TECH |
Engadget Japanese |
ファーウェイ「新型MateBook X Pro」海外発表 画面大型化し6スピーカー搭載 |
https://japanese.engadget.com/huawei-mate-book-x-pro-103036288.html
|
matebookxpro |
2022-02-28 10:30:36 |
TECH |
Engadget Japanese |
コードがバンド内部に収納でき、落下や紛失の心配なし。ネックバンド型イヤホン「Jinling」 |
https://japanese.engadget.com/jinling-earphone-101555332.html
|
Jinlingは「AAC」または「aptXaptXLL」のコーデックに対応し、CD音源同等の音質で音楽を楽しめます。 |
2022-02-28 10:15:55 |
TECH |
Engadget Japanese |
PC Game PassのSteam導入に前向き、運営会社CEOが明かす |
https://japanese.engadget.com/valve-pc-game-pass-steam-100033652.html
|
gabenewell |
2022-02-28 10:00:33 |
IT |
ITmedia 総合記事一覧 |
[ITmedia News] PS3、4月末で修理受付を終了 部材の枯渇で 周辺機器も |
https://www.itmedia.co.jp/news/articles/2202/28/news193.html
|
itmedianewsps |
2022-02-28 19:48:00 |
IT |
ITmedia 総合記事一覧 |
[ITmedia News] ヤフーの経路検索アプリ、春のダイヤ改正に対応 減便や終電繰り上げも |
https://www.itmedia.co.jp/news/articles/2202/28/news191.html
|
android |
2022-02-28 19:05:00 |
TECH |
Techable(テッカブル) |
あなた好みの餃子が見つかる? 年間400種類を食す餃子女子が作った餃子検索サイトがユニーク |
https://techable.jp/archives/174333
|
cuisinereport |
2022-02-28 10:07:13 |
python |
Pythonタグが付けられた新着投稿 - Qiita |
ROS2でyamlファイルからパラメータを設定する。 |
https://qiita.com/shigeharu_shibahata/items/82e8f562d2e6395ba115
|
この記事では個々のノード間でのパラメータのやり取りは考えずに、シンプルにyamlファイルからパラメータをノードに読み込む方法について解説していきます。 |
2022-02-28 19:23:04 |
python |
Pythonタグが付けられた新着投稿 - Qiita |
Explanation of Evaluation index 'MAP@5' in Happywhale - Whale and Dolphin Identification Competition. |
https://qiita.com/coffeemil9/items/f78c2e57c4e059d43700
|
competition |
2022-02-28 19:06:35 |
技術ブログ |
Developers.IO |
Security-JAWS 第24回レポート #secjaws #secjaws24 #jawsug |
https://dev.classmethod.jp/articles/security-jaws-24-report/
|
securityjawsdoor |
2022-02-28 10:39:16 |
技術ブログ |
Developers.IO |
“0.0.0.0”の脅威をVPCフローログから学んでみた |
https://dev.classmethod.jp/articles/learn-full-open-threat-from-vpc-flowlog/
|
脅威 |
2022-02-28 10:07:39 |
海外TECH |
DEV Community |
Data Structures: Stacks And Queues I |
https://dev.to/m13ha/data-structures-stacks-and-queues-i-ild
|
Data Structures Stacks And Queues IThis post is divided into parts to make it easier for us to understand stacks and queues and how to use them In this first part of the series we ll be focused on functionality and use cases while in the next part we ll look at code implementation Javascript So let s get into it Data Structures Before we dive into things let s take a step back and try to understand what data structures are and why they are useful Data Structures are simply systems through which data is organized and stored to enable easy access to said data An example of a non digital data structure is a dictionary A dictionary contains words and their meanings and these words are arranged alphabetically for easier access The data in this context are the words and their definitions when this Pair is arranged to enable easy searching and reading that s a data structure Computers use data structures to store data to make it easier for us to access and use it some examples of computer data structures are arrays linked lists trees stacks queues hash tables etc Types Of Data StructuresData structures are divided into main types Linear and Non linear Linear data structures have their data organized in a straightforward manner with each element following the previous and connecting to the next Examples of linear data structures include arrays stacks queues Linked Lists etc Non linear data structures on the other hand store their data in a hierarchy with branches and levels Examples include trees and graphs Data structures are also categorized into static and dynamic data structures Learn why here Now that we have a basic understanding of what data structures are why they are useful and how they are categorized let s finally take that dive into visualizing stacks and queues StacksStack data structures are similar to stacks in real life The most common analogy used to describe what a stack data structure looks like is a stack of plates In this analogy the plates represent data and the data can be anything functions strings images etc In order to take a plate from the stack we have to take it from the top and when adding plates to the stack we add it from the top This process of adding and removing from the stack is called push add to stack and pop remove from stack Stacks operate on what is called a LIFO Last In First Out approach The Top Head of the stack is always the newest element stacks also have methods like peek and isEmpty the peek method shows the current top element of the stack and the isEmpty method returns true or false if the stack has an element inside or not Use CasesStacks are used in many algorithms and are present in browsers operating systems and games Javascript Call StackJavascript has a stack built into it to manage functions called the Call Stack In Javascript you can write functions that call other functions and have those functions call other functions and on and on and on This is a problem though because Javascript is a single thread language meaning it can only do one thing at a time the call stack solves this problem by acting as a sort of to do list keeping track of functions and the order they are called Let s use this bread making function as an example when makeBread is invoked it is pushed to the call stack getIngredients is then called inside the makeBread function which in turn calls the goToStore function As we know the Javascript engine can only do one thing at a time so whenever a new function is called Javascript pushes that function to the call stack and starts executing that function immediately The call stack helps the Javascript engine to keep track of previous functions and pick up where it left off Once a function is resolved it is popped from the