What’s New in April: Kubernetes The Hard Way, Fedora 40 & nginx 1.26

In this April digest, we want to highlight some important news that can be useful for advanced developers, beginners, business owners, and designers.

April brings us an updated version of the well-known "Kubernetes The Hard Way" guide to manually configuring Kubernetes clusters. Kelsey Hightower announced this on his X account.

Meanwhile, Nginx users can upgrade to version 1.26.0 of the popular web server, and Linux fans will be interested in the recently released Fedora Linux 40 with updated desktop environments and improved artificial intelligence development capabilities.

Read more details and other new product news in the digest below!

A New Version of Kubernetes The Hard Way guide Released

Kelsey Hightower reported that the Kubernetes The Hard Way guide has been updated to support ARM64. The guide is now cloud vendor agnostic and only requires a set of ARM-based virtual machines or physical machines.

The Hard Way is a guide to creating a basic Kubernetes cluster with all management components running on a single node and two working nodes sufficient to learn the basic concepts. It is precisely optimized for a long, deep learning curve to understand all the tasks required to bootstrap a Kubernetes cluster.

Previous versions only worked with Google Cloud Platform, now the simulator is cloud service independent. Also, this guide requires four ARM64-based virtual or physical machines connected to the same network. In general, the knowledge gained from this guide can be applied to other platforms as well.

The updated guide uses kubernetes v1.28.x, containerd v1.7.x, cni v1.3.x, etcd v3.4.x. Kubernetes The Hard Way is a great way to get your hands on working with clusters.

Release of nginx 1.26.0

After almost a year since the last (1.25.0) release, a new version of nginx has been released. Stable version 1.26.0 includes new features and bug fixes from the 1.25.x main branch, including experimental support for HTTP/3, HTTP/2 on a per-server basis, virtual servers in the stream module, streaming connections to listen sockets, and more.

According to W3Techs, 34.2% of all sites in the report use Nginx, which confirms the technology's widespread use. Let's examine the main changes in the 1.26.0 release.

Substantial changes have been made to work with HTTP/2:

• Added the "http2" directive to selectively enable the HTTP/2 protocol with binding to specific servers. 
• The "http2" parameter in the "listen" directive is deprecated.
• Removed support for server push in HTTP/2.
• Improved buffer management during automatic HTTP/2 connection discovery.
• Enhanced protection against atypical HTTP/2 client activity, in particular against "Rapid Reset" DoS attacks. The new limiter allows blocking requests before they reach the overall limit on the number of concurrent threads.

Among other changes:

• The new version includes the ngx_http_v3 module with experimental support for HTTP/3 protocol.
• The stream module has been extended with support for virtual servers whose configuration is defined in the server { .... } using the server_name directive.
• The new ngx_stream_pass_module provides direct forwarding of received connections to any listening socket associated with the http, stream, and mail modules.
• Support for cache line sizing for data transfers between CPU cache and memory has been implemented for some architectures.
• Improved performance when starting configurations with a large number of location directives.
• Removed support for the "ssl" directive, which was previously deprecated.

Nginx 1.26.0 is available for download on the official website.

Code Connect Figma Beta for Design Systems

Figma aims to improve the implementation of design systems by making code more accessible and useful to developers. To this end, it has launched a beta version of its Code Connect tools.

According to CEO Dylan Field, the new functionality is designed to reduce the barrier between designers and developers, resulting in greater consistency and structured implementation of ideas.

Code Connect is a new tool that allows you to customize the code snippets that appear in Dev Mode so that developers see the actual code of the design system instead of automatically generated CSS. The tool is a utility available through npm for JavaScript and TypeScript projects and through Swift Package Manager for SwiftUI projects.

Code Connect is available in Organization and Enterprise plans. The package and configuration instructions are available on GitHub, and developers can install it using a simple command-line interface.

Fedora Linux 40 Release

Fedora Linux 40 has been released, marking a major milestone in the project's development. This release contains significant updates. Here is a list of some of the new features.

• Updates to the GNOME and KDE desktop environments: GNOME is now version 46, and KDE Plasma has been updated to version 6 and works with Wayland out of the box.
• Revival of the "Fedora Atomic Desktop" brand for all atomically upgradeable custom distributions that use ostree or image-based provisioning. 
• The Mock, Koji and Copr build tools have been migrated to use the DNF 5 package manager.
• The wget2 utility has been replaced by wget, and the iotop utility has been replaced by iotop-c.
• The new release includes the osbuild toolkit for building minimal images for the ARM architecture.
• Updated versions of LLVM 18, GCC 14, binutils 2.41, Kubernetes 1.29, glibc 2.39, PostgreSQL 16 and other packages. 

The new version of Fedora Linux 40 comes with the first-ever PyTorch package. This popular framework is used for deep learning. It currently supports CPU-only operation, with no GPU or NPU acceleration. Representatives of the distribution promise to further develop the framework in future releases, including GPU and specialized NPU accelerators.

The Fedora Linux 40 release is available for Fedora Workstation, Fedora Server, Fedora Silverblue, Fedora IoT, Fedora CoreOS, Fedora Cloud Base, Fedora Onyx, and Live Build distributions.

World-Check Database Hijacked by Hackers

The well-known World-Check database contains information on undesirable persons such as terrorists, money launderers, untrustworthy politicians, etc. Corporations, banks, and various financial organizations use it as part of Know Your Customer (KYC) checks.

World-Check data includes full names, the person's area of criminal activity, and, in some cases, their specific job title. It also includes date and place of birth, known aliases, gender, and an explanation of why the person has been placed on the unreliable list.

Today, more than 5 million records from the database are in the hands of the hacker group GhostR, which is threatening to release the data to the public. A spokesperson for the London Stock Exchange Group (LSEG), which maintains the database, has confirmed the authenticity of GhostR's claims.

In the original message, a group of hackers said they would soon begin leaking the database. The first batch of information will include details on thousands of people, including "members of the royal family."

LSEG officials said the leak was not related to their systems, but to a third party that had copies of World-Check DB, and that work was underway to protect the data.

Third-party Cookie Blocking in Chrome Delayed by Google

In 2020, Google said it would phase out third-party cookies over two years to improve user privacy. It's almost the middle of 2024, and Google has delayed the shutdown again.

Google said there were problems reconciling the views of stakeholders, regulators, and developers on the issue. It also notes that it is important that the UK's Competition and Markets Authority (CMA) has enough time to review the evidence, including the results of industry tests, which were requested from market participants by the end of June.

As a result, Google will likely stop supporting third-party cookies in Chrome in 2025, not 2022, as previously planned.

However, in early April, Google announced a new Chrome security feature called Device Bound Session Credentials (DBSC), which binds browser cookies to a user's specific device and protects against account hijacking through cookie theft. DBSC cryptographically binds authentication files to the device using keys generated by the device's Trusted Platform Module (TPM) chip.

Each session is now secured with a unique key, and only the public key is sent to servers for subsequent authentication. This prevents sites from tracking users in different sessions on the same device. Currently, DBSC can be tested by enabling "enable-bound-session-credentials" in Chrome. Google is working to enable this technology by default for Google Workspace and Google Cloud clients.

Have a great month, and see you in the next is*hosting digest!