Blogroll Category: Technology

I read blogs, as well as write one. The 'blogroll' on this site reproduces some posts from some of the people I enjoy reading. There are currently 165 posts from the category 'Technology.'

Disclaimer: Reproducing an article here need not necessarily imply agreement or endorsement!

PHP 7.1.12 Released

PHP - 5 hours 33 sec ago
Categories: Technology

Beta: Imunify360 2.6.6 released

CloudLinux - Thu, 23/11/2017 - 15:11

We are pleased to announce that the new updated beta Imunify360 version 2.6.6 is now available. This latest version embodies further improvements of the product as well as the new features. Imunify360 has also become more reliable and stable.

Should you encounter any problems with the product or have any questions, comments or suggestions, please contact our support team at cloudlinux.zendesk.com: Imunify360 department. We’d be more than happy to help you.

Imunify360 2.6.6

Changelog:

  • DEF-3519: fixed TimeoutError for CAPTCHA;
  • DEF-3644: fixed infected domains execution;
  • DEF-3647: separate error from malscan library;
  • DEF-3656: advanced data for incidents are now kept;
  • DEF-3666: imunify360-captcha service for CentOS7 is now stopped when imunify360 is stopped;
  • DEF-3665: fixed error in migration;
  • DEF-3195: replaced Error with Notice if mod_remoteip is already installed;
  • DEF-3646: allowed Nginx CAPTCHA activation for Plesk;
  • DEF-3669: fixed arbitrary file access vulnerability reported by Patrick William @Rack911Labs.

To install new beta Imunify360 version 2.6.6 please follow the instructions in the documentation.

Upgrade is available since Imunify360 version 2.0-19 and later.

To upgrade Imunify360 run:

yum update imunify360-firewall --enablerepo=imunify360-testing

More information on Imunify360 can be found here.

Categories: Technology

PHP 7.0.26 Released

PHP - Thu, 23/11/2017 - 12:00
Categories: Technology

Want to try Warp? We just enabled the beta for you

CloudFlare - Thu, 23/11/2017 - 02:00

Tomorrow is Thanksgiving in the United States. It’s a holiday for getting together with family characterized by turkey dinner and whatever it is that happens in American football. While celebrating with family is great, if you use a computer for your main line of work, sometimes the conversation turns to how to setup the home wifi or can Russia really use Facebook to hack the US election. Just in case you’re a geek who finds yourself in that position this week, we wanted to give you something to play with. To that end, we’re opening the Warp beta to all Cloudflare users. Feel free to tell your family there’s been an important technical development you need to attend to immediately and enjoy!

Hello Warp! Getting Started

Warp allows you to expose a locally running web server to the internet without having to open up ports in the firewall or even needing a public IP address. Warp connects a web server directly to the Cloudflare network where Cloudflare acts as your web server’s network gateway. Every request reaching your origin must travel to the Cloudflare network where you can apply rate limits, access policies and authentication before the request hits your origin. Plus, because your origin is never exposed directly to the internet, attackers can’t bypass protections to reach your origin.

Warp is really easy to get started with. If you use homebrew (we also have packages for Linux and Windows) you can do:

$ brew install cloudflare/cloudflare/warp $ cloudflare-warp login $ cloudflare-warp --hostname warp.example.com --hello-world

In this example, replace example.com with the domain you chose at the login command. The warp.example.com subdomain doesn’t need to exist yet in DNS, Warp will automatically add it for you.

That last command spins up a web server on your machine serving the hello warp world webpage. Then Warp starts up an encrypted virtual tunnel from that web server to the Cloudflare edge. When you visit warp.example.com (or whatever domain you chose), your request first hits a Cloudflare data center, then is routed back to your locally running hello world web server on your machine.

If someone far away visits warp.example.com, they connect to the Cloudflare data center closest to them, and then are routed to the Cloudflare data center your Warp instance is connected to, and then over the Warp tunnel back to your web server. If you want to make that connection between Cloudflare data centers really fast, enable Argo, which bypasses internet latencies and network congestions on optimized routes linking the Cloudflare data centers.

To point Warp at a real web server you are running instead of the hello world web server, replace the hello-world flag with the location of your locally running server:

$ cloudflare-warp --hostname warp.example.com http://localhost:8080 Using Warp for Load Balancing

Let’s say you have multiple instances of your application running and you want to balance load between them or always route to the closest one for any given visitor. As you spin up Warp, you can register the origins behind Warp to a load balancer. For example, I can run this on 2 different servers (e.g. one on a container in ECS and one on a container in GKE):

$ cloudflare-warp --hostname warp.example.com --lb-pool origin-pool-1 http://localhost:8080

And connections to warp.example.com will be routed seamlessly between the two servers. You can do this with an existing origin pool or a brand new one. If you visit the load balancing dashboard you will see the new pool created with your origins in it, or the origins added to an existing pool.

You can also set up a health check so that if one goes offline, it automatically gets deregistered from the load balancer pool and requests are only routed to the online pools.

Automating Warp with Docker

You can add Warp to your Dockerfile so that as containers spin up or as you autoscale, containers automatically register themselves with Warp to connect to Cloudflare. This acts as a kind of service discovery.

A reference Dockerfile is available here.

Requiring User Authentication

If you use Warp to expose dashboards, staging sites and other internal tools to the internet that you don’t want to be available for everyone, we have a new product in beta that allows you to quickly put up a login page in front of your Warp tunnel.

To get started, go to the Access tab in the Cloudflare dashboard.

There you can define which users should be able to login to use your applications. For example, if I wanted to limit access to warp.example.com to just people who work at Cloudflare, I can do:

Enjoy!

Enjoy the Warp beta! (But don't wander too deep into the Warp tunnel and forget to enjoy time with your family.) The whole Warp team is following this thread for comments, ideas, feedback and show and tell. We’re excited to see what you build.

Categories: Technology

An update on the Workflow Initiative for Drupal 8.4/8.5

Drupal - Wed, 22/11/2017 - 17:57

This blog has been re-posted with permission from Dries Buytaert's blog. Please leave your comments on the original post.

Over the past weeks I have shared an update on the Media Initiative and an update on the Layout Initiative. Today I wanted to give an update on the Workflow Initiative.