stack Undo Redo FunctionStack data structure is used in undo and redo typing functions Stacks help keep track of when new words are added and when words are deleted which can be reversed using the redo or undo functions QueuesQueue data structures have a similar structure to stacks but operate differently just like queues in real life use a FIFO First In First Out approach so do queue data structures Unlike stacks where the adding pushing and removing popping of elements occurs at the top head of the stack queues add enqueue their elements to the end of the queue and remove dequeue from the top head Just like stacks queues also have the peek and isEmpty methods and do the same thing as mentioned above Use CasesQueues are best used in situations where the order in which the data is received is important Some known applications of queues are in the Javascript Event Loop printer sharing FIFO schedules Mail Queues etc Javascript Task QueueWhen a page is loaded in a browser or a User clicks a button the mouse is moved a key is pressed on the keyboard etc These are all events in Javascript Events occur when the browser or User interacts with the webpage Javascript script has queues built into it one of which is the Task Callback Event Queue Remember our bread making function from before let s imagine we attach that function to a button with a click event and let s make a function to make pizza and attach it to a button with a click event too I want loaves of bread and pizzas so I click the make bread button twice and the make pizza button twice but as we know Javascript can only do one thing at a time so it needs a way to keep track of the click events and the order in which they happen that s where the Task Queue comes into play After the first click the call stack will be busy carrying out the function all other clicks will be pushed enqueued into the Task Queue to wait for the Call Stack to be free When the call stack is free the oldest queued task is removed dequeued and pushed into the call stack and the cycle continues till both the Call Stack and Task Queue are empty We can see this in action below This cycle of queueing and dequeuing events from the Task Queue and pushing them into the Call Stack is part of a process in Javascript called the Event Loop CPU Scheduling FCFS Queues are also used in CPU Scheduling In situations where memory is limited processes need to be scheduled to ensure they are completed as fast as possible One of the simplest scheduling algorithms to implement is the FCFS First Come First Serve Scheduling Algorithm which is basically a queue that stores the processes in the order they arrive SummarySo to summarize Stacks and Queues are Linear data structures that can be used in different ways to solve problems with data handling and management We learned that Stacks operate using a LIFO Last In First Out principle while Queues use FIFO First In First Out We used the Javascript Call Stack and Javascript Task Queue to understand how stacks and queues can be used to manage functions and events Next time we ll look at how to implement Stacks and Queues in Javascript |
2022-02-28 10:36:12 |
海外TECH |
DEV Community |
Kafka Partitions and Consumer Groups |
https://dev.to/ahmedgulabkhan/kafka-partitions-and-consumer-groups-2aff
|
Kafka Partitions and Consumer GroupsIn my previous article we had discussed how Kafka works and went through some basic Kafka terminology In this article we would go over how Partitions and Consumer Groups work in Kafka If you haven t gone through my previous article or if you re new to Kafka I recommend you to go through it as it d help you get a basic understanding of how Kafka works You can find the complete article with some common Q amp A s here So what is a Partition Before talking about partitions we need to understand what a topic is In Kafka a topic is basically a storage unit where all the messages sent by the producer are stored Generally similar data is stored in individual topics For example you can have a topic named “user where you only store the details of your users or you can have a topic named “payments where you only store all the payment related details A topic can be further subdivided into multiple storage units and these subdivisions of a topic are known as partitions By default a topic is created with only partition and whatever messages are published to this topic are stored in that partition If you configure a topic to have multiple partitions then the messages sent by the producers would be stored in these partitions such that no two partitions would have the same message event All the partitions in a topic would also have their own offsets If you don t know what an offset is I recommend you check out this article where I have discussed about it As an example a producer producing messages to a kafka topic with partitions would look like this Now what is a Consumer Group A bunch of consumers can form a group in order to cooperate and consume messages from a set of topics This grouping of consumers is called a Consumer Group If two consumers have subscribed to the same topic and are present in the same consumer group then these two consumers would be assigned a different set of partitions and none of these two consumers would receive the same messages Note Consumer Groups can help attain a higher consumption rate if multiple consumers are consuming from the same topic Now let s go through a few scenarios to better understand the above conceptsScenario Let s say we have a topic with partitions and consumer group consisting of only consumer The consumer has subscribed to the TopicT and is assigned to consume from all the partitions This scenario can be depicted by the picture below Scenario