How to block AI Crawler Bots using robots.txt file

User-agent: GPTBot Disallow: / User-agent: ChatGPT-User Disallow: /

July 22, 2024 at 10:17AM

via Instapaper

How to manually block common AI crawlers

User-agent: anthropic-ai Disallow: / User-agent: Claude-Web Disallow: / User-agent: CCbot Disallow: / User-agent: FacebookBot Disallow: / User-agent:…

July 22, 2024 at 10:16AM

via Instapaper

Let’s Open Ag-Tech

https://anonymoushash.vmbrasseur.com/2024/07/hello-semios.html

If you follow my Mastodon feed at all, you’ll know that I post and share a lot of articles about climate change and facets of our food systems (among other things, of course). These are topics that are near and dear to my heart. I even use an agriculture-related company—Bees4Less 🐝—in all the examples in my latest book.

So when I received an email asking for a chat with Semios—a successful ag-tech that helps improve sustainability in our food systems—it would be an understatement to say I was interested in talking to them. I really liked what I heard, and thankfully they did as well.

I’m excited to announce that as of today I’ve joined Semios to lead open source strategy and start an open source program office (OSPO)!

Yes, I know that everyone says “I’m excited!” when they announce a new job. It’s just That Thing You Do. But in this case, it’s also very much true.

While there have been a few initiatives to bring FOSS to ag-tech (AgStack for one, with which I’ll be spending a lot of time), in general it’s still a literal green field. There’s a lot of potential here, which Semios sees and understands. Together, we’re going to open ag-tech. It’s gonna be great, but it ain’t gonna be easy. Eventually I’ll be building a team to help us, once I get settled in and see where we’ll be starting.

But first, I’ve a lot of onboarding and learning to do from my new Semios colleagues. 🤩

via {anonymous => 'hash'}; https://anonymoushash.vmbrasseur.com/

July 22, 2024 at 03:00AM

Luna wishes you all a happy Monday #corgi #dog

July 22, 2024 at 10:08AM

via Instagram https://instagr.am/p/C9uk-lDuijP/

Amazon ECS now provides enhanced stopped task error messages for easier troubleshooting - AWS

Posted on: Jul 11, 2024 Amazon Elastic Container Services (Amazon ECS) now makes it easier to troubleshoot task launch failures with enhanced stopped task error…

July 22, 2024 at 09:21AM

via Instapaper

Widespread IT Outage Due to CrowdStrike Update | CISA

An official website of the United States government Here’s how you know Official websites use .gov A .gov website belongs to an official government organization…

July 19, 2024 at 02:44PM

via Instapaper

Kubernetes Removals and Major Changes In v1.31

https://kubernetes.io/blog/2024/07/19/kubernetes-1-31-upcoming-changes/

As Kubernetes develops and matures, features may be deprecated, removed, or replaced with better ones for the project's overall health. This article outlines some planned changes for the Kubernetes v1.31 release that the release team feels you should be aware of for the continued maintenance of your Kubernetes environment. The information listed below is based on the current status of the v1.31 release. It may change before the actual release date.

The Kubernetes API removal and deprecation process

The Kubernetes project has a well-documented deprecation policy for features. This policy states that stable APIs may only be deprecated when a newer, stable version of that API is available and that APIs have a minimum lifetime for each stability level. A deprecated API has been marked for removal in a future Kubernetes release. It will continue to function until removal (at least one year from the deprecation), but usage will display a warning. Removed APIs are no longer available in the current version, so you must migrate to using the replacement.

Generally available (GA) or stable API versions may be marked as deprecated but must not be removed within a major version of Kubernetes.

Beta or pre-release API versions must be supported for 3 releases after the deprecation.

Alpha or experimental API versions may be removed in any release without prior deprecation notice.

Whether an API is removed because a feature graduated from beta to stable or because that API did not succeed, all removals comply with this deprecation policy. Whenever an API is removed, migration options are communicated in the documentation.

A note about SHA-1 signature support

In go1.18 (released in March 2022), the crypto/x509 library started to reject certificates signed with a SHA-1 hash function. While SHA-1 is established to be unsafe and publicly trusted Certificate Authorities have not issued SHA-1 certificates since 2015, there might still be cases in the context of Kubernetes where user-provided certificates are signed using a SHA-1 hash function through private authorities with them being used for Aggregated API Servers or webhooks. If you have relied on SHA-1 based certificates, you must explicitly opt back into its support by setting GODEBUG=x509sha1=1 in your environment.

Given Go's compatibility policy for GODEBUGs, the x509sha1 GODEBUG and the support for SHA-1 certificates will fully go away in go1.24 which will be released in the first half of 2025. If you rely on SHA-1 certificates, please start moving off them.

Please see Kubernetes issue #125689 to get a better idea of timelines around the support for SHA-1 going away, when Kubernetes releases plans to adopt go1.24, and for more details on how to detect usage of SHA-1 certificates via metrics and audit logging.