Creating great software doesn't happen overnight; it requires a desire for excellence and a disciplined approach. Like the Media and Layout Initiatives, the Workflow Initiative has taken such an approach. The disciplined and steady progress these initiative are making is something to be excited about.

8.4: The march towards stability

As you might recall from my last Workflow Initiative update, we added the Content Moderation module to Drupal 8.2 as an experimental module, and we added the Workflows module in Drupal 8.3 as well. The Workflows module allows for the creation of different publishing workflows with various states (e.g. draft, needs legal review, needs copy-editing, etc) and the Content Moderation module exposes these workflows to content authors.

As of Drupal 8.4, the Workflows module has been marked stable. Additionally, the Content Moderation module is marked beta in Drupal 8.4, and is down to two final blockers before marking stable. If you want to help with that, check out the Content Moderation module roadmap.

8.4: Making more entity types revisionable

To advance Drupal's workflow capabilities, more of Drupal's entity types needed to be made "revisionable". When content is revisionable, it becomes easier to move it through different workflow states or to stage content. Making more entity types revisionable is a necessary foundation for better content moderation, workflow and staging capabilities. But it was also hard work and took various people over a year of iterations — we worked on this throughout the Drupal 8.3 and Drupal 8.4 development cycle.

When working through this, we discovered various adjacent bugs (e.g. bugs related to content revisions and translations) that had to be worked through as well. As a plus, this has led to a more stable and reliable Drupal, even for those who don't use any of the workflow modules. This is a testament to our desire for excellence and disciplined approach.

8.5+: Looking forward to workspaces

While these foundational improvements in Drupal 8.3 and Drupal 8.4 are absolutely necessary to enable better content moderation and content staging functionality, they don't have much to show for in terms of user experience changes. Now a lot of this work is behind us, the Workflow Initiative changed its focus to stabilizing the Content Moderation module, but is also aiming to bring the Workspace module into Drupal core as an experimental module.

The Workspace module allows the creation of multiple environments, such as "Staging" or "Production", and allows moving collections of content between them. For example, the "Production" workspace is what visitors see when they visit your site. Then you might have a protected "Staging" workspace where content editors prepare new content before it's pushed to the Production workspace.

While workflows for individual content items are powerful, many sites want to publish multiple content items at once as a group. This includes new pages, updated pages, but also changes to blocks and menu items — hence our focus on making things like block content and menu items revisionable. 'Workspaces' group all these individual elements (pages, blocks and menus) into a logical package, so they can be prepared, previewed and published as a group. This is one of the most requested features and will be a valuable differentiator for Drupal. It looks pretty slick too:

Drupal 8 Outside In Content Creation Prototype

An outside-in design that shows how content creators could work in different workspaces. When you're building out a new section on your site, you want to preview your entire site, and publish all the changes at once. Designed by Jozef Toth at Pfizer.

I'm impressed with the work the Workflow team has accomplished during the Drupal 8.4 cycle: the Workflow module became stable, the Content Moderation module improved by leaps and bounds, and the under-the-hood work has prepared us for content staging via Workspaces. In the process, we've also fixed some long-standing technical debt in the revisions and translations systems, laying the foundation for future improvements.

Special thanks to Angie Byron for contributions to this blog post and to Dick Olsson, Tim Millwood and Jozef Toth for their feedback during the writing process.

Categories: Technology

Beta: CloudLinux 7 kernel updated

CloudLinux - Wed, 22/11/2017 - 17:43

The new updated CloudLinux 7 kernel version 3.10.0-714.10.2.lve1.4.76 is available for download from our updates-testing repository.

Changelog since kernel-3.10.0-714.10.2.lve1.4.75:

  • KMODLVE-99: properly handled error during resource setup;
  • KMODLVE-119: fixed potential errors on exit from LVE by using only one namespace;
  • KMODLVE-121: fixed module panic on exit by closing freezer cgroup first before releasing it.

Please note, that you do not need to install this kernel if you have kernel with Reseller limits support installed as it doesn't have Reseller limits functionality.

To install new kernel, please run the following command:

For CloudLinux 7:

yum clean all --enablerepo=cloudlinux-updates-testing && yum install kernel-3.10.0-714.10.2.lve1.4.76.el7 --enablerepo=cloudlinux-updates-testing

For CloudLinux 6 Hybrid:

yum clean all --enablerepo=cloudlinux-updates-testing,cloudlinux-hybrid-testing && yum install kernel-3.10.0-714.10.2.lve1.4.76.el6h --enablerepo=cloudlinux-updates-testing,cloudlinux-hybrid-testing
Categories: Technology

Imunify360 2.5.8 released

CloudLinux - Wed, 22/11/2017 - 15:58

We are pleased to announce that the new updated stable Imunify360 version 2.5.8 is now available. This latest version embodies further improvements of the product as well as the new features. Imunify360 has also become more reliable and stable due to the bug fixes described below.

Should you encounter any problems with the product or have any questions, comments or suggestions, please contact our support team at cloudlinux.zendesk.com: Imunify360 department. We’d be more than happy to help you.

Imunify360 2.5.8

Changelog:

  • DEF-3519: fixed TimeoutError for CAPTCHA;
  • DEF-3644: fixed infected domains execution;
  • DEF-3647: separate error from malscan library;
  • DEF-3656: advanced data for incidents are now kept;
  • DEF-3666: imunify360-captcha service for CentOS7 is now stopped when imunify360 is stopped.

To install new Imunify360 version 2.5.8, please follow the instructions in the documentation.

To upgrade Imunify360 run:

yum update imunify360-firewall

More information on Imunify360 can be found here.

Categories: Technology

CloudLinux 7 kernel updated

CloudLinux - Wed, 22/11/2017 - 15:34

The new updated CloudLinux 7 and CloudLinux 6 Hybrid kernel version 3.10.0-714.10.2.lve1.4.75 is available for download from our production repository.

Changelog since 3.10.0-714.10.2.lve1.4.74:

  • fixed Provides field to avoid update problems;
  • KMODLVE-69: avoid an error while checking CPU limits by adjusting the value;
  • KMODLVE-73: fixed resource refcounting for disabled LVE;
  • KMODLVE-109, KMODLVE-114: improved thread killing process while destroying LVE;
  • KMODLVE-111: made module more verbose in case of errors during cgroup rename or rmdir;
  • KMODLVE-118: fixed a race on module unloading.