Now let s consider we have consumers in our consumer group These consumers would be assigned to read from different partitions ーConsumer assigned to read from partitions and Consumer assigned to read from partitions Note Kafka assigns the partitions of a topic to the consumer in a consumer group so that each partition is consumed by exactly one consumer in the consumer group Kafka guarantees that a message is only ever read by a single consumer in the consumer group Since the messages stored in individual partitions of the same topic are different the two consumers would never read the same message thereby avoiding the same messages being consumed multiple times at the consumer side This scenario can be depicted by the picture below But what if the number of consumers in a consumer group is more than the number of partitions Check out Scenario Scenario Let s say we have consumers in the consumer group which is more than the number of partitions of the TopicT then every consumer would be assigned a single partition and the remaining consumer Consumer would be left idle This scenario can be depicted by the picture below Okay and what if you want multiple consumers to read from the same partition Check out Scenario Scenario If you want to assign multiple consumers to read from the same partition then you can add these consumers to different consumer groups and have both of these consumer groups subscribed to the TopicT Here the messages from Partition of TopicT are read by Consumer of ConsumerGroup and Consumer of ConsumerGroup This scenario can be depicted by the picture below You can check out my previous article Apache Kafka Basic TerminologyFollow me for the next Kafka blog in the series I shall also be posting more articles talking about Software engineering concepts |
2022-02-28 10:34:58 |
海外TECH |
DEV Community |
AWS open source news and updates, #102 |
https://dev.to/aws/aws-open-source-news-and-updates-102-41j8
|
AWS open source news and updates Feb th Instalment Newsletter Welcome to edition of the AWS open source news and updates newsletter and this week we have a super collection of new open source projects that I am really excited to share First up we have the AWS DataOps Development Kit which uses AWS CDK under the covers and is an open source development framework to help you build data workflows Threatmapper is an open source cloud native security observability platform which looks easy to use and has some good visualisations Granted is something I think I will be using and is a cli tool that helps you managed multiple AWS accounts and browsers Cloudsaga is a new open source tool that helps customers to test security controls and alerts within their AWS accounts and many more Make sure you check the other projects out too We also have AWS and Community blog posts and articles covering topics including Rhizomer Kubernetes OWL AWS SAM AWS Orbit Workbench SPARQL Spinner Apache Airflow Leapp Nano Ploomber ROS Ambit and more I have updated the Events section with a couple of events happening later this week so plenty of time to add those into your diary and finally we have a couple of videos that I think you will find interesting Celebrating open source contributorsThe articles posted in this series are only possible thanks to contributors and project maintainers and so I would like to shout out and thank those folks who really do power open source and enable us all to build on top of what they have created So thank you to the following open source heroes Kris Schultz Jeremy Wallace Eduardo Blancas Cal Mitchell Sheetal Joshi Yahav Biran Vikesh Pandey Ioan Catana Michaël Hoarau Igor Holovii Adithya Pathipaka Olalekan Elesin Roberto García Sakti Mishra Michael Stein Ahmed Khattab Omer Ahmed Hussain and Robert Djurasaj Make sure you find and follow these builders and keep up to date with their open source projects and contributions Latest open source projects Communitylambda java layerlambda java layer this project is based on original work from Mark Sailes lambda java layer but with some differences including support for Java on architecture amd and arm based on AWS Corretto build of OpenJDK and a few more Check out the project README md for details ToolsAWS DataOps Development Kitaws ddk this is a brand new open source development framework to help you build data workflows and modern data architecture on AWS Based on the AWS CDK it offers high level abstractions allowing you to build pipelines that manage data flows on AWS driven by DevOps best practices The framework is extensible you can add abstractions for your own data processing infrastructure or replace our best practices with your own standards It s easy to share templates so everyone in your organisation can concentrate on the business logic of dealing with their data rather than boilerplate logic ThreatMapperThreatMapper is an open source cloud native security observability platform Linux Ks AWS Fargate and more Deepfence ThreatMapper hunts for vulnerabilities in your production platforms and ranks these vulnerabilities based on their risk of exploit You can then prioritize the issues that present the greatest risk to the security of your applications Check the repo for some great demos and a nice getting started guide grantedgranted how many times have you wanted to have multiple browser tabs open with different AWS accounts I know I have and there is only so many times you can use Private browser tabs and become quickly annoyed about re entering credentials I was therefore very interested in this project that has a potential solution Granted is a command line interface CLI application which simplifies access to cloud roles and allows multiple cloud accounts to be opened in your