Normal view

There are new articles available, click to refresh the page.
Before yesterdayMain stream

Enhancing Container Security with Docker Scout and Secure Repositories

25 November 2024 at 21:43

Docker Scout simplifies the integration with container image repositories, improving the efficiency of container image approval workflows without disrupting or replacing current processes. Positioned outside the repository’s stringent validation framework, Docker Scout serves as a proactive measure to significantly reduce the time needed for an image to gain approval. 

By shifting security checks left and integrating Docker Scout into the early stages of the development cycle, issues are identified and addressed directly on the developer’s machine.

2400x1260 generic scout blog d

Minimizing vulnerabilities 

This leftward shift in security accelerates the development process by keeping developers in flow, providing immediate feedback on policy violations at the point of development. As a result, images are secured and reviewed for compliance before being pushed into the continuous integration/continuous deployment (CI/CD) pipeline, reducing reliance on resource-heavy, consumption-based scans (Figure 1). By resolving issues earlier, Docker Scout minimizes the number of vulnerabilities detected during the CI/CD process, freeing up the security team to focus on higher-priority tasks.

Sample secure repo pipeline showing images are secured and reviewed for compliance before being pushed into the continuous integration/continuous deployment (CI/CD) pipeline, reducing reliance on resource-heavy, consumption-based scans.
Figure 1: Sample secure repository pipeline.

Additionally, the Docker Scout console allows the security team to define custom security policies and manage VEX (Vulnerability Exploitability eXchange) statements. VEX is a standard that allows vendors and other parties to communicate the exploitability status of vulnerabilities, allowing for the creation of justifications for including software that has been tied to Common Vulnerabilities and Exposures (CVE).

This feature enables seamless collaboration between development and security teams, ensuring that developers are working with up-to-date compliance guidelines. The Docker Scout console can also feed critical data into existing security tooling, enriching the organization’s security posture with more comprehensive insights and enhancing overall protection (Figure 2).

Sample secure repo pipeline with scout: The Docker Scout console can also feed critical data into existing security tooling, enriching the organization’s security posture with more comprehensive insights and enhancing overall protection.
Figure 2: Sample secure repository pipeline with Docker Scout.

How to secure image repositories

A secure container image repository provides digitally signed, OCI-compliant images that are rebuilt and rescanned nightly. These repositories are typically used in highly regulated or security-conscious environments, offering a wide range of container images, from open source software to commercial off-the-shelf (COTS) products. Each image in the repository undergoes rigorous security assessments to ensure compliance with strict security standards before being deployed in restricted or sensitive environments.

Key components of the repository include a hardened source code repository and an OCI-compliant registry (Figure 3). All images are continuously scanned for vulnerabilities, stored secrets, problematic code, and compliance with various standards. Each image is assigned a score upon rebuild, determining its compliance and suitability for use. Scanning reports and justifications for any potential issues are typically handled using the VEX format.

Key components of the repository include a hardened source code repository and an OCI-compliant registry
Figure 3: Key components of the repository include a hardened source code repository and an OCI-compliant registry.

Why use a hardened image repository?

A hardened image repository mitigates the security risks associated with deploying containers in sensitive or mission-critical environments. Traditional software deployment can expose organizations to vulnerabilities and misconfigurations that attackers can exploit. By enforcing a strict set of requirements for container images, the hardened image repository ensures that images meet the necessary security standards before deployment. Rebuilding and rescanning each image daily allows for continuous monitoring of new vulnerabilities and emerging attack vectors.

Using pre-vetted images from a hardened repository also streamlines the development process, reducing the load on development teams and enabling faster, safer deployment.

In addition to addressing security risks, the repository also ensures software supply chain security by incorporating software bills of materials (SBOMs) with each image. The SBOM of a container image can provide an inventory of all the components that were used to build the image, including operating system packages, application specific dependencies with its versions, and license information. By maintaining a robust vetting process, the repository guarantees that all software components are traceable, verifiable, and tamper-free — essential for ensuring the integrity and reliability of deployed software.

Who uses a hardened image repository?

The main users of a hardened container image repository include internal developers responsible for creating applications, developers working on utility images, and those responsible for building base images for other containerized applications. Note that the titles for these roles can vary by organization.

  • Application developers use the repository to ensure that the images their applications are built upon meet the required security and compliance standards.
  • DevOps engineers are responsible for building and maintaining the utility images that support various internal operations within the organization.
  • Platform developers create and maintain secure base images that other teams can use as a foundation for their containerized applications.

Daily builds

One challenge with using a hardened image repository is the time needed to approve images. Daily rebuilds are conducted to assess each image for vulnerabilities and policy violations, but issues can emerge, requiring developers to make repeated passes through the pipeline. Because rebuilds are typically done at night, this process can result in delays for development teams, as they must wait for the next rebuild cycle to resolve issues.

Enter Docker Scout

Integrating Docker Scout into the pre-submission phase can reduce the number of issues that enter the pipeline. This proactive approach helps speed up the submission and acceptance process, allowing development teams to catch issues before the nightly scans. 

Vulnerability detection and management

  • Requirement: Images must be free of known vulnerabilities at the time of submission to avoid delays in acceptance.
  • Docker Scout contribution:
    • Early detection: Docker Scout can scan Docker images during development to detect vulnerabilities early, allowing developers to resolve issues before submission.
    • Continuous analysis: Docker Scout continually reviews uploaded SBOMs, providing early warnings for new critical CVEs and ensuring issues are addressed outside of the nightly rebuild process.
    • Justification handling: Docker Scout supports VEX for handling exceptions. This can streamline the justification process, enabling developers to submit justifications for potential vulnerabilities more easily.

Security best practices and configuration management

  • Requirement: Images must follow security best practices and configuration guidelines, such as using secure base images and minimizing the attack surface.
  • Docker Scout contribution:
    • Security posture enhancement: Docker Scout allows teams to set policies that align with repository guidelines, checking for policy violations such as disallowed software or unapproved base images.

Compliance with dependency management

  • Requirement: All dependencies must be declared, and internet access during the build process is usually prohibited.
  • Docker Scout contribution:
    • Dependency scanning: Docker Scout identifies outdated or vulnerable libraries included in the image.
    • Automated reports: Docker Scout generates security reports for each dependency, which can be used to cross-check the repository’s own scanning results.

Documentation and provenance

  • Requirement: Images must include detailed documentation on their build process, dependencies, and configurations for auditing purposes.
  • Docker Scout contribution:
    • Documentation support: Docker Scout contributes to security documentation by providing data on the scanned image, which can be used as part of the official documentation submitted with the image.

Continuous compliance

  • Requirement: Even after an image is accepted into the repository, it must remain compliant with new security standards and vulnerability disclosures.
  • Docker Scout contribution:
    • Ongoing monitoring: Docker Scout continuously monitors images, identifying new vulnerabilities as they emerge, ensuring that images in the repository remain compliant with security policies.

By utilizing Docker Scout in these areas, developers can ensure their images meet the repository’s rigorous standards, thereby reducing the time and effort required for submission and review. This approach helps align development practices with organizational security objectives, enabling faster deployment of secure, compliant containers.

