Meet the Bitnami Team: JuanJo Ciarlante

The Bitnami team is a diverse group of talented people distributed all over the world. Get to know them better through this series of blog posts

JuanJo is a Senior Site Reliability Engineer on the SRE team, which is part of the Kubernetes Squad, and works remotely from Argentina.

A brief bio

¿ Cómo funciona (How does it work) ?

I’ve been passionate about «how things work» since I was a child. I still recall how anxious I was when waiting for my father to bring home the latest issue of «Cómo funciona» magazine. Not surprisingly, many years later FOSS became the major driver in my career.

That token[ring card] that changed my life.

My 1st taste of Internet came thru a Metro-Area-Network at the govt department I was working at, c.a. 1995, in Mendoza/Argentina, where we got a “lease” for one of those shiny public IP addresses. Alas, it was linked via a single token-ring NIC installed in our Slackware Linux gateway box (an old IBM PS/2 we had recycled for that purpose). With no budget for a second TR NIC, several hundred dollars at that time and baby Linux 1.2 only supporting a single address per interface, it quickly became unsustainable to switch between our formal govt’s private address and the precious public one.

Hm … what about that ~2MB linux-1.3.xx.tar.gz source that’s written in that C language I had been tinkering with? After some weeks, many tries+rebuilds+crashes along the way, I had hacked up something beyond WFM, post-able to the linux-kernel mailing list -- with the help and feedback mainly from Alan Cox¹, we got ip_aliasing finally merged in linux-1.3.47 \o/

Since then I contributed to many other FOSS projects: Linux IP masquerading improvements, user/kernel space OpenSWAN crypto algo modularization, IPv6 transport support for OpenVPN, among other sparse bits.

Cloud-y times ahead.

In 2007 I joined Google at their Switzerland HQ as an SRE. By 2012 I had to return to my home country (was techlead of the GMail/Abuse-backends SRE team by that time) ... those times you’d want fork() to be a real-world thing.

Alas, an opportunity to work from home for Canonical had opened, which I was lucky enough to grab: joined as Webops/SRE, later CRE (Cloud-RE) to wheel OpenStack-s for fun and profit.

Being back home also allowed me to resume my courses at the Universidad de Mendoza - re-joining that synergy that comes from teaching↔learning.

During my career I had been so lucky to have great challenges, learn so much from my awesome colleagues, work+contribute to FOSS projects, what else could I ask for? →

Why you joined Bitnami and what excites you about working here?

→ Kubernetes 

I’d been missing a rock-solid cloud orchestration platform (yeah, every Xoogler misses Google’s Borg I guess), but then Kubernetes came to life! Then Bitnami -- with its focus on the application orchestration realm together with its strong involvement in k8s projects in like kubeless, helm and ksonnet/kubecfg -- made a perfect fit for me :))

I also love the company-wide team culture, how horizontally you can approach managers and founders, it’s a great place to work !

What are you working on?

As member of the SRE team, we are involved in a pretty diverse set of devops tasks and projects, while also actively contributing to our Kubernetes efforts - for example, I recently added integration tests to kubeless, which ended being quite a trip (riding Travis to spawn a kubernetes cluster for your tests to land-on is an interesting challenge).

What do you like to do for fun?

Hmm guess that bash 1-liners don’t count here, so let’s try something else :#)

I love cooking (yeah you may say that’s meal-Engineering, but I’d like to convince myself that’s not only that ;). I also enjoy travelling to learn from other people’s culture, art and nature.

I’ve recently joined a local runners’ group, which gives another way to enjoy the beautiful hills surrounding Mendoza.

¹FWIW Interesting thoughts and discussion with Alan Cox: he pushing me to come up with something that would not require extra tools than ifconfig, then telling me why my original choice of ‘/’ as a shell-friendly aliased interface separator (i.e. no ‘|’, ‘$’, etc) was actually a bad idea - hmm not many choices left:
@ ←nah, so email-ish
% ←ditto (uucp routing, anyone?)
. ←meh looks like a file extension
: ←yeah, available! - plus there’s no such thing as drive-names on *nix OSes, after all ;)

Interested in working with Bitnami and JuanJo? Apply for one of our open positions!