Deprecations and removals in Kubernetes 1.31

Deprecation of status.nodeInfo.kubeProxyVersion field for Nodes (KEP 4004)

The .status.nodeInfo.kubeProxyVersion field of Nodes is being deprecated in Kubernetes v1.31, and will be removed in a later release. It's being deprecated because the value of this field wasn't (and isn't) accurate. This field is set by the kubelet, which does not have reliable information about the kube-proxy version or whether kube-proxy is running.

The DisableNodeKubeProxyVersion feature gate will be set to true in by default in v1.31 and the kubelet will no longer attempt to set the .status.kubeProxyVersion field for its associated Node.

Removal of all in-tree integrations with cloud providers

As highlighted in a previous article, the last remaining in-tree support for cloud provider integration will be removed as part of the v1.31 release. This doesn't mean you can't integrate with a cloud provider, however you now must use the recommended approach using an external integration. Some integrations are part of the Kubernetes project and others are third party software.

This milestone marks the completion of the externalization process for all cloud providers' integrations from the Kubernetes core (KEP-2395), a process started with Kubernetes v1.26. This change helps Kubernetes to get closer to being a truly vendor-neutral platform.

For further details on the cloud provider integrations, read our v1.29 Cloud Provider Integrations feature blog. For additional context about the in-tree code removal, we invite you to check the (v1.29 deprecation blog).

The latter blog also contains useful information for users who need to migrate to version v1.29 and later.

Removal of kubelet --keep-terminated-pod-volumes command line flag

The kubelet flag --keep-terminated-pod-volumes, which was deprecated in 2017, will be removed as part of the v1.31 release.

You can find more details in the pull request #122082.

Removal of CephFS volume plugin

CephFS volume plugin was removed in this release and the cephfs volume type became non-functional.

It is recommended that you use the CephFS CSI driver as a third-party storage driver instead. If you were using the CephFS volume plugin before upgrading the cluster version to v1.31, you must re-deploy your application to use the new driver.

CephFS volume plugin was formally marked as deprecated in v1.28.

Removal of Ceph RBD volume plugin

The v1.31 release will remove the Ceph RBD volume plugin and its CSI migration support, making the rbd volume type non-functional.

It's recommended that you use the RBD CSI driver in your clusters instead. If you were using Ceph RBD volume plugin before upgrading the cluster version to v1.31, you must re-deploy your application to use the new driver.

The Ceph RBD volume plugin was formally marked as deprecated in v1.28.

Deprecation of non-CSI volume limit plugins in kube-scheduler

The v1.31 release will deprecate all non-CSI volume limit scheduler plugins, and will remove some already deprected plugins from the default plugins, including:

AzureDiskLimits

CinderLimits

EBSLimits

GCEPDLimits

It's recommended that you use the NodeVolumeLimits plugin instead because it can handle the same functionality as the removed plugins since those volume types have been migrated to CSI. Please replace the deprecated plugins with the NodeVolumeLimits plugin if you explicitly use them in the scheduler config. The AzureDiskLimits, CinderLimits, EBSLimits, and GCEPDLimits plugins will be removed in a future release.

These plugins will be removed from the default scheduler plugins list as they have been deprecated since Kubernetes v1.14.

Looking ahead

The official list of API removals planned for Kubernetes v1.32 include:

The flowcontrol.apiserver.k8s.io/v1beta3 API version of FlowSchema and PriorityLevelConfiguration will be removed. To prepare for this, you can edit your existing manifests and rewrite client software to use the flowcontrol.apiserver.k8s.io/v1 API version, available since v1.29. All existing persisted objects are accessible via the new API. Notable changes in flowcontrol.apiserver.k8s.io/v1beta3 include that the PriorityLevelConfiguration spec.limited.nominalConcurrencyShares field only defaults to 30 when unspecified, and an explicit value of 0 is not changed to 30.

For more information, please refer to the API deprecation guide.

Want to know more?

The Kubernetes release notes announce deprecations. We will formally announce the deprecations in Kubernetes v1.31 as part of the CHANGELOG for that release.

You can see the announcements of pending deprecations in the release notes for:

Kubernetes v1.30

Kubernetes v1.29

Kubernetes v1.28

Kubernetes v1.27

via Kubernetes Blog https://kubernetes.io/

July 18, 2024 at 08:00PM

Spoooooooloooot #sploot #corgi

July 18, 2024 at 07:49PM

via Instagram https://instagr.am/p/C9lUOvAPETO/

Help:Transclusion - Wikipedia

"WP:TRANS" redirects here. You may be looking for Wikipedia:Transwiki log, Help:Transwiki, Wikipedia:Translation, Wikipedia:WikiProject Transwiki or…

July 18, 2024 at 03:41PM

via Instapaper

amazon-science/RAGChecker: RAGChecker: A Fine-grained Framework For Diagnosing RAG

RAGChecker is an advanced automatic evaluation framework designed to assess and diagnose Retrieval-Augmented Generation (RAG) systems. It provides a…

