Through the winds of winter, Microsoft sees a dream of spring... Azure Spring Cloud, that is

Buddy Pivotal will operate managed framework on Azure Kubernetes Service

Microsoft and Pivotal have used the latter's SpringOne shindig in Austin, Texas, to show off Azure Spring Cloud, which is now available in private preview.

The Azure Spring Cloud runs on the Azure Kubernetes Service and uses Pivotal's kpack container build service. The service is expected to move to public preview before the end of the year.

Pivotal already sells Spring Cloud Azure, with an option to deploy on Kubernetes, but the new service should present a simplified developer experience. "The underlying Kubernetes primitives are not exposed to users – it all 'just works'," promises Pivotal. You can host multiple apps accessing common Spring configuration services in order to build microservice-based thing.

The move should not come as a surprise: Microsoft long ago moved on from the Java vs .NET wars and does not care what technology you use, provided it runs on Azure. The benefit to Microsoft is that applications deployed to its cloud are likely to use other Azure services.

Azure Spring Cloud is jointly managed by Microsoft and Pivotal

"Azure Spring Cloud makes it simple to connect to data services such as Azure SQL Database, MySQL, PostgreSQL, or Cosmos DB to enable enterprise grade end-user authentication and authorisation using Azure Active Directory, to bind cloud streams with Service Bus or Event Hubs, and to load and manage secrets with Azure Key Vault," according to corporate veep John Montgomery. Microsoft's Azure Monitor lets developers and admins view and visualise logs and application traces in order to track performance and diagnose issues.

There are also extensions for the Visual Studio Code editor to support Azure Spring Cloud development.

Pivotal CEO Rob Mee told The Reg back in July: "We drive more workload to Azure than any other third party. Microsoft loves that."

The reason is that businesses already making heavy use of Microsoft's platform may simply extend that to Azure for their cloud-native applications.

The strategy also illustrates how cloud vendors hope to shield developers from the complexities and hazards of Kubernetes. Businesses should also do their sums, though, as there is still an underlying overhead and a non-Kubernetes deployment could be better value, especially for smaller scale applications. ®

Send us news
Post a comment
Get our Weekly newsletter

COVID-19 kicks 3 twice: Robs operator of roaming revenue, sends data use soaring

Many European customers flee, Asia signs up in big numbers

Hong Kong-based CK Hutchison, operator of the '3' mobile brand, has told investors that COVID-19 cut its revenues by eight per cent and profits by 21 per cent, but it also found bright spots of business around the world.

Europe delivered muted financial performance as revenue dipped by 3 per cent year-on-year and margins were flat. Hutchison attributed those numbers to lower roaming revenues - thanks to COVID travel restrictions - while regulations reduced intra-EU mobile charges. Those blows were offset by higher margin contracts. However, the company lost customers: 5 per cent were lost to competitors.

Remaining customers' demand for data surged however. The company's Annual Report [PDF] stated:

Continue reading

FBI deletes web shells from hundreds of compromised Microsoft Exchange servers before alerting admins

Remote-control malware wiped, deployments must still be patched

The FBI deleted web shells installed by criminals on hundreds of Microsoft Exchange servers across the United States, it was revealed on Tuesday.

The Feds were given approval by the courts to carry out the deletions, which occurred without first warning the servers' owners, following the discovery and exploitation of critical vulnerabilities in the enterprise software.

Shortly after Microsoft raised the alarm early last month over the security holes in Exchange and provided fixes for the vulnerabilities, miscreants swarmed to exploit the programming blunders and hijack unpatched installations. (Certain groups were even breaking in Exchange servers via the holes before their existence was public knowledge.)

Continue reading

Google Sites blight: Over 100,000 web pages for business form searches overrun with backdoor RATs

eSentire warns of remote-access trojans masquerading as PDFs

More than 100,000 web pages hosted by Google Sites are being used to trick netizens into opening business documents booby-trapped with a remote-access trojan (RAT) that takes over victims' PCs and hands control to miscreants.

Infosec outfit eSentire on Tuesday said it has noted a wave of so-called search redirection shenanigans, in which people Googling for business forms and the like are shown links to web pages published via Google Sites – a Google-hosted web service – that offer a download of whatever materials they were looking for. After clicking on a button to fetch the desired file, the mark is taken to a different site entirely.

Those sites download a Windows executable, masquerading as a PDF or Microsoft Word file, that when opened installs the RAT, meaning a victim has to be duped into running the malicious software after fetching it. The Google Sites pages include common business terms like "template," "invoice," "receipt," "questionnaire," and "resume," in order to convince Google's search algorithm that the pages are relevant for those searches.

Continue reading

Journalists wanted: News reporter and copy editor

Want to write for El Reg or help us polish our output? Apply within

Job alert The Register has a couple of vacancies open on our editorial team that we would like to fill immediately. Without further ado, here are the details:

Continue reading

After years of dragging its feet, FCC finally starts tackling America's robocall scourge

New law implementation, cease-and-desist letters, and mobile companies asked to detail free blocking tools

The FCC is finally taking concrete action on the scourge of robocalls after years of dithering on the issue.

In an announcement on Tuesday, America's telecoms watchdog said it had written to cellular network operators asking them to detail the free robocall blocking tools they provide to consumers. It also released two cease-and-desist letters against two robocalling hosts and said it would track the agency’s actions in implementing a new anti-robocall law.

Just as with an announcement yesterday pushing an internet speed measuring app, the measures taken are soft, rather than strong enforcement, but indicate a clear shift in priorities under the FCC's new chairwoman Jessica Rosenworcel.

