Software

OSes

Amazon teases Bottlerocket, its take on Linux specifically for running containers

Rust and dual-partition sets for security, efficiency, and automated updates


Amazon Web Services has begun previewing Bottlerocket, a new open-source Linux distribution designed for running containers.

There are two main ideas behind Bottlerocket. The first is to make it easier to automate OS updates by applying them in a single step, rather than package by package. According to AWS, this will also improve uptime "by minimizing update failures and enabling easy update rollbacks."

The second part of the rationale is to strip down the OS so it only contains what is needed to run containers.

The new OS is on GitHub along with more information and build tools. The GitHub repositories include an update operator for Kubernetes (K8s), and AWS primarily has K8s in mind for Bottlerocket usage. The Bottlerocket charter spells out the four tenets behind development – secure, open, small and simple.

Bottlerocket has two identical sets of partitions. When you update Bottlerocket, it is the inactive partition that gets the update. Then the partition table is changed to swap the active and inactive partition sets. If the boot fails, then it automatically rolls back, as controlled by the Signpost utility. The update is image-based, hence the "single step." There is also provision for update waves, where groups of Bottlerocket hosts are scheduled to update at different times. A description of the update process is here. It uses a CNCF (Cloud Native Computing Foundation) project called The Update Framework.

There is no SSH server, normally used to enable secure login, nor is there even a shell in the base Bottlerocket image. This is to improve security. To get a shell, you use a special control container, which is enabled by default, to start an admin container, which is disabled by default. In the admin container you can run a root shell using the command sheltie, though even then the system "will prevent most changes from persisting over a restart".

AWS makes extensive use of Rust for Bottlerocket. "Almost all first-party components are written in Rust. Rust eliminates some classes of memory safety issues, and encourages design patterns that help security," says the description. Third-party components include the Linux kernel, GRUB patched to support the partition swapping, containerd for running containers, K8s, and the AWS IAM authenticator. The system for building Bottlerocket itself uses Rust and Docker.

According to the charter, Bottlerocket is open and "not a Kubernetes distro, nor an Amazon distro". That said, the project is focused on AWS and EKS (Elastic Kubernetes Service), though we are assured that "there is nothing that limits Bottlerocket to EKS or AWS". The suggested path for trying it out is to set up an EKS cluster.

Google also has an container-optimised OS based on the Chromium OS project, used for Chrome OS. There is a reference to "ChromeOS-style GTP priority bits" in the documentation for Signpost so it looks as if there are some similarities. On Microsoft's Azure Kubernetes Service "the VM image for the nodes in your cluster is currently based on Ubuntu Linux or Windows Server 2019", according to the docs, though you can also select your own. It is a less impressive pitch than that of Google and now AWS.

Paying close attention to the OS used for K8s node images makes perfect sense for security, reliability and efficiency. ®

Send us news
6 Comments

Japanese boffins say they've created plastic optical fibres to reach places that might break glass

Polymers can transmit at 53Gbps without error correction overheads, and could be just the thing for electric cars

Boffins at Japan's Keio University reckon they've built viable optical fibers from plastics.

Optical fibers are most often made of glass and are, as attested by the awesome data-schlepping capacity of undersea cables, freaking amazing.

But while boffins have made optical fibers very resilient, they've not been able to address all the fragilities in glass.

Continue reading

Apple warns of arbitrary code execution zero-day being actively exploited on Macs

Remember iPods? The same bug can bite them, and plenty of older iPhones and iPads too

Apple has warned iPhone and Mac users that it's aware of a zero-day bug that's being actively exploited.

The iGiant has thanked Google for spotting CVE-2021-30869, which the ad giant seems to have noticed because it also impacts the WebKit browser engine.

It's a nasty flaw, as it's in the XNU kernel at the heart of Apple's operating systems including macOS and iOS.

Continue reading

Indian broadband connections top 800 million … sort of

'Broadband' is defined as 512kbps – for now – and just 24 million current connections are wired

India's Telecoms Regulatory Authority has revealed that the nation has over 800 million active broadband subscribers.

The Authority's Highlights of Telecom Subscription Data [PDF] for the month ending on July 31st 2021 revealed that the nation started the month with 792.78 million broadband subscribers and ended it with 808.6 million – two per cent growth within a month.

Wireless subscriptions jumped by 14.78 million, with wired subs up by a mere 490,000. Interestingly, fixed wireless services grew 83.53 per cent in the month, jumping from 650,000 subs to over 1.19 million.

Continue reading

If you're not sold on the benefits of 5G, Ericsson suggests you keep an eye on gaming, home broadband

NA CEO predicts takeoff in 18 months max

Folks in the US will see the transformative effects of 5G first in the areas of online gaming and fixed wireless broadband internet connections, Ericsson North America CEO Niklas Heuveldop said on Thursday.

"When it comes to new services, look at gaming as one of the sectors that holds promise for 5G. You need the unique throughput that 5G offers ... and the instant response," he said during a webcast hosted by The Washington Post. And yes, Heuveldop works for the Ericsson that makes and sells 5G network equipment.

5G networks – which promise increased capacity as well as high throughput and low latency – could move game console hardware from the edge of your furniture to the edge of a network, he said, adding that is already happening in places such as South Korea, where high-performance 5G networks are operational. That is to say, the gameplay processing is done remotely and piped to a relatively simple terminal in your home, potentially using 5G if the connectivity is available.

