Connect with us

ZDNET

Mirantis will support deprecated Kubernetes dockershim

Mirantis, which owns Docker Enterprise, along with Docker, will continue to maintain the shim code standalone outside Kubernetes as a CRI interface for Docker Engine….

Published

on

It was only a few days ago in the forthcoming Kubernetes 1.20 release notes, Kubernetes, everyone’s favorite container orchestrator, that Kubernetes developers announced: “Docker support in the kubelet is now deprecated and will be removed in a future release.” Old-school Docker developers were not happy. But, at a closer look, dockershim removal from Kubernetes really wasn’t that bad. But now Mirantis, which owns Docker Enterprise Platform, along with Docker, will continue to support dockershim as a Kubernetes-compatible Container Runtime Interface (CRI) for Docker Engine.

What does all that mean for programmers? Adam Parco, Mirantis‘s VP of engineering, explained: “For Mirantis customers, that means that Docker Engine’s commercially supported version, Mirantis Container Runtime (MCR), will be CRI compliant.”

But don’t worry if you’re not a Mirantis customer and you don’t want to switch to a more modern CRI such as the runc-based containerd and CRI-O. Mirantis and Docker, starting with Davanum Srinivas’s open-source cri-dockerd project, will continue to make it available as an open-source project, Mirantis cri-dockerd. This means that you can continue to build Kubernetes based on the Docker Engine just like always. You’ll just need to switch from Kubernetes’s built-in dockershim to the external one.

It should be as easy as one minor code change in your Docker-based containers on Kubernetes. Parco explained, “We will work together on making sure it continues to work as well as before and that it passes all the conformance tests and continues to work just like the built-in version did. Mirantis will be using this in Mirantis Kubernetes Engine, and Docker will continue to ship this shim in Docker Desktop.”

The reason for all this fuss is that people still think Docker means containers and containers means Docker. It was never that simple.

Containers date back to at least the year 2000 and FreeBSD Jails. Oracle Solaris also has a similar concept, called Zones, while companies such as Parallels, Google, and Docker have been working in such open-source projects as OpenVZ and LXC (Linux Containers) to make containers work well and securely. Long before many of you’d ever heard of Docker or containers, you were using them every time you visited Google, with its lmctfy (Let Me Contain That For You).
Docker containers, which are built on top of LXC.

All containers have their own file system, storage, CPU, RAM, and so on. The key difference between containers and virtual machines (VM)s is, while the VM hypervisor abstracts an entire device, containers just abstract the operating system kernel.

What Docker did, and why many of you when you think Docker when you think container, is it made it easy to use containers. In fact, when Kubernetes was launched, Docker Engine was the first and originally the only supported runtime. “But,” as Parco pointed out, “that was never the Kubernetes community’s long-term plan.”

In the long run, the Kubernetes community wanted to support many different containers. To make that possible, Kubernetes created CRI as a Kubernetes communication standard for container engines. All your container had to do was support CRI and it would work with Kubernetes. Indeed, the first CRI-compliant container engine, containerd, was based on Docker’s own runc and donated as an open standard to the Cloud Native Computing Foundation (CNCF).

But — and this is why years later, we’re in this situation — Docker itself was never CRI-compliant.

As Kubernetes developers explained in their “Don’t Panic: Kubernetes and Docker” blog: “You see, the thing we call ‘Docker’ isn’t actually one thing — it’s an entire tech stack, and one part of it is a thing called ‘containerd.'” Kubernetes doesn’t need Docker’s human-friendly interface. Your Kubernetes cluster just needs containerd, and it must use another tool, dockershim, to get it. Kubernetes team hasn’t been thrilled with that because “it gives us another thing that has to be maintained and can possibly break.”

Docker developers, on the other hand, feared that getting rid of dockershim was throwing out the Docker baby with the shim bathwater. That wasn’t true, but it got people really upset and worried. If you’re one of those folks, Parco wants you to know that “for most people, the deprecation of dockershim is a non-issue, because even though they’re not aware of it, they’re not actually using Docker per se; they’re using containerd.”

But, if you are using dockershim, no problem. If you’re a Mirantis customer, dockershim support will be wrapped up in the Mirantis Container Runtime, making it CRI-compliant. If you’re not and you’re using the open-source Docker Engine, the dockershim project will be available and you can continue to use it with Kubernetes. “It will just require a small configuration change, which we [Mirantis] will document,” Parco said.

