We’re now getting used to the idea of virtual conferences, but while they work very well at getting the information across, what’s often lacking is the shock when any organisation or vendor establishes a new path or announces a new direction.

The recent Cloud Foundry Summit is a case in point.  The open source software organisation has coalesced its offerings around Kubernetes and announced several new projects to support the container technology, but according to Cloud Foundry Foundation executive director Chip Childers, this decision wasn’t straight forward.

“There was a split opinion around the community,” Childers told attendees, “just how much should we accept and embrace Kubernetes.” It was a difficult decision, as Kubernetes was emerging as a de facto standard for containerisation but, on the other hand, there was a definite feeling that it was not really a part of the Cloud Foundry ecosystem.  

That’s all now changed. The organisation has thoroughly embraced the technology. “Kubernetes is the new infrastructure, it’s going to be ubiquitous,” he said.

It’s a view that’s been whole-heartedly supported by the vendors in the Cloud Foundry ecosystem. Ian Andrews, VP of marketing for VMware Tanzu says that “the concentration on Kubernetes was a view very much shared by the team at VMware”.

What helped the decision making process is a number of mergers and acquisitions in the ecosystem – notably VMware’s purchase of Pivotal – and that set the path for a new direction.

Mainstream clout

Andrews says the deal combined the best of both worlds; Pivotal had created a name for itself in the Cloud Foundry community, “but had a relatively small number of users. VMware with its user base in the tens of thousands added that Cloud Foundry expertise to its range of products.” This integration has seen the emergence of the Tanzu brand, a means of adding Kubernetes to the VMware portfolio.

The concentration on Kubernetes and the enhanced participation of VMware has definitely provided a boost to Cloud Foundry, which perhaps has never quite had the clout it should, even though it’s a well-established platform and, most importantly of all, has a thriving, almost fanatically devoted user base. 

This has meant that it could never be ignored but, at the same time, it’s never permeated public consciousness. “Cloud Foundry has one major problem,” says Bryan Betts, principal analyst for Freeform Dynamics, “within the open source community it’s seen as rather like your dad’s open source: It’s been around for some time and it’s seen as rather dull.”

In most areas of IT, longevity would be seen as a bit of an asset. There are too many flavours of the month that attract a heap of interest, generate plenty of hype and vanish as quickly as they appear. In such a world, Cloud Foundry’s robustness and stability should be cherished but, as Betts points out, that’s not always been a positive sign within the open source world.  

“What Cloud Foundry has been doing has been very exciting. Some of the things that they were doing two or three years ago were ahead of their time and were precursors of the whole microservices movement – that’s now been forgotten. Cloud Foundry is finding that perception is all – and this is an industry built on perception.”

It’s something that the Foundation dearly wants to change. It hopes that its new found wholesale adoption of Kubernetes will provide Cloud Foundry with the kick-start it needs.

Applying a devops model

The first of the projects revealed to the wider world at the summit is CFfor-K8s, software aimed at making the transition to Cloud Foundry easier. CF-for-K8s enables users to run Cloud Foundry instances on top of a Kubernetes platform – offering what the Foundation claims is an easy integration between the two technologies. Childers claims that the new project would enable users to spin up Cloud Foundry within just ten minutes – a big claim, considering that Cloud Foundry hasn’t always been the most intuitive pieces of software.

The flipside of CF-for-K8s is KubeCF, which offers a way for Cloud Foundry users to run Kubernetes. This is more established software, however, and it was version 4.5 that was released at Cloud Foundry Summit.

Freeform Dynamics’ Betts says that one way of thinking about the relationship between CF-for-K8s and KubeCF would be to consider the devops model. “Think of CF-for-K8s as being the dev side will KubeCF is the ops part – and that part is just as important,” he says.

The third new release is a new version of Stratos, the management console for Cloud Foundry clusters. The new version, 4.2, adds support for native Kubernetes clusters and Helm chart repositories. 