Security Issue: RubyGems

Ruby project has published a security advisory due to multiple moderate-severity vulnerabilities in RubyGems bundled by Ruby. The reported issues are:

• A DNS request hijacking vulnerability
• An ANSI escape sequence vulnerability
• A DoS vulnerability in the query command
• A vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files

The following versions are affected:

• Ruby 2.2.7 and earlier
• Ruby 2.3.4 and earlier
• Ruby 2.4.1 and earlier

At this time, there are no Ruby releases with the fix for RubyGems. It is strongly recommended to apply one of the following workarounds:

• Upgrade RubyGems to the latest version (2.6.13) by executing:

     $ gem update --system 

• Apply the patch for your version:
• For Ruby 2.2.7: patch
• For Ruby 2.3.4: patch
• For Ruby 2.4.1: patch1 and patch2 (apply sequentially)

You can find more info about this issue in the links below:

RubyGems project
Hacker News

If you have further questions about Ruby or this security issue, please post to our community forums and we will be happy to help you.

Container Trends – Bitnami User Survey 2017 (Part 2)

Survey Says: Kubernetes

Name the top 5 container orchestration solutions.

Top answer on the board: Kubernetes

The rise of Kubernetes as the leading container orchestration tool should come as no surprise. It’s the topic of the day with Amazon and Microsoft recently joining the CNCF. In a few short years, we’ve seen hundreds of companies join the ecosystem building or modifying solutions to support kubernetes (check out the recently updated CNCF Landscape) and we’ve even seen the early days of acquisitions beginning to happen. With all that is being said and written, it’s still good to back up a trend with some good old-fashioned data.

As promised (see Container Trend Part 1), in our second post covering our recent user survey we’re taking a look at container orchestration trends. In our last blog post, we showed the increase in interest, highlighting a more than 2x increase in production container usage from 2016 to 2017. As that increase in container usage was happening, what impact did that have on how containers were being managed? Of course, we’d expect some increase in usage of container orchestration to match that growth.

We asked our users “What Container Orchestration System(s) does your company use?” and the results were surprising in a few ways. First and foremost was the enormous growth of Kubernetes. And while Mesos usage doubled, it still pales in comparison to new entrant offerings like AWS Elastic Container Service and Azure Container Service. Docker Swarm showed significant growth over that period as well, perhaps due to Swarm being included in the Docker 1.12 release. The least surprising bit of data was the sharp decline in users with no container orchestration, which is supportive of the shift from dev/test to production.

Figure 1. Container Orchestration Adoption - 2016 vs 2017

Key Stats:

• 115% growth in businesses using Kubernetes
• 100% growth in Mesos
• AWS Container Service overtaking Docker Swarm in less than 1 year

Digging deeper into container orchestration, we wanted to understand the scenarios in which the various platforms are being used. Knowing there was such a huge shift to production environments in the past year and seeing the impact that had on orchestration adoption above, we wanted to understand if there was preference for one platform over another as users make that move. For the most part, platform selection for dev/test is aligned with production. Focusing specifically on 2017 in this data set, we can see that Kubernetes, AWS and Azure usage all increased a few percentage points over their general adoption numbers when users were focused on production usage, with the largest number of users selecting Kubernetes.

Figure 2 – Container Orchestration Adoption 2017 – Dev/Test vs. Production

Key stats:

• Kubernetes is platform choice for over 50% of existing production container deployments

If you are making a decision on where to invest as you build out a container strategy or you’re looking for tools that can help you manage your Kubernetes environment, you’ve come to the right place. Bitnami can get you started on your journey with pre-packaged container images from our vast catalog of ready-to-run applications and we’re actively developing a contributing to a number of leading edge kubernetes projects.

Stay tuned for more from our 2017 Bitnami user survey. Next time we’ll break down container orchestration a little further and look at mixed usage …we’re just getting started.

Meet the Bitnami Team: Marko Mikulicic

The Bitnami team is a diverse group of talented people distributed all over the world. Get to know them better through this series of blog posts.

Marko Mikulicic is a Senior Engineer on Bitnami’s Toolchain team, and works remotely from Italy.

A brief bio

As a kid I liked to take everything apart to see how it works. But computers were different. When I was 8, putting my hands on one wasn't easy, given my track record. But once opened, the mystery just deepened.

Marko enjoying some time with his son

That machine, which allowed my father to stop keeping the neighbours awake with the clickety-clack of his old typewriter, was able to surprise me with its seemingly never ending amount of things it could do. Yet, all I could see was a bunch of quiet plastic bricks, not humming, not glowing, but nevertheless launching my 8-bit cannonballs over rasterized mountains hitting simulated walls of imaginary castles. Every game or application I saw triggered that instinct: take it apart and see how it works!

