Aug 02, 2019 newsletter

Docker ramps up container security and automation with Docker Enterprise 3.0, now publicly available

After being in beta since April, Docker Enterprise 3.0 is now publicly available. The latest update brings new enhancements to the service, including Docker Applications, Docker Kubernetes Service, and new automation tools. The Docker Kubernetes Service, a certified Kubernetes distribution, includes more ‘sensible secure defaults’ that provide developers with stronger out-of-the-box security settings. Docker Applications are essentially containers for containers, helping teams package multiple containers into a single, usable object. Wrapping these new features together is a set of new CLI tools for operations teams to deploy, scale, and backup Docker Enterprise clusters across multi-cloud deployments.

Greater automation will be vital for Docker’s long-term success. Docker implementations can often get complicated, particularly as software development depends more heavily on containerization. Companies are often running thousands of containers, each with their own configuration and development teams. Packaging these containers into a single object with Docker Applications will help operators manage different configurations more easily and enables application-wide (as opposed to only container-wide) vulnerability and security scanning. Lifecycle automation tools, too, help operations teams minimize workflow friction with packaging and deploying these containers.

Stronger security will also be increasingly important for Docker, as the positive effects that containerization brings to development speed are dampened by the container ecosystem’s growing surface area for vulnerabilities and security issues. For many companies, security is now a top concern for containers; in a recent survey of IT professionals by StackRox, 40% of respondents said that the biggest concern they had with their company’s container strategy is that it does not adequately invest in container security. Configuration adjustments and stronger out-of-the-box security settings are a positive first step toward avoiding common pitfalls and raising the minimum security tolerance of the container community as a whole.

The net result and most important impact of the new enterprise Docker platform is more streamlined interactions between developers and operators. With more accessible container-based workflows, operators can deploy more quickly to maintain developer speed, while developers can reduce security issues to allay IT concerns.


GitHub blocks developers in Syria, Iran, and Crimea to comply with U.S. sanctions, export laws

Over the last few weeks, GitHub has quietly rolled out restrictions to its platform to comply with U.S. sanctions and export laws. The new GiHub trade restrictions affect developers in Crimea, Cuba, Iran, North Korea, and Syria. To decide what developers to block, GitHub tracks IP addresses and payment history to deduce locations, and blocks users accordingly.

Attention was brought to the issue by the story of Anatoliy Kashkin, a developer and Russian citizen living in Crimea, who had his private repositories locked. Kashkin complained that the unannounced restrictions severely impacted his ability to work on his development projects and host his websites. Another viral post, from Hamed Saeedi Fard, a developer in Iran, noted that his account had also been blocked without prior notice, preventing him from backing up his data on GitHub.

Restricted users can’t create new private GitHub repositories or access them. Affected developers also can’t use the GitHub marketplace and are not allowed to have a private paid organization account. GitHub noted that it keeps open source projects and public repository services available and accessible to support personal communications involving developers in sanctioned regions.

While some suggested using GitLab or Atlassian to get around the issue, both companies are likely to follow GitHub’s actions, especially if they notice an influx of sanctioned developers moving from GitHub to their platforms. GitHub does offer an enterprise solution that requires users to run a self-hosted virtual appliance on a private cloud, essentially running their own instance of the GitHub platform without the global community. Lastly, for those hoping to bypass the sanctions, GitHub revealed that developers in U.S.-sanctioned locations are prohibited from using VPNs or other methods of disguising their location. How GitHub enforces that rule remains to be seen.

Open source communities are often not as open as many expect. Much of the open source world depends on a network of proprietary platforms. While open source licenses allow software to traverse the world freely, companies with physical hardware, employees, or legal business entities in a particular location are subject to laws and regulations, making them a single point of failure for the open source ecosystem. Such single points of failure often fragment the community, or leave certain developers behind——a fact that open source developers will likely have to contend with more often in times of heated trade wars.


Fight against rogue developers continues as Google Chrome blocks flash by default and notifies extension developers about impending restrictions

Google announced the release of Chrome 76, which blocks Adobe Flash by default. Back in 2017, Adobe committed to killing Flash by 2020, an inevitable fate that Google has continued to uphold over the years. Starting in 2015, Chrome began pausing less important Flash content and then, in 2016, began blocking ‘behind the scenes’ Flash content. Next year, Flash will be removed from Chrome entirely.

While Flash ushered in a new era of interactive websites and rich media, few will likely miss its bug-ridden reputation and poor security performance in a world that increasingly fears the serious privacy implications of browser vulnerabilities. With less third-party proprietary software operating in the browser, Chrome can take more responsibility for its user experience.

Google is also requiring developers to minimize data collection from their chrome extensions. Chrome extensions must request the least amount of data necessary to work, hopefully hastening the demise of permission-greedy extensions that access local storage, microphones, and browsing data to accomplish simple tasks. Google revealed that developers have until October 15th to make adjustments to their extensions.

With 180,000+ Chrome extensions currently available in the web store, Google has a long review process ahead. Many extensions will likely need fixes, too. Over the past year, several high-profile reports have shown that less reputable, but often innocuous, Chrome extensions are harvesting private user information. Chrome extensions are only the latest front in an ongoing data and privacy war: a few months ago, Google began notifying developers about new restrictions to its Gmail and Drive APIs. For developers in the Google ecosystem, security and strict data policies will be top of mind for any new apps and tools.


Small bytes

  • Programming of the future: a fascinating deep-dive into algebraic effects [OVERREACTED]
  • How to build a generative engineering culture where nothing falls through the cracks [CHANGELOG]
  • The art of interrupting software engineers [PIVOTAL]
  • Don't ask if a monorepo is good for you – ask if you're good enough for a monorepo [PROPER FIXATION]
  • A programmer’s regret: neglecting math [ADENOID ADVENTURES]
  • How to learn to code for free at Stanford and make six figures in under one year [THE MISSION]

Tools

  • OctoSQL is a query tool that allows you to join, analyse and transform data from multiple databases and file formats using SQL [GITHUB]
  • Awesome Java is a curated list of awesome frameworks, libraries and software for the Java programming language [GITHUB]
  • Refinery makes serverless easy via a drag-and-drop editor [REFINERY]
  • Create and share beautiful images of your source code [CODEIMG.IO]
  • Technology-Books is a repository with dozens of premium eBooks for geeks [GITHUB]
  • Date-Science--Cheat-Sheet is a repository containing a comprehensive collection of data science cheat sheets [GITHUB]
Never miss the big news

Every week, our team will send you three of the most important stories for developers, including our analysis of why they matter. Software development changes fast, but src is your secret weapon to stay up to date in the developer world.

Featured articles
AI Ethics: How Diverging Global Strategies Open a Gaping Regulatory Void

Today global initiatives on AI are a series of regulatory and ethical gambles—a dangerous, potentially existential game.


Can Master Chief win the day for Microsoft Azure?

Why the Xbox will be Azure’s unlikely hero.


Churn Baby, Churn

Understanding churn rates can help developers be more productive and write quality code

Made with by Software. Read more about our mission.