July 18, 2024 at 01:22PM

via Instapaper

aws/fmeval: Foundation Model Evaluations Library

aws.github.io/fmeval

July 18, 2024 at 01:20PM

via Instapaper

Evolving the ASF Brand - The Apache Software Foundation Blog

By: Shane Curcuru, Board Chair In the spirit of open communications that is core to our ethos, The Apache Software Foundation (ASF) is announcing we are…

July 18, 2024 at 12:01PM

via Instapaper

exo-explore/exo at console.dev

exo: Run your own AI cluster at home with everyday devices. Maintained by exo labs. Forget expensive NVIDIA GPUs, unify your existing devices into one powerful…

July 18, 2024 at 10:49AM

via Instapaper

darrenburns/posting at console.dev

Posting. A powerful HTTP client that lives in your terminal. Posting is an HTTP client, not unlike Postman and Insomnia. As a TUI application, it can be used…

July 18, 2024 at 10:49AM

via Instapaper

Leaked Docs Show What Phones Cellebrite Can (and Can’t) Unlock

Cellebrite, the well-known mobile forensics company, was unable to unlock a sizable chunk of modern iPhones available on the market as of April 2024, according…

July 18, 2024 at 10:26AM

via Instapaper

CVE-2024-5321

https://github.com/kubernetes/kubernetes/issues/126161

Incorrect permissions on Windows containers logs

via Kubernetes Vulnerability Announcements - CVE Feed https://kubernetes.io/docs/reference/issues-security/official-cve-feed/

July 17, 2024 at 09:06AM

Week Ending July 14, 2024

https://lwkd.info/2024/20240717

Developer News

Maintainer session proposals for Kubecon are due this Sunday. Write one for your SIG now. Don’t miss the deadline!

The Contributor Summit is looking for contributors to design the swag and the award. Also, proposals for the Summit are still open.

Subprojects kpng and etcdadm are being archived. If you still use etcd-manager, it’s in a new repo owned by SIG-Etcd.

CVE-2024-5321 has been reported against Kubernetes clusters running Windows. This vulnerability lets users with incorrect permissions read and modify container logs.

Release Schedule

Next Deadline: Code Freeze, July 24th

Code freeze is happening in a week! If your KEP is opted in for the v1.31 release, make sure to get your PRs merged in time before the deadline.

Kubernetes v1.27.16, v1.28.12, v1.29.7 and v1.30.3 patch releases are now live!

Featured PR

125868: Add –for=create option to kubectl wait

After a few false starts, we are trying again to support a “wait for create” mechanism for kubectl wait. The new --for option will allow pluggable wait conditions beyond the original “wait for delete” and new “wait for create” (or really “wait for exists”). This can already help streamline shell scripts, and talk to SIG-CLI if you’re interested in proposing additional modes!

KEP of the Week

4633: Only allow Anonymous Auth for configured endpoints

Allowing anonymous authentication against all or most Kubernetes endpoints can be a huge security hole if you make simple mistakes with RBAC. This KEP implements a way to disable anonymous auth for all endpoints except a specificed list (usually healthz, readyz, and livez). This will close a lot of runtime security holes.

4633 was introduced by Vinayak Goyal in May, and is expected to be Alpha in 1.31.

Other Merges

You can delay terminal Job conditions until all pods are terminal

Node.Status.Features.SupplementalGroupsPolicy helps implement fine-grained SupplementalGroups control

e2e tests added for kubelet support for split image filesystem

Bug fix for when PodIP field is temporarily removed for a terminal pod

Dynamic client’s List method now supports API streaming

kube-scheduler implements scheduling hints for the VolumeRestriction plugin

Bug fix in the API server where empty collections of ValidatingAdmissionPolicies did not have an items field

TopologyManager policy option ‘max-allowable-numa-nodes’ added to configures maxAllowableNUMANodes for kubelet

New static policy option SpreadPhysicalCPUsPreferredOption to spread cpus across physical cpus

kube-proxy: Linux and Windows sections adhering to the v1alpha2 specifications added

PodIP.IP and HostIP.IP are required fields, fixing a regression

omitempty for optional Job Pod Failure Policy fields

UserNamespaces field added to NodeRuntimeHandlerFeatures to support the ProcMountType option.

Kubelet on Windows to stop using wmic to query for UUIDs

Improvements to lock utilization in scheduling queue to increase scheduling throughput when there are many gated pods

Promotions

JobPodFailurePolicy to GA

PersistentVolumeLastPhaseTransitionTime to GA

KubeletCgroupDriverFromCRI to beta

ElasticIndexedJob to GA

Subprojects and Dependency Updates

Prometheus v2.53.1: Bug-fix for remote write dropping samples when the sending flow stalled for longer than it takes to write one WAL segment

kubernetes/cloud-provider-openstack v2.30.2: Openstack Cloud Controller Manager Helm Chart

via Last Week in Kubernetes Development https://lwkd.info/

July 17, 2024 at 06:00PM

Import and export Markdown in Google Docs

What’s changing In 2022, we introduced expanded support for composing with Markdown in Google Docs on web. Today, we’re introducing highly-requested features…

July 17, 2024 at 11:51AM

via Instapaper