web browser simultaneously Check it out I like it a lot aws cloudsagaaws cloudsaga this new open source tool from AWS helps customers to test security controls and alerts within their Amazon Web Services AWS environment using generated alerts based on security events seen by the AWS Customer Incident Response Team CIRT Check out the README md for detailed examples of how you can use this opensearch oci object storageopensearch oci object storage this new plugin for OpenSearch allows the user to take snapshots into OCI Object storage from the OpenSearch cluster The README shares some important features that make this plugin very friendly for production so check this out cdk karpentercdk karpenter Robert Djurasaj shared this with me last week an AWS CDK Construct for installing Karpenter on top of an EKS cluster Karpenter is an AWS open source project that simplifies Kubernetes infrastructure with the right nodes at the right time It automatically launches just the right compute resources to handle your cluster s applications It is designed to let you take full advantage of the cloud with fast and simple compute provisioning for Kubernetes clusters sqlpipesqlpipe this open source project from Cal Mitchell makes it easy to move the result of one query from one database to another Cal has helpfully put together a blog post How To Transfer Data From PostgreSQL To Redshift that shows you how you can use it to transfer data from PostgreSQL into Amazon Redshift Nice amazon lookout for equipment python sdkamazon lookout for equipment python sdk this repo contains the Python SDK is an open source library that allows you to easily build train and deploy anomaly detection models for industrial time series data using Amazon Lookout for Equipment Find out how you can use this by checking out the blog post Build train and deploy Amazon Lookout for Equipment models using the Python Toolbox from Vikesh Pandey Ioan CATANA and Michaël Hoarau hands on Demos and Samplesaws iot twinmaker samples snowflakeaws iot twinmaker samples snowflake With this Snowflake module you can extract asset information from snowflake database and store it in S as JSON file This json file can then be imported into IoT TwinMaker as entities The module allows you to extract data using your SQL query so you can define the hierarchy of the model via the SQL query aws lakeformation datasharing workflowaws lakeformation datasharing workflow this is a really nice sample application that demonstrates how to build an approval workflow to provide a consistent experience for data consumers to request access to specific data sets from data producers aws batch architecture for alphafoldaws batch architecture for alphafold this repository includes the CloudFormation template Jupyter Notebook and supporting code to run the Alphafold v algorithm on AWS Batch Very detailed README which includes performance indicators cost estimates and more suploader uisuploader ui this sample project contains an AWS Amplify demo app that demonstrate how to build a simple WebApp to users upload files to S apprunner cdk example with custom resourceapprunner cdk example with custom resource this repo contains sample CDK code of App Runner with CustomResource that you can use to cover a gap in CFN where we don t have a resource to create AppRunner AutoScalingConfiguration AutoScalingConfigurationArn AWS and Community blog postsAmbitAWS Ambit Scenario Designer for Unreal Engine Ambit is a suite of tools to streamline content creation at scale for autonomous vehicle and robotics simulation applications and implemented as an open source plugin for for Unreal Engine UE Kris Schultz introduces this new content creation tool in his blog post Create D content for simulation using Ambit and takes a tour of some of the key features and how to get started NanosNanos is a new kernel designed to run one and only one application in a virtualised environment In the post Running Nanos on AWS Graviton the fine folks at nonovms share how to get this up and running on AWS Graviton instances on AWS hands on SpinnerThe engineering team at Pintrest have shared a must read post this week Spinner Pinterest s Workflow Platform which shares how they have evolved their approach to managing the large sums of data they use as a business and how they settled on Apache Airflow core to their solution PloomberPloomber is an open source framework that helps you build data pipelines Eduardo Blancas has put together a short blog post on how you can use it with AWS Batch RhizomerRhizomer is a web application for interactive exploration of semantic and linked data available from SPARQL endpoints Roberto García Associate Professor and Deputy Vice rector for Research amp Transfer at Universitat de Lleida in Spain has put together a blog post Explore the semantic knowledge graphs without SPARQL using Amazon Neptune with Rhizomer that illustrates how to use the Rhizomer web application to interact with knowledge graphs available as semantic data from an Amazon Neptune instance through its SPARQL endpoint KubernetesIn How to route UDP traffic into Kubernetes Sheetal Joshi and Yahav Biran share how you can use Kubernetes to scale a connectionless UDP based application behind a network load balancer to meet low latency needs hands on We also had Michael Stein Ahmed Khattab and Omer Ahmed Hussain put together Implement a central ingress Application Load Balancer supporting private Amazon Elastic Kubernetes Service VPCs This solution will help you configure central inbound connectivity enabling internet sourced traffic to be routed via an Application Load Balancer to an Amazon EKS cluster using an inter VPC communication path provided by AWS PrivateLink hands on NETAWS