Like physicists discover how nature works, I was discovering the laws of this marvellous machine. I say discover, because while the knowledge was definitely out there, I first had to make sense of it: as a Croatian immigrant in the Italian-speaking part of Switzerland, I could only put my hands on the tech books from the country majority language. Thus, I co-learned German and C from the same book.

But C did no good. Non only it did not quench the thirst (too high level; what does the machine actually do!?), but the toolchain didn't fit in a single floppy drive. While forever flipping floppies on my shiny Amiga 500, I found a book about assembler and was happily programming in mc6800 assembly hereafter until hard drives finally came into town.

From there, I worked my way through a bit of everything: from academia to the industry, from applications to development tools, from writing compilers and interpreters to operating systems, from micro-optimizations to large scale design, from embedded development and hardware to working on the largest machine learning system on earth at Google.

Other than that, I lived in Switzerland, Croatia, Ireland and Italy. I have forgotten a lot of languages.

I have a 1 y/o son who makes me dream of sleeping.

Why you joined Bitnami and what excites you about working here?

I really like working on tools that make software engineers more productive, which is part of Bitnami’s overall mission. Software engineers love their tools and often have to build their own, either for fun or out of frustration. But there is not enough time to struggle with the same things over and over.

Nowadays most people don't assemble their own PCs and often they don't even install their OSs anymore; we can see how the same pattern can be applied further down on whole development and production environments, leaving you more time to actually focus on your own software and the many more interesting challenges you can face.

I believe Bitnami can make the difference here and give a lot of people that kickstart in productivity they need to build amazing things.

Plus, it's a fun place to work! I have worked in both small and large companies, so I know the pros and cons of both. Bitnami caught my attention because it is an interesting size, in an interesting moment, and has plenty of potential for solid foundations.

Bitnami is also full of people that come from very different experiences. Something that's new for you was well explored by someone else, and vice versa; this offers a lot of opportunities to stay curious and learn a lot of things.

Also, I had to relocate back to Italy for family reasons and I found that Bitnami had built a solid remote working culture that was compatible with my time zone.

What are you working on?

While Bitnami is sharing and contributing to lot of open source projects, like Helm, Kubeless and Cabin, the main thing is still the application catalog, packaged in many ways: VMs you can run on premises, cloud images readily available at your cloud provider of choice and containers you can run just everywhere.

These applications and infrastructure components which you can use to build your systems on are curated by skilled humans who try hard to make things just work so you can worry only about things that matter.

But then, we have hordes of little (software-based) Elves that do the grunt work of building, packaging, updating, testing, publishing, notifying, monitoring so that you can enjoy your click-to-deploy Mongodb cluster.

My job is to program those little subordinate clauses, telling them what to do and how to interact with each other, so that we can free up some valuable for humans to do what they (I mean, we) do better: be creative and apply judgement calls.

Building complex and dependable automation is fun and challenging. It's hard to draw the line between what should be automated and what not, and it's easy to fall in the trap of turning humans to log and graph watchers and mindless button pushers just because you cannot really trust the amazingly complex automation you just built. So much fun, much reward.

What do you like to do for fun?

I work for fun and live for a living.

Not work work, I mean, somehow I got dragged into this whole thing about farming and growing food, making my own olive oil etc; it's serious work! I even had to ferry donkeys across europe, twice.

Not wasting money on gyms; doing useful work as Joule intended instead!

I don't dismantle things anymore. Entropy does it for me.

When I had time, I used to be a musician. I also liked words.

When I grow up I want to be taller.

Interested in working with Bitnami and Marko? Apply for one of our open positions!

Security Release: Drupal 8.3.7

Drupal has released a new version that fixes three security vulnerabilities. These vulnerabilities affect Drupal versions prior to 8.3.7.

The vulnerabilities fixed in the latest version of Drupal (8.3.7) are the following:

• Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass - Critical - CVE-2017-6925
• Views - Access Bypass - Moderately Critical - CVE-2017-6923
• REST API can bypass comment approval - Access Bypass - Moderately Critical - CVE-2017-6924

It is recommended that you update your Drupal application to the Drupal 8.3.7. You can follow our documentation to learn how to upgrade your application and ensure its security.

For new application deployments, including the Bitnami Launchpad, we have released Drupal 8.3.7 containers, installers, virtual machines and cloud images that includes the security fixes to address these vulnerabilities. If you deploy Bitnami Drupal via one of our cloud partner marketplaces and it is not yet updated to version 8.3.7, you will need to upgrade your application using our documentation.

