenced by industry-driven integrations with cloud-native development projects such as Quarkus, Micronaut, Helidon and Spring Boot.

GraalVM supports applications written in Java, JavaScript and other programming languages and execution modes. But it means different things to different people, said Bradley Shimmin, an analyst with Omdia in Longmeadow, Mass.

First, it’s a runtime that can support a wide array of non-Java languages such as JavaScript, Ruby, Python, R, WebAssembly and C/C++, he said. And it can do the same for Java Virtual Machine (JVM) languages as well, namely Java, Scala and Kotlin.

Secondly, GraalVM is a native code generator capable of doing things like ahead-of-time compiling — the act of compiling a higher-level programming language such as C or C++ into a native machine code so that the resulting binary file can execute natively.

“GraalVM is really quite a flexible ecosystem of capabilities,” Shimmin said. “For example, it can run on its own or be embedded as a part of the OpenJDK. In short, it allows Java developers to tackle some specific problems such as the need for fast app startup times, and it allows non-Java developers to enjoy some of the benefits of a JVM such as portability.”

GraalVM came out of Oracle Labs, which used to be Sun Labs. “Basically, it is the answer to the question, ‘What would it look like if we could write the Java native compiler in Java itself?'” said Cameron Purdy, former senior vice president of development at Oracle and current CEO of Xqiz.it, a stealth startup in Lexington, Mass., that is working to deliver a platform for building cloud-native applications.

“The hypothesis behind the Graal implementation is that a compiler built in Java would be more easily maintained over time, and eventually would be compiling itself or ‘bootstrapped’ in compiler parlance,” Purdy added.

The GraalVM project’s overall mission was to build a universal virtual machine that can run any programming language.

The big idea was that a compiler didn’t have to have built-in knowledge of the semantics of any of the supported languages. The common belief of VM architects had been that a language VM needed to understand those semantics in order to achieve optimal performance.

“GraalVM has disproved this notion by demonstrating that a multilingual VM with competitive performance is possible and that the best way to do it isn’t through a language-specific bytecode like Java or Microsoft CLR [Common Language Runtime],” said Eric Sedlar, vice president and technical director of Oracle Labs.

To achieve this, the team developed a new high-performance optimizing compiler and a language implementation framework that makes it possible to add new languages to the platform quickly, Sedlar said. The GraalVM compiler provides significant performance improvements for Java applications without any code changes, according to Sedlar. Embeddability is another goal. For example, GraalVM can be plugged into system components such as a database.

GraalVM joins broader ecosystem

One of the higher-profile integrations for GraalVM is with Red Hat’s Quarkus, a web application framework with related extensions for Java applications. In essence, Quarkus tailors applications for Oracle’s GraalVM and HotSpot compiler, which means that applications written in it can benefit from using GraalVM native image technology to achieve near instantaneous startup and significantly lower memory consumption compared to what one can expect from a typical Java application at runtime.

“GraalVM is interesting to me as it potentially speeds up Java execution and reduces the footprint – both of which are useful for modern Java applications running on the cloud or at the edge,” said Jeffrey Hammond, an analyst at Forrester Research. “In particular, I’m watching the combination of Graal and Quarkus as together they look really fast and really small — just the kind of thing needed for microservices on Java running in a FaaS environment.”

In particular, I’m watching the combination of Graal and Quarkus as together they look really fast and really small — just the kind of thing needed for microservices on Java running in a FaaS environment.
Jeffrey HammondAnalyst, Forrester

Jeffrey HammondJeffrey Hammond

Quarkus uses the open source, upstream GraalVM project and not the commercial products — Oracle GraalVM or Oracle GraalVM Enterprise Edition.

“Quarkus applications can either be run efficiently in JVM mode or compiled and optimized further to run in Native mode, ensuring developers have the best runtime environment for their particular application,” said Rich Sharples, senior director of product management at Red Hat.

Red Hat officials believe Quarkus will be an important technology for two of its most important constituents — developers who are choosing Kubernetes and OpenShift as their strategic application development and production platform and enterprise developers with deep roots in Java.

“That intersection is pretty huge and growing and represents a key target market for Red Hat and IBM,” Sharples said. “It represents organizations across all industries who are building out the next generation of business-critical applications that will provide those organizations with a competitive advantage.”

Go to Original Article
Author:

EK VGA Supremacy

Hi,

I’m after an EK VGA Supremacy (Universal GPU water block). Doesn’t matter which finish it has.

Thanks
Ed

Location: Exeter

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves…

EK VGA Supremacy

SwiftStack object storage integrates file protocol support

SwiftStack Inc.’s new 6.0 product release adds Universal Access capabilities to enable customers to read and write files to object storage in private or public clouds without a gateway.