Lambda now supports NET as both a managed runtime and a container base image Developers creating serverless applications in Lambda with NET can take advantage of new features such as improved logging simplified function definitions using top level statements and improved performance using source generators Norm Johanson put together this post Introducing the NET runtime for AWS Lambda which dives deeper into these new features and improvements as well as how this works with the open source Lambda runtime client hands on Other posts worth checking outBuild train and deploy Amazon Fraud Detector models using the open source Python SDK shows you a step by step guide for using the Amazon Fraud Detector s open source Python SDK for PythonModel driven graphs using OWL in Amazon Neptune learn about OWL and how to use OWL ontology to derive a data model to validate and generate RDF data in NeptuneUsing AWS DataSync to move data from Hadoop to Amazon S walks you through the capabilities of HDFS support provided by AWS DataSync and how you can copy data from a Hadoop cluster to Amazon SBuilding TypeScript projects with AWS SAM CLI see how you can use the AWS SAM cli to build projects using TypeScript Book of the weekSimplify Big Data Analytics with Amazon EMR A beginner s guide to learning and implementing Amazon EMR for building data analytics solutionsI heard about this new book written by Sakti Mishra that provides a practical guide to Amazon EMR for building data analytics solutions in AWS It dives deep into Amazon EMR features advanced configurations scaling security monitoring high availability best practices and cost optimisation techniques It also provides guidance for on premise Hadoop cluster migration and explains how you can implement batch ETL real time streaming and interactive workloads in EMR with workflow orchestration options to build an end to end pipeline Find out more by checking this online Simplify Big Data Analytics with Amazon EMR A beginner s guide to learning and implementing Amazon EMR for building data analytics solutionsOne for your Amazon Wish list maybe I know I put it on mine Quick updatesLeappLeapp is an open source local development tool that I have featured before in previous newsletters and it helps you manage and gain access to cloud accounts and resources through credentials roles and federated access It was good to see that a new release was published last week with some great new features and updates Check the link as they are looking for builders who are interested in spreading the word If you are interested in writing a blog or doing a demo at an event get in touch with the team AWS CDKTriggers is a new capability within AWS CDK that allows you to execute code during deployments This can be used for a variety of use cases such as Self tests validate something after a resource construct been provisionedData priming add initial data to resources after they are createdPreconditions check things such as account limits or external dependencies before deployment PythonIf you are using Python on AWS then make sure you check out this post Python support policy updates for AWS SDKs and Tools to find out key information on end of life dates and support options and recommendations route cliA new update to this project from Isan Rivkin release v that now prints Route Hosted zone Web URLs Videos of the weekAWS Orbit WorkbenchAWS Orbit Workbench is an open source framework that provides a single unified experience for your data analytics and machine learning projects You can collaborate with your team in a secure environment using a wide range of AWS and partner services to experiment develop test and deploy your workloads onto Kubernetes Clusters in production Watch this video to see Igor Holovii Adithya Pathipaka Olalekan Elesin walking you through this project presented by Chris Fregly and Antje Barth ROSIn this video Jeremy Wallace introduces a new way to use the cloud for managing and running ROS applications on production robot fleets using AWS IoT Greengrass an open source edge run time for building managing and deploying device software When combined with the industry grade tools libraries and capabilities of the Robot Operating System ROS developers can use this approach to bring new cloud enhanced robot features to market and reduce the time and effort required to build failure resilient over the air OTA deployment infrastructure Events for your diaryIf you have an event you want me to publish here please contact me and I will include it in this listing Confluent AWS Immersion Day Digital Nativend March at CETLearn how Confluent has rearchitected Apache Kafka for digital native companies to unlock new value This event is LIVE and includes an interactive workshop session To find out more about what you will be covering check out the sign up and registration page here Unifying data pipelines and ML with Delta Lake and Amazon SageMakerMarch th AM PTJoin this live workshop event to learn about the best practices for enterprises to use with powerful open source technologies to simplify and scale your data and ML efforts We ll discuss how to leverage Apache Sparkーthe de facto data processing and analytics engine for data preparation that unifies data at a massive scale across various sources ーand Delta Lake so you can make your data lake ML ready Find out more and register here OpenSearchEvery Tuesday pm GMTThis regular meet up is for anyone interested in OpenSearch amp Open Distro All skill levels are welcome and they cover and welcome talks on topics including search logging log analytics and data visualisation Sign up to the next session OpenSearch Community Meeting FebGitOpsCon EuropeMay th Valencia SpainGitOpsCon Europe is