If you have further questions about Bitnami Drupal or this security issue, please post to our community forum, and we will be happy to help you.

Security Issue (CVE-2017-1000117): Git, Subversion and Mercurial

A new version of Git has been released to address the following security vulnerability: CVE-2017-1000117.

This is an important issue-- A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.

This has been a coordinated release with Subversion and Mercurial that share a similar issue. CVE-2017-9800 and CVE-2017-1000116.

We have released all the affected containers and Helm charts for Kubernetes.

Containers:

• Discourse 1.8.4-2
• Codiad 2.8.4-1
• Redmine 3.4.2-2 
• Jenkins v1.73-1
• Phabricator 2017.30.0-0

Helm Charts:

• Redmine Helm Chart v1.2.4
• Jenkins Helm Chart v0.4.31
• Phabricator Helm Chart v0.4.15

We have released new versions of the applications that use any of these Source Code Management tools for all platforms:

• Gitlab 9.4.4
• ReviewBoard Plus Powerpack 2.5.13.1-2
• Redmine Plus Agile 3.4.2-1
• DreamFactory 2.8.0-2
• Subversion 1.9.7-1
• Redmine 3.4.2-1
• Phabricator 2017.32-0
• Codiad 2.8.4-1

We continue working on releasing all stacks that ship Git, Subversion or Mercurial.

If you can not update or migrate to a new version, the workaround would be to disable the “ssh://” protocol of your web application. GitLab shows you how to do this via their workaround.

Have questions about this security vulnerability for Bitnami solutions that ship Git, Subversion or Mercurial? Post to our Community Forum, and we will be happy to help you.

Cloudy times ahead for SIs and MSPs?

As enterprise IT spending on cloud goes mainstream, how do more traditional SIs, consultancies and MSPs “go cloud”?

For Systems Integrators, IT consultancies, and Managed Service Providers, there has never been a better time for a client conversation about cloud migration. The drive for enterprises of all sizes to migrate to a modern cloud IT infrastructure is overwhelming. But if you don’t yet have the extensive experience or established reputation in building cloud solutions, how can you begin to deliver with greater repeatability, lower risk, and faster implementation.

Just how big is the opportunity?

In April, Forbes published a really useful “Roundup Of Cloud Computing Forecasts, 2017”. It compared and contrasted predictions from a range of analysts about the future growth of cloud computing, concluding that enterprise spending on cloud IT infrastructure will increase by 15% to 20% per year in the next five years – with most of that growth coming from public cloud infrastructure. Forbes’ claims are bolstered by staggering financials from the leading public cloud vendors: most recently (Q2 2017) Amazon Web Services’ (AWS) revenue surged 42 percent year-on-year (on an annual run rate of around $16 billion!) while Microsoft Azure's revenue jumped 97% year-on-year in the same period.

The shift in enterprise IT spending to cloud - now universally global, and across organizations of all sizes and sectors - represents a massive opportunity for SIs, consultancies and MSPs. Cloud specialists such as Cloudreach, Cloud Technology Partners (CTP), Logicworks and Nordcloud are already taking full advantage. They were either born in the cloud, or have fully transformed for the cloud era. They are part of a new generation of Public Cloud Infrastructure Managed Service Providers described in a new Gartner Magic Quadrant report published in March 2017. They each have a suite of well-honed capabilities, tools and processes to help customers transition to a more cloud-native, DevOps-oriented approach.

The challenges for traditional Integrators and MSPs

As the IT services market matures, enterprises of all sizes are expecting a wider range of consultancies and MSPs to meet their demands in helping transform their infrastructure. The cloud-hungry customers of tomorrow will be looking for in-depth knowledge of cloud platforms and the right processes to manage costs, sprawl, and security - but they may be looking for more than a pure cloud consultancy. These new opportunities may be long standing clients, new word-of-mouth recommendations, or companies looking for your industry-specific expertise. Whatever the reason, they will value your proven expertise in delivering solutions - but will need it delivered on the cloud. These increasing demands to deliver cloud-native solutions can present you with many challenges including:

• Repeatability and consistency - can you deliver a repeatable practice, delivering predictable ROI, regulatory compliance, and enterprise-grade operations assurance? Or do you need to architect a complete solution from scratch for each new customer?
• Efficiencies - do you have the necessary tools for rapid deployment of business workloads with overheads low enough for you to be competitive?
• Credibility and confidence – without a wealth of customer references, how can you demonstrate your ability to deliver on the cloud? Can you recommend and articulate a clear path to success?

