Any computer system is only as useful as the accuracy and usefulness of the data it generates, whether it’s a modest departmental application or a predictive modeler used by an enormous cloud service provider. When a hyperscaler (which has a large network of data centers and a wide range of services) develops AI models, they simply have to produce robust predictions, or the effort is all for naught.

Microsoft has officially deprecated NTLM authentication on Windows and Windows servers, stating that developers should transition to Kerberos or Negotiation authentication to prevent problems in the future.

Catchpoint’s value proposition is simple to understand. It monitors website and application performance beyond your own infrastructure to provide a “user’s-eye view.”

I have been familiar with Catchpoint for several years, as we covered them here on DevOps.com and other Techstrong sites for some time. On the second day of the #AppDev Tech Field Day in Santa Clara, Catchpoint CEO Mehdi Daoudi presented the Catchpoint story, explaining the difference between garden-variety application performance management (APM) and what Catchpoint does, which it calls Internet Performance Monitoring (IPM).

Infrastructure as Code (IaC) has become a cornerstone of modern cloud resource management. It enables developers and engineers to manage their cloud resources with the same level of control and precision as application code.

A hacker has defaced the website of the pcTattletale spyware application, found on the booking systems of several Wyndham hotels in the United States, and leaked over a dozen archives containing database and source code data.

GitLab patched a high-severity vulnerability that unauthenticated attackers could exploit to take over user accounts in cross-site scripting (XSS) attacks.

The security flaw (tracked as CVE-2024-4835) is an XSS weakness in the VS code editor (Web IDE) that lets threat actors steal restricted information using maliciously crafted pages.

While they can exploit this vulnerability in attacks that don't require authentication, user interaction is still needed, increasing the attacks' complexity.

"Today, we are releasing versions 17.0.1, 16.11.3, and 16.10.6 for GitLab Community Edition (CE) and Enterprise Edition (EE)," GitLab said.

"These versions contain important bug and security fixes, and we strongly recommend that all GitLab installations be upgraded to one of these versions immediately."

As someone interested in DevOps, I wondered how all the AI advances could benefit my field. OpenAI used deep learning to release groundbreaking products like ChatGPT and Sora. Microsoft used similar technologies to revamp its products, notably enhancing GitHub with Copilot. Many startups have sprung up, and large tech companies have poured billions into AI research.

Ultimately, how can engineers use this technology to reduce toil, add value to the software development lifecycle (SDLC), and increase development velocity? There are a few interesting options.

Moving to the cloud presents several security challenges for enterprises, including protecting the organization from data breaches, misconfigurations, compliance issues and unauthorized access. Moreover, the dynamic nature of cloud environments, with resources being provisioned and de-provisioned on-demand, adds complexity to security management. Organizations should implement robust security measures such as encryption, access controls and regular security audits. Training employees on best practices for cloud security is crucial to mitigate risks and ensure data protection in the cloud environment.

These items should be top of mind.

Microsoft this week added a bevy of tools to its portfolio that infuses generative artificial intelligence (AI) into DevOps workflows.

Unveiled at the Microsoft Build 2024 conference, those additions include GitHub Copilot for Azure which enables DevOps teams to build, troubleshoot and deploy applications on the Microsoft Azure cloud using a natural language interface.

GitHub Copilot for Azure is one of the multiple extensions that Microsoft and third-party partners are providing to, for example, customize tools from Docker, Inc. and Sentry. Microsoft is also embedding its Copilot into Microsoft Teams and Microsoft 365 development tools.

At the same time, Microsoft is previewing a Copilot for Azure that DevOps teams can use to orchestrate application deployments on Azure.

Nearly everything we use is built on code, from cars to smart fridges to doorbells. In businesses, countless applications keep devices, workflows and operations running. So, when early no-code development platforms launched in 2010, promising more accessible application development for citizen developers, its success felt inevitable.

Satellite Internet services are expanding rapidly, but the ground terminals required to connect to them are expensive and power hungry. The French startup Greenerwave is building a terminal that uses something they call a “reconfigurable intelligent surface” (RIS) to reduce both costs and energy consumption.