designed to foster collaboration discussion and knowledge sharing on GitOps This event is aimed at audiences that are new to GitOps as well as those currently using GitOps within their organisation Get connected with others that are passionate about GitOps Learn from practitioners about pitfalls to avoid hurdles to jump and how to adopt GitOps in your cloud native environment The event is vendor neutral and is being organised by the CNCF GitOps Working Group Topics include getting started with GitOps scaling and managing GitOps lessons learned from production deployments technical sessions and thought leadership Read more about this from the official page here CFPApache AirflowCFP closes March thA heads up to folks who are interested in all things Apache Airflow Apache Airflow Summit has been announced and the call for papers cfp is now open The bar for sessions is always very high so looking forward to this event already If you have an idea for a talk why not submit one via the cfp process Check out the event Apache Airflow Summit If you maybe have wanted to do a session then I am very happy to help with feedback or coaching to help you feel more comfortable in creating and or delivering your session If this something that has been on your mind but you just needed a little support PLEASE get in touch Stay in touch with open source at AWSI hope this summary has been useful Remember to check out the Open Source homepage to keep up to date with all our activity in open source by following us on AWSOpen |
2022-02-28 10:32:41 |
海外TECH |
DEV Community |
Sign Your Container Images with Cosign, GitHub Actions and GitHub Container Registry |
https://dev.to/n3wt0n/sign-your-container-images-with-cosign-github-actions-and-github-container-registry-3mni
|
Sign Your Container Images with Cosign GitHub Actions and GitHub Container RegistryIn the last years the popularity of containers has exploded Unfortunately so have their security risks Most containers available today are vulnerable to supply chain attacks because they can be published with just a simple API key And if that that key leaks it s easy for an attacker to publish a container that looks legit but actually contains malware One of the best ways to protect users from these kinds of attacks is by signing the container image at creation time so that developers can verify that the one they have received is the real image with the code as it was intended to be Today we are gonna see how we can sign our container images automatically and host them in GitHub Container Registry VideoAs usual if you are a visual learner or simply prefer to watch and listen instead of reading here you have the video with the whole explanation and demo which to be fair is much more complete than this post Link to the video If you rather prefer reading well let s just continue About Sigstore and CosignSo signing a container image There are few tools that allow to do so but one of the most exciting one is sigstore Sigstore is an open source security project now sponsored by the OpenSSF the Open Software Security Foundation which allows developers to securely build distribute and verify signed software artifacts Among the other things sigstore contains a tool called cosign which allows you to sign container images Cosign supports several types of signing keys such as text based keys cloud KMS based keys or even keys generated on hardware tokens and kubernetes secrets which can all be generated directly with the tool itself and also supports adding key value annotations to the signature and we will see this in action in a moment And after you sign the image you need a Container Registry that supports signed images because not all do and even the ones that do support signed images may or may not support all the different signatures Luckily GitHub Container Registry supports signed images and supports cosign as well But enough talking let s see how this works with GitHub Actions and GitHub Container registry Cosign InstallationFirst thing you need to do is installing cosign to generate the keys You can just go to the official GitHub repo sigstore cosign click on Releases and download the version for your operative system Many OSes and platforms are supported so be sure to pick the right one Once you have the version which is right for you you can just run it It is also advisable to rename the tool in my case the executable was called cosign windows amd exe but I ve renamed to just cosign for ease of use Key GenerationNow all you have to do is generate a key For this example I will generate a static text key using the generate key pair command which requires a password to create the keys The password can be given to the tool via environment variableset COSIGN PASSWORD cosign generate key pairor with an interactive promptcosign generate key pairUnfortunately the latest version available at the moment of recording this video has a bug which makes it crash if you try to use the interactive prompt to provide the password on Windows as you can see below If you don t want to create an environment variable you can use PowerShell and the syntax you see below with your password piped to the command myPasswrd cosign exe generate key pariIn either case this will create for you the private and public key files that you can use to sign and validate your container images Cosign Key Generation for GitHubBut we can do better As I ve mentioned before I want to sign my container images via GitHub Actions so now I would need to create some secrets in GitHub and copy those keys to the secret values But the tool can do this for us directly For example let s say I want to sign images in the nwtn SignedContainers repo I can use the same command to create