Red Hat Update at IBM Teach the Teacher (IBM T3) Conference in Endicott, NY. Covering Red Hat's community development model, System z announcements, SELinux, SCAP, and Red Hat Network Satellite for Systems Management.
It's a pivotal challenge to update the software in embedded systems due to many restrictions such as unreliable network and power supply, limited bandwidth, harsh environment, etc. This slide aims to provide the background knowledge and the open source tool to achieve the software update in embedded systems.
Design, Build,and Maintain the Embedded Linux PlatformSZ Lin
Using open source software to build an embedded Linux platform from scratch.
Building an embedded Linux platform is like a puzzle; placing the suitable software components in the right positions will constitute an optimal platform. However, selecting suitable components is difficult since it depends on different application scenarios. The essential components of an embedded Linux platform include the bootloader, Linux kernel, toolchain, root filesystem; it also needs the tools for image generation, upgrades, and testing. There are abundant resources in the Linux ecosystem with these components and tools; however, selecting the suitable modules and tools is still a key challenge for system designers.
Take a step forward from user to maintainer or developer in open source secur...SZ Lin
There are a variety of high-quality open source security-related tools available in penetration testing tools, forensics tools, hardening tools, fuzz tools, and network monitoring tools. These tools could be used freely; however, we might face some issues while using it. Therefore, it is essential to have the ability to maintain or develop these tools. In this slide, SZ Lin introduces Security Tools Packaging Team in Debian; this team aims to maintain collaboratively many security tools and merge back tools packaged by security-oriented Debian derivatives (e.g., Kali). Also, SZ shares the experience in discussing and collaborating with open source maintainers and developers in open source security-related tools.
Select, manage, and backport the long term stable kernelsSZ Lin
The document discusses selecting and managing Linux kernel versions, including mainline, stable, and long-term kernels. It notes mainline kernels are released every 2-3 months with new features, while stable kernels receive only bug and security fixes. Long-term kernels provide long-term support with backported fixes for older releases. The document recommends using a release version over rolling versions for stability and outlines practices for monitoring kernels and addressing regressions.
This document discusses open source licenses. It begins by introducing open source/free software and different types of intellectual property like copyrights and patents. It then explains key open source licenses like the GPL, LGPL, Apache, MIT and their different permissions and conditions. Popular open source licenses used on GitHub are also shown. The document provides answers to common questions about open source licensing and references for further information.
Introduction to Civil Infrastructure PlatformSZ Lin
CIP is target to establish an open source base layer of industrial grade software to enable the use and implementation of software. This slide will introduce the current status and road map in CIP
Long-term Maintenance Model of Embedded Industrial Linux DistributionSZ Lin
To introduce a robust, secure and reliable platform for the industrial environments is a key challenge; moreover, the platform needs to survive for a long time (more than 10+ years). There are many good solutions aiming to meet these requirements, such as LTSI (Long Term Support Initiative) and CIP (Civil Infrastructure Platform). However, it still needs a high amount of maintenance and development costs in handling SoC/ hardware board in-house patch, non-upstream driver and keep source code consistent with different SoC and platform afterwards.
In this presentation, SZ Lin will introduce how to operate long-term maintenance model of embedded industrial Linux distribution. In addition, he will also address the building, deploying and testing architecture and workflow for producing a robust, secure and reliable platform.
[ELCE] Activities of super long term support kernel workgroup in civil infras...SZ Lin
The document summarizes the activities of the Super Long Term Support Kernel Workgroup in the Civil Infrastructure Platform Project. It discusses the workgroup's maintenance of Linux kernels for over 10 years, including applying real-time patches and maintaining the kernels as the CIP-RT version. Key tasks include participating in the Linux LTS review process, releasing CIP SLTS kernels, tracking CVEs and failed patches for the CIP kernels. The workgroup aims to provide industrial-grade, sustainable and secure kernels for critical infrastructure projects.
It's a pivotal challenge to update the software in embedded systems due to many restrictions such as unreliable network and power supply, limited bandwidth, harsh environment, etc. This slide aims to provide the background knowledge and the open source tool to achieve the software update in embedded systems.
Design, Build,and Maintain the Embedded Linux PlatformSZ Lin
Using open source software to build an embedded Linux platform from scratch.
Building an embedded Linux platform is like a puzzle; placing the suitable software components in the right positions will constitute an optimal platform. However, selecting suitable components is difficult since it depends on different application scenarios. The essential components of an embedded Linux platform include the bootloader, Linux kernel, toolchain, root filesystem; it also needs the tools for image generation, upgrades, and testing. There are abundant resources in the Linux ecosystem with these components and tools; however, selecting the suitable modules and tools is still a key challenge for system designers.
Take a step forward from user to maintainer or developer in open source secur...SZ Lin
There are a variety of high-quality open source security-related tools available in penetration testing tools, forensics tools, hardening tools, fuzz tools, and network monitoring tools. These tools could be used freely; however, we might face some issues while using it. Therefore, it is essential to have the ability to maintain or develop these tools. In this slide, SZ Lin introduces Security Tools Packaging Team in Debian; this team aims to maintain collaboratively many security tools and merge back tools packaged by security-oriented Debian derivatives (e.g., Kali). Also, SZ shares the experience in discussing and collaborating with open source maintainers and developers in open source security-related tools.
Select, manage, and backport the long term stable kernelsSZ Lin
The document discusses selecting and managing Linux kernel versions, including mainline, stable, and long-term kernels. It notes mainline kernels are released every 2-3 months with new features, while stable kernels receive only bug and security fixes. Long-term kernels provide long-term support with backported fixes for older releases. The document recommends using a release version over rolling versions for stability and outlines practices for monitoring kernels and addressing regressions.
This document discusses open source licenses. It begins by introducing open source/free software and different types of intellectual property like copyrights and patents. It then explains key open source licenses like the GPL, LGPL, Apache, MIT and their different permissions and conditions. Popular open source licenses used on GitHub are also shown. The document provides answers to common questions about open source licensing and references for further information.
Introduction to Civil Infrastructure PlatformSZ Lin
CIP is target to establish an open source base layer of industrial grade software to enable the use and implementation of software. This slide will introduce the current status and road map in CIP
Long-term Maintenance Model of Embedded Industrial Linux DistributionSZ Lin
To introduce a robust, secure and reliable platform for the industrial environments is a key challenge; moreover, the platform needs to survive for a long time (more than 10+ years). There are many good solutions aiming to meet these requirements, such as LTSI (Long Term Support Initiative) and CIP (Civil Infrastructure Platform). However, it still needs a high amount of maintenance and development costs in handling SoC/ hardware board in-house patch, non-upstream driver and keep source code consistent with different SoC and platform afterwards.
In this presentation, SZ Lin will introduce how to operate long-term maintenance model of embedded industrial Linux distribution. In addition, he will also address the building, deploying and testing architecture and workflow for producing a robust, secure and reliable platform.
[ELCE] Activities of super long term support kernel workgroup in civil infras...SZ Lin
The document summarizes the activities of the Super Long Term Support Kernel Workgroup in the Civil Infrastructure Platform Project. It discusses the workgroup's maintenance of Linux kernels for over 10 years, including applying real-time patches and maintaining the kernels as the CIP-RT version. Key tasks include participating in the Linux LTS review process, releasing CIP SLTS kernels, tracking CVEs and failed patches for the CIP kernels. The workgroup aims to provide industrial-grade, sustainable and secure kernels for critical infrastructure projects.
Using open source software to build an industrial grade embedded linux platfo...SZ Lin
Building an embedded Linux platform is like a puzzle; placing the suitable software components in the right positions will constitute an optimal platform. However, selecting suitable components is difficult since it depends on different application scenarios. The essential components of an embedded Linux platform include the bootloader, Linux kernel, toolchain, root filesystem; it also needs the tools for image generation, upgrades, and testing. There are abundant resources in the Linux ecosystem with these components and tools; however, selecting the suitable modules and tools is still a key challenge for system designers.