Please note, that you do not need to install this kernel if you have kernel with Reseller limits support installed as it doesn't have Reseller limits functionality.

To install kernel, please run the following command:

CloudLinux 7

yum clean all && yum install kernel-3.10.0-714.10.2.lve1.4.75.el7

CloudLinux 6 Hybrid

yum clean all && yum install kernel-3.10.0-714.10.2.lve1.4.75.el6h
Categories: Technology

Beta: MariaDB and MySQL for MySQL Governor updated

CloudLinux - Wed, 22/11/2017 - 14:20

The new updated cl-MariaDB and cl-MySQL packages for MySQL Governor are available for download from our updates-testing repository.

Changelog:

cl-MariaDB102

  • updated up to 10.2.10.

cl-MariaDB100

  • updated up to 10.0.31.

cl-MariaDB55

  • updated up to 5.5.58.

cl-MySQL56

  • updated up to 5.6.38.

cl-MySQL55

  • updated up to 5.5.58.

cl-MySQL57

  • updated up to 5.7.20.

Note. We recommend to save the database before update.

To update run:

cl-MySQL:

# yum update cl-MySQL-meta-client cl-MySQL-meta cl-MySQL-meta cl-MySQL* governor-mysql --enablerepo=cloudlinux-updates-testing #restart mysql #restart governor-mysql

cl-MariaDB:

# yum update cl-MariaDB-meta-client cl-MariaDB-meta cl-MariaDB-meta cl-MariaDB* governor-mysql --enablerepo=cloudlinux-updates-testing #restart mysql #restart governor-mysql

To install on a new server run:

# yum install governor-mysql --enablerepo=cloudlinux-updates-testing # /usr/share/lve/dbgovernor/db-select-mysql --mysql-version=[mariadb version] # /usr/share/lve/dbgovernor/mysqlgovernor.py --install-beta
Categories: Technology

Releasing AddThis on Cloudflare Apps: Making Disciplined Product Design Decisions

CloudFlare - Wed, 22/11/2017 - 13:00
 Making Disciplined Product Design Decisions

This is a guest post by Emily Schwartz, Product Manager for the AddThis team at Oracle. With a background in digital media that has spanned across NPR, WaPo Labs, Trove, and others, Emily cares deeply about helping publishers leverage data and technology for success.

 Making Disciplined Product Design Decisions

The Process of Paring Down

When our team learned about the opportunity to build an AddThis app on Cloudflare Apps, I was ready to pounce. Building for distribution platforms is a core part of our business and product strategy, and I knew AddThis could bring a lot to the table for Cloudflare users. With a media background in my pocket, I understand the necessity of making content easily and quickly distributable -- and I wanted to get our tools in front of new users so we could learn more about the critical needs of publishers, merchants, and website owners.

The decision to build was the easy part. What to build was the challenging part.

 Making Disciplined Product Design Decisions

With time and resources tight, I knew building an app that offered our full suite of website tools wouldn’t be immediately feasible—or even make sense. Share buttons, follow buttons, related posts, list building, link promotion, and tip jar are all useful products, but launching with a more narrow tool and feature set meant we could reach the market sooner, learn from user behaviors, and identify needs unique to Cloudflare Apps publishers. I opted to forge ahead with our most popular tool: share buttons.

If you try to configure share buttons from addthis.com, there are a lot of ways to do this: Floating, Inline, Expanded, Image Sharing, Popup, Banner, and Slider. Seven options just for share buttons! My goal with Cloudflare Apps was to launch something simple, useful, and closer to drag-and-drop than code-and-configure. With this in mind, I made a hard decision: pare down our app to the simplest version of our floating sharing sidebar—our most popular share buttons type—and cut many of the advanced configuration options. Instead, I decided to serve auto-personalized buttons and limit settings to cosmetic changes like number of services displayed and bordered styling. Perhaps the biggest change: users don’t even need to register an AddThis account to use our share buttons on Cloudflare Apps or work with any code. We created the simplest version of our share buttons to date.

With the scope trimmed down to “Share Buttons Lite,” we got to work.

 Making Disciplined Product Design Decisions

The AddThis team is no stranger to building for third-party platforms. Our tools are found on platforms like WordPress, Shopify, Magento, and others. Building for Cloudflare Apps turned out to be more of a dream, better than we could have imagined. There was one wrinkle to figure out: if we weren’t asking users to create or log in to an addthis.com account, how would we save unique configuration settings?

Some background

Every website with AddThis tools has a configuration object where on-page tool settings are stored. This includes configuration data such as layout, color, theme, and social media handles. This data needs to be stored each time tools are updated via the Cloudflare portal and loaded each time a website visitor lands on a page with AddThis tools. Ideally, this information is stored in a database and read each time tools are rendered. While this approach is feasible when users configure tools through the addthis.com dashboard, it’s not an option in Cloudflare Apps.

How to store and render sidebar settings for each user became an anticipated hurdle. Luckily, there was a good solution: save the tool configuration data on a JS global variable using Cloudflare’s suggested INSTALL_SCOPE JS technique and, using the AddThis Smart Layers API, render the tools from this global variable to display in the preview portal. When the user saves their configuration, we call and serve the settings stored on that global variable each time tools need to be rendered.

Anyone can check out this method in action by previewing the AddThis Share Buttons app from Cloudflare Apps and playing around with the tools’ positioning, styling, and other settings.

 Making Disciplined Product Design Decisions

In the few weeks since our launch, we’ve received a lot of useful feedback—good, bad, and ugly. The Cloudflare Apps developer portal allows developers to view basic metrics and user comments that keep third parties up-to-date about what’s important to websites and publishers. In the future, we’re considering connecting the app to the addthis.com dashboard and including other tool styles or types. We’ve heard a lot about page speed scores and mobile performance being important to users, and I’m pleased to report these are both areas of continued investment for AddThis. Paring down Share Buttons—AddThis’ flagship product—was a risk, and it’s one we’re happy we took.

Check out a live preview of AddThis in Cloudflare Apps »

Want to shape the future of content and sharing? We’re all ears at help@addthis.com and @addthissupport. Happy sharing.