my keys in GitHub directly export GITHUB TOKEN ghp xyzexport CONSIGN PASSWORD pwd cosign generate key pair github nwtn SignedContainersFirst thing I need to do is creating an environment variable called GITHUB TOKEN and its value should be a PAT with write access to your repo Check this video to see how to create a PAT in GitHub Then I can use the command we have seen before to generate the key but this time we pass the repo as input parameter The syntax as you can see is github OWNER REPONAMEAs you can see the secrets containing the password we specified as well as the private and public keys are created in our repo ready to use Keep in mind that there have been instances in which the secrets were created in GitHub but their values were empty and therefore the Actions workflow would fail I m not sure why that happens but let me know if that happened to you as well Anyway the solution for this is simple just try and generate the keys again or if the problem persists generate the keys locally and copy them manually into your secrets Sign a Container Image with Cosign and GitHub ActionsAlright now that we have our keys set up let s see how we can sign our images from within a GitHub Actions workflow Let s assume we have a fairly standard Actions workflow which just build a Docker image and pushes it to the GitHub Container Registry you can see the whole workflow s YAML below The first thing we have to do is install cosign For this we can use the pre built action just search for cosign and you can find the cosign installer It has a couple of parameters but they are optional so we don t need them for now name cosign installer uses sigstore cosign installer v When we have it we can use the cosign sign command to sign our image name Sign the published Docker image env COSIGN PASSWORD secrets COSIGN PASSWORD run cosign sign key cosign key env REGISTRY github actor env IMAGE NAME github run id It uses the private key for signing and it needs the cosign password to access it plus of course we have to specify the full image name with the registry name as well As you can see tho the command needs they key to be in a file while we currently have it on a GitHub secret The workaround for that is to add another task before the sign command which reads the key from the secret and writes it to disk name Write signing key to disk run echo KEY gt cosign key shell bash env KEY secrets COSIGN PRIVATE KEY I don t much like it so I would prefer having a cosign implementation that can read it from the secret directly We can now commit and run our workflow After a few seconds the process is completed and we can see that our image has been successfully signed As I ve mentioned the step to write the key on a file to give it to cosign is quite a workaround and it may pose some security risk especially if you do it on self hosted runners Hosted runners are disposed as soon as a Job finishes so it “should be ok In more secure scenarios like enterprise ones I would recommend saving those keys in services like Azure KeyVault Hashicorp Vault AWS KMS or similar to avoid this issue Good thing is that cosign supports reading the keys from those services directly If you want to see the full YAML of the workflow check it out here on GitHub Verify a Container Image SignatureAnyway after an image has been signed we can always verify it using the public key that has been generated together with the private key You can also share your public key with developers and users of the container image so they can always verify its authenticity To verify the authenticity of the image we can use the cosign verify command cosign verify key cosign pub ghcr io nwtn signedcontainer We just need to pass to it the public key file and the name of the image we want to verify and that s it If for comparison we try to verify an image that hasn t been signed with our key we will get this error And this of course will happen also if the image has been changed or modified after we have signed it so our users can be safe and trust the image if the signature is verified Add Annotation to a SignatureWe have said before that cosign also supports adding key value annotations to the signature Let s see how we can do that Let s say that for example I want to sign an image and also add some author metadata to it Since I m running this locally this time I will need to first login into the container registry docker login u myuser p ghcr ioThen I can use the usual command cosign sign but this time I use a a flag which stands for annotation to add some key value pairs to my image cosign sign key cosign key a author CoderDave ghcr io nwtn signedcontainer In this case I m adding author CoderDave but it can be anything and you can add multiple values as well just adding more a parameters After doing that we can use the cosign verify command as we have seen before and it will show also the annotation I ve added to my image The annotations feature can be pretty useful For example if you are running the signing process in GitHub Actions like we have seen before you may want to add information about your repo workflow run etc to your signature to make it more complete Cosign and GitHub Actions Starter WorkflowCosign and its process works fairly well as we have seen but setting it all up is not very immediate Well once again GitHub made it simpler for use to get started They have in fact integrated cosign in their starter workflow Just go to Actions gt New Workflow and pick the “Publish Docker Container starter workflow Install the cosign tool except on PR name Install cosign if github event name pull request uses sigstore cosign installer ecdebbcdeeedbcd with cosign release v Sign the resulting Docker image digest except on PRs This