InfoQ Homepage DevOps Content on InfoQ
-
PyTorch-Nightly Struck by Supply Chain Attack Exfiltrating Data and Files
Developers who installed the nightly builds of PyTorch between December 25 and December 30, 2022, are recommended to uninstall it and purge their pip cache to get rid of a malicious package, say PyTorch maintainers. The new attack highlights a recent trend.
-
Amazon ECS Adds Automated Rollbacks
Amazon has released native support for automated rollbacks within their Amazon ECS service. This feature leverages Amazon CloudWatch metric alarms to monitor and, if necessary, reverts the in-progress deployment. This feature supports using any system metrics that CloudWatch Container Insights collects for Amazon ECS as well as custom metrics.
-
Zero Trust Access to Corporate Applications with AWS Verified Access
At re:Invent 2022, AWS released a new enterprise application connectivity service, Verified Access. The service provides Zero Trust access to enterprise web applications by employing endpoints and policies to authenticate and authorize user requests against identity providers or device management systems. Verified Access is currently in public preview in 10 AWS regions.
-
Google Cloud Introduces Sensitive Actions to Improve Security for Premium Accounts
Google Cloud announced the preview of Sensitive Actions Service, a premium security feature to identify potentially risky behaviors on the cloud. The service detects when actions are taken in a GCP organization that could be damaging if taken by a malicious actor.
-
Java News Roundup: Jakarta Data Initial Release, Micronaut 3.8, JReleaser 1.4, Gradle 8.0-RC1
It was very quiet for the week of December 26th, 2022, but InfoQ found a few news items of interest that include: Jakarta NoSQL 1.0.0-b5, Jakarta Data 1.0.0-b1, Micronaut 3.8.0, Apache Groovy 4.0.7, Gradle 8.0.0-RC1, and JReleaser 1.4.0.
-
Using Code Instrumentation for Fault Injection at the Application Level at eBay
eBay engineers have been using fault injections techniques to improve the reliability of the notification platform and explore its weaknesses. While fault injection is a common industry practice, eBay attempted a novel approach leveraging instrumentation to bring fault injection within the application level.
-
Learnings from Spotify Mobile Engineering’s Recent Platform Migration
Recently, Spotify Mobile Engineering Team elaborated on their experience with a recent platform migration. Working on an initiative under the Mobile Engineering Strategy program, the team migrated their Android and iOS codebases to build with Bazel, Google’s open-source build system.
-
Microsoft’s New Memory Optimized Ebsv5 VM Sizes in Preview Offer More Performance
Microsoft recently announced two additional Memory Optimized Virtual Machines (VM) sizes, E96bsv5 and E112ibsv5, to the Ebsv5 VM family developed with the NVMe protocol providing performance up to 260,000 IOPS and 8,000 MBps remote disk storage throughput.
-
Kubernetes 1.26 Released with Image Registry Changes, Enhanced Resource Allocation, and Metrics
The Cloud Native Computing Foundation (CNCF) released Kubernetes 1.26 with the name Electrifying. The release has new features, such as Image Registry Changes, Dynamic Resource Allocation, and Improved Metrics.
-
Snyk Announces General Availability of Snyk Cloud and Enhancements to its Platform
Snyk, a developer security platform, recently announced the general availability of their cloud security tool, Snyk Cloud, and improvements to their platform. Extending support for software bill of materials (SBOM), the improvements include new reporting capabilities and self-service resources.
-
Eclipse Migration Toolkit for Java (EMT4J) Simplifies Upgrading Java Applications
Adoptium announced Eclipse Migration Toolkit for Java (EMT4J), an open source Eclipse project capable of analyzing and upgrading applications from Java 8 to Java 11 and from Java 11 to Java 17. EMT4J will support upgrading to future LTS versions.
-
Microsoft Brings Its Cloud Services and AI to the Edge
Microsoft recently announced the open-source release of Azure DeepStream Accelerator (ADA) in collaboration with Neal Analytics and NVIDIA, allowing developers to build Edge AI solutions with native Azure Services integration quickly.
-
Google Releases Open-Source Vulnerability Scanning Tool
Google has released OSV-Scanner, an open-source front-end interface to the Open Source Vulnerability (OSV) database. The OSV database is a distributed, open-source database that stores vulnerability information in the OSV format. The OSV-Scanner assesses a project's dependencies against the OSV database showing all vulnerabilities relating to the project.
-
Uber Improves Productivity with Remote Development Environment Devpod
Engineers at Uber created their own remote development environment to improve developer experience and productivity by fixing a number of issues brought about by their adoption of a code monorepo.
-
Java News Roundup: Spring Cloud 2022.0.0, Introducing SourceBuddy, Jarviz and Just
This week's Java roundup for December 19th, 2022, features news from OpenJDK, JDK 20, JDK 21, Spring Cloud 2022.0.0, point releases for other Spring projects, Open Liberty 22.0.0.13, Quarkus 2.15.1, Micronaut 3.7.5, Helidon 3.1.0, Hibernate 6.2.CR1, Eclipse Vert.x 4.3.7, point releases for Groovy, Camel 3.20, MicroStream joins Eclipse, Kotlin 1.8-RC2, and introducing SourceBuddy, Jarviz and Just.