Some people, such as Tariq Islam, a Google Team Leader, may not be happy with dockershim’s new lease on life. Islam sees Docker in Kubernetes as having moved from a “necessity to technical debt.” That may be true, but it’s a debt Mirantis and Docker are willing to keep paying to keep their programmers and users happy.

Related Stories:

The reason for all this fuss is that people still think Docker means containers and containers means Docker. It was never that simple.

Source: https://www.zdnet.com/article/mirantis-will-support-depreciated-kubernetes-dockershim/

mirantis-will-support-deprecated-kubernetes-dockershim

ZDNET

Even computer experts think ending human oversight of AI is a very bad idea

The UK government is thinking of scrapping the right to ask for a human to review decisions made entirely by AI systems, but some experts are warning that it is not the right way to go.

Published

on

gettyimages-1299491248.jpg

The right to a human review will become impractical and disproportionate in many cases as AI applications grow in the next few years, said a consultation from the UK government.

Image: iStock / Getty Images Plus

While the world’s largest economies are working on new laws to keep AI under control to avoid the technology creating unintended harms, the UK seems to be pushing for a rather different approach. The government has recently proposed to get rid of some of the rules that exist already to put breaks on the use of algorithms – and experts are now warning that this is a dangerous way to go.

In a consultation that was launched earlier this year, the Department for Digital, Culture, Media and Sport (DCMS) invited experts to submit their thoughts on some new proposals designed to reform the UK’s data protection regime.

Among those featured was a bid to remove a legal provision that currently enables citizens to challenge a decision that was made about them by an automated decision-making technology, and to request a human review of the decision.

SEE: Report finds startling disinterest in ethical, responsible use of AI among business leaders

The consultation determined that this rule will become impractical and disproportionate in many cases as AI applications grow in the next few years, and planning for the need to always maintain the capability to provide human review becomes unworkable.

But experts from the BCS, the UK’s chartered institute for IT, have warned against the proposed move to scrap the law.

“This rule is basically about attempting to create some kind of transparency and protection for the individuals in the decision making by fully automated processes that could have significant harms on someone,” Sam De Silva, partner at law firm, CMS and the chair of BCS’s law specialist group, tells ZDNet. “There needs to be some protection rather than rely on a complete black box.”

Behind the UK’s attempt to change the country’s data protection regulation lies a desire to break free from its previous obligation to commit to the EU’s General Data Protection Regulation (GDPR).

The “right to a human review”, in effect, constitutes the 22nd article of the EU’s GDPR, and as such has been duly incorporated into the UK’s own domestic GDPR, which until recently had to comply with the laws in place in the bloc.

Since the country left the EU, however, the government has been keen to highlight its newly found independence – and in particular, the UK’s ability to make its own rules when it comes to data protection.

“Outside of the EU, the UK can reshape its approach to regulation and seize opportunities with its new regulatory freedoms, helping to drive growth, innovation and competition across the country,” starts DCMS’s consultation on data protection.

Article 22 of the GDPR was deemed unsuitable for such future-proof regulation. The consultation recognizes that the safeguards provided under the law might be necessary in a select number of high-risk use cases – but the report concludes that as automated decision making is expected to grow across industries in the coming years, it is now necessary to assess whether the safeguard is needed.

A few months before the consultation was launched, a separate government taskforce came up with a similar recommendation, arguing that the requirements of article 22 are burdensome and costly, because they mean that organizations have to come up with an alternative manual process even when they are automating routine operations.

The taskforce recommended that article 22 be removed entirely from UK law, and DCMS confirmed in the consultation that the government is now considering this proposal.

According to De Silva, the motivation behind the move is economic. “The government’s argument is that they think article 22 could be stifling innovation,” says De Silva. “That appears to be their rationale for suggesting its removal.”

The consultation effectively puts forward the need to create data legislation that benefits businesses. DCMS pitched a “pro-growth” and “innovation-friendly” set of laws that will unlock more research and innovation, while easing the cost of compliance for businesses, and said that it expects new regulations to generate significant monetary benefits.

For De Silva, however, the risk of de-regulating the technology is too great. From recruitment to finance, automated decisions have the potential to impact citizens’ lives in very deep ways, and getting rid of protective laws too soon could come with dangerous consequences.