It’s often challenging for established tech companies to adopt modern DevOps practices around infrastructure-as-code (IaC). It’s not so much in adopting the syntax, but rather the DevOps culture that IaC is part of for engineering organizations.

Organizations often struggle to transition from traditional operations models to collaborative DevOps culture, which is a byproduct of transitioning infrastructure operations to code.

In many cases, legacy tendencies persist, while IaC duties stay siloed within ops-centric DevOps teams—which is the exact opposite of the benefits of leveraging powerful technology like infrastructure-as-code. What this ultimately creates is bottlenecks in development velocity and product iteration.

With all this in mind, it begs the question: What changes can enable a smoother IaC journey?

Four vulnerabilities collectively called "Leaky Vessels" allow hackers to escape containers and access data on the underlying host operating system.

The flaws were discovered by Snyk security researcher Rory McNamara in November 2023, who reported them to impacted parties for fixing.

Snyk has found no signs of active exploitation of the Leaky Vessels flaws in the wild, but the publicity could change the exploitation status, so all impacted system admins are recommended to apply the available security updates as soon as possible.

​Europol, the European Union's law enforcement agency, confirmed that its Europol Platform for Experts (EPE) portal was breached and is now investigating the incident after a threat actor claimed they stole For Official Use Only (FOUO) documents containing classified data.

Generative AI is today’s buzziest form of artificial intelligence, and it’s what powers chatbots like ChatGPT, Ernie, LLaMA, Claude, and Command—as well as image generators like DALL-E 2, Stable Diffusion, Adobe Firefly, and Midjourney. Generative AI is the branch of AI that enables machines to learn patterns from vast datasets and then to autonomously produce new content based on those patterns. Although generative AI is fairly new, there are already many examples of models that can produce text, images, videos, and audio.

On March 28, 2024, Red Hat Linux announced CVE-2024-3094 with a critical CVSS score of 10. This vulnerability is a result of a supply chain compromise impacting the versions 5.6.0 and 5.6.1 of XZ Utils. XZ Utils is data compression software included in major Linux distributions. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has advised people to downgrade to an uncompromised XZ Utils version (earlier than 5.6.0).

The ever-evolving landscape of technology has ushered in a paradigm shift in software development and deployment. One of the prominent trends gaining momentum is the integration of low-code/no-code platforms within the DevOps ecosystem. This article explores how these platforms are revolutionizing the way applications are developed, deployed and managed, fostering collaboration between developers and operations teams.

Three large-scale malware campaigns have infiltrated Docker Hub, deploying millions of malicious “imageless” containers.

The data comes from JFrog’s security research team, which recently revealed a concerning trend within Docker Hub.

The platform, known for facilitating Docker image development, collaboration and distribution, hosts over 12.5 million repositories. However, according to JFrog, approximately 25% of these repositories lack useful functionality and serve instead as vehicles for spam, pirated content promotion and malware dissemination.

Het gaat goed met IT-channel partners. Ruim drie op de vijf IT-kanaalpartners (61%) in de Benelux meldt dat hun zaken er vandaag de dag beter voor staan dan twee jaar geleden. Vooral de adoptie van generatieve AI-tool (GenAI-tools) en de groeiende vraag naar securitydiensten draagt hieraan bij.

GitLab this week announced the general availability of GitLab Duo Chat, a natural language interface through which DevOps teams can invoke generative artificial intelligence (AI) to generate code, create tests and access summarizations of code. It is available as an add-on to the GitLab Duo Pro AI framework, which the company is embedding across its DevOps platforms. GitLab Duo Chat can be invoked via the GitLab user interface or GitLab’s web integrated development environment (IDE) in addition to third-party IDEs, including VS Code and the IDE provided by JetBrains.

In the hybrid-cloud world, we all knew that HashiCorp, makers of the popular infrastructure as code (IaC) tool Terraform, was looking to be acquired.

We also knew that switching Terraform’s open source Mozilla license for the Business Source License (BSL 1.1) had left plenty of unhappy Terraform developers and partners in its wake. Those open source users created a Terraform fork called OpenTofu. OpenTofu took off quickly, causing lawyers to get involved.

But that kerfuffle didn’t stop IBM from announcing it was buying HashiCorp for a cool $35 per share, a deal adding up to a premium value of $6.4 billion.