Categories: Technology

APAC businesses are more prone to being hacked - Dewaweb brings better security to Indonesia

CloudLinux - Tue, 21/11/2017 - 20:31

CyberEdge Group, a research and marketing consulting company, in its Cyberthreat Defense 2017 Report shows an increased number of cyber attacks, from 76% in 2016 to 79% in 2017. They analyzed the survey of 1,100 qualified IT practitioners in 19 major industries from 15 different countries.

According to that report (PDF), the attacks are influenced by three main factors - low awareness in the importance of cybersecurity, the lack of qualified personnel to handle that matter, and the massive amounts of data to be analyzed. Dewaweb, an Indonesian web hosting company founded in 2014, minimizes these factors with the help of Imunify360, the automated, 6-layer security solution that they provide to the Indonesian businesses of all sizes.

Dewaweb offers protection powered by the Imunify360’s artificial intelligence and really focuses on cyber security. It has even received the ISO 27001 certification. Dewaweb, with more than 20,000 customers all over Indonesia, is CloudLinux’s first partner in Indonesia to become the official reseller of Imunify360, and we are very excited about this.

Edy Budiman, chief executive officer of Dewaweb, said that cybersecurity is an issue that is too critical to ignore - all important data is at risk of being hacked and system being interrupted by hackers, especially in the Asia Pacific region of the world. He shared that Dewaweb has seen an increased level of attacks targeted at many websites and applications hosted on their servers. Dewaweb needed a smarter and a more comprehensive security system to protect their customers’ servers and the Imunify360 by CloudLinux was a perfect choice. Imunify360 is easy to deploy, manage, and monitor, saving them a great deal of time, he said.

If you take a look at Microsoft’s “Asia Pacific Malware Threat Landscape 2017” infographic, you’ll see that Indonesia and Vietnam are more prone to cyber attacks compared to the other Asia Pacific countries (Japan, Hong Kong, Thailand, Philippines, Malaysia, Sri Lanka, and Singapore). As a matter of fact, Indonesian president, Joko Widodo, on June 1st, 2017 released presidential regulation (Perpres) about the establishment of a national cyber agency. In line with this new regulation, Dewaweb works on improving its web hosting service quality in order to ensure cyber security in Indonesia by offering Imunify360 to their customers.

The unfortunate truth is that today, most businesses can be attacked at any moment. Imunify360 was designed specifically to protect web servers from various attacks. It can greatly increase protection for Dewaweb’s clients and ensure they have an excellent hosting experience.

To learn more about Dewaweb, visit www.dewaweb.com.

To learn more about Imunify360, visit www.imunify360.com.
 

Categories: Technology

Living In A Multi-Cloud World

CloudFlare - Tue, 21/11/2017 - 16:30
Living In A Multi-Cloud World

A few months ago at Cloudflare’s Internet Summit, we hosted a discussion on A Cloud Without Handcuffs with Joe Beda, one of the creators of Kubernetes, and Brandon Phillips, the co-founder of CoreOS. The conversation touched on multiple areas, but it’s clear that more and more companies are recognizing the need to have some strategy around hosting their applications on multiple cloud providers.

Earlier this year, Mary Meeker published her annual Internet Trends report which revealed that 22% of respondents viewed Cloud Vendor Lock-In as a top 3 concern, up from just 7% in 2012. This is in contrast to previous top concerns, Data Security and Cost & Savings, both of which dropped amongst those surveyed.

Living In A Multi-Cloud World

At Cloudflare, our mission is to help build a better internet. To fulfill this mission, our customers need to have consistent access to the best technology and services, over time. This is especially the case with respect to storage and compute providers. This means not becoming locked-in to any single provider and taking advantage of multiple cloud computing vendors (such as Amazon Web Services or Google Cloud Platform) for the same end user services.

The Benefits of Having Multiple Cloud Vendors

There are a number of potential challenges when selecting a single cloud provider. Though there may be scenarios where it makes sense to consolidate on a single vendor, our belief is that it is important that customers are aware of their choice and downsides of being potentially locked-in to that particular vendor. In short, know what trade offs you are making should you decide to continue to consolidate parts of your network, compute, and storage with a single cloud provider. While not comprehensive, here are a few trade-offs you may be making if you are locked-in to one cloud.

Cost Efficiences

For some companies, there may be a cost savings involved in spreading traffic across multiple vendors. Some can take advantage of free or reduced cost tiers at lower volumes. Vendors may provide reduced costs for certain times of day that are lower utilized on their infrastructure. Applications can have varying compute requirements amongst layers of the application: some may require faster, immediate processing while others may benefit from delayed processing at a lower cost.

Negotiation Strength

One of the most important reasons to consider deploying in multiple cloud providers is to minimize your reliance on a single vendor’s technology for your critical business processes. As you become more vertically integrated with any vendor, your negotiation posture for pricing or favorable contract terms becomes diminished. Having production ready code available on multiple providers allows you to have less technical debt should you need to change. If you go a step further and are already sending traffic to multiple providers, you have minimized the technical debt required to switch and can negotiate from a position of strength.

Business Continuity or High Availability

While the major cloud providers are generally reliable, there have been a few notable outages in recent years. The most significant in recent memory being Amazon’s US-EAST S3 outage in February. Some organizations may have a policy specifying multiple providers for high availability while others should consider it where necessary and feasible as a best practice. A multi-cloud strategy can lower operational risk from a single vendor’s mistakes causing a significant outage for a mission critical application.

Experimentation

One of the exciting things about having competition in the space is the level of innovation and feature velocity of each provider. Every year there are major announcements of new products or features that may have a significant impact on improving your organization's competitive advantage. Having test and production environments in multiple providers gives your engineers the ability to understand and experiment with a new capability in the context of your technology stack and data. You may even try these features for a portion of your traffic and get real world data on any benefits realized.

Cloudflare’s Role

Cloudflare is an independent third party in your multi-cloud strategy. Our goal is to minimize the layers of lock-in between you and a provider and lower the effort of change. In particular, one area where we can help right away is to minimize the operational changes necessary at the network, similar to what Kubernetes can do at the storage and compute level. As a benefit of our network, you can also have a centralized point for security and operational control.