Integrating Docker Scout into the CI/CD pipeline

Integrating Docker Scout into an organization’s CI/CD pipeline can enhance image security from the development phase through to deployment. By incorporating Docker Scout into the CI/CD process, the organization can automate vulnerability scanning and policy checks before images are pushed into production, significantly reducing the risk of deploying insecure or non-compliant images.

  • Integration with build pipelines: During the build stage of the CI/CD pipeline, Docker Scout can be configured to automatically scan Docker images for vulnerabilities and adherence to security policies. The integration would typically involve adding a Docker Scout scan as a step in the build job, for example through a GitHub action. If Docker Scout detects any issues such as outdated dependencies, vulnerabilities, or policy violations, the build can be halted, and feedback is provided to developers immediately. This early detection helps resolve issues long before images are pushed to the hardened image repository.
  • Validation in the deployment pipeline: As images move from development to production, Docker Scout can be used to perform final validation checks. This step ensures that any security issues that might have arisen since the initial build have been addressed and that the image is compliant with the latest security policies. The deployment process can be gated based on Docker Scout’s reports, preventing insecure images from being deployed. Additionally, Docker Scout’s continuous analysis of SBOMs means that even after deployment, images can be monitored for new vulnerabilities or compliance issues, providing ongoing protection throughout the image lifecycle.

By embedding Docker Scout directly into the CI/CD pipeline (Figure 1), the organization can maintain a proactive approach to security, shifting left in the development process while ensuring that each image deployed is safe, compliant, and up-to-date.

Defense in depth and Docker Scout’s role

In any organization that values security, adopting a defense-in-depth strategy is essential. Defense in depth is a multi-layered approach to security, ensuring that if one layer of defense is compromised, additional safeguards are in place to prevent or mitigate the impact. This strategy is especially important in environments that handle sensitive data or mission-critical operations, where even a single vulnerability can have significant consequences.

Docker Scout plays a vital role in this defense-in-depth strategy by providing a proactive layer of security during the development process. Rather than relying solely on post-submission scans or production monitoring, Docker Scout integrates directly into the development and CI/CD workflows (Figure 2), allowing teams to catch and resolve security issues early. This early detection prevents issues from escalating into more significant risks later in the pipeline, reducing the burden on the SecOps team and speeding up the deployment process.

Furthermore, Docker Scout’s continuous monitoring capabilities mean that images are not only secure at the time of deployment but remain compliant with evolving security standards and new vulnerabilities that may arise after deployment. This ongoing vigilance forms a crucial layer in a defense-in-depth approach, ensuring that security is maintained throughout the entire lifecycle of the container image.

By integrating Docker Scout into the organization’s security processes, teams can build a more resilient, secure, and compliant software environment, ensuring that security is deeply embedded at every stage from development to deployment and beyond.

Learn more

Mitigating a DoS attack with GoAccess and Cloudflare

24 November 2024 at 18:01
Cloudflare Under Attack Mode

In this off-topic post, I’m going to discuss some behind-the-scenes “fun” that may happen when managing the web server used to host the CNX Software website. From time to time, the server becomes unreachable, but I can still access its console, and notice a very high CPU load (over 100) on a VPS with four cores, while the CPU load is typically 0.5 to 2 under normal circumstances. That’s usually due to a DoS (denial of service), DDoS (distributed denial of service), or some bug I can’t identify. An easy way to solve this issue is to log in to Cloudflare and set the “Under Attack Mode” to on. It will show all visitors a JavaScript challenge the first time they visit the website, and the CPU usage typically drops back to normal level within a minute or so. That means I can access my website and so do regular [...]

The post Mitigating a DoS attack with GoAccess and Cloudflare appeared first on CNX Software - Embedded Systems News.

Docker Desktop 4.36: New Enterprise Administration Features, WSL 2, and ECI Enhancements

22 November 2024 at 23:38

Key features of the Docker Desktop 4.36 release include: 

Docker Desktop 4.36 introduces powerful updates to simplify enterprise administration and enhance security. This release features streamlined macOS sign-in enforcement via configuration profiles, enabling IT administrators to deploy tamper-proof policies at scale, alongside a new PKG installer for efficient, consistent deployments. Enhancements like the unified WSL 2 mono distribution improve startup speeds and workflows, while updates to Enhanced Container Isolation (ECI) and Desktop Settings Management allow for greater flexibility and centralized policy enforcement. These innovations empower organizations to maintain compliance, boost productivity, and streamline Docker Desktop management across diverse enterprise environments.

2400x1260 4.36 rectangle docker desktop release

Sign-in enforcement: Streamlined alternative for organizations for macOS 

Recognizing the need for streamlined and secure ways to enforce sign-in protocols, Docker is introducing a new sign-in enforcement mechanism for macOS configuration profiles. This Early Access update delivers significant business benefits by enabling IT administrators to enforce sign-in policies quickly, ensuring compliance and maximizing the value of Docker subscriptions.

Key benefits

  • Fast deployment and rollout: Configuration profiles can be rapidly deployed across a fleet of devices using Mobile Device Management (MDM) solutions, making it easy for IT admins to enforce sign-in requirements and other policies without manual intervention.
  • Tamper-proof enforcement: Configuration profiles ensure that enforced policies, such as sign-in requirements, cannot be bypassed or disabled by users, providing a secure and reliable way to manage access to Docker Desktop (Figure 1).
  • Support for multiple organizations: More than one organization can now be defined in the allowedOrgs field, offering flexibility for users who need access to Docker Desktop under multiple organizational accounts (Figure 2).

How it works

macOS configuration profiles are XML files that contain specific settings to control and manage macOS device behavior. These profiles allow IT administrators to:

  • Restrict access to Docker Desktop unless the user is authenticated.
  • Prevent users from disabling or bypassing sign-in enforcement.

By distributing these profiles through MDM solutions, IT admins can manage large device fleets efficiently and consistently enforce organizational policies.

Screenshot of Enforced Sign-in Configuration Profile showing Description, Signed, Installed, Settings, Details, and Custom Settings.
Figure 1: macOS configuration profile in use.
Screenshot of macOS configuration profile showing "allowedOrgs"
Figure 2: macOS configuration profile in use with multiple allowedOrgs visible.

Configuration profiles, along with the Windows Registry key, are the latest examples of how Docker helps streamline administration and management. 

Enforce sign-in for multiple organizations

Docker now supports enforcing sign-in for more than one organization at a time, providing greater flexibility for users working across multiple teams or enterprises. The allowedOrgs field now accepts multiple strings, enabling IT admins to define more than one organization via any supported configuration method, including:

  • registry.json
  • Windows Registry key
  • macOS plist
  • macOS configuration profile

This enhancement makes it easier to enforce login policies across diverse organizational setups, streamlining access management while maintaining security (Figure 3).

Learn more about the various sign-in enforcement methods.

Screenshot of Sign-in required box, saying "Sign-in to continue using Docker Desktop. You must be a member of one of the following organizations" with Docker-internal and Docker listed.
Figure 3: Docker Desktop when sign-in is enforced across multiple organizations. The blue highlights indicate the allowed company domains.

Deploy Docker Desktop for macOS in bulk with the PKG installer

Managing large-scale Docker Desktop deployments on macOS just got easier with the new PKG installer. Designed for enterprises and IT admins, the PKG installer offers significant advantages over the traditional DMG installer, streamlining the deployment process and enhancing security.