will only write to the public Rekor transparency log when the Docker repository is public to avoid leaking data If you would like to publish transparency data even for private images pass force to cosign below name Sign the published Docker image if github event name pull request env COSIGN EXPERIMENTAL true This step uses the identity token to provision an ephemeral certificate against the sigstore community Fulcio instance run cosign sign env REGISTRY env IMAGE NAME steps build and push outputs digest As you can see in the extract above taken from the actual starter workflow there is no key specified in there This is because Actions supports other tools which are part of sigstore Fulcio which is a root CA that issues signing certificates from OIDC tokens as well as Rekor a transparency log for certificates issued by Fulcio Thanks to these you can sign your container images with the GitHub provided OIDC token in Actions without provisioning or managing your own private key It is important to note that with this keyless signing process your username organization name repository name and workflow name will be published to the Rekor public transparency log This is the right choice for public repositories but probably not for private repositories And in fact GitHub has disabled this in private repositories by default to prevent potential leaks ConclusionsWhat do you think about signing your container images and especially doing so with cosign GitHub Actions and the GitHub Container Registry Let me know in the comment section below Also check out this video here in which I have steps for you to make your Docker Image build faster Like share and follow me for more content YouTube Buy me a coffeePatreonNewsletterCoderDave io WebsiteMerchFacebook pageGitHubTwitterLinkedInPodcast |
2022-02-28 10:20:30 |
Apple |
AppleInsider - Frontpage News |
'CODA' and 'Ted Lasso' honored at Screen Actors Guild Awards |
https://appleinsider.com/articles/22/02/28/coda-and-ted-lasso-honored-at-screen-actors-guild-awards?utm_medium=rss
|
x CODA x and x Ted Lasso x honored at Screen Actors Guild AwardsAlongside winning individual acting categories CODA and Ted Lasso have both won the ensemble prizes for their whole Apple TV casts at the latest Screen Actors Guild Awards Apple TV series and films had received nominations for the SAG awards but many saw the stars competing against each other For instance both Brett Goldstein and Jason Sudeikis were up for the Outstanding Performance by a Male Actor in a Comedy Series award Apple ultimately won four awards with Sudeikis taking that Comedy Series category CODA star Troy Kotsur won another award picking up the trophy for Outstanding Performance by a Male Actor in a Supporting Role Read more |
2022-02-28 10:46:52 |
医療系 |
医療介護 CBnews |
交付金地方単独事業活用し保健所コロナ対応強化を-厚労省が都道府県などに事務連絡 |
https://www.cbnews.jp/news/entry/20220228192018
|
厚生労働省 |
2022-02-28 19:25:00 |
金融 |
ニュース - 保険市場TIMES |
保険市場、2022年2月版の月間資料請求ランキングを発表 |
https://www.hokende.com/news/blog/entry/2022/02/28/200000
|
保険市場、年月版の月間資料請求ランキングを発表月版の最多ランクインも東京海上日動あんしん生命アドバンスクリエイトは月日、同社が運営する国内最大級の保険選びサイト「保険市場」にて、年月版の「月間資料請求ランキング」を発表した。 |
2022-02-28 20:00:00 |
海外ニュース |
Japan Times latest articles |
Toyota to close plants in Japan following cyberattack, NHK reports |
https://www.japantimes.co.jp/news/2022/02/28/business/corporate-business/toyota-plants-close-cyberattack/
|
business |
2022-02-28 19:47:09 |
ニュース |
BBC News - Home |
Ukraine conflict: Putin's nuclear alert a distraction attempt, UK says |
https://www.bbc.co.uk/news/uk-60553356?at_medium=RSS&at_campaign=KARANGA
|
nuclear |
2022-02-28 10:55:30 |
ニュース |
BBC News - Home |
Ukraine conflict: Russia doubles interest rate after rouble slumps |
https://www.bbc.co.uk/news/business-60550992?at_medium=RSS&at_campaign=KARANGA
|
sanctions |
2022-02-28 10:24:15 |
ニュース |
BBC News - Home |
Ukraine conflict: Cities on high alert after night of shelling |
https://www.bbc.co.uk/news/world-europe-60551688?at_medium=RSS&at_campaign=KARANGA
|
russia |
2022-02-28 10:35:32 |
ニュース |
BBC News - Home |
Ukraine conflict: British nationals can bring Ukrainian relatives to UK |
https://www.bbc.co.uk/news/uk-60550238?at_medium=RSS&at_campaign=KARANGA
|
labour |
2022-02-28 10:05:17 |
ニュース |
BBC News - Home |
What are the UK's 'Living with Covid' plans? |
https://www.bbc.co.uk/news/explainers-52530518?at_medium=RSS&at_campaign=KARANGA
|
legal |
2022-02-28 10:06:06 |
北海道 |
北海道新聞 |
空港民営化1年 コロナ禍で旅客数激減 HAP、崩れた成長シナリオ |
https://www.hokkaido-np.co.jp/article/650956/
|
道内 |
2022-02-28 19:19:02 |
北海道 |
北海道新聞 |
ウクライナ、停戦交渉開始へ ロシアと条件で隔たり、難航も |
https://www.hokkaido-np.co.jp/article/650962/
|
交渉開始 |
2022-02-28 19:18:00 |
北海道 |
北海道新聞 |
米欧とロシア、まるで新冷戦 ウクライナ侵攻巡り対立激化 |
https://www.hokkaido-np.co.jp/article/650954/
|
内本智子 |
2022-02-28 19:02:00 |
北海道 |
北海道新聞 |
東京の転入超過、63万人 20年国勢調査の移動集計 |
https://www.hokkaido-np.co.jp/article/650955/
|
国勢調査 |
2022-02-28 19:07:00 |
北海道 |
北海道新聞 |
<小樽市長選 次代への期待と課題>4 子育て支援 気軽に相談できる場を 田口智子さん(47)FMおたるプロデューサー |
https://www.hokkaido-np.co.jp/article/650953/
|
子育て支援 |
2022-02-28 19:02:00 |
ビジネス |
東洋経済オンライン |
「そごう・西武売却」、1次入札で残った顔ぶれ 不動産として店舗の切り売りが始まるのか | 百貨店・量販店・総合スーパー | 東洋経済オンライン |
https://toyokeizai.net/articles/-/535105?utm_source=rss&utm_medium=http&utm_campaign=link_back
|
切り売り |
2022-02-28 19:05:00 |
IT |
週刊アスキー |
今年はリアル会場も!「東京ゲームショウ2022」が9月15日~18日に開催決定 |
https://weekly.ascii.jp/elem/000/004/084/4084764/
|
一般社団法人 |
2022-02-28 19:35:00 |
マーケティング |
AdverTimes |
最も人気は「スヌーピー」 20代女性で最多、マクロミル |
https://www.advertimes.com/20220228/article378106/
|
調査 |
2022-02-28 10:32:18 |
海外TECH |
reddit |
デニーズ |
https://www.reddit.com/r/newsokunomoral/comments/t3cn94/デニーズ/
|
デニーズ submitted by u choconuts to r newsokunomoral link comments |
2022-02-28 10:33:14 |
コメント
コメントを投稿