Building, deploying and testing an industrial linux platform @ Open source su...SZ Lin
To introduce a robust, secure and reliable platform for the industrial environments is a key challenge. Therefore, running with the industrial-grade Linux distribution to fulfill the requirements mentioned above is imperative. The Linux distribution includes the Linux kernel and user space. Based on this testing design, the distribution will be built, deployed and tested in the device under automatic test by using continuous integration development practice to withstand the harsh industrial environments. In this presentation, SZ Lin will introduce how the industrial-grade Linux distribution is built, deployed and tested without human intervention, and review the test scope in both Linux kernel and user space. In addition, he will also address the design architecture of 24/7 long-term automated testing in all device under test with each release of new update.
Icecc is a distributed compiler that allows compilation jobs to be distributed across multiple computers to reduce build times. It works by having one computer act as a scheduler that distributes preprocessing, compilation, and assembly jobs to other connected computers. The key requirements are that all computers must have the same toolchain installed and be on a fast network. Setting up Icecc involves configuring one computer as the scheduler, installing Icecc on all computers, and ensuring all toolchains are packaged and accessible in a shared location. Icecc has been shown to reduce Linux kernel compilation time by 75% by utilizing 3 additional computers during the build.
This document discusses methods for reducing Linux boot times, focusing on hardware architecture, the boot process, kernel optimizations, and the init system. It recommends using faster storage like SSDs, optimizing bootloaders like GRUB, improving kernel decompression with LZ4, disabling unnecessary processes, and switching to systemd for network configuration to reduce boot times to as little as 2 seconds.
The document discusses Linux on network switches. It provides an overview of using Linux kernel on Cisco switches, including running Linux utilities and tools for interface management, troubleshooting, and network namespaces for VRF capabilities. It also introduces the GuestShell feature, which allows running open source packages and applications in a secure Linux container on the switch.
Live patching technology allows updating the Linux kernel without downtime. Ksplice was an early live patching solution released in 2009 but was limited and had licensing issues. kGraft and Kpatch were later developed by SUSE and Red Hat respectively as open source live patching solutions. Both use object code comparison and replacement at runtime, but kGraft can patch without stopping processes while Kpatch uses stop_machine to ensure safe replacement. Live patching is useful for critical bugs but has limitations around data structure and common function changes.
Manage kernel vulnerabilities in the software development lifecycleSZ Lin
This document discusses managing kernel vulnerabilities in the software development lifecycle. It covers choosing proper Linux kernel versions from trusted sources, maintaining kernels through upstream first methodology, hardening configurations, automated testing, vulnerability scanning, and community collaboration on security issues. The goal is to minimize risks and costs by addressing vulnerabilities early through a defined process.
2015-06-25 Red Hat Summit 2015 - Security Compliance Made EasyShawn Wells
The document discusses how Security Content Automation Protocol (SCAP) is making security compliance easier. It summarizes that SCAP allows automated compliance checks of systems through profiles that can remediate configurations with a single command. Live demos show using SCAP for installation, scanning systems, and remediating any issues in real-time.
Red hat enterprise_linux-5.5-release_notes-en-usDuong Hieu
This document provides release notes for Red Hat Enterprise Linux 5.5 that summarize new features and enhancements in this minor release. Highlights include hardware enablement for new Intel and AMD processors, improved virtualization support such as multiple 10 GigE SR-IOV cards and automatic hugepages usage, and updates to applications like OpenOffice and Samba. Installation and kickstart have been enhanced with additional NFS mount options, FTP server support, and improved error reporting. Device drivers, storage, and tools are also updated.
VxWorks - Holistic Security (Art of Testing)Aditya K Sood
The document discusses security issues related to the VxWorks operating system and firmware. It provides an overview of the VxWorks architecture and fault management system. It then analyzes vulnerabilities in the VxWorks OS security model, network stack, debugging interface, and firmware configuration. Finally, it discusses threats facing embedded devices like weak security practices.
This document discusses security controls for a Red Hat Enterprise Linux virtualization environment hosting Top Secret VMs. It describes the hardware and software system configuration, including the use of KVM virtualization, Identity Management, and Satellite for patching. It also covers security concepts like SELinux and cgroups used to isolate VMs and limit resources. Hardening scripts are used to configure systems according to standards and continuous monitoring is enabled through SCAP and Satellite.
Secure development on Kubernetes by Andreas FalkSBA Research
"Secure development on Kubernetes"
With the rise of Kubernetes, the Java developer has arrived in the DevOps age as well. By the multitude of complex tasks, the necessary security is often neglected. Even in managed clusters of well-known cloud providers, there are many traps and points of attack lurking.
In this presentation, essential security-critical components of a Kubernetes cluster will be presented. Security problems and corresponding measures to mitigate these will be shown. All steps are described using live demos with an exemplary Spring Boot Java application, that is deployed as a docker container in a Kubernetes cluster, taking into account recommended security patterns.
Speaker:
Andreas Falk, Novatec Consulting
Talk language: English
About the Speaker:
*********************
Andreas Falk has been working in enterprise application development projects for more than twenty years. Currently, he is working as a managing consultant for Novatec Consulting located in Germany.
In various projects, he has since been around as consultant, architect, coach, developer, and tester. His focus is on the agile development of cloud-native enterprise java applications using the complete Spring platform. As a member of the Open Web Application Security Project (OWASP), he likes to have a closer look at all aspects of application security as well. Andreas is also a frequent speaker at conferences like Spring I/O, CloudFoundry Summit, Devoxx, and OWASP AppSec.
Introduction to OpenDaylight & Application DevelopmentMichelle Holley
This document provides an introduction to OpenDaylight, an open source platform for Software-Defined Networking (SDN). It outlines what OpenDaylight is, its community and releases, the components within OpenDaylight including northbound and southbound interfaces, and some example network applications that can be built on OpenDaylight. It also provides an overview of how to develop applications using OpenDaylight, covering technologies like OSGi, MD-SAL, and the Yang modeling language.
DevOpsDaysRiga 2017: Chris Van Tuin - A DevOps State of Mind: Continuous Secu...DevOpsDays Riga
With the rise of DevOps, containers are at the brink of becoming a pervasive technology in Enterprise IT to accelerate application delivery for the business. When it comes to adopting containers in the enterprise, Security is the highest adoption barrier.
IBM Systems Technical Symposium Melbourne, 2015Filipe Miranda
IBM Systems Technical Symposium Melbourne, 2015 - this slide deck will cover z IBM Systems and IBM Power Systems news from Red Hat. This is a technical deck that shows examples of how to exploit LUN auto scanning when using FCP with NPIV and CPACF cryptography. As for Power Systems it covers RHEV for Power and RHEL LE for Power Systems.
The ultimate guide to software updates on embedded linux devicesMender.io
Slides from my talk at NDC Techtown 2019.
Abstract:
Software updates has for a long time been a mess, consisting of “homegrown” solutions specific to a certain project and there was very little re-usage between projects and very little collaboration in our community to solve these complex problems. Luckily for us that time is over and the community around this topic has grown over last couple years and still is growing as the demand increases with the growth of IoT and OTA firmware updates (which introduces even more complexity).
There are now well established open-source solutions that have been “battle tested” that we can collaborate on to make the complexity of software updates manageable. We are heading for a time where a quality Board Support Package should provide an software update implementation because it really should be solved at this level instead of handing this over to application developers which have limited knowledge of low lever architecture on a embedded device.
In this talk Mirza will present some of the challenges of doing software updates on embedded system. He will also present the available open-source projects that can be used to solving these challenges. Projects such as mender.io, SWupdate, RAUC and more.
Learn Red Hat Enterprise Linux 7.1 for IBM z Systems by Examples. This session shows what's new in the installation method, systemd management, rescue mode and how to use the automatic LUN scanning for NPIV FCP devices.