  • Ease of use: Automate installations and reduce manual steps, minimizing user error and IT support requests.
  • Consistency: Deliver a professional and predictable installation experience that meets enterprise standards.
  • Streamlined deployment: Simplify software rollouts for macOS devices, saving time and resources during bulk installations.
  • Enhanced security: Benefit from improved security measures that reduce the risk of tampering and ensure compliance with enterprise policies.

You can download the PKG installer via Admin Console > Security and Access > Deploy Docker Desktop > macOS. Options for both Intel and Arm architectures are also available for macOS and Windows, ensuring compatibility across devices.

Start deploying Docker Desktop more efficiently and securely today via the Admin Console (Figure 4). 

Screenshot of Admin console showing option to download PKG installer.
Figure 4: Admin Console with PKG installer download options.

Desktop Settings Management (Early Access) 

Managing Docker Desktop settings at scale is now easier than ever with the new Desktop Settings Management, available in Early Access for Docker Business customers. Admins can centrally deploy and enforce settings policies for Docker Desktop directly from the cloud via the Admin Console, ensuring consistency and efficiency across their organization.

Here’s what’s available now:

  • Admin Console policies: Configure and enforce default Docker Desktop settings from the Admin Console.
  • Quick import: Import existing configurations from an admin-settings.json file for seamless migration.
  • Export and share: Export policies as JSON files to easily share with security and compliance teams.
  • Targeted testing: Roll out policies to a smaller group of users for testing before deploying globally.

What’s next?

Although the Desktop Settings Management feature is in Early Access, we’re actively building additional functionality to enhance it, such as compliance reporting and automated policy enforcement capabilities. Stay tuned for more!

This is just the beginning of a powerful new way to simplify Docker Desktop management and ensure organizational compliance. Try it out now and help shape the future of settings management: Admin Console > Security and Access > Desktop Settings Management (Figure 5).

Screenshot of Admin console showing Desktop Setting Management page, which includes Global policy, Settings policy, User policies, and more.
Figure 5: Admin console with Desktop Settings Management.

Streamlining data workflow with WSL 2 mono distribution 

Simplify the Windows Subsystem for Linux (WSL 2) setup by eliminating the need to maintain two separate Docker Desktop WSL distributions. This update streamlines the WSL 2 configuration by consolidating the previously required dual Docker Desktop WSL distributions into a single distribution, now available on both macOS and Windows operating systems.

The simplification of Docker Desktop’s WSL 2 setup is designed to make the codebase easier to understand and maintain. This enhances the ability to handle failures more effectively and increases the startup speed of Docker Desktop on WSL 2, allowing users to begin their work more quickly.

The value of streamlining data workflows and relocating data to a different drive on macOS and Windows with the WSL 2 backend in Docker Desktop encompasses these key areas:

  • Improved performance: By separating data and system files, I/O contention between system operations and data operations is reduced, leading to faster access and processing.
  • Enhanced storage management: Separating data from the main system drives allows for more efficient use of space.
  • Increased flexibility with cross-platform compatibility: Ensuring consistent data workflows across different operating systems (macOS and Windows), especially when using Docker Desktop with WSL 2.
  • Enhanced Docker performance: Docker performs better when processing data on a drive optimized for such tasks, reducing latency and improving container performance.

By implementing these practices, organizations can achieve more efficient, flexible, and high-performing data workflows, leveraging Docker Desktop’s capabilities on both macOS and Windows platforms.

Enhanced Container Isolation (ECI) improvements 

  • Allow any container to mount the Docker socket: Admins can now configure permissions to allow all containers to mount the Docker socket by adding * or *:* to the ECI Docker socket mount permission image list. This simplifies scenarios where broad access is required while maintaining security configuration through centralized control. Learn more in the advanced configuration documentation.
  • Improved support for derived image permissions: The Docker socket mount permissions for derived images feature now supports wildcard tags (e.g., alpine:*), enabling admins to grant permissions for all versions of an image. Previously, specific tags like alpine:latest had to be listed, which was restrictive and required ongoing maintenance. Learn more about managing derived image permissions.

These enhancements reduce administrative overhead while maintaining a high level of security and control, making it easier to manage complex environments.

Upgrade now

The Docker Desktop 4.36 release introduces a suite of features designed to simplify enterprise administration, improve security, and enhance operational efficiency. From enabling centralized policy enforcement with Desktop Settings Management to streamlining deployments with the macOS PKG installer, Docker continues to empower IT administrators with the tools they need to manage Docker Desktop at scale.

The improvements in Enhanced Container Isolation (ECI) and WSL 2 workflows further demonstrate Docker’s commitment to innovation, providing solutions that optimize performance, reduce complexity, and ensure compliance across diverse enterprise environments.  

As businesses adopt increasingly complex development ecosystems, these updates highlight Docker’s focus on meeting the unique needs of enterprise teams, helping them stay agile, secure, and productive. Whether you’re managing access for multiple organizations, deploying tools across platforms, or leveraging enhanced image permissions, Docker Desktop 4.36 sets a new standard for enterprise administration.  

Start exploring these powerful new features today and unlock the full potential of Docker Desktop for your organization.

Learn more

216MHz GigaDevice GD32G5 Cortex-M33 MCU features analog interfaces and accelerators for industrial applications

21 November 2024 at 15:04
Gigadevice GD32G5 Arm Cortex M33 MCU

Starting with the GD32G553 SKUs, the 216 MHz GigaDevice GD32G5 high-performance Arm Cortex-M33 microcontroller family features 256KB to 512KB of embedded Flash with dual-bank Flash support, 128KB of SRAM, and a range of hardware accelerators including a DSP, single-precision FPU, a trigonometric function accelerator (TMU), and other hardware acceleration units, filter algorithms (FAC) and Fast Fourier Transform (FFT). Designed for industrial applications, the GD32G5 microcontrollers also offer a wide range of digital and analog interfaces and enhanced security capabilities suitable for digital power systems, charging stations, energy storage inverters, frequency converters, servo motors, and optical communication. GigaDevice GD32G5 specifications: MCU Core – Arm Cortex-M33 Armv8-M core clocked at up to 216MHz with DSP instruction set and single-precision FPU; up to 316 DMIPS, CoreMark score: 694. Memory/Storage 128KB SRAM (80KB SRAM0 + 16KB SRAM1 + 32KB TCMSRAM) 256KB to 512KB on-chip flash, QSPI interface for external storage External memory controller (EXMC) [...]

The post 216MHz GigaDevice GD32G5 Cortex-M33 MCU features analog interfaces and accelerators for industrial applications appeared first on CNX Software - Embedded Systems News.

The first Android 16 developer preview is out (much) earlier than expected

20 November 2024 at 10:33
Android 16 developer preview

Google releases a new Android version every year, and while the first Android 15 developer preview was released this year in February, the company has already announced the first Android 16 developer preview just a couple of months after the official release of Android 15 on AOSP in an “effort to drive faster innovation in apps and devices”. More specifically, Google plans to release two Android APIs next year: a major SDK release in Q2 2025 instead of Q3 followed by a minor SDK release in Q4 2025 that won’t include behavior changes that may require changes in apps, but only pick up feature updates, optimizations, and bug fixes. The change was mostly made to better accommodate the device launch schedule of smartphone manufacturers. That almost means many more changes are expected between the preview and the beta release. As of now, Google has only announced a few new features [...]