Maximizing efficiencies, minimizing risks

How can systems integrators and consultancies best operationalize to address this new opportunity with multiple moving parts & trends? How can you best develop the capability to deliver cloud projects faster, with less risk and make more money? Two clear ways of doing this are by leveraging open source technologies, and by taking advantage of greater levels of automation.

1. Open source technologies
   
   Open source is now almost universally embraced, and to some degree mandated (for example in US Federal Government projects). Leveraging open source technologies allows you to efficiently build a solution from server applications (e.g. Drupal, edX) running on Linux, or to develop on top of infrastructure components (e.g. MongoDB, Node.js, PHP). This might be for a direct “lift-and-shift” of an open source-based application running in a datacenter, an extension of an existing system (e.g. a backend to support a new mobile app), or a new-and-improved alternative for an existing proprietary platform. Best-in-class open source components (created and maintained by passionate, innovative, expert communities) will provide the necessary functionality and infrastructure building blocks allowing you to focus on delighting clients with customer-specific features. They will also enable you to spin-up POCs more rapidly to demonstrate your capabilities to customers early in the sales cycle.


2. In-house automation
   
   The use of in-house automation is essential. It will allow you to successfully deliver repeatable services with more efficiency and less risk. In the short term this, will help you reduce implementation time, but as the market develops it will be increasingly important to offer competitively priced services. Automating manually-intensive, repetitive tasks will help you to focus more on the client’s unique needs and help them fully realize the business benefits of migrating to cloud-native infrastructure.
   
   The best automation tools will also help you deliver solutions for your customers on multiple cloud platforms. In an evolving landscape, many enterprises want flexibility in their choice of cloud service. Being able to offer multiple options will help you stand out from your competitors.

Bitnami has vast experience in open source technologies - we deliver over 150 secure, trusted, and optimized applications and developer stacks for each of the leading cloud platforms (including AWS, Azure, Google Cloud and Oracle Cloud), and in multiple formats including Docker containers and Helm charts for Kubernetes. We operate at scale with more than one million deployments every month, driving tremendous value for our end users and cloud partners.

Updating and maintaining our images to the required high standard means we perform literally thousands of updates every month - CVE’s are patched and images are rebuilt/ tested/ published in the fastest possible time. The only way we can realistically achieve this is via our own efficient, reliable automated build and delivery platform. It’s so reliable and efficient we have based a successful business on it for many years.

We’ll soon be making this automation platform available for you to build and maintain custom images and templates for your customers. Find out how Bitnami can help with the heavy lifting for you to “go cloud."

Bitnami Now Provides Secure Open Source Applications for AWS GovCloud

Today, we are excited to announce that Bitnami is a Launch Partner for AWS’ new GovCloud (US) Marketplace, bringing the Bitnami Application Catalog to qualified public sector customers in the US! GovCloud users can now deploy any of Bitnami’s 110+ packaged applications to “an isolated AWS region designed to host sensitive data and regulated workloads in the cloud.”

AWS GovCloud users can now easily deploy and maintain applications in the cloud with Bitnami. For public sector customers that may not be familiar with using open source software, Bitnami’s packaged application stacks provide added features and components to deliver everything you need out of the box. Bitnami ensures each application is:

• Ready-to-Run – Pre-configured applications and development stacks 
• Up-to-date – Bitnami’s Application Catalog is continuously updated and secure
• Optimized – Consistently configured for best performance on any platform
• Trusted – Over 1 million Bitnami packaged applications are deployed per month 

The AWS GovCloud helps customers comply with government security and regulatory requirements such as ITAR and FedRAMP, while enjoying the benefits and flexibility of using the cloud. GovCloud is only operated by Amazon employees who are U.S. citizens that reside within the United States, and is only accessible to US persons working at government agencies or in related industries.

Want to learn more about the AWS GovCloud or how to get started? Feel free to read more here.

Ghost 1.5.1 Released!

We are happy to announce that Ghost 1.5.1 is now available on Bitnami! Ghost is quickly becoming one of the most popular publishing platform with it's 100% open source tool that allows you to create your dream online publication with ease.
The new version of Ghost includes:

• New editor
• Refreshed UI
• New default theme design
• Night shift mode
• Publication icons
• And more!