SEE: Programming languages: Python just took a big jump forward

That is not to say that the provisions laid out in the GDPR are enough. Some of the grievances that are described in DCMS’s consultation against article 22 are legitimate, says De Silva: for example, the law lacks certainty, stating that citizens have a right to request human review when the decision is solely based on automated processing, without specifying at which point it can be considered that a human was involved.

“I agree that it’s not entirely clear, and it’s not a really well drafted provision as it is,” says De Silva. “My view is that we do need to look at it further, but I don’t think scrapping it is the solution. Removing it is probably the least preferable option.”

If anything, says De Silva, the existing rules should be changed to go even further. Article 22 is only one clause within a wide-ranging regulation that focuses on personal data – when the topic could probably do with its own piece of legislation.

This lack of scope can also explain why the provision lacks clarity, and highlights the need for laws that are more substantial.

“Article 22 is in the GDPR, so it is only about dealing with personal data,” says De Silva. “If we want to make it wider than that, then we need to be looking at whether we regulate AI in general. That’s a bigger question.”

A question likely to be on UK regulators’ minds, too. The next few months will reveal what answers they might have found, if any.

The consultation determined that this rule will become impractical and disproportionate in many cases as AI applications grow in the next few years, and planning for the need to always maintain the capability to provide human review becomes unworkable.

Source: https://www.zdnet.com/article/even-computer-experts-think-ending-human-oversight-of-ai-is-a-very-bad-idea/

even-computer-experts-think-ending-human-oversight-of-ai-is-a-very-bad-idea

Continue Reading

ZDNET

National Australia Bank keeping staff connected with Google Pixel rollout

More than 2,000 Google Pixel devices were issued to NAB’s customer contact teams to enable them to support customers remotely.

Published

on

15664-android-nab-blog-v2-max-1000x1000.png Image: Google

When National Australia Bank (NAB) recently revised its device strategy to look at new ways it could support the mobility of its employees and reduce the time and cost of support legacy devices across multiple platforms, the big bank partnered with Google to issue more than 2,000 Pixel devices to its customer contact teams.

Each device, managed with Android enterprise, was rolled out by Vodafone using “zero-touch” enrolment to set up the devices and configure each one with the necessary applications.

“With zero-touch enrolment, each Pixel setup was 20 minutes faster than our previous device enrolments, saving our IT team and colleagues over 500 hours during the initiative. With our communication and collaboration apps available right out of the box, our teams could get to work right away to help customers,” NAB Mobility manager Simon Thoday said.

Another consideration of the rollout was how customer data was going to remain secure, with Thoday pointing out that using Android Enterprise provided the solution to that question.

“Pixel security updates from Google provide a reliable cadence of ongoing protection as threats evolve, and the work profile hits the right balance between security and privacy for our teams,” Thoday said.

“Our contact centre teams use Pixel devices that are fully managed, which allows us to provide the necessary security controls, and wipe and re-enroll them when transferred to a new employee,” he said.

“Branch managers use Pixels with the work profile, separating work and personal applications. This gives employees the ability to use the device in a personal capacity while our IT team manages and ensures data security over the work profile.”

Additionally, with managed Google Play, NAB can assign the apps that are necessary on its managed devices.

“Providing our teams the flexibility to assign apps to the right teams is a major time saver and ensures everyone has the resources they need,” Thoday said.

“Branch managers can look up customer service records or answer a ping more quickly from their Pixel, instead of returning back to their desk and logging back on to their desktop computer. Android Enterprise has been a catalyst in a more mobile and responsive environment for our various teams.”

Earlier this month, the red and black bank completed its transition to TPG to deliver fixed and mobile network services across the bank.

The transition follows a deal struck between the two companies in September for the newly merged telecommunications giant to deliver fixed network services across NAB’s corporate offices, business banking centres, and branches, as well as providing mobile connectivity to the majority of the NAB workforce.

Vodafone delivered the solution to more than 80% of NAB’s mobile fleet across corporate offices and branches in metro and major regional areas. The company said Vodafone, alongside Google, would also be providing those who opt for a company phone with the Pixel 4a.

Related Coverage

Another consideration of the rollout was how customer data was going to remain secure, with Thoday pointing out that using Android Enterprise provided the solution to that question.

Source: https://www.zdnet.com/article/national-australia-bank-keeping-staff-connected-with-google-pixel-roll-out/

national-australia-bank-keeping-staff-connected-with-google-pixel-rollout

Continue Reading

ZDNET

Crackonosh malware abuses Windows Safe mode to quietly mine for cryptocurrency

The malware is thought to have generated millions of dollars in just a few short years.