A União Europeia está enfrentando desafios sem precedentes devido à pandemia de COVID-19 e à invasão russa da Ucrânia. Isso destacou a necessidade de fortalecer a autonomia estratégica da UE em áreas como a segurança e a defesa, bem como em setores econômicos vitais. A Comissão Europeia propôs novas medidas para tornar a UE menos dependente de outros países em áreas estratégicas.
Peterson Cat has created a promotion plan for new sales representatives to introduce them to existing customers and prevent losing business during the transition. The plan includes sending existing customers an email with information about the new rep, a letter with a QR code linking to the rep's website, and delivering a welcome bag in person. It offers a 10% discount on annual service contracts to capture attention and shorten the introduction period. The $3,088 budget is expected to generate a 593% return on investment by retaining existing customers and contracts worth $100,000 in revenue during the 9 month introduction period.
Using open source software to build an industrial grade embedded linux platfo...SZ Lin
Building an embedded Linux platform is like a puzzle; placing the suitable software components in the right positions will constitute an optimal platform. However, selecting suitable components is difficult since it depends on different application scenarios. The essential components of an embedded Linux platform include the bootloader, Linux kernel, toolchain, root filesystem; it also needs the tools for image generation, upgrades, and testing. There are abundant resources in the Linux ecosystem with these components and tools; however, selecting the suitable modules and tools is still a key challenge for system designers.
Building, deploying and testing an industrial linux platform @ Open source su...SZ Lin
To introduce a robust, secure and reliable platform for the industrial environments is a key challenge. Therefore, running with the industrial-grade Linux distribution to fulfill the requirements mentioned above is imperative. The Linux distribution includes the Linux kernel and user space. Based on this testing design, the distribution will be built, deployed and tested in the device under automatic test by using continuous integration development practice to withstand the harsh industrial environments. In this presentation, SZ Lin will introduce how the industrial-grade Linux distribution is built, deployed and tested without human intervention, and review the test scope in both Linux kernel and user space. In addition, he will also address the design architecture of 24/7 long-term automated testing in all device under test with each release of new update.
Icecc is a distributed compiler that allows compilation jobs to be distributed across multiple computers to reduce build times. It works by having one computer act as a scheduler that distributes preprocessing, compilation, and assembly jobs to other connected computers. The key requirements are that all computers must have the same toolchain installed and be on a fast network. Setting up Icecc involves configuring one computer as the scheduler, installing Icecc on all computers, and ensuring all toolchains are packaged and accessible in a shared location. Icecc has been shown to reduce Linux kernel compilation time by 75% by utilizing 3 additional computers during the build.
This document discusses methods for reducing Linux boot times, focusing on hardware architecture, the boot process, kernel optimizations, and the init system. It recommends using faster storage like SSDs, optimizing bootloaders like GRUB, improving kernel decompression with LZ4, disabling unnecessary processes, and switching to systemd for network configuration to reduce boot times to as little as 2 seconds.
The document discusses Linux on network switches. It provides an overview of using Linux kernel on Cisco switches, including running Linux utilities and tools for interface management, troubleshooting, and network namespaces for VRF capabilities. It also introduces the GuestShell feature, which allows running open source packages and applications in a secure Linux container on the switch.
Live patching technology allows updating the Linux kernel without downtime. Ksplice was an early live patching solution released in 2009 but was limited and had licensing issues. kGraft and Kpatch were later developed by SUSE and Red Hat respectively as open source live patching solutions. Both use object code comparison and replacement at runtime, but kGraft can patch without stopping processes while Kpatch uses stop_machine to ensure safe replacement. Live patching is useful for critical bugs but has limitations around data structure and common function changes.
Manage kernel vulnerabilities in the software development lifecycleSZ Lin
This document discusses managing kernel vulnerabilities in the software development lifecycle. It covers choosing proper Linux kernel versions from trusted sources, maintaining kernels through upstream first methodology, hardening configurations, automated testing, vulnerability scanning, and community collaboration on security issues. The goal is to minimize risks and costs by addressing vulnerabilities early through a defined process.
2015-06-25 Red Hat Summit 2015 - Security Compliance Made EasyShawn Wells
The document discusses how Security Content Automation Protocol (SCAP) is making security compliance easier. It summarizes that SCAP allows automated compliance checks of systems through profiles that can remediate configurations with a single command. Live demos show using SCAP for installation, scanning systems, and remediating any issues in real-time.
Red hat enterprise_linux-5.5-release_notes-en-usDuong Hieu
This document provides release notes for Red Hat Enterprise Linux 5.5 that summarize new features and enhancements in this minor release. Highlights include hardware enablement for new Intel and AMD processors, improved virtualization support such as multiple 10 GigE SR-IOV cards and automatic hugepages usage, and updates to applications like OpenOffice and Samba. Installation and kickstart have been enhanced with additional NFS mount options, FTP server support, and improved error reporting. Device drivers, storage, and tools are also updated.
VxWorks - Holistic Security (Art of Testing)Aditya K Sood
The document discusses security issues related to the VxWorks operating system and firmware. It provides an overview of the VxWorks architecture and fault management system. It then analyzes vulnerabilities in the VxWorks OS security model, network stack, debugging interface, and firmware configuration. Finally, it discusses threats facing embedded devices like weak security practices.
This document discusses security controls for a Red Hat Enterprise Linux virtualization environment hosting Top Secret VMs. It describes the hardware and software system configuration, including the use of KVM virtualization, Identity Management, and Satellite for patching. It also covers security concepts like SELinux and cgroups used to isolate VMs and limit resources. Hardening scripts are used to configure systems according to standards and continuous monitoring is enabled through SCAP and Satellite.
Secure development on Kubernetes by Andreas FalkSBA Research
"Secure development on Kubernetes"
With the rise of Kubernetes, the Java developer has arrived in the DevOps age as well. By the multitude of complex tasks, the necessary security is often neglected. Even in managed clusters of well-known cloud providers, there are many traps and points of attack lurking.
In this presentation, essential security-critical components of a Kubernetes cluster will be presented. Security problems and corresponding measures to mitigate these will be shown. All steps are described using live demos with an exemplary Spring Boot Java application, that is deployed as a docker container in a Kubernetes cluster, taking into account recommended security patterns.
Speaker:
Andreas Falk, Novatec Consulting
Talk language: English
About the Speaker:
*********************
Andreas Falk has been working in enterprise application development projects for more than twenty years. Currently, he is working as a managing consultant for Novatec Consulting located in Germany.
In various projects, he has since been around as consultant, architect, coach, developer, and tester. His focus is on the agile development of cloud-native enterprise java applications using the complete Spring platform. As a member of the Open Web Application Security Project (OWASP), he likes to have a closer look at all aspects of application security as well. Andreas is also a frequent speaker at conferences like Spring I/O, CloudFoundry Summit, Devoxx, and OWASP AppSec.
Introduction to OpenDaylight & Application DevelopmentMichelle Holley
This document provides an introduction to OpenDaylight, an open source platform for Software-Defined Networking (SDN). It outlines what OpenDaylight is, its community and releases, the components within OpenDaylight including northbound and southbound interfaces, and some example network applications that can be built on OpenDaylight. It also provides an overview of how to develop applications using OpenDaylight, covering technologies like OSGi, MD-SAL, and the Yang modeling language.
DevOpsDaysRiga 2017: Chris Van Tuin - A DevOps State of Mind: Continuous Secu...DevOpsDays Riga
With the rise of DevOps, containers are at the brink of becoming a pervasive technology in Enterprise IT to accelerate application delivery for the business. When it comes to adopting containers in the enterprise, Security is the highest adoption barrier.
IBM Systems Technical Symposium Melbourne, 2015Filipe Miranda
IBM Systems Technical Symposium Melbourne, 2015 - this slide deck will cover z IBM Systems and IBM Power Systems news from Red Hat. This is a technical deck that shows examples of how to exploit LUN auto scanning when using FCP with NPIV and CPACF cryptography. As for Power Systems it covers RHEV for Power and RHEL LE for Power Systems.