If you already have a running version of Bitnami Ghost, you can update your application by following these simple steps:
1- First of all, make a backup of you Ghost content:
In your existing (pre v1.0.0) Ghost blog, navigate to YOURSITE/ghost/settings/labs/ (the settings->labs page in Ghost-Admin) and click on the Export button. It should look something like this:

This will download in your system your JSON export file that you need later. 2 - Launch a new Bitnami Ghost instance
3 - Import your content into your new Ghost instance:
On your new blog navigate to YOURSITE/ghost/#/settings/labs (the settings->labs page in Ghost-Admin), click Choose file and select the JSON export file created before from your system, then click on the Import button.

Please note that Ghost importer will not import themes. You could see a warning that your themes have not been imported, that is the normal behaviour, you can continue to the next step. 4 - Move your images You need to copy/move your images from your existing directory <ghost-dir>/htdocs/content/images to the new instance directory <ghost-dir>/htdocs/current/content/images. 5 - Move/upload your themes
Navigate to YOURSITE/ghost/#/settings/design (the Settings->Design page in Ghost Admin) then click Upload a Theme button and follow the instructions. Now you have you system fully migrated to the newest Ghost version!

Haven't tried Ghost yet? Not to fear! You can easily get started with Ghost by launching it in the cloud, as a Virtual Machine, or native installer.

Meet the Bitnami Team: Jose Vazquez

The Bitnami team is a diverse group of talented people distributed all over the world. Get to know them better through this series of blog posts.

Jose Vazquez is Senior Backend Developer on Bitnami’s WebDev team, and works remotely from Madrid.

A brief bio

Technology is my passion, specially software, systems and all things digital. I started with C, but then I got into that “new shiny thing” (back then) called Java. I got my degree as a research student at HP Labs Bristol, working on Java distributed systems ideas that later became the “cloud”. Back in Spain I did quite some J2EE-style projects for various companies, some C/C++ and acquired experience with Linux, SQL & Relational Databases, Source Control systems, Javascript and yep, that was the time of all-things XML!

Jose enjoying a bike ride with his son

I've been following Go since its early days, I even made a contribution to the http package, early on. What can I say, I do prefer strongly typed languages generating static compiled binaries after all... Better get annoyed by the compiler at office hours than by page from a production system at 3AM!

In 2013 I moved to Dublin, to work for AWS DynamoDB, maybe the world's biggest NOSQL DB deployment? Keeping the service up & running, we enhanced service internals (Java), and the automation around it (Python & Java). There I made the switch to git, unit testing & code reviews and never looked back! After AWS, I worked for Canonical, delivering the Ubuntu images for “the big 3” and most other clouds. The team was distributed across countries and time zones! Work was mainly in Python & Jenkins.


Why you joined Bitnami and what excites you about working here?

Distributed Systems, cloud and lately containers define my favourite domains of the technology to work within and contribute to.

Bitnami’s focus on keeping hundreds of applications up to date for all consumer channels, especially the cloud and containers, will expose us to interesting problems to which we’ll have to provide state of the art solutions for. We are the first ones doing this, the leaders, at least at the scale Bitnami does it.

On the personal side, apart from the technologies, I was looking for a remote job, preferably more EU than US-centric. Bitnami provided just that, and also the opportunity for me to work with a highly professional and technological skilled group of people all over the world, from home. What else can you ask for?

What are you working on?

I work with the webdev team. Our focus within Bitnami is to deliver awesome applications prepared by the assets team to our cloud partners. Since I just recently started, I am personally focusing more on the backend of things, including amongst others, the on-boarding of new Cloud Service Providers: building and publishing cloud-images/multi-tier solutions to Marketplaces.

The goal of my team is to reach to all clouds and deliver our apps everywhere as flawlessly as possible, aiming for the greatest level of automation.

What do you like to do for fun?

I used to play basketball quite a lot, and ride bikes (a bit less often, I have to admit). Cinema (as an spectator ;-) has always been one of my passions. However, with family duties lately I consider myself lucky if the kids will go to sleep early enough, to let us watch a nice movie, from time to time.

But hey, I do also enjoy having the whole family going out, and maybe shortly watch movies, and even do some bike & basketball again with the kids!

Interested in working with Bitnami and Jose? Apply for one of our open positions!

Container Trends – Bitnami User Survey 2017 (Part 1)

Each year Bitnami conducts a survey of our user base. This year, we’ve gathered quite a bit of data about orchestration, automation, application development, development environments, containers and of course some very specific data about the wants and needs of full-time developers. Over the course of the next few weeks, we plan to share some of the industry trend information that we’ve captured in a series of blog posts and infographics.