All of these show how Kubernetes is beginning to be more integrated into the ecosystem and there’s a hope in the Foundation that this will herald a new boost to adoption. Childers sees plenty of opportunity for growth. “There’s a perception that Cloud Foundry is only for large corporations; if that were true, it’s because that’s where the skillset was,” he said. 

He sees plenty of opportunity for small companies to use Cloud Foundry – the closer integration with Kubernetes will provide a pathway for these users.

This is still a growing area for a lot of smaller organisations and there’s plenty of new opportunity now for growth. The Cloud Foundry project may have been slow to recognise the significance of Kubernetes but it’s catching up now and is using it as a springboard for new areas.  Current systems are immensely complicated, says Andrews, but this is changing, the embrace of Kubernetes will help. “We’re getting to that moment of peak complexity, we’ve climbed the mountain and on the downwards slope,” he adds.

Betts sees the potential for Cloud Foundry if they can crack this perception issue. “There are people who have started new projects and found it’s something that Cloud Foundry already does.” He says that the Foundation has all the right elements in place but users have to be informed. “They have to know it’s there and have to know what to do with it,” he says. It seems that the Foundation is on the right path to do that.

Cisco has announced plans to acquire Hungarian container security startup Banzai Cloud, as the networking giant looks to further expand its portfolio of cloud-native technologies. 

The deal is expected to close at the end of this quarter for an undisclosed sum and follows hot on the heels of Cisco’s takeover of cloud-native security company Portshift back in October.

Founded in 2017, Budapest-based Banzai Cloud offers a Kubernetes-based platform that is designed to help businesses develop and deploy cloud-native applications.

The firm’s assets and employees will now become part of Cisco’s Emerging Technologies and Incubation group, which focuses on incubating new projects for cloud-native networking, security and edge computing environments for modern distributed applications. 

In a blog post, Liz Centoni, SVP of Cisco’s Emerging Technologies and Incubation group, explained that the move would help the company address the challenges presented by modern cloud-native applications and their environments. 

“This team has demonstrated experience with complete end-to-end cloud-native application development, deployment, runtime and security workflows,” Centoni said. 

“They have built and deployed software tools that solve critical real-world pain points and are active participants in the open-source community as sponsors, contributors and maintainers of several open-source projects.”

The acquisition is the latest move in Cisco’s push to grow its cloud security portfolio, following its acquisition of Israeli startup Portshift last month for a reported $100 million.

The Tel-Aviv-based business provides a Kubernetes-based platform to secure containers and serverless applications and will also fall under Cisco’s Emerging Technologies and Incubation umbrella. 

“These two cross-border acquisitions are a testament to the globalisation of the cloud-native ecosystem and underscore our commitment to hybrid, multi-cloud application-first infrastructure as the de facto mode of operating IT,” Centoni added. 

“The Emerging Technologies and Incubation team’s mission is to incubate impactful technologies and to attract, foster and grow the global talent needed to drive innovation and support our customers’ digital transformation initiatives.”

Red Hat has unveiled new edge capabilities for Red Hat Enterprise Linux. The firm has also expanded the number of supported environments for Red Hat OpenShift, including leading public clouds and multiple data centre architectures, like IBM Z and Power Systems.

At this year’s KubeCon + CloudNativeCon, Red Hat launched several edge-focused updates to Red Hat Enterprise Linux, including the rapid creation of operating system images for the edge through the Image Builder capability. 

The firm said this would enable IT organisations to create purpose-built images optimized for architectural challenges inherent to edge computing but customized for the needs of a given deployment.

Red Hat also unveiled remote device update mirroring to stage and apply updates at the next device reboot or power cycle, helping limit downtime and manual intervention from IT response teams.

The edge update sports over-the-air updates that transfer less data while still pushing necessary code. Red Hat aims this update at sites with limited or intermittent connectivity. 