The post The first Android 16 developer preview is out (much) earlier than expected appeared first on CNX Software - Embedded Systems News.

Jetway MF30 – A 3.5-inch SBC with 13th Gen Intel Core i5-1335U/1335UE Raptor Lake SoC, quad display support

18 November 2024 at 13:30
Jetway MF30

The Jetway MF30 is a 3.5-inch subcompact board powered by 13th-generation Intel Core Raptor Lake-P U-series processors, including the Intel Core i5-1335U and Core i5-1335UE. Designed for embedded applications such as digital signage, control systems, gaming setups, and transportation hubs, the board supports versatile high-definition multi-screen configurations with two HDMI ports, two DisplayPorts, one Type-C DP, and one LVDS/eDP interface. For connectivity, the MF30 offers dual 2.5GbE ports, three USB 3.2 Gen2 ports, four USB 2.0 ports, and a USB Type-C port, while storage options include SATA III port and M.2 (2242/2280) sockets. Jetway is well known for its SBCs, and we’ve previously covered products like the JMTX-ADN8, JNUC-ADN1 mini-ITX motherboard, and JF35-ADN1 3.5-inch motherboard all powered by the Intel N97 CPU. Additionally, we’ve explored other SBCs and Mini PCs featuring 13th-gen Raptor Lake SoCs, including the iBASE IB961, GEEKOM GT13 Pro, Cincoze DV-1100, and LattePanda Sigma. If you’re interested [...]

The post Jetway MF30 – A 3.5-inch SBC with 13th Gen Intel Core i5-1335U/1335UE Raptor Lake SoC, quad display support appeared first on CNX Software - Embedded Systems News.

Better Together: Understanding the Difference Between Sign-In Enforcement and SSO

12 November 2024 at 21:57

Docker Desktop’s single sign-on (SSO) and sign-in enforcement (also called login enforcement) features work together to enhance security and ease of use. SSO allows users to log in with corporate credentials, whereas login enforcement ensures every user is authenticated, giving IT tighter control over compliance. In this post, we’ll define each of these features, explain their unique benefits, and show how using them together streamlines management and improves your Docker Desktop experience.

2400x1260 evergreen docker blog a

Before diving into the benefits of login alongside SSO, let’s clarify three related terms: login, single sign-on (SSO), and enforced login.

  • Login: Logging in connects users to Docker’s suite of tools, enabling access to personalized settings, team resources, and features like Docker Scout and Docker Build Cloud. By default, members of an organization can use Docker Desktop without signing in. Logging in can be done through SSO or by using Docker-specific credentials.
  • Single sign-on (SSO): SSO allows users to access Docker using their organization’s central authentication system, letting teams streamline access across multiple platforms with one set of credentials. SSO standardizes and secures login and supports automation around provisioning but does not automatically log in users unless enforced.
  • Enforced login: This policy, configured by administrators, ensures users are logged in by requiring login credentials before accessing Docker Desktop and associated tools. With enforced login, teams gain consistent access to Docker’s productivity and security features, minimizing gaps in visibility and control.

With these definitions in mind, here’s why being logged in matters, how SSO simplifies login, and how login enforcement ensures your team gets the full benefit of Docker’s powerful development tools.

Why logging in matters for admins and compliance teams

Enforcing sign-in with corporate credentials ensures that all users accessing Docker Desktop are verified and utilizing the benefits of your Docker Business subscription while adding a layer of security to safeguard your software supply chain. This policy strengthens your organization’s security posture and enables Docker to provide detailed usage insights, helping compliance teams track engagement and adoption. 

Enforced login will support cloud-based control over settings, allowing admins to manage application configurations across the organization more effectively. By requiring login, your organization benefits from greater transparency, control, and alignment with compliance standards. 

When everyone in your organization signs in with proper credentials:

  • Access controls for shared resources become more reliable, allowing administrators to enforce policies and permissions consistently.
  • Developers stay connected to their workspaces and resources, minimizing disruptions.
  • Desktop Insights Dashboard provides admins actionable insights into usage, from feature adoption to image usage trends and login activity, helping administrators optimize team performance and security.
  • Teams gain full visibility and access to Docker Scout’s security insights, which only function with logged-in accounts.

Read more about the benefits of login on our blog post, Maximizing Docker Desktop: How Signing In Unlocks Advanced Features.

Options for enforcing sign-in

Docker provides three options to help administrators enforce sign-in

  • Registry key method (Windows Only): Integrates seamlessly with Windows, letting IT enforce login policies within familiar registry settings, saving time on configuration. 
  • Plist or config profiles method (Mac): Provides an easy way for IT to manage access on macOS, ensuring policy consistency across Apple devices without additional tools. 
  • Registry.json method (all platforms): Works across Windows, macOS, and Linux, allowing IT to enforce login on all platforms with a single, flexible configuration file, streamlining policy management for diverse environments.

Each method helps IT secure access, restrict to authorized users, and maintain compliance across all systems. You can enforce login without setting up SSO. Read the documentation to learn more about Docker’s sign-in enforcement methods.  

Single sign-on (SSO) 

Docker Desktop’s SSO capabilities allow organizations to streamline access by integrating with corporate identity providers, ensuring that only authorized team members can access Docker resources using their work credentials. This integration enhances security by eliminating the need for separate Docker-specific passwords, reducing the risk of unauthorized access to critical development tools. With SSO, admins can enforce consistent login policies across teams, simplify user management, and gain greater control over who accesses Docker Desktop. Additionally, SSO enables compliance teams to track access and usage better, aligning with organizational security standards and improving overall security posture.

Docker Desktop supports SSO integrations with a variety of idPs, including Okta, OneLogin, Auth0, and Microsoft Entra ID. By integrating with these IdPs, organizations can streamline user authentication, enhance security, and maintain centralized access control across their Docker environments.

Differences between SSO enforcement and SSO enablement

SSO and SCIM give your company more control over how users log in and attach themselves to your organization and Docker subscription but do not require your users to sign in to your organization when using Docker Desktop. Without sign-in enforcement, users can continue to utilize Docker Desktop without logging in or using their personal Docker IDs or subscriptions, preventing Docker from providing you with insights into their usage and control over the application. 

SSO enforcement usually applies to identity management across multiple applications, enforcing a single, centralized login for a suite of apps or services. However, a registry key or other local login enforcement mechanism typically applies only to that specific application (e.g., Docker Desktop) and doesn’t control access across different services.

Better together: Sign-in enforcement and SSO 

While SSO enables seamless access to Docker for those who choose to log in, enforcing login ensures that users fully benefit from Docker’s productivity and security features.

Docker’s SSO integration is designed to simplify enterprise user management, allowing teams to access Docker with their organization’s centralized credentials. This streamlines onboarding and minimizes password management overhead, enhancing security across the board. However, SSO alone doesn’t require users to log in — it simply makes it more convenient and secure. Without enforced login, users might bypass the sign-in process, missing out on Docker’s full benefits, particularly in areas of security and control.