Living In A Multi-Cloud World

Cloudflare’s Load Balancing can easily be configured to act as your global application traffic aggregator and distribute your traffic amongst origins at as many clouds as you choose to utilize. Active layer 7 health checks continually probe your origins and can automatically move traffic in the case of network or application failure. All consolidated web traffic can be inspected and acted upon by Cloudflare’s best of breed Security services, providing a single control point and visibility across all application traffic, regardless of which cloud the origin may be on. You also have the benefit of Cloudflare’s Global Anycast Network, providing for better speed and higher availability regardless of which clouds your origins are hosted on.

Billforward: Using Cloudflare to Implement Multi-Cloud

Billforward is a San Francisco and London based startup that is focused and mission driven on changing the way people bill and charge their customers, providing a solution to the complexities of Quote-to-Cash. Their platform is built on a number of Rest APIs that other developers call to bill and generate revenue for their own companies.

Billforward is using Cloudflare for its core customer facing application to failover traffic between Google Compute Engine and Amazon Web Services. Acting as a reverse proxy, Cloudflare receives all requests for and decides which of Billforward’s two configured cloud origins to use based upon the availability of that origin in near real-time. This allows Billforward to completely manage the connections to and from two disparate cloud providers using Cloudflare’s UI or API. Billforward is in the process of migrating all of their customer facing domains to a similar setup.

Configuration

Billforward has a single load balanced hostname with two available Pools. They’ve named the two Pools with “gce” and “aws” labels and each Pool has one Origin associated with it. All of the Pools are enabled and the entire LB/hostname is proxied through Cloudflare (as indicated by the orange cloud).

Living In A Multi-Cloud World

Cloudflare probes Billforward’s Origins once every minute from all of Cloudflare’s data centers around the world (a feature available to all Load Balancing Enterprise customers). If Billforward’s GCE Origin goes down, Cloudflare will quickly and automatically failover to the AWS Origin with no actions required from Billforward’s team.

Google Compute Engine was chosen as the primary provider for this application by virtue of cost. Martin Lee, Site Reliability Engineer at Billforward says, “Essentially, GCE is cheaper for our general purpose computing needs but we're more experienced with deployments in AWS. This strategy allows us to switch back and forth at will and avoid being tied in to either platform.” It is likely that Billforward will change the priority as pricing models evolve.

“It's a fairly fast moving world and features released by cloud providers can have a meaningful impact on performance and cost on a week by week basis - it helps to stay flexible,” says Martin. “We may also change priority based on features.”


For orchestration of the compute and storage layers, Billforward uses Docker containers managed through Rancher. They use distinct environments between cloud providers but are considering bridging an environment across cloud providers and using VPNs between them, which will enable them to move load between providers even more easily. “Our system is loosely coupled through a message queue,” adds Martin. “Having a container system across clouds means we can really take advantage of this - we can very easily move workloads across clouds without any danger of dropping tasks or ending up in an inconsistent state.”

Benefits

Billforward manages these connections at Cloudflare’s edge. Through this interface (or via the Cloudflare APIs), they can also manually move traffic from GCE to AWS by just disabling the GCE pool or by rearranging the Pool priority and make AWS the primary. These changes are near instant on the Cloudflare network and require no downtime to Billforward’s customer facing application. This allows them to act on potential advantageous pricing changes between the two cloud providers or move traffic to hit pricing tiers.

In addition, Billforward is now not “locked-in” to either provider’s network; being able to move traffic and without any downtime means they can make traffic changes independent of Amazon or Google. They can also integrate additional cloud providers any time they deem fit: adding Microsoft Azure, for example, as a third Origin would be as simple as creating a new Pool and adding it to the Load Balancer.

Billforward is a good example of a forward thinking company that is taking advantage of technologies from multiple providers to best serve their business and customers, while not being reliant on a single vendor. For further detail on their setup using Cloudflare, please check their blog.

Categories: Technology

Beta: Imunify360 2.6.5 released

CloudLinux - Tue, 21/11/2017 - 07:41

We are pleased to announce that the new updated beta Imunify360 version 2.6.5 is now available. This latest version embodies further improvements of the product as well as the new features. Imunify360 has also become more reliable and stable.

Should you encounter any problems with the product or have any questions, comments or suggestions, please contact our support team at cloudlinux.zendesk.com: Imunify360 department. We’d be more than happy to help you.

Imunify360 2.6.5

Changelog:

  • DEF-2916: if on-demand scan fails, error is now displayed to user;
  • DEF-3336: additional information is now collected via mod_security;
  • DEF-3528: i360deploy --beta implies [imunify360-testing] repo is enabled;
  • DEF-3568: updated aiohttp to latest stable version;
  • DEF-2986: added IP to whitelist with TTL;
  • DEF-3321: added ability to edit TTL for White/Black lists (backend);
  • DEF-3449: removed unnecessary requests from Setting tab;
  • DEF-3308: improved displaying of files quarantined by mod_security;
  • DEF-3204: investigated error returned by malware scanner;
  • DEF-3413: imunify360 now works in no-ipv6 environment;
  • DEF-3486: fixed loss of captcha localization on rpm upgrade/downgrade;
  • DEF-3505, DEF-3573: investigated and fixed discrepancy between cache and database;
  • DEF-3537: fixed ConnectionRefusedError;
  • DEF-3577: minor inotify fixes;
  • DEF-3533: fixed the error “111.147.162.0/24 is not valid IP”;
  • DEF-3576: added database error diagnostic;
  • DEF-3579: changed a way to get modsec_audit.log path for cPanel;
  • DEF-3584: migrations now is not run if agent is running;
  • DEF-3591: fixed new directories watch by inotify scanner;
  • DEF-3277: fixed Imunify360 Username Hardening, reported by Patrick William @ Rack911Labs;
  • DEF-3603: fixed expiration error;
  • DEF-3612: rewrote central server’s IP;
  • DEF-3616: fixed AttributeError when shutting down inotify scanner;
  • DEF-3618: user_id is now injected when building SensorIncident List;
  • DEF-3620: I360 ModSec vendor version is now sent to the Imunify360 server;
  • DEF-3636: fixed an issue when CLI hangs when US is blocked;
  • DEF-3634: fixed bug with vendors removal on cPanel;
  • DEF-3635: warning for "None of incident mandatory fields" is not actual anymore;
  • DEF-3493: fixed "No such file or directory: '/proc/net/nf_conntrack'";
  • DEF-3217: investigated an issue with fail to process modsec scan session file;
  • DEF-3327: ipset commands are queued until ipset rules are NA;
  • DEF-3440: infected-domains cli command now uses RPC;
  • DEF-3481: mod_security vendors are not installed on Plesk;
  • DEF-3545: removed license fallback code;
  • DEF-3594: fixed imunify360-captchaserver-nginx version;
  • fixed "max_days_in_backup" option name in UI;
  • DEF-3453 fixed empty page after reload with #/license in URL;
  • DEF-3630: Imunify360 now converts IPv6 Address to IPv6 Network with /64 mask from csf.