One of the key technologies that we’ve been tracking for the past few years has been containers. In this year’s survey, we were impressed by the growth in container interest and the rapid growth in production usage. The first evidence of the increased interest was that the number of developers who told us they were using containers grew more than 2x from 2016 to 2017. The second significant piece of information from our survey was the large shift to production usage, seeing only 27% of users with containers in production in 2016 grow to over 65% in 2017. This trend was also supported by a decline in users reporting that they are using containers only for dev/test use-cases with no intent to run in production.

This indicates not just a maturation among the early adopters of containers from 2016 but a growing user base that is rapidly adopting and moving from dev/test to production.

Figure 1. Container Usage Dev/Test-Only vs. Production - 2016 vs 2017 

• More than 2x increase in production container usage
• 50% decrease in dev/test-only usage YoY

Looking deeper into what “production” meant to our users and at what scale, our survey data showed that large scale production usage (defined as 50+ container host machines) grew more than 100% year over year while respondents with fewer than 50 container images grew more than 250% year over year.

Figure 2. Container Usage – Production Scale – 2016 vs 2017

We can clearly see that container usage is shifting from dev/test to production environments, and we’ve established that usage is starting to reach some critical mass at scale. Let’s look at where the usage is coming from. Breaking down our data and reviewing production container usage by company size shows us that it is well distributed regardless of the number of employees. Small companies of less than 50 employees make up the largest percentage of production usage, however mid-sized business (50-1,000 employees) and large businesses (1,000+ employees) are not that far behind in their usage of containers in production environments.

Figure 3. Container Usage by Company Size

The Bitnami User Survey clearly shows that container orchestration has moved rapidly from dev/test to real production in the last year and that rate of adoption is likely to accelerate further as the small-scale deployments scale up. Look for our next post in this series where we’ll review what tools are the most popular for container management and what platforms are being selected for container hosting.

To accelerate container usage in your company, be sure to check out Bitnami containers for the latest stable versions of your application stacks and development environments. If you are a Kubernetes user, be sure to visit kubeapps.com to discover and launch Kubernetes-ready apps.

Security Release: Jenkins Plugins Vulnerabilities

The Jenkins project has published a security advisory due to some plugins vulnerabilities. These are the affected plugins:

• Blue Ocean:
• GitHub Pipeline for Blue Ocean up to and including 1.1.5, 1.2.0 beta releases up to and including 1.2.0-beta-3
• REST Implementation for Blue Ocean up to and including 1.1.5, 1.2.0 beta releases and up to and including 1.2.0-beta-3
• Bitbucket Pipeline for Blue Ocean 1.2.0-beta-3
• Config File Provider Plugin up to and including 2.16.1
• Datadog Plugin up to and including 0.5.6
• Deploy to container Plugin up to and including 1.12
• DRY Plugin up to and including 2.48
• OWASP Dependency-Check Plugin up to and including 2.0.1.1
• Pipeline: Groovy Plugin up to and including 2.38
• Pipeline: Input Step Plugin up to and including 2.7
• Script Security Plugin up to and including 1.30
• Static Analysis Utilities Plugin up to and including 1.91

Bitnami deployments include some of these plugins by default. It is strongly recommended that you update your Jenkins plugins to the latest version, Jenkins 2.60.2-1. You can upgrade the plugins of your Bitnami Jenkins application following our documentation.

For new application deployments, Bitnami has released Jenkins 2.60.2-1 LTS installers, virtual machines and cloud images with the latest versions of the plugins that include the security fixes. If you deploy Bitnami Jenkins via one of our cloud partner marketplaces and it is not yet updated to 2.60.2-1, we strongly suggest that you update your Jenkins plugins to this latest version. If you are using the Bitnami Jenkins Docker container image, please follow the documentation in our GitHub repository to upgrade your deployment to the 2.73 Jenkins version with the latest plugins.

If you have further questions about Bitnami Jenkins or this security issue, please post to our community forums and we will be happy to help you.

Meet the Bitnami Team: Rick Spencer

The Bitnami team is a diverse group of talented people distributed all over the world. Get to know them better through this series of blog posts.

Rick is our VP of Engineering, and works remotely from Washington DC.

A Brief Bio

I graduated college with degree in Philosophy in 1990, though I studied a good deal of psychology as well. I wanted a career that was focused on service, so my first jobs were in Community Mental Health providing support to people with serious persistent mental illnesses, helping them stay in their homes in the community, and out of homelessness or the hospital. I burned out after a 5 years of that, though, and went back to graduate school and got a Master's Degree in Human Factors Engineering.