By coupling SSO with login enforcement, organizations strengthen their Registry Access Management (RAM), ensuring access is restricted to approved registries, boosting image compliance, and centralizing control. Encouraging login alongside SSO ensures teams enjoy a seamless experience while unlocking Docker’s complete suite of features.

Learn more

NXP i.MX 94 octa-core Cortex-A55/M33/M7 processor targets Edge AI industrial and automotive applications

12 November 2024 at 17:48
NXP i.MX 94

NXP i.MX 94 is an octa-core Arm SoC with up to four Cortex-A55 application cores, two Arm Cortex-M33 real-time/functional safety cores, two Arm Cortex-M7 real-time/functional safety cores, and an NXP eIQ Neutron NPU designed for Edge AI industrial and automotive applications I initially thought it would be a cost-down version of the NXP i.MX 95, and while it shares many of the same features, it’s more an application-specific processor designed specifically for industrial and automotive applications, lacking a 3D GPU, camera input interfaces, a MIPI DSI display interface, and 10GbE networking, but increasing the number of real-time cores (at the cost of application cores) and adding several networking features such as an Ethernet time-sensitive networking (TSN) switch, 2.5GbE interface, an Ethercat controller, and support for industrial protocols like Profinet or OPC-UA FX. NXP i.MX 94 specifications: CPU Up to 4x Arm Cortex-A55 cores 2x Arm Corex-M7 cores, one for functional [...]

The post NXP i.MX 94 octa-core Cortex-A55/M33/M7 processor targets Edge AI industrial and automotive applications appeared first on CNX Software - Embedded Systems News.

November maintenance updates for Nextcloud Hub 7, 8 and 9

8 November 2024 at 18:46

Please update to a new version to keep your data safe!

If you are using Nextcloud Hub 7, 8 or 9, we strongly recommend you to update to version 28.0.12, 29.0.9 or 30.0.2 respectively. Maintenance updates include important bug fixes, stability and security upgrades. It is a quick and safe process, as always!

About the updates

The updates include a number of important bug fixes and performance optimization, as well as other improvements in all supported Nextcloud Hub versions. You can find the full changelog on our website.

Updates are available for:

  • Nextcloud Hub 7 (version 28.0.12)
  • Nextcloud Hub 8 (version 29.0.9)
  • Nextcloud Hub 9 (version 30.0.2)

Nextcloud Hub 9 is our latest and greatest! 🚀


Nextcloud Hub 9 lets you stay connected like never before: federated calls, auto-magic with Nextcloud Flow, collaboration through a new medium with Nextloud Whiteboard, a big design redo and much more!

What’s new in Nextcloud Hub 9:

  • Federation: Edit documents and have video calls with users from other Nextcloud servers!
  • Automate and digitalize enterprise processes
  • Brand new design improvements
  • New Whiteboard app
  • AI reminders & summaries in Mail
  • PDF templates and form API
  • Chat UI for Nextcloud Assistant
Nextcloud - Get Nextcloud Hub 9

Get Nextcloud Hub 9

Download and install Nextcloud Hub 9 here!

Get Hub 9

Always keep your server up to date!

Nextcloud’s minor releases primarily focus on addressing security vulnerabilities and functionality bugs, avoiding major system overhauls that could jeopardize user data. Keeping your server up to date is vital, and our approach to testing and validation ensures that upgrading to minor releases is generally smooth and reliable.

For mission-critical Nextcloud systems in enterprise settings, consider switching to Nextcloud Enterprise. The tier provides you with ultimate deployment confidence: direct access to the Nextcloud engineering team, full assistance throughout deployment and integration, and peace of mind for system administrators. If you’re responsible for maintaining Nextcloud in your setting, this option may be the ideal solution for you.

The post November maintenance updates for Nextcloud Hub 7, 8 and 9 appeared first on Nextcloud.

Docker Desktop 4.35: Organization Access Tokens, Docker Home, Volumes Export, and Terminal in Docker Desktop

4 November 2024 at 23:51

Key features of the Docker Desktop 4.35 release include: 

2400x1260 4.35 rectangle docker desktop release 1

Organization access tokens (Beta) 

Before the beta release of organization access tokens, managing developer access to Docker resources was challenging, as it relied heavily on individual user accounts, leading to security risks and administrative inefficiencies. 

Organization access tokens let you manage access at the organizational level, providing enhanced security. This feature allows teams to operate more securely and efficiently with centralized user management, reduced administrative overhead, and the flexibility to scale access as the organization grows. For businesses, this feature offers significant value by improving governance, enhancing security, and supporting scalable infrastructure from an administrative perspective. 

Organizational access tokens empower organizations to maintain tighter control over their resources and security, making Docker Desktop even more valuable for enterprise users. This is one piece of the continuous updates we’re releasing to support administrators across large enterprise companies, ensuring they have the tools needed to manage complex environments with efficiency and confidence.

Docker Home (Beta) 

Sign in to your Docker account to see the release of the new Docker Home page (Figure 1). The new Docker Home marks a milestone in Docker’s journey as a multi-product company, reinforcing Docker’s commitment to providing an expanding suite of solutions that help developers and businesses containerize applications with ease.

  • Unified experience: The home page provides a central hub for users to access Docker products, manage subscriptions, adjust settings, and find resources — all in one place. This approach simplifies navigation for developers and admins.
  • Admin access: Administrators can manage organizations, users, and onboarding processes through the new portal, with access to dashboards for monitoring Docker usage.
  • Future enhancements: Future updates will add personalized features for different roles, and business subscribers will gain access to tools like the Docker Support portal and organization-wide notifications.
Docker Product home page showing sections for Docker Desktop, Docker Build Cloud, Docker Scout, Docker Hub, and more.
Figure 1: New Docker home page.

Terminal experience in Docker Desktop

Our terminal feature in Docker Desktop is now generally available. While managing containerized applications, developers have often faced friction and inefficiencies when switching between the Docker Desktop CLI and GUI. This constant context switching disrupted workflows and reduced productivity. 

The terminal enhancement integrates a terminal directly within the Docker Desktop GUI, enabling seamless transitions between CLI and GUI interactions within a single window. By incorporating a terminal shell into the Docker Desktop interface (Figure 2), we significantly reduce the friction associated with context switching for developers.

Screenshot of Docker Desktop showing terminal window in lower half of screen.
Figure 2: Terminal shell in Docker Desktop.

This functionality is designed to streamline workflows, accelerate delivery times, and enhance overall developer productivity.

Volumes Export is GA 

With the 4.35 release, we’ve elevated volume backup capabilities in Docker Desktop, introducing an upgraded feature set (Figure 3). This enhancement directly integrates the previous Volumes Backup & Share extension directly into Docker Desktop, streamlining your backup processes.

Screenshot of Docker Desktop Volumes showing option to "Quick export data backup to a specified location"
Figure 3: Docker Desktop Volumes view showcasing new backup functionality.

Although this release marks a significant step forward, it’s just the beginning. We’re committed to expanding these capabilities, adding even more value in future updates. Check out the beta of Scheduled Backups as well as External Cloud Storage backups, which are also available. 

Significantly improved performance experience on macOS (Beta)

Docker Desktop 4.35 also includes a beta release of Docker VMM, a container-optimized hypervisor for Apple Silicon Macs. Local developer workflows rely heavily on the performance of the hypervisor layer for everything from handling individual timer interrupts to accessing files and downloading images from the network. 