Continue reading

Who'd have thought the US senator who fist pumped Jan 6 insurrectionists would propose totally unworkable anti-Big Tech law?

This one seems as well thought-out as his Capitol rally salute

US Senator Josh Hawley (R-MO) has proposed his latest anti-Big Tech legislation: a complete ban on mergers and acquisitions for companies valued at over $100bn if it may harm competition in any way possible.

The “Trust-Busting for the Twenty-First Century Act” [PDF] will “take back control from big business and return it to the American people,” the senator announced, and it will “crack down on mergers and acquisitions by mega-corporations and strengthen antitrust enforcement to pursue the breakup of dominant, anti-competitive firms.”

The law is intended to put constraints on Apple, Google, Facebook, and Amazon – in keeping with Hawley's political brand of attacking tech companies – and he provides examples of actions that would be prevented, such as Google purchasing Waze and incorporating into its Maps app.

Continue reading

1Password targets developers with Secrets Automation, acquisition of SecretHub

Existing users covered until 2022

Password specialist 1Password has acquired SecretHub, a secrets management platform aimed at IT engineers, and made a new service called Secrets Automation, previously in beta, generally available.

The proliferation of passwords and SSH keys in modern IT has brought with it a tricky management problem, not only for people but also for machine-to-machine communications. Developers may struggle to keep secrets such as database logins secure, when their code will not function without them.

In 2019 researchers at North Carolina State University scanned code publicly committed to GitHub and found that “not only is secret leakage pervasive — affecting over 100,000 repositories — but that thousands of new, unique secrets are leaked every day.” In June 2020, security researcher Craig Hays deliberately leaked server credentials in a GitHub repository and observed an unauthorised login just 34 minutes later.

Continue reading

NSA helps out Microsoft with critical Exchange Server vulnerability disclosures in an April shower of patches

100+ fixes for the Windows world – plus holes in SAP, Adobe, FreeBSD, etc

Patch Tuesday April showers bring hours of patches as Microsoft delivers its Patch Tuesday fun-fest consisting of over a hundred CVEs, including four Exchange Server vulnerabilities reported to the company by the US National Security Agency (NSA).

Forty-four different products and services are affected, mainly having to do with Azure, Exchange Server, Office, Visual Studio Code, and Windows. Among the vulnerabilities, four have been publicly disclosed and a fifth is being actively exploited. Nineteen of the CVEs have been designated critical.

"This month’s release includes a number of critical vulnerabilities that we recommend you prioritize, including updates to protect against new vulnerabilities in on-premise Exchange Servers," Microsoft said in its blog post.

Continue reading

What's Red and scale-y and shacked up with NEC? A new Red Hat network function virtualization solution, apparently

Living on the Edge as SA networks roll out

The move to 5G has allowed vendors and carriers to fundamentally rethink how their networks are structured. Once the norm, tightly integrated vendor-specific hardware is gradually being supplanted by virtualized alternatives that run happily on standards-agnostic kit. Jumping on the bandwagon is Japanese provider NEC, which today said it would use RedHat's OpenShift Kubernetes platform for its upcoming 5G hardware.

The company said it plans to use OpenShift across its 5G Core and RAN products, intended for both public and private use, as well its Edge and AI platforms.

On the edge, NEC sells a compact data processing device called the UPF mini. The hardware has already been selected for NTT DoCoMo's 5G SA (StandAlone) network, with the device positioned on existing base stations. The company also sells a software-based AI analysis platform for private and local networks, which NEC claimed can help mitigate performance slowdowns caused by congestion.

Continue reading

In the enterprise, Kubernetes has to play by the same rules as other platforms

Shortcuts? What shortcuts!

Sponsored Without a doubt, Kubernetes is the most important thing that has happened in enterprise computing in the past two decades, rivalling the transformation that swept over the datacenter with server virtualization, first in the early 2000s on RISC/Unix platforms and then during the Great Recession when commercial-grade server virtualization became available on X86 platforms at precisely the moment it was most needed.

All things being equal, the industry would have probably preferred to go straight to containers, which are lighter weight than server virtualization and which are designed explicitly for service-oriented architectures – now called microservices – but it is the same idea of chopping code into smaller chunks so it can be maintained, extended, or replaced piecemeal.

This is precisely why Google spent so much time in the middle 2000s creating what are now seen as relatively rudimentary Linux containers and the Borg cluster and container controllers. Seven years ago, as it was unclear what the future platform might look like; OpenStack, which came out of NASA and Rackspace Hosting, was a contender, and so was Mesos, which came out of Twitter, but Kubernetes, inspired by Borg and adopting a universal container format derived from Docker, has won.

Continue reading

Cracked copies of Microsoft Office and Adobe Photoshop steal your session cookies, browser history, crypto-coins

It's like the 2000s all over again, sighs Bitdefender

Cracked copies of Microsoft Office and Adobe Photoshop are stealing browser session cookies and Monero cryptocurrency wallets from tightwads who install the pirated software, Bitdefender has warned.

As many Reg readers will no doubt be aware, cracked software is a legitimate application that has had its registration or licensing features removed. Often distributed through BitTorrent in the days of yore, cracked software (also known as warez) appeal mainly to freeloaders who are happy to use a particular suite without paying for a licence.

With Microsoft Office and Adobe Photoshop being two of the most popular software suites in their niches, cracked versions were always going to be popular.

Continue reading