To install new beta Imunify360 version 2.6.5 please follow the instructions in the documentation.

Upgrade is available since Imunify360 version 2.0-19 and later.

To upgrade Imunify360 run:

yum update imunify360-firewall --enablerepo=imunify360-testing

More information on Imunify360 can be found here.

Categories: Technology

Imunify360 2.5.7 released

CloudLinux - Tue, 21/11/2017 - 04:34

We are pleased to announce that the new updated stable Imunify360 version 2.5.7 is now available. This latest version embodies further improvements of the product as well as the new features. Imunify360 has also become more reliable and stable due to the bug fixes described below.

Should you encounter any problems with the product or have any questions, comments or suggestions, please contact our support team at cloudlinux.zendesk.com: Imunify360 department. We’d be more than happy to help you.

Imunify360 2.5.7

Changelog:

  • DEF-2916: if on-demand scan fails, error is now displayed to user;
  • DEF-3336: additional information is now collected via mod_security;
  • DEF-3528: i360deploy --beta implies [imunify360-testing] repo is enabled;
  • DEF-3568: updated aiohttp to latest stable version;
  • DEF-3204: investigated error returned by malware scanner;
  • DEF-3413: imunify360 now works in no-ipv6 environment;
  • DEF-3486: fixed loss of captcha localization on rpm upgrade/downgrade;
  • DEF-3505, DEF-3573: investigated and fixed discrepancy between cache and database;
  • DEF-3537: fixed ConnectionRefusedError;
  • DEF-3577: minor inotify fixes;
  • DEF-3533: fixed the error “111.147.162.0/24 is not valid IP”;
  • DEF-3576: added database error diagnostic;
  • DEF-3579: changed a way to get modsec_audit.log path for cPanel;
  • DEF-3584: migrations now is not run if agent is running;
  • DEF-3591: fixed new directories watch by inotify scanner;
  • DEF-3277: fixed Imunify360 Username Hardening, reported by Patrick William @ Rack911Labs;
  • DEF-3603: fixed expiration error;
  • DEF-3612: rewrote central server’s IP;
  • DEF-3616: fixed AttributeError when shutting down inotify scanner;
  • DEF-3618: user_id is now injected when building SensorIncident List;
  • DEF-3620: I360 ModSec vendor version is now sent to the Imunify360 server;
  • DEF-3636: fixed an issue when CLI hangs when US is blocked;
  • DEF-3634: fixed bug with vendors removal on cPanel;
  • DEF-3635: warning for "None of incident mandatory fields" is not actual anymore;
  • DEF-3630: Imunify360 now converts IPv6 Address to IPv6 Network with /64 mask from csf.

To install new Imunify360 version 2.5.7 please follow the instructions in the documentation.

To upgrade Imunify360 run:

yum update imunify360-firewall

More information on Imunify360 can be found here.

Categories: Technology

php[tek] 2018 : Call for Speakers

PHP - Mon, 20/11/2017 - 21:55
Categories: Technology

The Supreme Court Wanders into the Patent Troll Fight

CloudFlare - Mon, 20/11/2017 - 18:18
The Supreme Court Wanders into the Patent Troll Fight

Next Monday, the US Supreme Court will hear oral arguments in Oil States Energy Services, LLC vs. Greene’s Energy Group, LLC, which is a case to determine whether the Inter Partes Review (IPR) administrative process at the US Patent and Trademark Office (USPTO) used to determine the validity of patents is constitutional.

The constitutionality of the IPR process is one of the biggest legal issues facing innovative technology companies, as the availability of this process has greatly reduced the anticipated costs, and thereby lessened the threat, of patent troll litigation. As we discuss in this blog post, it is ironic that the outcome of a case that is of such great importance to the technology community today may hinge on what courts in Britain were and were not doing more than 200 years ago.

The Supreme Court Wanders into the Patent Troll FightThomas Rowlandson [Public domain], via Wikimedia Commons

As we have discussed in prior blog posts, the stakes are high: if the Supreme Court finds IPR unconstitutional, then the entire system of administrative review by the USPTO — including IPR and ex parte processes — will be shuttered. This would be a mistake, as administrative recourse at the USPTO is one of the few ways to avoid the considerable costs and delays of federal court litigation, which can take years and run into the millions of dollars. Those heavy costs are often leveraged by patent trolls when they threaten litigation in the effort to procure easy and lucrative settlements from their targets.

Cloudflare is Pursuing Our Fight Against Patent Trolls All the Way to the Steps of the Supreme Court

Cloudflare joined Dell, Facebook, and a number of other companies, all practicing entities with large patent portfolios, in a brief amici curiae (or ‘friend of the court’ brief) in support of the IPR process, because it has a substantial positive impact on technological innovation in the United States. Amicus briefs allow parties who are interested in the outcome of a case, but are not parties to the immediate dispute before the court, to have input into the court’s deliberations.

As many of you are aware, we were sued by Blackbird Technologies, a notorious patent troll, earlier this year for patent infringement, and initiated Project Jengo to crowd source prior art searches and invalidate Blackbird’s patents. One of our strategies for quickly and efficiently invalidating Blackbird’s patents is to take advantage of the IPR process at the USPTO, which can be completed in about half the time and at one tenth of the cost of a federal court case, and to initiate ex parte proceedings against Blackbird’s other patents that are overly broad and invalid.

A full copy of the Amicus Brief we joined in the Oil States case is available here, and a summary of the argument follows.