Docker VMM allows us to optimize the Linux kernel and hypervisor layer together, massively improving the speed of many common developer tasks. For example, iterating over a large shared file system with find is now 2x faster than on Docker Desktop 4.34 with a cold cache and up to 25x faster — faster than running natively on the Mac — when the cache is warm. This is only the beginning. Thanks to Docker VMM, we have many exciting new performance improvements in the pipeline.

Enable Docker VMM via Settings > General > Virtual Machine options and try it for your developer workflows today (Figure 4).

F4 Docker VMM
Figure 4: Docker VMM.

Docker Desktop for Red Hat Enterprise Linux 

Today we are excited to announce the general availability of Docker Desktop for Red Hat Enterprise Linux (RHEL). This feature marks a great milestone for both Docker and our growing community of developers.

By making Docker Desktop available on RHEL, we’re not only extending our reach — we’re meeting developers where they are. RHEL users can now access a seamless containerized development experience directly on the same OS that might power their production environments.

Docker Desktop for RHEL (Figure 5) offers the same intuitive interface, integrated tooling, and performance optimizations that you’ve come to expect on the other supported Linux distributions.

Screenshot of Docker Desktop for Red Hat Enterprise Linux with terminal window, Docker Desktop window, and RHEL logo in lower left.
Figure 5: Docker Desktop for RHEL.

How to install Docker Desktop on Red Hat Enterprise Linux

Download links and information can be found in our release notes

Looking for support?

Did you know that you can get Premium Customer Support for Docker Desktop with a Pro or Team subscription? With this GA release, we’re now ready to officially help support you if you’re thinking about using Docker Desktop. Check out our pricing page to learn more about what’s included in a Pro or Team subscription, and if it’s right for you.

Explore the latest updates

With this latest wave of updates, from the security enhancements of organization access tokens to the performance boost of Docker VMM for Apple Silicon Macs, we’re pushing Docker Desktop forward to meet the evolving needs of developers and organizations alike. Each new feature is designed to make development smoother, faster, and more secure — whether you’re managing large teams or optimizing your individual workflow. 

We’re continuing to make improvements, with more tools and features on the way to help you build, manage, and scale your projects efficiently. Explore the latest updates and see how they can enhance your development experience

Learn more

Maximizing Docker Desktop: How Signing In Unlocks Advanced Features

4 November 2024 at 21:25

Docker Desktop is more than just a local application for containerized development — it’s your gateway to an integrated suite of cloud-native tools that streamline the entire development workflow. While Docker Desktop can be used without signing in, doing so unlocks the full potential of Docker’s powerful, interconnected ecosystem. By signing in, you gain access to advanced features and services across Docker Hub, Build Cloud, Scout, and Testcontainers Cloud, enabling deeper collaboration, enhanced security insights, and scalable cloud resources. 

This blog post explores the full range of capabilities unlocked by signing in to Docker Desktop, connecting you to Docker’s integrated suite of cloud-native development tools. From enhanced security insights with Docker Scout to scalable build and testing resources through Docker Build Cloud and Testcontainers Cloud, signing in allows developers and administrators to fully leverage Docker’s unified platform.

Note that the following sections refer to specific Docker subscription plans. With Docker’s newly streamlined subscription plans — Docker Personal, Docker Pro, Docker Team, and Docker Business — developers and organizations can access a scalable suite of tools, from individual productivity boosters to enterprise-grade governance and security. Visit the Docker pricing page to learn more about how these plans support different team sizes and workflows. 

2400x1260 evergreen docker blog c

Benefits for developers when logged in

Docker Personal

  • Access to private repositories: Unlock secure collaboration through private repositories on Docker Hub, ensuring that your sensitive code and dependencies are managed securely across teams and projects.
  • Increased pull rate: Boost your productivity with an increased pull rate from Docker Hub (40 pulls/hour per user), ensuring smoother, uninterrupted development workflows without waiting on rate limits. The rate limit without authentication is 10 pulls/hour per IP.
  • Docker Scout CLI: Leverage Docker Scout to proactively secure your software supply chain with continuous security insights from code to production. By signing in, you gain access to powerful CLI commands that help prevent vulnerabilities before they reach production. 
  • Build Cloud and Testcontainers Cloud: Experience the full power of Docker Build Cloud and Testcontainers Cloud with free trials (7-day for Build Cloud, 30-day for Testcontainers Cloud). These trials give you access to scalable cloud infrastructure that speeds up image builds and enables more reliable integration testing.

Docker Pro/Team/Business 

For users with a paid Docker subscription, additional features are unlocked.

  • Unlimited pull rate: No Hub rate limit will be enforced for users with a paid subscription plan. 
  • Docker Scout base image recommendations: Docker Scout offers continuous recommendations for base image updates, empowering developers to secure their applications at the foundational level and fix vulnerabilities early in the development lifecycle.
dd signin f1
Figure 1: Docker Scout showing recommendations.
  • Docker Debug: The docker debug CLI command can help you debug containers, while the images contain the minimum required to run your application.
dd signin f2
FIgure 2: Docker debug CLI.

Docker Debug functionalities have also been integrated into the container view of the Docker Desktop UI.

dd signin f3
Figure 3: Debug functionalities integrated into the container view of Docker Desktop.
  • Synchronized file shares: Host to Docker Desktop VM file sharing via bind mounts can be quite slow for large codebases. Speed up your development cycle with synchronized file shares, allowing you to sync large codebases into containers quickly and efficiently without performance bottlenecks—helping developers iterate faster on critical projects.
dd signin f4
Figure 4: Synchronized file shares.
  • Additional free minutes for Docker Build Cloud: Docker Build Cloud helps developer teams speed up image builds by offloading the build process to the cloud. The following benefits are available for users depending on the subscription plan
    • Docker Pro: 200 mins/month per org
    • Docker Team: 500 mins/month per org
    • Docker Business: 1500 mins/month per org
  • Additional free minutes for Testcontainers Cloud: Testcontainers Cloud simplifies the process for developers to run reliable integration tests using real dependencies defined in code, whether on their laptops or within their team’s CI pipeline. Depending on the subscription plan, the following benefits are available for users:
    • Docker Pro: 100 mins/month per org
    • Docker Team: 500 mins/month per org
    • Docker Business: 1,500 mins/month per org

Benefits for administrators when your users are logged in

Docker Business

Security and governance

The Docker Business plan offers enterprise-grade security and governance controls, which are only applicable if users are signed in. As of Docker Desktop 4.35.0, these features include:

License management

Tracking usage for licensing purposes can be challenging for administrators due to Docker Desktop not requiring authentication by default. By ensuring all users are signed in, administrators can use Docker Hub’s organization members list to manage licenses effectively.

This can be coupled with Docker Business’s Single Sign-On and SCIM capabilities to ease this process further. 

Insights

Administrators and other stakeholders (such as engineering managers) must comprehensively understand Docker Desktop usage within their organization. With developers signed into Docker Desktop, admins gain actionable insights into usage, from feature adoption to image usage trends and login activity, helping administrators optimize team performance and security. A dashboard offering insights is now available to simplify monitoring. Contact your account rep to enable the dashboard.