The ultimate guide to software updates on embedded linux devicesMender.io
Slides from my talk at NDC Techtown 2019.
Abstract:
Software updates has for a long time been a mess, consisting of “homegrown” solutions specific to a certain project and there was very little re-usage between projects and very little collaboration in our community to solve these complex problems. Luckily for us that time is over and the community around this topic has grown over last couple years and still is growing as the demand increases with the growth of IoT and OTA firmware updates (which introduces even more complexity).
There are now well established open-source solutions that have been “battle tested” that we can collaborate on to make the complexity of software updates manageable. We are heading for a time where a quality Board Support Package should provide an software update implementation because it really should be solved at this level instead of handing this over to application developers which have limited knowledge of low lever architecture on a embedded device.
In this talk Mirza will present some of the challenges of doing software updates on embedded system. He will also present the available open-source projects that can be used to solving these challenges. Projects such as mender.io, SWupdate, RAUC and more.
Learn Red Hat Enterprise Linux 7.1 for IBM z Systems by Examples. This session shows what's new in the installation method, systemd management, rescue mode and how to use the automatic LUN scanning for NPIV FCP devices.
A União Europeia está enfrentando desafios sem precedentes devido à pandemia de COVID-19 e à invasão russa da Ucrânia. Isso destacou a necessidade de fortalecer a autonomia estratégica da UE em áreas como a segurança e a defesa, bem como em setores econômicos vitais. A Comissão Europeia propôs novas medidas para tornar a UE menos dependente de outros países em áreas estratégicas.
Peterson Cat has created a promotion plan for new sales representatives to introduce them to existing customers and prevent losing business during the transition. The plan includes sending existing customers an email with information about the new rep, a letter with a QR code linking to the rep's website, and delivering a welcome bag in person. It offers a 10% discount on annual service contracts to capture attention and shorten the introduction period. The $3,088 budget is expected to generate a 593% return on investment by retaining existing customers and contracts worth $100,000 in revenue during the 9 month introduction period.
This presentation introduces the key challenges to building IoT devices (from consumer devices all the way to IOT gateways) and solutions to address these challenges.
Presentation given at Ubuncon Europe 2016.
- Edgar Degas was a French artist who painted in the Impressionist style, though he considered himself a realist as his paintings depicted more common subjects with realistic details.
- He was fascinated by movement and often painted ballet dancers, racehorses, and scenes from the Paris Opera House where he spent much of his time.
- Later in life, Degas experienced vision problems which resulted in his paintings having less detail. He produced over 2,000 paintings in his lifetime.
SharePoint Saturday UK 2013 - Lighting up SharePoint with Office 365 Project ...Chirag Patel
SharePoint Saturday UK 2013 Presentation slides demonstrated Project Portfolio Management (PPM) solution based upon Project Online for Office 365. We covered the key configuration tasks required to successfully manage projects, communication and reporting based on real world scenario.
The document discusses various topics related to effective thinking including mind maps, creativity, multiple intelligences, and teaching learning styles. It explains that mind maps are a profound tool for organizing information and ideas. It also discusses that creativity does not come from structure alone and notes how Einstein organized his extensive notes. Additionally, it describes Howard Gardner's theory of multiple intelligences and examples of gifted individuals. Finally, it outlines how mind maps can be used in the classroom to aid writing, motivate students, and help with memory and reading.
Este documento proporciona instrucciones comunes en español para el comportamiento y participación de estudiantes en el aula, incluyendo cómo pararse, formarse en fila, mantener silencio, escuchar al profesor, limpiar el salón de clases, y seguir otras instrucciones del maestro sobre leer, escribir, hablar y moverse en el salón.
Adeel Masih is seeking a position as a Jam Tech, Tong Operator, or Stabber with experience working on casing and tubing running jobs. He has over 8 years of experience in these roles working internationally for companies in Oman and Pakistan. His responsibilities included preparing equipment, running casing/liner/completion jobs, operating tongs, stabbing tubing, and maintaining trs equipment. He has extensive training and certifications in HSE practices, power tools, lifting operations, and more.
Low Power Wireless Sensor Network Technologies and Standards for the Internet...Duncan Purves
Presentation on Low Power Wireless Sensor Network Technologies and Standards for the Internet of Things given at Institute of Physics, Sensors & their Applications XVIII Conference, 12 September 2016
Curso de aleman moment mal!.langenscheidt-lehrbuch i-nivel elemental e interm...Hikikomoris Tk
La pandemia de COVID-19 ha tenido un impacto significativo en la economía mundial y las vidas de las personas. Muchos países han impuesto medidas de confinamiento que han cerrado negocios y escuelas, y han pedido a la gente que se quede en casa tanto como sea posible para frenar la propagación del virus. A medida que los países comienzan a reabrir gradualmente, los gobiernos deben encontrar el equilibrio adecuado entre la reactivación de la economía y la prevención de nuevos brotes de la enfermedad.
Démystifions le machine learning avec spark par David Martin pour le Salon B...Ippon
Les volumes de données permettent d’envisager de nouveaux usages, pour la plupart rendus accessibles grâce aux algorithmes de Machine Learning. Découvrez ce qu’est le Machine Learning par de multiples exemples. Comprenez les enjeux autour de la donnée et comment passer de la donnée brute aux prédictions en identifiant les différentes étapes intermédiaires. Enfin, découvrez comment mettre ces concepts en oeuvre avec une présentation des outils à disposition aujourd’hui, et un focus sur Spark, son architecture et les possibilités offertes autour du Machine Learning.
Steam is an employer branding agency that focuses on quality code development using containers and docker-compose. They help clients develop awesome apps that allow them to sleep at night by taking care of the boring but important infrastructure work like APIs, CMS systems, and static sites using tools like Grape, Rails, Middleman, and Docker containers. Their goal is to help clients focus on quick development and relaxing while Steam raises the anchor and starts shipping.
Realtime Web avec Akka, Kafka, Spark et Mesos - Devoxx Paris 2014Ippon
Ce talk est un retour d’expérience sur la mise en œuvre de Spark et Streaming Spark. Nous aborderons :
La collecte des données à la volée dans l’application Web avec Akka
La séparation des producteurs et consommateurs avec Kafka
La transformation des données avec Spark et Streaming Spark
Le déploiement sur un cluster avec Apache Mesos
Red Hat for IBM System z is an overview presentation that covers:
1) Red Hat's business overview including growth, revenues, and collaboration with IBM.
2) The Red Hat Enterprise Linux lifecycle roadmap and features of RHEL7 including new security and file system options.
3) Enhancements in RHEL7 that are specific to IBM System z architectures like improved DASD statistics and crypto adapter support.
2008-11-13 CAVMEN RHEL for System z Deep DiveShawn Wells
Audience was technical Linux on System z practitioners. Steps through the Linux on System z development process, what is included in RHEL for System z (now + future), provisioning and patch management, and broad security updates (SELinux, Auditing, Crypto).
Linux Containers and Docker SHARE.ORG Seattle 2015Filipe Miranda
This slide deck shows us an introduction to Linux Containers (LXC) and Docker for Linux on IBM z Systems.
One example of a commercial use of Linux Containers (and Docker) is Red Hat Openshift, which is is also covered at the end.
2011-03-15 Lockheed Martin Open Source DayShawn Wells
This document provides an overview of Red Hat's enterprise products and technologies, including Red Hat Enterprise Linux, Red Hat Network Satellite, Red Hat Enterprise Virtualization, JBoss middleware, and Red Hat cloud technologies. It discusses features of Red Hat Enterprise Linux 6 such as resource management, security capabilities, and support period. It also summarizes Red Hat Network Satellite, Red Hat Enterprise Virtualization, JBoss products, and Red Hat's approach to open source cloud computing technologies and standards.