Oil States Makes its Case

Oil States is an oilfield services and drilling equipment manufacturing company. The USPTO invalidated one of its patents related to oil drilling technology in an IPR proceeding while Oil States had a lawsuit pending against one of its competitors claiming infringement of its patent. After it lost the IPR, Oil States lost an appeal in a lower federal court based on the findings of the IPR proceeding. The Supreme Court agreed to hear the case to determine whether once the USPTO issues a patent, an inventor has a constitutionally protected property right that — under Article III of the U.S. Constitution (which outlines the powers of the judicial branch of the government), and the 7th Amendment (which addresses the right to a jury trial in certain types of cases) — cannot be revoked without intervention by the court system.

The Supreme Court Wanders into the Patent Troll FightImage by Paul Lowry

As the patent owner, Oil States argues that the IPR process violates the relevant provisions of the constitution by allowing an administrative body, the Patent Trial and Appeal Board (PTAB)--a non-judicial forum, to decide a matter which was historically handled by the judiciary. This argument rests upon the premise that there was a historical analogue to cancellation of patent claims available in the judiciary. Since cancellation of patent claims was historically available in the judiciary, the cancellation of patent claims today must be consistent with that history and done exclusively by courts.

This argument is flawed on multiple counts, which are set forth in the “friend of the court” brief we joined.

First Flaw: An Administrative Process Even an Originalist Can Love

As the amicus brief we joined points out, patent revocation did not historically rest within the exclusive province of the common law and chancery courts, the historical equivalents in Britain to the judiciary in the United States. Rather, prior to the Founding of the United States, patent revocation rested entirely with the Crown of England’s Privy Council, a non-judicial body comprising of advisors to the king or queen of England. It wasn’t until later that the Privy Council granted the chancery court (the judiciary branch) concurrent authority to revoke patents. Because a non-judicial body had the authority to revoke patents when the US Constitution was framed, the general principles of separation of powers and the right to trial in the Constitution do not require that patentability challenges be decided solely by courts.

Second Flaw: The Judicial Role was Limited

Not only did British courts share the power to address patent rights historically, the part shared by the the courts was significantly limited. Historically, the common-law and chancery courts only received a partial delegation of the Privy Council’s authority to invalidate patents. Courts only had the authority to invalidate patents for issues related to things like inequitable conduct (e.g., making false statements in the original patent application). The limited authority delegated to the England Courts did not include the authority to seek claim cancellation based on elements intrinsic to the patent or patent application, like lack of novelty or obviousness as done under an IPR proceeding. Rather, such authority remained with the Privy Council, a non-court authority, which decided questions like whether the invention was really new. Thus, like the PTAB, the Privy Council was a non-judicial body charged with responsibility to assess patent validity based on criteria that included the novelty of the invention.

We think these arguments are compelling and provide very strong reasons why the Supreme Court should resist the request that such matters be resolved exclusively in federal courts. We hope that’s the position they do take because the real world implications are significant.

Don’t Mess with a Good Thing

The IPR process is not only consistent with the US Constitution, but it also advances the Patent Clause’s objective of promoting the progress of science and useful arts. That is, the “quid pro quo of the patent system; the public must receive meaningful disclosure in exchange for being excluded from practicing the invention for a limited period of time” by patent rights. (Enzo Biochem, Inc. v. Gen-probe Inc.) Congress created the IPR process in the America Invents Act in 2011 to use administrative review to weed out poor-quality patents that did not satisfy this quid pro quo because they had not actually disclosed very much. Congress sought to provide quick and cost effective administrative procedures for challenging the validity of patent claims that did not disclose novel inventions, or that claimed to disclose substantially more innovation than they actually did, to improve patent quality and restore confidence in the presumption of validity. In other words, Congress created a system to specifically permit the efficient challenge of the zealous assertion of vague and overly broad patents.

As a recent study by the Congressional Research Service found, non-practicing entity (i.e., patent troll) patent litigation “activity cost defendants and licensees $29 billion in 2011, a 400 percent increase over $7 billion in 2005” and “the losses are mostly deadweight, with less than 25 percent flowing to innovation and at least that much going towards legal fees.” (see Brian T. Yeh, Cong. Research sERV., R42668) The IPR process enables innovative companies to navigate patent troll activity in an efficient manner and devote a greater proportion of their resources to research and development, rather than litigation or cost-of-litigation settlement fees for invalid patents.

The Supreme Court Wanders into the Patent Troll FightBy EFF-Graphics (Own work), via Wikimedia Commons

Additionally, the IPR process reduces the total number and associated costs of patent disputes in a number of ways.

  • Patent owners, especially patent trolls, are less likely to threaten litigation or file an infringement suit based on patent claims that they know or suspect to be invalid. In fact, patent owners who threaten or file suit merely to seek cost-of-litigation settlements have become far less prevalent because of the availability of the IPR process to reduce the cost of litigation.

  • Patent owners are less likely to initiate litigation out of concerns that the IPR proceedings may culminate in PTAB’s cancellation of all patent claims asserted in the infringement suit.

  • Where the PTAB does not cancel all asserted claims, statutory estoppel and the PTAB’s claim construction may serve to narrow the infringement issues to be resolved by the district court.

Our hope is that the US Supreme Court justices take into full consideration the larger community of innovative companies that are helped by the IPR system in battling patent trolls, and do not limit their consideration to the implications on the parties to Oil States (neither of which is a non-practicing entity). As we have explained, not only does the IPR process enable innovative companies to focus their resources on technological innovation, instead of legal fees, but allowing the USPTO to administer IPR and ex parte proceedings is entirely consistent with the US Constitution.

While we await a decision in Oil States, expect to see Cloudflare initiate IPR and ex parte proceedings against Blackbird Technologies patents in the coming months.

We will make sure to keep you updated.

Categories: Technology

Beta: MySQL Governor updated

CloudLinux - Fri, 17/11/2017 - 13:52

The new updated MySQL Governor version 1.2-28 is available for download from our updates-testing repository.

Changelog:

governor-mysql 1.2-28

  • fixed reading "unlimit" value from the configuration file. Affects only version 1.2.