Desktop Insights available when your users log in to your organization
Figure 5: Desktop Insights view when users log in to your organization.

Enforce sign-in for Docker Desktop

Docker Desktop includes a feature that allows administrators to require authentication at start-up. Admins can ensure that all developers sign in to access Docker Desktop, enabling full integration with Docker’s security and productivity features. Sign-in enforcement helps maintain continuous compliance with governance policies across the organization.

dd signin f5
Figure 6: Prompting sign in.

Developers can then click on the sign-in button, which takes them through the authentication flow. 

More information on how to enforce sign-in can be found in the documentation

Unlock the full potential of Docker’s integrated suite

Signing into Docker Desktop unlocks significant benefits for both developers and administrators, enabling teams to fully leverage Docker’s integrated, cloud-native suite. Whether improving productivity, securing the software supply chain, or enforcing governance policies, signing in maximizes the value of Docker’s unified platform — especially for organizations using Docker’s paid subscription plans.

Note that new features are introduced with each new release, so keep an eye on our blog and subscribe to the Docker Newsletter for the latest product and feature updates.

Up next

Renesas RX260 and RX261 64 MHz RXv3 MCUs target power-efficient touch applications

24 October 2024 at 19:55
Renesas RX260 RX261 RXv3 microcontrollers

The Renesas RX260 and RX261 two new 64 MHz microcontrollers part of the high-performance, high-efficiency RX product family with integrated capacitive touch-sensing and high power efficiency in both active and standby modes. The microcontrollers are based on the RXv3 core with a performance score of 355 CoreMark @ 64MHz, which is “2.5 times higher than competing 64 MHz class MCUs.” The chips are also power-efficient, with a consumption rate of 69μA/MHz during active operation and 1μA only in standby mode. According to Renesas, the chips are up to 25% more efficient in active mode and 87% more efficient in standby mode than other 64 MHz class MCUs. Another competing factor is the onboard 8KB of data flash, eliminating the need for external EEPROM. The RX260 and RX261 Group MCUs support noise- and water-resistant capacitive touch via Renesas’ third-generation capacitive touch IP (CTSU2SL). They also integrate an “automatic judgment function” that [...]

The post Renesas RX260 and RX261 64 MHz RXv3 MCUs target power-efficient touch applications appeared first on CNX Software - Embedded Systems News.

SenseCrypt eID on OpenCV Live

16 October 2024 at 01:56

Everyone should have the right to privacy. OpenCV Gold Sponsor SeventhSense’s revolutionary cryptographic AI algorithms enable facial verification without any biometrics storage. Enjoy peace of mind with GDPR-compliant technology that puts you in control of your data, eliminating privacy risks and ensuring complete security. On this week’s OpenCV Live webinar we’ll learn about the tech behind this powerful, important security advancement they call SenseCrypt eID.

Get started early with the new SenseCrypt walkthrough: https://github.com/Seventh-Sense-Artificial-Intelligence/SenseCrypt-Walkthrough

Watch along for your chance to win during our live trivia segment, and participate in the live Q&A session with questions from you in the audience.

The post SenseCrypt eID on OpenCV Live appeared first on OpenCV.

Introducing Organization Access Tokens

16 October 2024 at 00:33

In the past, securely managing access to organization resources has been difficult. The only way to gain access has been through an assigned user’s personal access tokens. Whether these users are your engineer’s accounts, bot accounts, or service accounts, they often become points of risk for your organization.

Now, we’re pleased to introduce a long-awaited feature: organization access tokens.

Organization access tokens are like personal access tokens, but at an organizational level with many improvements and features. In this post, we walk through a few reasons why this feature release is so exciting.

2400x1260 evergreen docker blog a

Frictionless management

Every day, we are reducing the friction for organizations and engineers using our products. We want you working on your projects, not managing your development tools. 

Organization access tokens do not require you to manage groups and repository assignments like users require. This means you benefit from a straightforward way to manage access that each access token has instead of managing users and their placement within the organization.

If your organization has SSO enabled and enforced, you have likely run into the issue where machine or service accounts cannot log in easily because they don’t have the ability to log into your identity provider. With organization access tokens, this is no longer a problem.

Did someone leave your organization? No problem! With organization access tokens, you are still in control of the token instead of having to track down which tokens were on that user’s account and deal with the resulting challenges.

Fine-grained access

Organization access tokens introduce a new way to allow for tokens to access resources within your organization. These tokens can be assigned to specific repositories with specific actions for full access management with “least privilege” applied. Of course, you can also allow access to all resources in your organization.

Expirations

Another critical feature is the ability to set expirations for your organization access tokens. This is great for customers who have compliance requirements for token rotation or for those who just like the extra security.

Visibility

Management and registry actions all show up in your organization’s activity logs for each access token. Each token’s usage also shows up on your organization’s usage reports.

Business use cases and fair use

We believe that organization access tokens are useful in the context of teams and companies, which is why we are making them available to Docker Team and Docker Business subscribers. With the usual attention to the security aspect, avoiding any “misuse” related to the proliferation of the number of access tokens created, we are introducing a limitation in the maximum number of organization access tokens based on the type of subscription. There will be a limit of 10 for Team plans and 100 for Business plans.

Try organization access tokens

If you are on a team or business subscription, check out our documentation to learn more about using organization access tokens.

Learn more

Secure Custom Fields

13 October 2024 at 01:26

On behalf of the WordPress security team, I am announcing that we are invoking point 18 of the plugin directory guidelines and are forking Advanced Custom Fields (ACF) into a new plugin, Secure Custom Fields. SCF has been updated to remove commercial upsells and fix a security problem.

On October 3rd, the ACF team announced ACF plugin updates will come directly from their website. Sites that followed the ACF team’s instructions on “How to update ACF” will continue to get updates directly from WP Engine. On October 1st, 2024, WP Engine also deployed its own solution for updates and installations for plugins and themes across their customers’ sites in place of WordPress.org’s update service.

Sites that continue to use WordPress.org’s update service and have not chosen to switch to ACF updates from WP Engine can click to update to switch to Secure Custom Fields. Where sites have chosen to have plugin auto-updates from WordPress.org enabled, this update process will auto-switch them from Advanced Custom Fields to Secure Custom Fields.

This update is as minimal as possible to fix the security issue. Going forward, Secure Custom Fields is now a non-commercial plugin, and if any developers want to get involved in maintaining and improving it, please get in touch.

Similar situations have happened before, but not at this scale. This is a rare and unusual situation brought on by WP Engine’s legal attacks, we do not anticipate this happening for other plugins.

WP Engine has posted instructions for how to use their version of Advanced Custom Fields that uses their own update server, so you have that option, though the WordPress Security Team does not recommend it until they fix the security issues. You can uninstall Advanced Custom Fields and activate Secure Custom Fields from the plugin directory and be just fine.

There is separate, but not directly related news that Jason Bahl has left WP Engine to work for Automattic and will be making WPGraphQL a canonical community plugin. We expect others will follow as well.

October maintenance updates for Nextcloud Hub 7 and 8

10 October 2024 at 18:14

Please update to a new version to keep your data safe!