2008-01-22 Red Hat (Security) Roadmap PresentationShawn Wells
This document provides an agenda and overview for a Red Hat security seminar. The seminar will cover Red Hat emerging technologies like virtualization and security, Red Hat security features and certifications, SELinux enhancements in Red Hat Enterprise Linux 5, and high availability and clustering solutions. It will also discuss the Red Hat development model, JBoss enterprise services, and Red Hat identity management products.
This document provides an overview and agenda for an Ansible Linux automation workshop. It will cover topics including:
- Converting shell scripts to Ansible playbooks
- Retrieving information from hosts and deploying applications at scale
- Self-service IT using surveys and system roles for Red Hat Enterprise Linux
- Integration with Red Hat Insights for monitoring Ansible environments
It introduces participants to the core components of Ansible including playbooks, modules, plugins, and inventories. Exercises will have participants use these components to automate tasks like installing and configuring Apache on Linux systems.
Best Red Hat Linux Certification CourseNetwork Kings
Looking to beautify your abilities in Red Hat Linux? Look no further! Network Kings gives a complete Red Hat Certification Course that covers system management, network configuration, and protection management. Gain practical level in thru real-international projects and grow to be a certified professional. Elevate your Linux expertise with our top-notch training application.
https://www.nwkings.com/courses/red-hat-linux-certification
Lean Drupal Repositories with Composer and DrushPantheon
Composer is the industry-standard PHP dependency manager that is now in use in Drupal 8 core. This session will show the current best practices for using Composer, drupal-composer, drupal-scaffold, Drush, Drupal Console and Drush site-local aliases to streamline your Drupal 7 and Drupal 8 site repositories for optimal use on teams.
Dean Hagen has over 22 years of experience in IT roles including 15 years of experience with UNIX/Linux systems. He has expertise in security auditing, firewall administration, web/application servers, virtualization, storage, and networking. His background includes roles as a solutions architect, senior cloud infrastructure engineer, technical lead, and senior technical support engineer.
This document is a curriculum vitae for Shyamnand Kamat seeking a position as a Linux Administrator. He has over 5 years of experience in multiple Linux and UNIX platforms, specialized in Red Hat Linux. His technical expertise includes deployment of Linux operating systems, configuration of firewalls, routing, scheduling tasks, troubleshooting, and maintenance of Linux, UNIX, and virtualization environments. He is proficient in technologies such as Red Hat, HP-UX, VMware, Hyper-V, and Cisco UCS servers. His experience includes roles as a Linux engineer and administrator for various companies providing support for production environments.
2011-11-03 Intelligence Community Cloud Users GroupShawn Wells
Hosted by TMA, spoke about Red Hat's virtualization portfolio, RHEV & KVM technical updates (Xen vs KVM, sVirt), RHEV 3, and security automation (OpenSCAP).
This document discusses Khronos standards for accelerating vision and inferencing. It provides an overview of Khronos initiatives like OpenCL, SYCL, OpenVX, NNEF and SPIR-V which provide portable APIs for parallel programming and hardware acceleration. It describes how these standards enable applications to effectively harness acceleration resources and how the standards work together in machine learning compiler stacks and embedded vision workflows.
Red Hat Enterprise Linux 8 Technical overview v1(1).pdfSimonCoter2
This document provides an overview of the key features and capabilities of Red Hat Enterprise Linux 8. It highlights that RHEL 8 provides developers with access to the latest tools while ensuring stability and support for operations. It also summarizes that RHEL 8 offers a stable, high-performing platform that can scale to meet organizational needs now and in the future through features like simplified deployment, standardized platforms, predictable updates, and application streams. The document also briefly mentions security and management capabilities like Red Hat Insights and the web console.
2008-10-15 Red Hat Deep Dive Sessions: SELinuxShawn Wells
This document discusses SELinux and provides details about:
1) The three SELinux policy types - targeted, strict, and multi-level security (MLS). It explains the differences between these policy types.
2) How SELinux works using type enforcement to define security contexts for subjects and objects to enforce access controls.
3) Tools that system administrators can use to manage SELinux policies and troubleshoot issues like semanage, sealert, and audit2allow. It provides examples of using these tools.
4) A scenario where a corporate VPN update broke a user's configuration and how SELinux logs and tools could help fix the issue.
DevOps and HPC: Saudi Aramco HPC use case discusses how DevOps practices like infrastructure as code and configuration management tools like Puppet can help optimize HPC clusters. Benefits include speeding up cluster deployments from days to hours, continuous deployment, drift control, and team collaboration through version control. Containers are also discussed as a potential way to improve portability, scalability and software delivery for HPC workloads. However, challenges include changing processes, kernel requirements, security, and keeping pace with the fast-moving container ecosystem.
Build Your Own PaaS, Just like Red Hat's OpenShift from LinuxCon 2013 New Orl...OpenShift Origin
Learn how to build your platform as a service just like RedHat's OpenShift PaaS - covers all the architecture & internals of OpenShift Origin OpenSource project, how to deploy it & configure it for bare metal, AWS, OpenStack, CloudStack or any IaaS, and the community that's collaborating on the project to deliver the next-generation of secure, scale-able PaaS visit: openshift.com for more information
presented at LinuxCon by Diane Mueller in the CloudOpen track
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...Shawn Wells
RHEL 5.4 focused on virtualization improvements like full support for KVM hypervisor on x86_64, network performance enhancements through GRO, and storage updates including Ext4 bug fixes and a technology preview of XFS file system support. For System z, RHEL 5.4 included features like support for large volumes, FCP performance monitoring, shutdown action tools, and improved installation workflow.
Similar to 2008-07-30 IBM Teach the Teacher (IBM T3), Red Hat Update for System z (20)
The document discusses challenges that ARCYBER faces in deploying numerous applications for their DCO mission using traditional methods and proposes adopting a container strategy using technologies like Docker and Kubernetes to package applications and dependencies to allow for easier and faster deployment. It outlines how a container platform based on these technologies can provide benefits like continuous integration/delivery, rapid scaling, service discovery, and management of the application lifecycle and services. The presentation promotes Red Hat OpenShift as a container application platform that can provide these capabilities along with security features and certifications needed for government use.
2017-07-12 GovLoop: New Era of Digital SecurityShawn Wells
This document discusses the new era of digital security in light of emerging technologies like cloud computing, software-defined infrastructure, and the increased use of applications and devices outside of IT's control. It argues that traditional network-based defenses are no longer enough and that security must evolve to be continuous and integrated throughout the IT lifecycle. It presents containers and container platforms like Kubernetes as an approach that can help achieve both agility and improved security by allowing for easy and secure application deployment across hybrid environments.
2017-07-11 GovLoop: Changing the Open Hybrid Cloud Game (Deploying OpenShift ...Shawn Wells
Microsoft and Red Hat have certified OpenShift Container Platform to run on Microsoft Azure. This talk steps through the reference architecture and ongoing work to accelerate government ATOs.
This document discusses building trust and compliance in cloud environments. It covers hardware and software building blocks like Intel TXT and Linux/KVM that can establish a root of trust from the hardware level. It then discusses how open source projects like OpenCIT can provide visibility into platform trust and enforce compliance. Example reference architectures are provided using solutions from Intel, Red Hat, HyTrust and others. The presentation concludes with a demo of security scanning and OpenCIT capabilities.
This document provides an agenda for an OpenSCAP workshop that will explore scanning, reporting, and remediation using OpenSCAP tools and SCAP content. The workshop will include installing and reviewing compliance profiles in RHEL 7, performing and interpreting compliance scans and remediating findings, and creating a custom configuration baseline. It outlines the tasks to be completed which include installing OpenSCAP and SCAP content, reviewing available profiles and hardening guides, performing a local scan and reviewing results, extracting and reviewing remediation scripts, scanning a VM with the DISA STIG profile, and demonstrating the SCAP Workbench tool.
This document summarizes a presentation about security automation updates for Red Hat Enterprise Linux 7 (RHEL7) Department of Defense Security Technical Implementation Guide (DoD STIG) compliance. The presentation covers RHEL7 STIG and DoD Secure Host Baseline status, demonstrations of deploying systems in STIG compliance and configuration compliance scanning with OpenSCAP, and a discussion of government plans and future profiles.