The San Francisco-based software vendor originally gained a following through its commercially supported version of open source OpenStack Swift object storage. But SwiftStack object storage has steadily added capabilities and, with the version 6 release, the startup now refers to its product as “multi-cloud data management” that provides a “cloud-native” single namespace for unstructured data.

SwiftStack object storage always supported the OpenStack Swift and Amazon S3 APIs. With its 2.0 product release, SwiftStack added a gateway to enable users to put file data into an object storage system via API and take it out via file, or vice versa, noted Mario Blandini, the company’s vice president of marketing.

“The reality is, no one used our file system gateway because what they really wanted is it to be as fast as their NAS and as cool as their NAS but then cheap as in object storage,” Blandini said. “Architecturally, a gateway could not delight our customers.”

Diagram of SwiftStack storage
SwiftStack storage with file access

Integrated support for SMB/NFS file protocols

SwiftStack’s Universal Access now enables users or applications to access unstructured data from any private or public cloud location through the SMB and NFS file protocols and Amazon S3 and Swift object interfaces. The system can read and write data to a cloud-based single namespace in both formats. For instance, it can ingest data via file and read via object, or vice versa.

“Any workflow comprised of any number of parts works, as long as the file interfaces are SMB or NFS, and the object interfaces are Swift or S3,” Blandini said.

Try not to label us as an object storage company … because at the end of the day, no one cares about object storage.
Mario Blandinivice president of marketing, SwiftStack

Combining Universal Access with SwiftStack’s previously released Cloud Sync capabilities enables IT managers to control the placement of data in private or public clouds based on policies tailored to specific application workloads and facilitate multiprotocol access to the information. Blandini said the true benefit is being able to “put the right stuff in the right place at the right time without having your users do it — having your IT governance control where the data is placed.”

He said the new capabilities would enable SwiftStack, for the first time, to “ask people to please stop thinking of us as an open source company,” and “while you’re at it, if you could try not to label us as an object storage company, that’d be even better, because at the end of the day, no one cares about object storage.”

“When people write to a public cloud, they don’t care that it’s object storage,” Blandini said. “One of the things that’s made object storage elusive for most users is the fact that it’s been made up to be way more complicated than it needs to be. With cloud-first initiatives coming from CIOs and the mandate to provide DR and site recovery for a lot of businesses who can’t afford a second data center, we’re seeing a lot more momentum going to these things because it’s practical to do now.”

George Crump, founder and president of Storage Switzerland LLC, said SwiftStack’s Universal Access provides “some feature uniqueness that nobody else at least at this point has delivered.” But he said it’s probably not the one feature by itself that could push SwiftStack over the edge to significant market share.

“They have really good technology. Now it comes down to can they market,” Crump said. “I’d say the jury is out at this point.”

Howard Marks, founder and chief scientist at DeepStorage LLC, said SwiftStack’s pioneering work to have a single system that facilitates access to the same data via file and object APIs means developers won’t have to rewrite file-based applications for object storage paradigms and can write new applications to the S3 object API without having to worry about support for file APIs.

“It certainly opens  up a new market” for SwiftStack, Marks said. “Their market before had been people building object storage for cloud-type applications. They open it up to the people who have applications using files now that want to make the transition to object and use that as their transition to a cloud strategy.”

Stiff competition for SwiftStack object storage

Marks noted that SwiftStack object storage faces stiff competition in a busy market populated with well-established vendors, startups and open source options such as Ceph. He said the company is taking the right approach in de-emphasizing its OpenStack Swift roots.

“The general-purpose object market is way bigger than OpenStack, and they don’t want to be ghettoized,” Marks said. “OpenStack is starting to get the smell of failure on it. People are starting to look down on OpenStack.”

Torsten Volk, a senior analyst at Enterprise Management Associates, said SwiftStack version 6 could serve as a complement to traditional NAS. “For latency-sensitive use cases, traditional NAS can stay in place. However, you could use SwiftStack to get more mileage out of existing filers by moving off the less demanding data,” Volk wrote in an email.

Volk said SwiftStack’s software could also be helpful for container users. “Containers notoriously are fighting with data mapping. SwiftStack gives them API access so that you don’t have to worry about Kubernetes storage drives or plug-ins,” he wrote.

Discovering what DevOps means through help wanted ads

Help wanted: DevOps engineer.

Try finding a universal job description for that position on LinkedIn or Indeed.com, and you might go down the same rabbit hole I did recently. Based on what I saw, it’s not easy to define what a DevOps professional does.

