Kubecost develops OpenCost to rein in K8s costs
Kubecost’s tool for monitoring and optimising spending on Kubernetes clusters has been released as an open source project. OpenCost is now available as open source software, according to Alex Thilen, head of business development at Kubecost, and the company has already submitted it to the Cloud Native Computing Foundation (CNCF) for approval as a sandbox-level project. Adobe, Armory, Amazon Web Services (AWS), D2iQ, Google, Mincurv, New Relic, and SUSE are among the project’s founding members, in addition to Kubecost.
Although OpenCost is designed to run within a Kubernetes cluster, no data is sent outside of the cluster without user permission. It can collect data in real-time after only a few minutes of installation.
The primary issue addressed by OpenCost is overprovisioning of Kubernetes infrastructure.
Many developers overprovision infrastructure to ensure maximum application performance. The problem is that much of that infrastructure is unused, and costs rise steadily as each new Kubernetes cluster is provisioned. According to Kubecost, organisations can cut Kubernetes-related cloud spending by 60-80 per cent without sacrificing application performance.
As the percentage of workloads running on Kubernetes clusters grows, it is more likely that those platforms will be managed centrally by an IT operations team. These teams are graded based on how well they optimise cloud infrastructure usage. They must also demonstrate to development teams how much Kubernetes infrastructure is consumed by individual applications.
Adobe envisions a Web littered with photos and videos labelled with information about where they came from. The company’s primary goal is to reduce the spread of visual misinformation, but the system could also benefit content creators who want to keep their names associated with their work.
Adobe’s Content Authenticity Initiative (CAI) project, first announced in 2019, has since released a whitepaper on a technology to do just that, integrated the system into its own software, and partnered with newsrooms and hardware makers to help universalise its vision.
The company is now announcing the release of a three-part open source toolkit to get the technology into the hands of developers and out into the wild. Adobe’s new open source tools include a JavaScript SDK for developing ways to display content credentials in browsers, a command line utility, and a Rust SDK for developing desktop apps, mobile apps, and other experiences for creating, viewing, and verifying embedded content credentials.
In the same way that EXIF data stores information about aperture and shutter speed, the new standard also records information about a file’s creation, such as how it was created and edited. And if the company’s shared vision comes true, that metadata, which Adobe refers to as “content credentials,” will be widely viewable across social media platforms, image search platforms, image editors, and search engines.
JFrog Ltd, the liquid software company that created the JFrog DevOps platform, has announced Project Pyrsia, an open source software community initiative that uses blockchain technology to secure software packages from vulnerabilities and malicious code. Project Pyrsia, which is now accepting sign-ups, is an open source based, decentralised, secure, build network and software package repository aimed at assisting developers in establishing a chain of provenance for their software components, thereby increasing confidence and trust.
Open source software is an essential component of nearly every technology we use today. Nonetheless, there is no doubt that the volume, sophistication, and severity of software supply chain attacks have increased in the last year. The JFrog Security Research team has tracked over 20 different open source software supply chain attacks in recent months, two of which were zero-day threats. While open source components are intended to improve development efficiency, not knowing where your software comes from makes it difficult to identify risks, sowing doubt and uncertainty about its safety.
As a result, JFrog and other open source technology leaders such as Docker, DeployHub, Futureway, and Oracle have collaborated to create the Project Pyrsia network for validating the source and security of open source software packages. Pyrsia enables developers to use open source software with confidence, knowing that their components have not been compromised, without the need to build, maintain, or operate complex processes for securely managing dependencies.