2016-08-24 FedInsider Webinar with Jennifer Kron - Securing Intelligence in a...Shawn Wells
This document discusses securing intelligence in an open hybrid cloud environment. It covers foundational security practices like testing identity and access management, continuous monitoring, and standardized implementations. It also discusses enabling federated data access across systems while maintaining security and privacy. Finally, it presents examples of projects that map security policies to systems and provide abstracted views of data to allow searching across different agencies' databases.
2016-08-18 Red Hat Partner Security UpdateShawn Wells
The document discusses a security update presentation given by Shawn Wells, Chief Security Strategist. The presentation covered security initiatives like the Common Criteria and FIPS 140-2 standards. It also included a live demo of scanning systems for compliance with configuration guidelines like the Department of Defense STIG using OpenSCAP tools. Wells discussed compliance status and remediation timelines for Red Hat Enterprise Linux versions 5, 6 and 7. The presentation provided an overview of the SCAP standard and how it helps provide standardized security configuration and reporting.
CSCF participates in open source security projects like SELinux and OpenSCAP. It collaborates with Red Hat to integrate these projects into Red Hat Enterprise Linux to create open, secure platforms. Red Hat then commercializes these platforms along with services and certifications, serving over 100,000 customers.
2015-10-05 Fermilabs DevOps Alone in the DarkShawn Wells
This document discusses the differences between DevOps practices in private industry and security practices in government. It notes that private companies can deploy code over 10,000 times per day, whereas government processes involve multiple standardized steps for categorizing, selecting, implementing, assessing, authorizing, and monitoring controls. The document proposes two initiatives - standardizing controls and configuration baselines across the government, and automating assessments using the Security Content Automation Protocol (SCAP). It provides information on engaging with the OpenSCAP community and learning more about SCAP.
The document argues that IT professionals are manufacturers rather than craftsmen because they share resources through open source and cloud computing to work more quickly and flexibly. It suggests that agility is enabled by sharing code and infrastructure, and that Red Hat acts as a catalyst for this type of collaborative development approach.
2014-12-16 defense news - shutdown the hackersShawn Wells
The document discusses technologies for continuous monitoring and data standardization. It begins with an overview of a presentation on vulnerability management, configuration management, and the DoD Centralized Super Computing Facility story. It then covers various topics related to cybersecurity including reliance on technology over time, the ever-increasing capability and complexity of systems, cybercrime statistics, and the Security Content Automation Protocol (SCAP).
This document outlines a presentation on applying SCAP (Security Content Automation Protocol) to automate security compliance and remediation. The presentation has three main goals: 1) detail security automation technology and initiatives like OpenSCAP, the SCAP Security Guide, and evolving remediation capabilities; 2) provide a live demo of configuration compliance scanning, patch and vulnerability scanning, and generating certification/accreditation paperwork; and 3) discuss the roadmap for government initiatives, SCAP packaging, and future profiles. The document provides an overview of the topics that will be covered in each section of the presentation.
2014-07-30 defense in depth scap workbookShawn Wells
The document provides information about a workshop on SCAP and STIGs. It discusses the SCAP Security Guide project which produces security guidance and baselines using SCAP. It describes how to install the SCAP content for Red Hat Enterprise Linux 6. It then explains the key components of SCAP - XCCDF for security checklists, OVAL for vulnerabilities, and OpenSCAP for interpreting SCAP data. It outlines how to operate SCAP tools to validate rules, generate HTML guides, perform scans, and interpret results. It also covers customizing SCAP content by authoring new rules and profiles.
2014-05-08 IT Craftsmanship to IT ManufacturingShawn Wells
This document discusses Red Hat's transition from IT craftsmanship to IT manufacturing. It notes that any forward-looking statements represent Red Hat's estimates or views as of the date of the presentation only, and are subject to change. The focus of the next 30 minutes will be on how Open Compute fits within Red Hat's strategy, differences between IaaS, PaaS and cloud offerings, and upcoming technology projects. Geard is introduced as a command-line tool for integrating and managing Docker containers in Linux systemd. It allows building, deploying, and monitoring containerized applications from the CLI or API. OpenSCAP is also briefly mentioned as a tool for software supply chain hardening through whitelisting, measurements,
2014-04-28 cloud security frameworks and enforcementShawn Wells
This document discusses cloud security frameworks and enabling technologies. It begins with an overview of the cloud security lifecycle and government certification models. It then discusses the Security Content Automation Protocol (SCAP) and containers as enabling security technologies. The remainder of the document focuses on a case study of Westfield's MADFW/MITE infrastructure as a service platform and how it plans to transition to a platform as a service model using containerization to provide multi-tenancy.
2014 04-17 Applied SCAP, Red Hat Summit 2014Shawn Wells
The document outlines a 45 minute presentation with 3 goals: 1) detail security automation technology and initiatives including OpenSCAP, configuration compliance using SCAP Security Guides, and evolving remediation capabilities; 2) provide a live demo of configuration compliance scanning, patch and vulnerability scanning, and certification/accreditation paperwork generation; 3) discuss the roadmap for government plans, packaging, and future profiles. It then provides an overview of SCAP, the SCAP Security Guide project and contributors, and remediation capabilities including both bash and puppet approaches.
SELinux is a Linux kernel security module that allows strict control over processes and their access to files. It was developed by the NSA and integrated into the mainline Linux kernel in 2003. SELinux uses security labels on processes and files to control access between them based on their labels. This prevents processes from accessing files or resources they are not authorized for. It also compartmentalizes systems and users to restrict what an attacker can do if they compromise a process. SELinux supports role-based access control and can label users into roles to control their access. It also supports multi-level security to compartmentalize applications and users.
Most important New features of Oracle 23c for DBAs and Developers. You can get more idea from my youtube channel video from https://youtu.be/XvL5WtaC20A
Hand Rolled Applicative User ValidationCode KataPhilip Schwarz
Could you use a simple piece of Scala validation code (granted, a very simplistic one too!) that you can rewrite, now and again, to refresh your basic understanding of Applicative operators <*>, <*, *>?
The goal is not to write perfect code showcasing validation, but rather, to provide a small, rough-and ready exercise to reinforce your muscle-memory.
Despite its grandiose-sounding title, this deck consists of just three slides showing the Scala 3 code to be rewritten whenever the details of the operators begin to fade away.
The code is my rough and ready translation of a Haskell user-validation program found in a book called Finding Success (and Failure) in Haskell - Fall in love with applicative functors.
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesQuickdice ERP
Explore the seamless transition to e-invoicing with this comprehensive guide tailored for Saudi Arabian businesses. Navigate the process effortlessly with step-by-step instructions designed to streamline implementation and enhance efficiency.
What to do when you have a perfect model for your software but you are constrained by an imperfect business model?
This talk explores the challenges of bringing modelling rigour to the business and strategy levels, and talking to your non-technical counterparts in the process.
UI5con 2024 - Bring Your Own Design SystemPeter Muessig
How do you combine the OpenUI5/SAPUI5 programming model with a design system that makes its controls available as Web Components? Since OpenUI5/SAPUI5 1.120, the framework supports the integration of any Web Components. This makes it possible, for example, to natively embed own Web Components of your design system which are created with Stencil. The integration embeds the Web Components in a way that they can be used naturally in XMLViews, like with standard UI5 controls, and can be bound with data binding. Learn how you can also make use of the Web Components base class in OpenUI5/SAPUI5 to also integrate your Web Components and get inspired by the solution to generate a custom UI5 library providing the Web Components control wrappers for the native ones.
8 Best Automated Android App Testing Tool and Framework in 2024.pdfkalichargn70th171
Regarding mobile operating systems, two major players dominate our thoughts: Android and iPhone. With Android leading the market, software development companies are focused on delivering apps compatible with this OS. Ensuring an app's functionality across various Android devices, OS versions, and hardware specifications is critical, making Android app testing essential.