If you are using Nextcloud Hub 7 or 8, we strongly recommend you to update to version 28.0.11 or 29.0.8 respectively. Maintenance updates include important bug fixes, stability and security upgrades. It is a quick and safe process, as always!

About the updates

The updates include a number of important bug fixes and performance optimization, as well as other improvements in Nextcloud Hub 7 (28.X) and 8 (29.X). Update for Nextcloud Hub 9 (30.X) is coming soon! You can find the full changelog on our website.

Updates are available for:

  • Nextcloud Hub 7 (version 28.0.11)
  • Nextcloud Hub 8 (version 29.0.8)

Nextcloud Hub 9 is our latest and greatest! 🚀


Nextcloud Hub 9 lets you stay connected like never before: federated calls, auto-magic with Nextcloud Flow, collaboration through a new medium with Nextloud Whiteboard, a big design redo and much more!

What’s new in Nextcloud Hub 9:

  • Federation: Edit documents and have video calls with users from other Nextcloud servers!
  • Automate and digitalize enterprise processes
  • Brand new design improvements
  • New Whiteboard app
  • AI reminders & summaries in Mail
  • PDF templates and form API
  • Chat UI for Nextcloud Assistant
Nextcloud - Get Nextcloud Hub 9

Get Nextcloud Hub 9

Download and install Nextcloud Hub 9 here!

Get Hub 9

Always keep your server up to date!

Nextcloud’s minor releases primarily focus on addressing security vulnerabilities and functionality bugs, avoiding major system overhauls that could jeopardize user data. Keeping your server up to date is vital, and our approach to testing and validation ensures that upgrading to minor releases is generally smooth and reliable.

For mission-critical Nextcloud systems in enterprise settings, consider switching to Nextcloud Enterprise. The tier provides you with ultimate deployment confidence: direct access to the Nextcloud engineering team, full assistance throughout deployment and integration, and peace of mind for system administrators. If you’re responsible for maintaining Nextcloud in your setting, this option may be the ideal solution for you.

The post October maintenance updates for Nextcloud Hub 7 and 8 appeared first on Nextcloud.

GIGAIPC QBiX-ADNAN97-A1 fanless industrial PC features Intel N97 CPU, dual HDMI, dual LAN

9 October 2024 at 00:01
GIGAIPC QBiX ADNAN97 A1 industrial PC

GIGAIPC QBiX-ADNAN97-A1 industrial PC is a compact system, powered by the Intel Processor N97 quad-core Alder Lake-N processor. This industrial PC supports up to 16GB of DDR5 memory and features flexible storage options with an M.2 slot for SATA or NVMe drives. Additionally, the QBiX-ADNAN97-A1 supports dual independent displays via two HDMI ports, It also offers dual Gigabit Ethernet, multiple USB 3.2 Gen 2×1 ports, an M.2 E-Key for Wi-Fi/Bluetooth expansion, and a COM port for legacy device connectivity. Designed for reliable operation, this fanless system is ideal for various Industry 4.0 applications, including industrial automation, digital signage, and edge computing. QBiX-ADNAN97-A1 industrial PC specifications SoC – Intel Processor N97 quad-core Alder Lake-N processor @ up to 3.6 GHz with 6MB Cache, Intel UHD Graphics; 12W TDP System Memory – Up to 16GB DDR5 4800 MHz via SODIMM slot Storage – M.2 2280 M-Key socket for NVMe or SATA storage Display 2x HDMI 2.0 [...]

The post GIGAIPC QBiX-ADNAN97-A1 fanless industrial PC features Intel N97 CPU, dual HDMI, dual LAN appeared first on CNX Software - Embedded Systems News.

NXP RW612 Arm Cortex-M33 Wireless MCU offers Wi-Fi 6, Bluetooth 5.4, and 802.15.4 radios

8 October 2024 at 00:01
NXP RW61X Block Diagram

The NXP RW612 is an Arm Cortex-M33 SoC with three radios, namely WiFi 6, Bluetooth 5.4, and 802.15.4 for Thread and Matter connectivity. It also has a small sibling called the RW610 without the 802.15.4 radio. I first came across RW61x chips, when Debashis wrote about the Trimension SR250 UWB chip mentioning it can work with “host processors like NXP’s i.MX, RW61x, and MCX families”. I initially thought it was a typo for the iW612 tri-radio solution introduced in 2022, and the RW612 is indeed similar, but it’s a complete wireless microcontroller/SoC with an Arm Cortex-M33 application core so it can be used independently as a host instead of a companion chip. NXP RW612 and RW610 specifications: MCU sub-system Core – 260 MHz Arm Cortex-M33 with TrustZone-M Memory On-chip 1.2 MB SRAM PSRAM interface for memory expansion Storage – Quad FlexSPI Flash XIP with on-the-fly decryption Peripheral interfaces Up to [...]

The post NXP RW612 Arm Cortex-M33 Wireless MCU offers Wi-Fi 6, Bluetooth 5.4, and 802.15.4 radios appeared first on CNX Software - Embedded Systems News.

Flipper Zero hacking tool gets MicroPython support

6 October 2024 at 10:00
MicroPython on Flipper Zero

Developer and engineer Oliver Fabel has developed a port that is designed to run MicroPython on the Flipper Zero. This port allows users to write programs for Flipper Zero in Python, instead of built-in JavaScript. Till now you can access GPIO, ADC, PWM, the speaker, buttons, the display, and infrared communication with this but it doesn’t have support for NFC or RFID yet, and it’s still under development. Previously we have written about various addon boards for the Flipper Zero like the Mayhem v2, the ESP8266 Deauther board, the CAN bus addon board, and other powerful alternatives of the Flipper like The M1 and the HackBat. Feel free to check those out if you are interested in the topic. The process is simple, and you don’t have to do a firmware update to work with MicroPython, you can download the application from the community-driven Flipper app store and are good [...]

The post Flipper Zero hacking tool gets MicroPython support appeared first on CNX Software - Embedded Systems News.

The Things Indoor Gateway Pro: A Managed LoRaWAN Solution with ESP32 and Semtech SX1302

30 September 2024 at 09:00
The Things Indoor Gateway Pro with dual external antenna

The Things Industries first introduced the Things Indoor Gateway, an affordable multi-channel LoRaWAN gateway designed for IoT networks in 2019. While low-cost single-channel gateways like Dragino OLG01, priced as low as $83.50, were available, they often struggled with connectivity in shared environments. The Things Indoor Gateway, priced around $111, offered a reliable solution for large-scale IoT deployments. Building on this success, the company has now launched the next-generation Things Indoor Gateway Pro. This managed LoRaWAN gateway is designed for seamless IoT network installation, featuring zero-touch provisioning, full cloud management, and flexible connectivity options including LTE, Ethernet, and Wi-Fi with automated failover. With advanced device management tools such as mTLS, FOTA, and secure boot, the Things Indoor Gateway Pro is a future-ready solution tailored for evolving IoT needs. Previously, we explored a variety of LoRaWAN gateways, including the AgroSense LoRaWAN for high-precision agriculture, the WisGate Soho Pro RAK7267 for greenhouse monitoring, [...]

The post The Things Indoor Gateway Pro: A Managed LoRaWAN Solution with ESP32 and Semtech SX1302 appeared first on CNX Software - Embedded Systems News.

❌
❌