Continue reading

California Governor signs bill protecting warehouse workers from unsafe quotas

AB 701 takes aim at Amazon and other warehouse operators that prioritize productivity over health

California Governor Gavin Newsom on Wednesday signed Assembly Bill 701, establishing new protections for workers at warehouse distribution centers.

The new law requires employers operating large warehouses in the state to disclose worker production quotas. It also prohibits disciplinary action against workers for missing quotas as a result of health- or safety-related breaks.

AB 701, which takes effect on January 1, 2022, was drafted with an eye toward Amazon's warehouse management practices.

Continue reading

Texas law banning platforms from social media moderation challenged in lawsuit

Tech trade groups argue prohibition on moderation is unconstitutional

Two IT trade groups on Wednesday challenged the constitutionality of Texas' new social media law, arguing that it compels companies to host speech they disagree with in violation of their First Amendment rights.

The Texas law, HB 20, was signed by Governor Greg Abbott on September 9, 2021 and takes effect on December 9, 2021. It prohibits large social media platforms from removing content posted by users based on any viewpoint, or the user's location in Texas, unless the content is unlawful.

The law puts politically manipulative misinformation on equal footing with good-faith opinion and verifiable facts. If you choose to say that vaccines are poison or that racial superiority is proven, HB 20 will prevent major social media platforms from interfering.

Continue reading

Dell bids adieu to the era of big acquisitions, concentrates on paying down debt and Michael's new book

Partnerships are our future, says tycoon

Dell CEO Michael Dell once loved big-ticket acquisitions, but not anymore.

Dell ruled out major takeovers in the future, and will instead focus on partnerships for product offerings, he said during an analyst presentation livestream on Thursday.

The biz that bears his name went on a string of acquisitions through the last decade as it expanded into software, server, PC and storage offerings. The most notable was the $67bn merger in 2016 with EMC, which included VMWare, to create the world's largest private company at the time.

Continue reading

Boston Dynamics' Spot robot embarks on its latest thrilling adventure: Insurance!

US company equips cybernetic pooch to help in building inspections, post-disaster assessments

Boston Dynamics' creepy robot dog Spot has found another new employer for its unique skillset.

Having previously found work checking out nuclear power plants, probing suspect packages, maintaining social distancing rules during the pandemic and – briefly – working as a police dog in New York before being unceremoniously fired, the headless robohound is now being tapped up by US company Farmers Insurance to assist its agents with property inspections and "in-field catastrophe claims", or assessments in the immediate wake of natural disasters and major events.

The scary but willing cybernetic pooch has been adapted for Farmers' needs, receiving extra equipment to assist it in its new task, adding a 360° camera, site documentation software, and a new blue paintjob over its regular yellow-and-black-clad headless chassis.

Continue reading

One-size-fits-all chargers? What a great idea! Of course Apple would hate it, though

Cupertino thinks EU plan 'stifles innovation rather than encouraging it'

Smartphones, tablets, and cameras sold within the European Union could be forced to adopt a single standard charging port by the middle of the decade if the latest plans from the European Commission get the go-ahead.

The proposals for a revised Radio Equipment Directive would mean that charging port and fast-charging technology would be "harmonised" across the EU with USB-C becoming the standard for all tech. Quite where this leaves Apple is open to some debate.

Plans to standardise chargers were hatched all the way back in 2011 and by 2014 MicroUSB was the connector design chosen. Vendors signed an MoU but Cupertino went its own way.

Continue reading

In a dark place because your K8s apps still want local storage? It’s time to see the light

Find out how to crack the portability conundrum

Sponsored The hyperscalers are an unsentimental bunch. So it is that they are disaggregating servers from storage, allowing each to scale separately as applications and workloads demand, and squeezing the maximum benefit from their Kubernetes environments.

However, this is no trivial task and regular enterprises might not have the resources to follow hyperscalers down this path, particularly as their applications are often geared towards local flash-based storage. This then leaves them facing the possibility of underutilized storage and/or servers, and the fact that they are not fully exploiting the portability potential of Kubernetes.

So what’s the solution? Can you balance portability and the performance benefits of local flash? You can find out on September 28 at 09:00 PST / 12:00 EST / 17:00 BST with this webcast on “Kubernetes Portability with Local NVMe Performance”.

Continue reading

Facebook overpaid FTC fine by up to '$4.9bn' to protect Zuckerberg, lawsuits allege

A whole lot of ███ in documents which finger Peter Thiel and execs

Facebook is remaining silent over two explosive lawsuits unsealed this week which contain allegations that board members "authorized" the overpayment of an FTC fine by up to $4.9bn in order to protect CEO Mark Zuckerberg.

The $5bn penalty was dished out to the social network by the Federal Trade Commission back in 2019 for "deceiving users" about their control over private data in the wake of the Cambridge Analytica scandal.

Other allegations detailed in the complaints include claims the firm deliberately swerved implementing privacy controls in service of an "illegal" business model and that board members, including Marc Andreessen, Palantir boss Peter Thiel, Sheryl Sandberg, Michael Schroepfer (who resigned as Facebook CTO on Monday – see sidebar) and Zuckerberg himself, had exploited the company's "non public information" (insider trading).

Continue reading