Preparing Non - Technical Founders for Engaging a Tech AgencyISH Technologies
Preparing non-technical founders before engaging a tech agency is crucial for the success of their projects. It starts with clearly defining their vision and goals, conducting thorough market research, and gaining a basic understanding of relevant technologies. Setting realistic expectations and preparing a detailed project brief are essential steps. Founders should select a tech agency with a proven track record and establish clear communication channels. Additionally, addressing legal and contractual considerations and planning for post-launch support are vital to ensure a smooth and successful collaboration. This preparation empowers non-technical founders to effectively communicate their needs and work seamlessly with their chosen tech agency.Visit our site to get more details about this. Contact us today www.ishtechnologies.com.au
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...XfilesPro
Wondering how X-Sign gained popularity in a quick time span? This eSign functionality of XfilesPro DocuPrime has many advancements to offer for Salesforce users. Explore them now!
Liberarsi dai framework con i Web Component.pptxMassimo Artizzu
In Italian
Presentazione sulle feature e l'utilizzo dei Web Component nell sviluppo di pagine e applicazioni web. Racconto delle ragioni storiche dell'avvento dei Web Component. Evidenziazione dei vantaggi e delle sfide poste, indicazione delle best practices, con particolare accento sulla possibilità di usare web component per facilitare la migrazione delle proprie applicazioni verso nuovi stack tecnologici.
Measures in SQL (SIGMOD 2024, Santiago, Chile)Julian Hyde
SQL has attained widespread adoption, but Business Intelligence tools still use their own higher level languages based upon a multidimensional paradigm. Composable calculations are what is missing from SQL, and we propose a new kind of column, called a measure, that attaches a calculation to a table. Like regular tables, tables with measures are composable and closed when used in queries.
SQL-with-measures has the power, conciseness and reusability of multidimensional languages but retains SQL semantics. Measure invocations can be expanded in place to simple, clear SQL.
To define the evaluation semantics for measures, we introduce context-sensitive expressions (a way to evaluate multidimensional expressions that is consistent with existing SQL semantics), a concept called evaluation context, and several operations for setting and modifying the evaluation context.
A talk at SIGMOD, June 9–15, 2024, Santiago, Chile
Authors: Julian Hyde (Google) and John Fremlin (Google)
https://doi.org/10.1145/3626246.3653374
3. 3
Introductions
Shawn Wells
W/W Lead, Linux on System z
Solutions Architect
Business Development, Presentations & Demos, Interface
to Prod Mgmt, etc
4. 4
Introductions
Shawn Wells
W/W Lead, Linux on System z
Solutions Architect
Business Development, Presentations & Demos, Interface
to Prod Mgmt, etc
Also here at T3.....
Brad Hinson
Lead, Linux on System z Technical Support
Justin Payne
Sr Technical Support Engineer, Linux on System z
5. 5
Red Hat Development Model
Community
Development with “upstream” communities
Kernel, glibc, etc
Collaboration with partners, IBM,
open source contributors
6. 6
Red Hat Development Model
Fedora
Rapid innovation
Latest technologies
Community Supported
Released ~6mo cycles
7. 7
Red Hat Development Model
Red Hat Enterprise Linux
Stable, mature, commercial product
Extensive Q&A, performance testing
Hardware & Software Certifications
7yr maintenance
Core ABI compatibility
guarantee
Major releases 2-3yr cycle
8. 8
Red Hat Today: Announcements
Extended Product Lifecycle
Years 1 - 4 Yr 6,7Yr 5
Production 1
Production 2
Production 3
Security Patches
Bug Fixes
Hardware Enablement
Software Enhancements
X
X
X
Full
X
X
Partial
X
X
None
9. 9
Red Hat Today: Announcements
Red Hat Enterprise Linux 4.7
Announced Thursday, July 24 2008
2.6.9-78 Kernel Stream
Added AIDE
Ability to generate SHA-256 and SHA-512 password hashes
Updated zFCP driver to include bugfixes
Updated qdio driver to fix zFCP/SCSI write to IO stagnates on LPAR
/proc/sys/vm/nfs-writeback-lowmem-only param to fix NFS read
performance
/proc/sys/vm/write-mapped to help select faster NFS read performance
autofs5
N_PIV is waiting development acceptance for 4.8 (Already in RHEL5)
Download @ https://rhn.redhat.com/network/software/download_isos_full.pxt
10. 10
Red Hat Today: Announcements
What is AIDE?
Intrusion Detection program
Ships with RHEL5, now in 4.7
# yum install aide
# aide –init
11. 11
Red Hat Today: Announcements
What is AIDE?
Intrusion Detection program
Ships with RHEL5, now in 4.7
# yum install aide
# aide –init
# chmod 777 /etc/hosts
12. 12
Red Hat Today: Announcements
What is AIDE?
Intrusion Detection program
Ships with RHEL5, now in 4.7
# yum install aide
# aide –init
# chmod 777 /etc/hosts
# aide - -check
AIDE found differences between database and filesystem!!
Changed files:
changed:/etc/hosts
Detailed information about changes:
File: /etc/hosts
Permissions: -rw-r--r-- , -rwxrwxrwx
13. 13
Red Hat Today: Announcements
Red Hat / IBM Alliance
Technical Perspective
Dedicated Partner Managers
IBM on-site kernel engineers at Red Hat
Weekly calls with IBM System z Product Mgmt
Emphasis on IBM access to code (making it easier to work
together)
Weekly reviews of open bugs & feature requests
Proof of Concept Support
Marketing & Sales Perspective
Joint World-Wide Tour
Marist, zNTP, T3, SHARE, zExpo, etc
Business Perspective
Dedicated staff from helpdesk to executive
15. 15
Red Hat Today: RHEL Status
Upstream of Code
DASD Drive Updates
zFCP Driver Updates
zFCP multipathing support in RHEL5 installer
Crypto2 Express Support
Hugetblfs
Layer-2 IPv6 support for Hipersockets
Marketing Perspective
Joint World-Wide Tour
Marist, zNTP, T3, SHARE, zExpo, etc
Sales Perspective
Joint sales calls
17. 17
Red Hat Today: RHEL Status
RHEL 5.1
● Improved z/VM scheduling
● Improved performance with key recompiled libraries
RHEL 5.2
● Support for new IBM z10
● Improved IBM Director support to support fast connection to z/VM
● Improved Virtual Server Management
● Implementation of SCSI dump infrastructure
● Support for Dynamic CHPID reconfiguration
● Better network configuration tool support for System z network adapters
● Improved install experience with support for “ssh -X” with VNC
● Better network performance with skb scatter-gather support
● Implemented device-multipath support for xDR/GDPS
RHEL 5.3
● NSS, CPU Affinity, ETR support planned
● Suggestions? swells@redhat.com
18. 18
Red Hat Today: RHEL Security Status
Hardware Enablement
In kernel crypto
S/390 implementation of SHA-384 and SHA-512 digests
Improved encryption performance (i.e. encrypted filesystems)
libica library
Support for updated OpenSSL, PKCS#11, GSKit, and kernel
crypto APIs
Device driver performance updates
Crypto2 Express Support
19. 19
Red Hat Today: RHEL Security Status
Kernel Enablement
SELinux
Policies { targeted, strict, MLS }
Contexts { root:system_r:httpd_sys_script_t }
Roles { system_r, object_r }
ExecShield, FORTIFY_SOURCE, and Canary Values
kernel.exec-shield (/proc/sys/kernel/exec-shield)
ACL Lists
setfactl, getfacl
23. 23
Red Hat Today: RHEL Security Status
SELinux Use Case
Apache should not be allowed to overwrite content
Therefore, Apache – and any program started by Apache – is not given write
access to the data
SELinux constrains the program, regardless of the user running executable
The content is protected, even if the Apache PHP/CGI user owns the files
When attacker uses the same exploit, with SELinux turned on:
Mar 3 23:02:04 rhel4-u4-as kernel: audit(1170820924.171:108):
avc: denied { write } for pid=26760 comm="sh"
name="phpbb" dev=dm-0 ino=1114119
scontext=root:system_r:httpd_sys_script_t
tcontext=root:object_r:httpd_sys_content_t tclass=dir
24. 24
Red Hat Today: RHEL Security Status
SELinux
Loadable Policy Modules
●
In the past, all policy changes had to be made to the policy source
● Required the entire policy re-compiled
● Requiring a full set of policy development tools on production systems.