Another feature announced is Intelligent rollback built on OSTree capabilities, enabling users to provide workload-specific health checks to detect conflicts or code issues. When it detects a problem, it automatically reverts the image to the last good update to prevent unnecessary downtime at the edge.

Red Hat also announced updates to Red Hat OpenShift 4.6 intended to help enterprises accelerate cloud-native application development. The latest update to OpenShift Serverless with Red Hat OpenShift Serverless 1.11 brings full support for Knative eventing, enabling containerized applications to consume only the resources they need at a given time, which prevents over- or under-consumption.

There is also a Red Hat build of Quarkus, a Kubernetes-native Java stack fully supported by Red Hat. With a single Red Hat OpenShift subscription, customers now have full access to Quarkus, enabling developers to repurpose mission-critical Java applications on Kubernetes, backed by Red Hat’s enterprise support.

Red Hat OpenShift 4.6 now includes new edge computing features with remote worker nodes, extending processing power to space-constrained environments. This enables IT organizations to scale remotely while maintaining centralized operations and management.

OpenShift 4.6 will also extend capabilities for public-sector Kubernetes deployments, including availability on AWS GovCloud and Azure Government Cloud, extended OpenSCAP support and more. 

Further extending OpenShift’s reach into the public cloud domain is Azure Red Hat OpenShift, a jointly-managed, engineered and supported offering on Microsoft Azure backed by Microsoft and Red Hat’s expertise. A similar service is expected to launch on AWS with joint management and support from Red Hat and Amazon.

The recently patched Cisco Security Manager (CSM) platform did not initially include details of 12 severe security vulnerabilities that could, if exploited, lead to remote code execution (RCE).

Although these 12 flaws in CSM, an enterprise-class management console that offers insight into the control of Cisco security and network devices, were recently fixed, its developers failed to mention these at all, according to security researcher Florian Hauser. 

Hauser claims to have reported these 12 bugs to the networking giant in July this year and was under the impression they were due to be fixed when CSM was updated to version 4.22 earlier this month.

The researcher claims, however, that despite patching the vulnerabilities last week, the company didn’t mention them at all in the release notes for CSM and did not issue security advisories for businesses that may be potentially affected.

As a result, Hauser has published the proof-of-concept for all 12 flaws that he submitted via GitHub, including a host of RCE exploits that cyber criminals could use if targeting an unpatched system. 

“120 days ago, I disclosed 12 vulnerabilities to Cisco affecting the web interface of Cisco Security Manager. All unauthenticated, almost all directly giving RCE,” Hauser posted on Twitter on 11 November, following this up overnight with: “Since Cisco PSIRT became unresponsive and the published release 4.22 still doesn’t mention any of the vulnerabilities, here are 12 PoCs in 1 gist.”

The CSM 4.22 release notes outlined several improvements to security and functionality, including support for AnyConnect Web Security WSO. The company has subsequently released advisories for three vulnerabilities that were reported in July, crediting Florian Hauser for discovery.

The first, a path traversal vulnerability, tagged CVE-2020-27130 and assigned a CVSS score of 9.1, could allow an unauthenticated remote attacker to gain access to sensitive information, upon successful exploitation. This is due to improper validation of traversal character sequences within requests to affected devices.

The second, a Java deserialisation flaw, is tagged CVE-2020-27131 and assigned a severity score of 8.1, could also allow a remote attacker to execute arbitrary commands on an affected device. The final flaw, a static credential vulnerability tagged CVE-2020-27125 and assigned a severity score of 7.4, could also allow a remote attacker to access sensitive information on a targeted system.

IT Pro approached Cisco to clarify why it had first failed to mention these flaws in the patch notes for CSM version 4.22.

Video conferencing service Zoom has added a set of security features to help users combat ‘Zoom-bombing’ attacks. 

The new controls will help account holders remove unwanted guests and also spot if their meeting’s ID number has been shared online.

Zoom-booming has been an issue for the company throughout the year with hackers exploiting its mass adoption. This has affected both personal and professional meetings, including legal proceedings, and many will see this fix as long overdue. 