To update run:

$ yum update governor-mysql --enablerepo=cloudlinux-updates-testing $ service db_governor restart

To install run:

$ yum install governor-mysql --enablerepo=cloudlinux-updates-testing $ /usr/share/lve/dbgovernor/mysqlgovernor.py --install
Categories: Technology

Beta: mod_lsapi updated

CloudLinux - Fri, 17/11/2017 - 12:48

The new updated mod_lsapi packages for CloudLinux 6 and 7 as well as for Apache 2.4 (CloudLinux 6 and CloudLinux 7) and EasyApache 4 (CloudLinux 6 and 7) are available from our updates-testing repository.

Changelog:

mod_lsapi 1.1-22

ea-apache24-mod_lsapi 1.1-22

httpd24-mod_lsapi 1.1-22

  • MODLS-466: lsapi_backend_semtimedwait option switched on by default;
  • MODLS-466: improved lsapi-cache service;
  • MODLS-466: implemented lsapi-cache service for CloudLinux6;
  • MODLS-468: changed criu messaging;
  • MODLS-476: added corresponding to criu messages into sulsphp_log;
  • MODLS-475: cleaned up criu images on dump error;
  • AAP-189: investigated the issue when ea-apache24-mod_suphp-0.7.2-21 package installation flush php handlers to suphp;
  • MODLS-470: all criu images are reset on update criu-lve and alt-phpXY.

To update:

cPanel & RPM Based

$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing $ yum update mod_lsapi --enablerepo=cloudlinux-updates-testing $ service httpd restart

DirectAdmin

$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing $ cd /usr/local/directadmin/custombuild $ ./build set cloudlinux_beta yes $ ./build update $ ./build mod_lsapi

To install, follow the instructions on the link.

For EasyApache 4

To update:

$ yum update liblsapi liblsapi-devel ea-apache24-mod_lsapi --enablerepo=cl-ea4-testing --enablerepo=cloudlinux-updates-testing $ service httpd restart

To install:

$ yum-config-manager --enable cl-ea4-testing $ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing

Read http://docs.cloudlinux.com/index.html?cpanel_easyapache_4.html.

$ yum-config-manager --disable cl-ea4-testing

Go to MultiPHP Manager and enable mod_lsapi on your domains through lsapi handler.

More about MultiPHP Manager and mod_lsapi on the link.

http24 for CloudLinux 6 and CloudLinux 7

For installation/update run:

$ yum update liblsapi liblsapi-devel --enablerepo=cloudlinux-updates-testing $ yum install httpd24-mod_lsapi --enablerepo=cloudlinux-updates-testing
Categories: Technology

Beta: alt-suexec updated

CloudLinux - Fri, 17/11/2017 - 06:19

The new updated alt-suexec packages are available from our updates-testing repository. Based on httpd 2.2 for CloudLinux 6, and httpd 2.4 for CloudLinux 7, the package brings to the server a set of suexecs with different DOCUMENT ROOTs and MIN_UID/MIN_GID parameters.

The new set of suexecs (with added USE_DATAS):

USE_DATAS - DOCUMENT ROOT / MIN_UID 500 MIN_GID 100 CALLER apache.

How to set up new suexec:

switch_suexec -sUSE_DATAS restart apache

To install/update run the command:

yum install alt-suexec --enablerepo=cloudlinux-updates-testing

To update run the command:

yum update alt-suexec --enablerepo=cloudlinux-updates-testing

To install alt-suexec for httpd24 for CloudLinux 6 and 7:

yum install httpd24-alt-suexec --enablerepo=cloudlinux-updates-testing /opt/rh/httpd24/root/usr/bin/switch_suexec -s USE_DATAS
Categories: Technology

An update on the Layout Initiative for Drupal 8.4/8.5

Drupal - Wed, 15/11/2017 - 16:39

This blog has been re-posted with permission from Dries Buytaert's blog. Please leave your comments on the original post.

Now Drupal 8.4 is released, and Drupal 8.5 development is underway, it is a good time to give an update on what is happening with Drupal's Layout Initiative.

8.4: Stable versions of layout functionality

Traditionally, site builders have used one of two layout solutions in Drupal: Panelizer and Panels. Both are contributed modules outside of Drupal core, and both achieved stable releases in the middle of 2017. Given the popularity of these modules, having stable releases closed a major functionality gap that prevented people from building sites with Drupal 8.

8.4: A Layout API in core

The Layout Discovery module added in Drupal 8.3 core has now been marked stable. This module adds a Layout API to core. Both the aforementioned Panelizer and Panels modules have already adopted the new Layout API with their 8.4 release. A unified Layout API in core eliminates fragmentation and encourages collaboration.

8.5+: A Layout Builder in core

Today, Drupal's layout management solutions exist as contributed modules. Because creating and building layouts is expected to be out-of-the-box functionality, we're working towards adding layout building capabilities to Drupal core.

Using the Layout Builder, you start by selecting predefined layouts for different sections of the page, and then populate those layouts with one or more blocks. I showed the Layout Builder in my DrupalCon Vienna keynote and it was really well received:

8.5+: Use the new Layout Builder UI for the Field Layout module

One of the nice improvements that went in Drupal 8.3 was the Field Layout module, which provides the ability to apply pre-defined layouts to what we call "entity displays". Instead of applying layouts to individual pages, you can apply layouts to types of content regardless of what page they are displayed on. For example, you can create a content type 'Recipe' and visually lay out the different fields that make up a recipe. Because the layout is associated with the recipe rather than with a specific page, recipes will be laid out consistently across your website regardless of what page they are shown on.

The basic functionality is already included in Drupal core as part of the experimental Fields Layout module. The goal for Drupal 8.5 is to stabilize the Fields Layout module, and to improve its user experience by using the new Layout Builder. Eventually, designing the layout for a recipe could look like this:

Drupal 8.5 Field Layouts Prototype

Layouts remains a strategic priority for Drupal 8 as it was the second most important site builder priority identified in my 2016 State of Drupal survey, right behind Migrations. I'm excited to see the work already accomplished by the Layout team, and look forward to seeing their progress in Drupal 8.5! If you want to help, check out the Layout Initiative roadmap.

Special thanks to Angie Byron for contributions to this blog post, to Tim Plunkett and Kris Vanderwater for their feedback during the writing process, and to Emilie Nouveau for the screenshot and video contributions.

Categories: Technology

Pages

Subscribe to oakleys.org.uk aggregator - Technology
Additional Terms