Intel heeft gereageerd op stabiliteitsproblemen van bepaalde 13th en 14th Gen Core-processors. Volgens de chipmaker worden deze veroorzaakt door moederbordmakers die standaardinstellingen implementeren die buiten de aanbevolen specificaties van Intel liggen.

The first quarter of 2024 has been about artificial intelligence (AI) and what it can and cannot do, so it’s no surprise that organizations have focused on it.

However, the Internet of Things (IoT) is close to AI on the priority list—according to IoT Analytics, it was reported as one of the three corporate priorities in 2024.

Despite its potential to streamline operations and boost efficiency, the IoT firm Asimily warned that as businesses push on with their IoT strategies there is also a parallel growth in IoT security vulnerabilities.

Last year, a Zscaler report indicated a 400% growth in IoT malware attacks, a testament to how poorly secured IoT devices can present a tempting target for cybercriminals.

Factoring in the above numbers reveals one thing: corporate reliance on IoT devices could leave organizations more vulnerable to security incidents than we think.

All these beg the question: how are organizations prepping themselves for corporate IoT security challenges in 2024?

To answer this and more, we explore key trends in IoT security and seek expert opinions.

Exposed Docker API endpoints over the internet are under assault from a sophisticated cryptojacking campaign called Commando Cat.

Yesterday, Meta unveiled early versions of its Llama 3 open-weights AI model that can be used to power text composition, code generation, or chatbots. It also announced that its Meta AI Assistant is now available on a website and is going to be integrated into its major social media apps, intensifying the company's efforts to position its products against other AI assistants like OpenAI's ChatGPT, Microsoft's Copilot, and Google's Gemini.

Vulnerable Docker services are being targeted by a novel campaign in which the threat actors are deploying XMRig cryptocurrency miner as well as the 9Hits Viewer software as part of a multi-pronged monetization strategy.

Today at Nvidia’s developer conference, GTC 2024, the company revealed its next GPU, the B200. The B200 is capable of delivering four times the training performance, up to 30 times the inference performance, and up to 25 times better energy efficiency, compared to its predecessor, the Hopper H100 GPU. Based on the new Blackwell architecture, the GPU can be combined with the company’s Grace CPUs to form a new generation of DGX SuperPOD computers capable of up to 11.5 billion billion floating point operations (exaflops) of AI computing using a new, low-precision number format.

“Blackwell is a new class of AI superchip,” says Ian Buck, Nvidia’s vice president of high-performance computing and hyperscale. Nvidia named the GPU architecture for mathematician David Harold Blackwell, the first Black inductee into the U.S. National Academy of Sciences.

The B200 is composed of about 1600 square millimeters of processor on two silicon dies that are linked in the same package by a 10 terabyte per second connection, so they perform as if they were a single 208-billion-transistor chip. Those slices of silicon are made using TSMC’s N4P chip technology, which provides a 6 percent performance boost over the N4 technology used to make Hopper architecture GPUs, like the H100.

Like Hopper chips, the B200 is surrounded by high-bandwidth memory, increasingly important to reducing the latency and energy consumption of large AI models. B200’s memory is the latest variety, HBM3e, and it totals 192 GB (up from 141 GB for the second generation Hopper chip, H200). Additionally, the memory bandwidth is boosted to 8 terabytes per second from the H200’s 4.8 TB/s.

Intel heeft naar eigen zeggen het grootste neuromorfische computersysteem ter wereld gebouwd. Het systeem, genaamd Hala Point, beschikt over 1152 Loihi 2-chips, die neuronen en synapsen kunnen simuleren en daarmee soortgelijk functioneren als hersenen.

Are you ready to embark on your coding journey? Whether you’re a seasoned developer or just starting, setting up the right development environment is crucial for a smooth and productive workflow. In this guide, we’ll walk you through the steps to create a robust development environment using popular tools like Microsoft Visual Studio Code, Python, and Ansible.

At a GrafanaCon event today, Grafana Labs unveiled an update to its core Grafana visualization platform. The company is offering an Explore Metric module which it says can identify an issue’s root cause — and to do so without anyone having to launch a query against the open source Prometheus platform that is at the core of the Grafana Cloud observability platform.