Language Selection

English French German Italian Portuguese Spanish

Puppet Redefines Infrastructure Automation

Filed under
Server
Interviews

Automation of more than just the state of your virtual machines, containers and so on is extremely important. How do you enable more teams? It is all about service, safety and quality of delivery. This is what we are doing with Puppet to serve those exact needs. And with our latest release 2019.1, we simplify the experience in automation to meet those demands.

We enhanced our agentless and agent-based capabilities, such as supporting the automation of network devices (for example, Cisco and Palo Alto) and giving users the ability to automate anything and anywhere quickly, efficiently, safely and at scale. But some of our most notable changes are centered around our agentless task runner, Bolt. We introduced it about a year and a half ago. Bolt is an automation tool built to automate anything in your infrastructure without the hassle. It was very well received by the Open Source community. What is new here though is we have found that more and more customers and users are starting to automate from a development perspective. Developers have a constant need to stand up an infrastructure quickly for both testing and support. Not only did we make Bolt more user-friendly for the broader community, but we also added YAML support.

Read more

More in Tux Machines

Security: EvilGnome Scaremongering, Intel Defects, New Patches and the "Desktop Security Nightmare"

  • EvilGnome Is A Linux Spyware That Records Audio And Steals Your Files [Ed: FOSSBytes has moved on from pushing non-FOSS misinformation to actually doing anti-FOSS FUD. Painting malware one needs to actually install as a real threat.]
  • CPU vulnerability mitigations keeping Linux devs busy: SUSE's Pavlík [Ed: Intel defects now waste software developers' time. They should just replace/recall those billions of defective chips]

    A veteran Linux kernel developer at Germany-based SUSE says the one thing that keeps him and his team busy these days is CPU vulnerability mitigations...

  • Security updates for Friday

    Security updates have been issued by Debian (bzip2), Fedora (freetds, kernel, kernel-headers, and knot-resolver), openSUSE (bubblewrap, fence-agents, kernel, libqb, libu2f-host, pam_u2f, and tomcat), Oracle (vim), SUSE (kernel, LibreOffice, libxml2, and tomcat), and Ubuntu (libmspack and squid, squid3).

  • The Desktop Security Nightmare

    Many of us have extremely sensitive data on our systems. Emails to family, medical or bank records, Bitcoin wallets, browsing history, the list goes on. Although we have isolation between our user account and root, we have no isolation between applications that run as our user account. We still, in effect, have to be careful about what attachments we open in email. Only now it’s worse. You might “npm install hello-world”, and audit hello-world itself, but get some totally malicious code as well. How many times do we see instructions to gem install this, pip install that, go get the other, and even curl | sh? Nowadays our risky click isn’t an email attachment. It’s hosted on Github with a README.md. Not only that, but my /usr/bin has over 4000 binaries. Have every one been carefully audited? Certainly not, and this is from a distro with some of the highest quality control around. What about the PPAs that people add? The debs or rpms that are installed from the Internet? Are you sure that the postinst scripts — which run as root — aren’t doing anything malicious when you install Oracle Virtualbox? [...] One thing a person could do would be to keep the sensitive data on a separate, ideally encrypted, filesystem. (Maybe even a fuse one such as gocryptfs.) Then, at least, it could be unavailable for most of the time the system is on. Of course, the downside here is that it’s still going to be available to everything when it is mounted, and there’s the hassle of mounting, remembering to unmount, password typing, etc. Not exactly transparent. I wondered if mount namespaces might be an answer here. A filesystem could be mounted but left pretty much unavailable to processes unless a proper mount namespace is joined. Indeed that might be a solution. It is somewhat complicated, though, since nsenter requires root to work. Enter sudo, and dropping privileges back to a particular user — a not particularly ideal situation, and complex as well. Still, it might well have some promise for some of these things.

Audiocasts/Shows: Ubuntu Podcast, Python Podcasts, User Error

  • Ubuntu Podcast: S12E15 – Diablo

    This week we’ve been buying a new phone and playing with QEMU. We discuss the release fo Debian 10, Ubuntu users saying “Thank you”, Nvidia drivers, WSL and Ubuntu MATE for the GPD MicroPC. We also round up some events and tech news. It’s Season 12 Episode 15 of the Ubuntu Podcast! Mark Johnson, Martin Wimpress and Stuart Langridge are connected and speaking to your brain.

  • Episode #139: f"Yes!" for the f-strings
  • Episode #221: Empowering developers by embedding Python

    How do we get kids excited about programming? Make programming tangible with embedded devices. Did you know that after kids learned to code with the BBC micro:bit, 90% of kids "thought coding was for everyone" and 86% said it made CS topics more interesting?

  • Old and Insecure | User Error 70

    Whether Linux is inherently secure, the next phase of online interaction, and wasting our free time. Plus where to focus your contributions, and a tricky hypothetical question.