I got married to my wife in 1991, and we have 2 "kids", 22 and 18 years old now.

I started programming when I was about 12 years old, using my school's TSR-80 computers. Eventually my parents bought us kids a Commodore 64, so I continued programming that as well. I kept programming on the side, learning Pascal and C along the way, until I got recruited to Microsoft in 1997 to work as a Usability Engineer in Visual Studio. I spent almost 10 years at Microsoft in various roles, but during that time I discovered that I am always at my best when my end users are developers.

I left Microsoft to pursue my interest in Open Source. After a year, I landed a job as the Engineering Manager for the Ubuntu Desktop. I graduated from that to Director of Engineering and finally VP of Ubuntu when I left in early 2016.

I managed many disciplines during my years before joining Bitnami, including Engineering, Sales, Design, Usability, Documentation, Localization and others. I managed small teams and teams of over 300 people.

I joined Bitnami in the spring of 2016 as VP of Engineering.

I have lived in Alexandria, VA, Seattle, WA, Toulouse, France, and now am living in Washington, DC.

Why you joined Bitnami and what excites you about working here?

As I said, I always feel I am at my best when my end users are developers. I was strongly attracted to Bitnami's portfolio of offerings for developers. I liked Daniel and Erica's approach to running the company in a responsible, but non-risk averse way. I was also attracted to the remote working aspects of the role, and the opportunity to build a strong remote culture. I also knew Erica through personal connections, and I greatly admired her business acumen and her leadership style. I believed in Daniel's strong vision for the future of the company.

Enjoying some time with co-workers during the all-hands

What excites me about working here is that the engineering team is now structured for success across 3 major product lines that we are developing, and that there seems to be a huge appetite in the community for what we are building. Our images fill pretty much every cloud market place, and our new products are getting a ton of interest and traction. Across the board, we have a very smart team, and the team is executing. For a person in my role, this is the really fun.

I also very much enjoy working on Open Source projects, and so I love working with Seb and the rest of the Kubernetes Squad when I can.

What are you working on?

I divide my time into a few buckets. As VP of Engineering, I need to do a lot of work to help teams get their jobs done, help them work together effectively, and also help get the message out to partners, customers, and the community.

We have a fairly unsung team called the Web Dev team. These people are really the glue that holds Bitnami together, but because of their diligence, they make their job seem easy. This team is responsible, of course, for maintaining all of Bitnami's web sites and tools. But they are also critical in that they do work to integrate our image build systems with all the cloud marketplaces. This takes a lot of work to just figure out how to do the integration, and they often do it with crazy time pressures to help customers hit their deadlines. I don't spend too much time with this team because they are just so good at their jobs.

We have an Assets Team who has many responsibilities. One of the main ones is to design and build cloud images, VMs, containers, Multi-tier templates and other assets that end users can just use as is, or extend for their development environments. That team is responsible for making sure our users and our customers are very happy with what we are building. They are currently doing a great job at that, but they are also working every iteration to get more efficient and better at producing what they produce. I don't personally spend too much time with this team anymore, as they are really running well.

We are working on a lot of Kubernetes offerings, for example, Kubeless, Monocular, kubecfg, containers, etc... I spend a certain amount of time working with different communities on those projects, as well as explaining what we are doing to partners and potential future customers. So, I spend a lot of time advocating for this team.

I am spending a large amount of my time on our Enterprise product. We have a productized version of our own toolchain that we are developing for two different markets. I spend a lot of time working with this team to ensure that they have everything they need to achieve the vision, as well responding to feedback, input, scheduling difficulties, unexpected opportunities, etc... I spend a copious amount of time working with external partners and potential customers to understand how this toolchain will benefit them, though. The more traction we get in these discussions, the more time this takes.

Of course, the bulk of my job is listening to my team to help them strategize how to solve problems and achieve goals, to help ensure that the whole team is working together effectively, ensure everyone understands the strategy and help them align to it, etc... I spend a LOT of time in video conferences ;)

Finally, we are continuing to grow, so recruiting is, of course, a big focus for me.

What do you like to do for fun?

Honestly, I work a lot and I work hard. So, when I do have time for fun, I like to really relax. This might involve playing video games, or playing my Mandolin. My father made me a beautiful mountain dulcimer, so I am looking forward to spending some time to learn to play that. I am incredibly happy that Season 3 of Rick and Morty has started.

When I go on vacation, I like to go swim and get some sun. This summer I am going to Barbados to surf.

Interested in working with Rick at Bitnami? Apply for one of our open positions!