Perhaps that dilemma owes to the vague boundaries of exactly what DevOps means. How about part technical, part cultural and part utopian? So, you can forgive job recruiters if they’re having a hard time describing DevOps positions that their companies want to fill.

And there are certainly lots of those positions currently open. The upward trends for DevOps jobs are impressive, according to data amassed on Indeed. There were about three times as many job postings on Indeed seeking DevOps candidates in June 2017 compared to June 2014. These job postings increased by 50% alone in the six months from January to June 2017.

Technical-based position wants ‘CIA’

In such a competitive market for job candidates, it’s natural for hiring departments to put their best spin on a DevOps job. I looked at three DevOps cloud engineer positions on LinkedIn just to see what differences showed up.

There were about three times as many job postings on Indeed seeking DevOps candidates in June 2017 compared to June 2014.

To be fair, there were some similarities: Candidates needed experience working with public cloud environments, using software automation techniques and moving toward continuous integration and continuous delivery, among other high-tech responsibilities.

But I also noticed significant differences among the trio of descriptions.

A financial services company, for example, heavily focused its DevOps cloud engineer job description on the technical duties and qualifications. In fact, the sought-after prospect was an engineer in “cloud integration and automation,” or CIA, according to the description. “This CIA engineer will be responsible for … establishing an infrastructure pipeline for on-prem workloads.” Yes, having experience with DevOps principles and in a business-friendly approach was a plus, but that qualification wasn’t readily apparent, and I had to read further down to find it.

Culture-based approach seeks a steward

Meanwhile, a well-known business media company took a different tack in its search for a DevOps engineer. The organization played upon its centennial anniversary and how technology would take it into the future.

In that regard, DevOps professionals were pitched as stewards of new visions, experimentation and increased efficiency — themes that are associated a lot more with the cultural aspects of exactly what DevOps means.

At the media company, DevOps engineers “sleep, eat and breathe a culture that is continuously iterating to improve everything they touch,” the description read.  This call to arms gave an impression strikingly different from the mechanical phraseology of the financial services job description.

Cancer fighters among the DevOps corps

Then there’s the job description from a research university, whose view of a DevOps engineer hinted at Shangri-La: Candidates need to be problem-solvers who might help cure cancer. Really?

That description might seem utopian to some. Yet, anyone following medical breakthroughs knows that precision medicine is enabling both data and clinical know-how to team up in ways not possible just a decade ago. How cool it would be if a DevOps engineer can help improve patient care?

In fact, many IT professionals in healthcare play significant roles in boosting clinical results. Researching cancer at this university, for example, requires automation techniques to better handle 17 petabytes of data flowing through a public cloud. In other words, beating cancer involves technical and DevOps know-how, not just medical expertise.

Considering the three jobs described here, DevOps candidates would seem to have many and varied choices, depending on which role appeals to them most, an embarrassment of options that in itself may seem utopian. However, the bigger issue remains and revolves around what DevOps means and whether it really does know its true identity.

With that in mind, the idea of simply seeking a DevOps engineer to fill a DevOps position might well be flawed, as Fixate IO DevOps analyst Chris Tozzi noted in DevOpsAgenda: “Doing DevOps the right way means getting the entire organization to embrace DevOps, not having a few people on staff who know DevOps.”

From where I stand, the definition of DevOps hinges on what a hiring company says it is. Just check the help wanted ads for proof.

For Sale – Universal Laptop Adaptors – Great As A Spare – Reductions

I have the following surplus to requirements:

Sumvision Universal Laptop Charger – LC-UNI-095SV – 15V – 24V @ 95W Max – Comes with 9 tips – £9 delivered (was £12)

Xenta Universal Laptop Charger – VG-A-090-002U002AAT – 15V – 24V @ 90W Max – Comes with 9 tips – £9 delivered (was £12)

Both for £15 delivered (was £20)

Advertised elsewhere

Price and currency: £15
Delivery: Delivery cost is included within my country
Payment method: BT / Paypal
Location: Streatham
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Universal Laptop Adaptors

I have the following surplus to requirements:

Sumvision Universal Laptop Charger – LC-UNI-095SV – 15V – 24V @ 95W Max – Comes with 9 tips – £12 delivered

Xenta Universal Laptop Charger – VG-A-090-002U002AAT – 15V – 24V @ 90W Max – Comes with 9 tips – £12 delivered

Both for £20 delivered

Advertised elsewhere

Price and currency: £24
Delivery: Delivery cost is included within my country
Payment method: BT / Paypal
Location: Streatham
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.