Graphics: Nouveau, Wayland's Weston and Libinput

  • The Open-Source NVIDIA "Nouveau" Driver Gets A Batch Of Fixes For Linux 5.3

    Originally on Thursday was finally the Nouveau-next 5.3 pull request that offered improvements to the display color management, fixes to Secure Boot on newer hardware, and Turing TU116 mode-setting support. But that was rejected by the DRM maintainers for being way too late as usually the cut-off for new feature material is when hitting RC6 on the previous cycle, just not days before the end of the current merge window. Not that those changes were all too exciting or notable, but this pushes back the color management and other work to Linux 5.4. Nouveau DRM maintainer Ben Skeggs of Red Hat as a result today sent in Nouveau-fixes 5.3. This pull request has support still for the TU116 GPU since that shouldn't regress any existing support as well as having fixes around KMS, a memory leak, and a few other basic fixes.

  • Wayland's Weston Lands A Pipewire Plug-In As New Remote Desktop Streaming Option

    Wayland's Weston compositor for the past year has provided a remoting plug-in for virtual output streaming that was built atop RTP/GStreamer. Now though a new plug-in has landed in the Weston code-base making use of Red Hat's promising PipeWire project. The PipeWire plug-in was merged into Weston today and is similar to the GStreamer-powered remoting plug-in but instead leverages PipeWire. The compositor's frames are exported to PipeWire and the same virtual output API is shared between these plug-ins. The virtual outputs can be configured using the weston.ini configuration file. Any PipeWire client in turn can read these frames.

  • Libinput 1.14 RC Arrives With Better Thumb Detection & Dell Canvas Totem Support

    Linux input expert Peter Hutterer of Red Hat shipped the much anticipated release candidate today for libinput 1.14, the open-source input handling library used by both X.Org and Wayland systems.

  • libinput 1.13.901
    The first RC for libinput 1.14 is now available.
    
    We have new and improved thumb detection for touchpads, thanks to Matt
    Mayfield. On Clickpad devices this should make interactions where a thumb is
    resting on the touchpad or dropped during an interaction more reliable. A
    summary of the changes can be found here:
    https://who-t.blogspot.com/2019/07/libinputs-new-thumb-detection-code.html
    
    The Dell Canvas Totem is now supported by libinput. It is exposed as a new
    tool type through the tablet interface along with two new axes. Note that
    this is only low-level support, the actual integration of the totem needs
    Wayland protocol changes and significant changes in all applications that
    want to make use of it. A summary of the changes can be found here:
    https://who-t.blogspot.com/2019/06/libinput-and-dell-canvas-totem.html
    
    Touch-capable tablets now tie both devices together for rotation. If you set
    the tablet to left-handed, the touchpad will be rotated along with the
    tablet. Note that this does not affect the left-handed-ness of the touchpad,
    merely the rotation. 
    
    Tablet proximity out handling for tablets that are unreliably sending
    proximity out events is now always timeout-based. It is no longer necessary
    to add per-device quirks to enable this feature and it is completely
    transparent on devices that work correctly anyway. A summar of the
    changes can be found here:
    https://who-t.blogspot.com/2019/06/libinput-and-tablet-proximity-handling.html
    
    Tablets that send duplicate tools (BTN_TOOL_PEN and BTN_TOOL_ERASER) now
    ignore the latter. This is an intermediate fix only but at least makes those
    tablets more usable than they are now. Issue #259 is the tracker for this
    particular behaviour if you are affected by it.
    
    The handling of kernel fuzz has been slightly improved. Where our udev rule
    fails to reset the fuzz on the kernel device, we disable the hysteresis and
    rely on the kernel now to handle it. Previously our hysteresis would take
    effect on top of the kernel's, causing nonresponsive behaviour.
    
    Note to distribitors: the python-evdev dependency has been dropped, the
    tools that used it are now using python-libevdev instead.
    
    And of course a random assortment of fixes, improvements, etc. Many thanks
    to all contributors and testers.
    
    As usual, the git shortlog is below.
    

Powered by Plasma: ALBA Synchrotron in Barcelona, Spain

As you go about your daily tasks, you’re probably unaware that Plasma runs on the computers in one of Europe’s largest research facilities. We were also oblivious – until we met Sergi Blanch-Torné at FOSDEM 2019. We’re always looking for interesting stories from people who use KDE software at their workplace, in school, or in government institutions. You can imagine our delight, then, when we met Sergi Blanch-Torné at this year’s FOSDEM. Sergi is a Controls Software Engineer at ALBA, a KDE user, and a Free software advocate and contributor. Not only was he willing to tell us about his favorite KDE apps, but he also works at one of the most amazing places on Earth! In this interview, he tells us what it’s like to work at ALBA, and answers the burning question: “what even is a synchrotron?”. ALBA is a third-generation synchrotron radiation facility in the Barcelona Synchrotron Park, in Cerdanyola del Vallès, Spain. Managed by the Consortium for the Construction, Equipping and Exploitation of the Synchrotron Light Source (CELLS), it is jointly funded by the Spanish and the Catalonian Administration. Read more