Starting this week, hosts and co-hosts will be given an option to temporarily pause their meeting and remove unwanted guests. Users can click a new “Suspend Participant Activities” button, which stops all video, audio, chat functions, screen sharing and recording. 

Hosts and co-hosts will then be asked if they want to report a user from their meeting, with the option to share a screenshot of them. They will then be removed once ‘Submit’ is clicked. Zoom’s security team will be notified and hosts can continue with their meeting by individually restarting all the features. This service will be set as the default for all free and paid Zoom users. 

Hosts and co-hosts can already report users with the security icon in the top corner, but this can also be enabled for non-hosts by account owners and admins. The option is available via the web browser on Mac, PC, Linux and on Zoom’s mobile apps. 

Soon, users will also be able to see if their meeting has been compromised with an ‘At-Risk Meeting Notifier’ which scans public social media posts and other websites for publicly shared meeting links. When the tool spots a meeting that’s potentially at risk of disruption, it automatically alerts the account owner by email with advice. This will most likely be to delete the vulnerable meeting and create a new one with a different ID.

A new macOS update released last week is reportedly bricking older MacBook Pro laptops, according to a number of dissatisfied Apple customers.

Big Sur, which was first unveiled during the Worldwide Developers Conference (WWDC) last June, is rendering some devices unresponsive, causing them to display a static black screen without any way of bypassing or resolving the issue.

The problem with Apple’s latest operating system update is said to be affecting mostly 13-inch MacBook Pros released between late 2013 and mid-2014, according to MacRumors. However, the models have been listed as compatible with the update.

​

Apple’s engineering team is reportedly aware of the issue and Big Sur has become a popular topic of discussion on the Apple Support forum, with users describing how their MacBooks are stuck on a black screen with keyboards “completely disabled”.

Apple is reportedly telling users to bring their laptops in for repair, according to a discussion on forum site Reddit. However, this might not be possible for many living in regions under government-imposed lockdowns, such as England.

This is not the only issue facing Big Sur. On 14 November, when the macOS update was released, Apple users reported server outages that caused iMessage and Apple Pay to go down and performance issues for users running macOS Catalina and earlier, according to 9to5Mac. The issue also caused Big Sur downloads and installations to fail, as well as security and privacy concerns.

​Amazon Web Services (AWS) will ditch Nvidia chips responsible for the processing of Alexa queries and will instead use its own in-house silicon, the company confirmed on Friday.

The cloud giant will also be shifting data processing for its cloud-based facial recognition system, ‘Rekognition‘, over to these in-house chips, according to Reuters.

Alexa queries, issued through Amazon’s Echo line of smart speakers, are sent through the company’s data centres where they undergo several stages of processing before coming back to users with an answer, including translating the processed text into audible speech.

The company said that the “majority” of this processing will now be handled using Amazon’s own “Inferentia” computing chips. These were first launched in 2018 as Amazon’s first custom silicon-designed chips for accelerating deep learning workloads.

Amazon has said that the shift to Inferentia for Alexa processing had resulted in a 25% latency boost and 30% lower cost. The firm hopes the same will happen with its Rekognition system, which has also started to adopt the Inferentia chip.

The cloud giant didn’t specify which company previously handled Rekognition processing, but the service has come under some scrutiny from civil rights groups for its involvement with law enforcement. Police were temporarily banned from using it earlier in the year, following the Black Lives Matter protests.

Nvidia and Intel are two of the biggest providers of computing chips, often for data centres, with companies like Amazon and Microsoft included in their clientele. However, a number of firms have begun to move away from vendors and are bringing the technology in-house. For example, Apple has recently moved away from Intel chips in favour of the A14 Bionic processors, which will be used going forward.

Salesforce has said it aims to add over 100,000 new skilled jobs to the UK market over the next four years through a partnership with training provider QA.