Published

on

Researchers have discovered a strain of cryptocurrency-mining malware that abuses Windows Safe mode during attacks.

The malware, dubbed Crackonosh by researchers at Avast, spreads through pirated and cracked software, often found through torrents, forums, and “warez” websites.

After finding reports on Reddit of Avast antivirus users querying the sudden loss of the antivirus software from their system files, the team conducted an investigation into the situation, realizing it was due to a malware infection.

Crackonosh has been in circulation since at least June 2018. Once a victim executes a file they believe to be a cracked version of legitimate software, the malware is also deployed.

The infection chain begins with the drop of an installer and a script that modifies the Windows registry to allow the main malware executable to run in Safe mode. The infected system is set to boot in Safe Mode on its next startup.

“While the Windows system is in safe mode antivirus software doesn’t work,” the researchers say. “This can enable the malicious Serviceinstaller.exe to easily disable and delete Windows Defender. It also uses WQL to query all antivirus software installed SELECT * FROM AntiVirusProduct.”

Crackonosh will scan for the existence of antivirus programs — including Avast, Kaspersky, McAfee’s scanner, Norton, and Bitdefender — and will attempt to disable or delete them. Log system files are then wiped to cover its tracks.

In addition, Crackonosh will attempt to stop Windows Update and will replace Windows Security with a fake green tick tray icon.

The final step of the journey is the deployment of XMRig, a cryptocurrency miner that leverages system power and resources to mine the Monero (XMR) cryptocurrency.

Overall, Avast says that Crackonosh has generated at least $2 million for its operators in Monero at today’s prices, with over 9000 XMR coins having been mined.

Approximately 1,000 devices are being hit each day and over 222,000 machines have been infected worldwide.

In total, 30 variants of the malware have been identified, with the latest version being released in November 2020.

“As long as people continue to download cracked software, attacks like these will continue and continue to be profitable for attackers,” Avast says. “The key take-away from this is that you really can’t get something for nothing and when you try to steal software, odds are someone is trying to steal from you.”

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Crackonosh has been in circulation since at least June 2018. Once a victim executes a file they believe to be a cracked version of legitimate software, the malware is also deployed.

Source: https://www.zdnet.com/article/crackonosh-malware-abuses-windows-safe-mode-to-quietly-mine-for-cryptocurrency/

crackonosh-malware-abuses-windows-safe-mode-to-quietly-mine-for-cryptocurrency

Continue Reading

Title

CNBC1 day ago

Earnings

Corporate Company Earnings, Find Earnings Per Share and Earnings History Online

ZDNET2 days ago

Even computer experts think ending human oversight of AI is a very bad idea

The UK government is thinking of scrapping the right to ask for a human to review decisions made entirely by...

Crunchbase4 days ago

The Briefing: Hailo Lands $136M Series C

Crunchbase News' top picks of the news to stay current in the VC and startup world.

Cointelegraph4 days ago

Ethereum loses key support level as ETH price falls to two-month lows against Bitcoin

Ethereum's value against Bitcoin dropped below its 200-day exponential moving average for the first time since March 2020, raising risks...

Ventureburn7 days ago

Local emotional intelligence app users significantly grow

It’sOk, an innovative tech startup that aims to promote emotional intelligence among students has experienced exponential growth.

Reuters1 week ago

Facebook apologizes for second outage in a week, services back up

Facebook Inc apologized to users for a two hour disruption to its services on Friday and blamed another faulty configuration...

Bioengineer2 weeks ago

Pioneering chemistry approach could lead to more robust soft electronics

Credit: Udit Chakraborty, Cornell University RESEARCH TRIANGLE PARK, N.C. -- A new approach to studying conjugated polymers made it possible

Ventureburn2 weeks ago

SA fintech partners with rising global fintech to foster financial inclusion in SA –

Ukheshe Technologies has partnered with Chipper to help in the global fintech's rollout of digital payment services and products.

CNBC3 weeks ago

Stitch Fix shares surge as online styling service reports surprise profit

Stitch Fix shares jumped after the online shopping and styling service reported a surprise profit for its fiscal fourth quarter.

Techcrunch1 month ago

South Korean antitrust regulator fines Google $177M for abusing market dominance – TechCrunch

The Korea Fair Trade Commission (KFTC) said on Tuesday it fined Google $177 million for abusing its market dominance in...

Review

    Select language

    Trending