● Modules allow for the creation of self-contained policy modules
● Safely linked together to create system policies
● Add policy on the fly
● Remove policy on the fly
● Framework to allow ISV/OEM partners to ship their own modular
SELinux policy
25. 25
Red Hat Today: RHEL Security Status
Who cares about SELinux Loadable Policy Modules?
26. 26
Red Hat Today: RHEL Security Status
Who cares about SELinux Loadable Policy Modules?
or
I just turn off SELinux anyway
27. 27
Red Hat Today: RHEL Security Status
SELinux
Red Hat gives employees a “Corporate Standard Build”
Customized RHEL Desktop
Includes VPN Configuration
VPN Broke in last update!
time->Wed Mar 5 07:22:55 2008
type=SYSCALL msg=audit(1204719775.306:738): arch=40000003 syscall=54 success=no
exit=-19 a0=4 a1=8933 a2=bfcec1bc a3=bfcec1bc items=0 ppid=3900 pid=5003 auid=501
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="ip"
exe="/sbin/ip" subj=user_u:system_r:ifconfig_t:s0 key=(null)
type=AVC msg=audit(1204719775.306:738): avc: denied { sys_module } for pid=5003
comm="ip" capability=16 scontext=user_u:system_r:ifconfig_t:s0
tcontext=user_u:system_r:ifconfig_t:s0 tclass=capability
29. 29
Red Hat Tomorrow: Here comes XCCDF
XCCFD Format
Language for
describing policy
“your password will be...”
30. 30
Red Hat Tomorrow: Here comes XCCDF
XCCFD Format
OVAL Format
Language for
defining compliance
“prove that your password is...”
Language for
describing policy
“your password will be...”
31. 31
Red Hat Tomorrow: Here comes XCCDF
XCCFD Format
OVAL Format
CVE Dictionary Standard vulnerability
& exposure names
Language for
defining compliance
“prove that your password is...”
Language for
describing policy
“your password will be...”
32. 32
Red Hat Tomorrow: Using XCCDF
<definitions>
<definition class="vulnerability" id="OVAL9999" instance="1">
<affected family="Linux">
<linux:platform>Red Hat Enterprise Linux</linux:platform>
<product>RHEL5.2</product>
</affected>
<description>SELinux is turned off</description>
<reference source="CVE">CVE-SELinux-test</reference>
<status>ACCEPTED</status>
<version>1</version>
<criteria result="1">
<criteria comment="SELinux Turned off. Turn back on." test_ref="XCCDF-
Section1" version="1"/>
</criteria>
</definition>
</definitions>
33. 33
Red Hat Today: Systems Management
Red Hat Network
A systems management platform designed to provide complete life
cycle management of the operating system and applications.
Provision/re-provision machines without
touching them
Manage 1,000 systems as
easily as 1
Ensure security fixes / config
changes applied consistently
across enterprise
34. 34
What is Red Hat Network?
Enterprise solution, enhanced
control
All system information stored
locally on your network
Custom content distribution
Ability to run disconnected from
internet
Satellite
35. 35
RHN Satellite Deployment Model
MANAGED
SYSTEMS
RHN Proxy
WEB INTERFACERHN Satellite
• Software Distribution
• Account
Management
• Channel
Management
• Monitoring
• Provisioning
IT Applications
API LAYER
Custom Content
RHN Hosted
● Software Distribution
● Subscription Management
48. 48
System z Use Case: How Red Hat Uses Z
IBM zSeries 2094 (z9)
IBM zSeries 2084 (z990)
Shark storage (ESS unit 2105, 16 full drawers of disk)
Provided via FCP layer emulation
Fully loaded z10 comes July '08
49. 49
System z Use Case: How Red Hat Uses Z
Training (internal/external)
Development VMs
s390utils, kernel, integrating DeveloperWorks, etc
Quality Engineering
VM for each RHEL distro released since RHEL 4 (4.0, 4.1.....
5.1)
Support Desk
Emulating user problems
50. 50
System z Use Case: How Red Hat Uses Z
JBoss Development (dev, test, prod)
Red Hat Network Development (dev, test, prod)
Enterprise IPA Development (dev, test, prod)
Cross compilation of all RHEL architectures
Staff accounts (sandbox environments, demos)
51. 51
System z Use Case: How Red Hat Z
Red Hat Network for deployment of new VMs, patching
Managed by one staff member
Allows patching, reprovision z/VM guests, etc
52. 52
System z Use Case: How Red Hat Z
RHN for Z: Lesson Learned
When configuring the kickstart through the web interface,
choose Static IP instead of DHCP.
In the Extra Kernel Parameters text box, enter the information
normally found in the CMS CONF file.
Single line!
Documented at:
http://kbase.redhat.com/faq/FAQ_49_12902.shtm
DASD=100 HOSTNAME=example IPADDR=192.168.5.100 ...
54. 54
RHEL 5.2 Bug Fixes, Installer Related
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=237508 [Private]
Summary: LCS device not found at install
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=305331 [Private]
Summary: sudo-1.6.8p12-10 segfaults when using ldap on s390
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=354661 [Private]
Summary: multipath paths fail using PAV Devices on DS8000 DS6000
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=279201 [Private]
Summary: zfcpconf.sh fails in rc.sysinit if / partition and /usr partition are
separated
55. 55
RHEL 5.2 Bug Fixes, Storage Related
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=360701 [Private]
Summary: swap_dup: Bad swap file entry <xxxxxxxx> without swap
configured
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=360611 [Private]
Summary: FICON DS8000: File ID Miscompare after CHPID off via HMC
56. 56
RHEL 5.2 Bug Fixes, I/O Related
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=360821 [Private]
Summary: qdio: too many interrupts on qdio-driven devices
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=360631 [Private]
Summary: qdio: time calculation is wrong
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=354801 [Private]
Summary: cio: Disable channel path measurements on shutdown/reboot
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=354831 [Private]
Summary: cio: Handle invalid subchannel set id in stsch
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=354821 [Private]
Summary: cio: Device status validity
57. 57
RHEL 5.2 Bug Fixes, Networking Related
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=281241 [Private]
Summary: tcpdump does not show outgoing packets with fake_ll=1
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=354891 [Private]
Summary: qeth: recognize/handle RC=19 from Hydra 3 OSA
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=354851 [Private]
Summary: qeth: increment sequence number for incoming packets
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=267381 [Private]
Summary: QDIO based network connections hang with QIOASSIST ON
58. 58
RHEL 5.2 Bug Fixes, Stability Related, p1
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=360591 [Private]
Summary: Operating System Message: Kernel panic - not syncing: Fatal
exception in interrupt
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=253275 [Private]
Summary: Placing a kprobe on 'bc' instruction can crash the system
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=354811 [Private]
Summary: I/O stall, system crash due to scanning for units from FC transport
class
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=354871 [Private]
Summary: qdio: System hang with zfcp in case of adapter problems
59. 59
RHEL 5.2 Bug Fixes, Stability Related, p2
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=350861 [Private]
Summary: Kernel panic with lcs interface as dhcp server
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=330211 [Private]
Summary: qeth: crash during reboot after failing online setting
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=380981 [Private]
Summary: Kernel Panic during activation of OSA-devices with fake_ll
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=325451
Summary: ptrace compatibility problem with
PTRACE_{PEEK,POKE}USR_AREA