Three apprenticeship programmes and a developer Bootcamp will be created to boost the country’s digital skills and produce a cohort of graduates trained in Salesforce certifications, the company announced on Thursday.

The initiatives could potentially add over 100,000 skilled jobs in the UK over the next four years, according to IDC, with Salesforce boosting its own ecosystem of customers and partners.

Demand for digital skills has been high for years but it has become particularly acute during the pandemic and the greater use of cloud platforms. QA, which is an established provider of Salesforce training, is aiming to bridge the gap by expanding its work with the company.

In the UK, there is a growing demand for Salesforce technology, according to QA, which is fuelling the need for businesses to quickly find and hire new skilled Salesforce talent.

The Developer Bootcamp is a 12-week intensive course that provides specialist skills required to design data models, user interfaces and security for custom applications as well as the ability to customise them for mobile use. The first boot camp is expected to start in March 2021.

The apprenticeship programmes will provide practical learning closely aligned to specific career paths, namely service desk engineering, marketing professional, and business analytics roles within the Salesforce ecosystem.

All three apprenticeships are available for immediate starts and both initiatives will be complemented by content from a Salesforce’s online learning platform Trailhead, which allows participants to continue to develop their Salesforce skills after they have completed their programmes.

“We care passionately about developing the next generation of skilled professionals for our industry,” said Adam Spearing, Salesforce’s EMEA CTO. “The Salesforce ecosystem represents a growing opportunity and urgent need for talent within our customers, marketplace, partners and developers, and we want to kick-start the careers and pathways for young adults. We are excited to be partnering with QA to launch the Developer Bootcamp and Apprenticeship programmes.”

Google will restrict the online cloud storage capacity for high-quality photos and videos to 15GB from next year as the firm looks to capitalise on the millions of users who have come to rely on the service.

From June 2021, new high-quality content uploaded to Google Photos will count towards a free 15GB storage capacity, with the company making several pricing tiers available to those who need to store more data. The limit will also apply to files that users keep on Drive, specifically Google Docs, Sheets, Slides, Drawings, Forms, and Jamboard files.

Google is framing these plans as a way to be able to continue to provide everybody with a great storage experience while keeping pace with the growing demand for its free services.

Amazon Web Services (AWS) has announced the general availability of its new visual data preparation tool that lets users clean and normalise data without having to write code.

Built as part of its AWS Glue service, the new DataBrew tool aims to make visual data preparation more accessible for a greater number of users.

According to AWS, DataBrew facilitates data exploration and experimentation directly from AWS data lakes, data warehouses, and databases. Its users will be able to choose from over 250 built-in functions to combine, pivot, and transpose the data, with the tool also providing transformations that use advanced machine learning techniques such as natural language processing.

DataBrew is serverless and fully-managed, the claim being that users will never need to configure, provision, or manage any compute resources directly.

“AWS customers are using data for analytics and machine learning at an unprecedented pace”, commented Raju Gulabani, AWS vice president of Database and Analytics. “However, these customers regularly tell us that their teams spend too much time on the undifferentiated, repetitive, and mundane tasks associated with data preparation. Customers love the scalability and flexibility of code-based data preparation services like AWS Glue, but they could also benefit from allowing business users, data analysts, and data scientists to visually explore and experiment with data independently, without writing code.

“AWS Glue DataBrew features an easy-to-use visual interface that helps data analysts and data scientists of all technical levels understand, combine, clean, and transform data,” he added.

AWS Glue DataBrew is generally available starting today in Ireland and Frankfurt, Germany, as well as select parts of the United States, including Ohio and Oregon, and the Asia Pacific Region. AWS said that it will announce the availability in additional regions “soon” but has yet to confirm when the tool will arrive in the UK.

When it comes to pricing, AWS said that the DataBrew users will not be faced with any “upfront commitments or costs” to use the tool, but will be expected to pay for the ability to create and run transformations on datasets. AWS did not immediately respond to IT Pro’s query regarding specific pricing.