What is Podman? The container engine replacing Docker

Podman is a container engine—a tool for developing, managing, and running containers and container images. Containers are standardized, self-contained software packages that hold all the elements necessary to run anywhere without the need for customization, including application code and supporting libraries. Container-based applications have revolutionized software development over the past decade, making distributed and cloud-based systems easy to deploy and maintain.

Podman is a project from Red Hat that is open source and free to download. It is a relative newcomer to the containerization scene, with version 1.0 being released in 2019. Podman has since made great strides, and its rise has been compounded by the gradual decline of Docker, the project that in many ways created the world of containers as we know it today.

Podman and Kubernetes

If you're even slightly familiar with container-based development, you'll know the name Kubernetes. As containerized applications grew more complex, developers needed tools that could coordinate containers that interacted with each other while running on different virtual machines, or even on different physical machines. Such a tool is called a container orchestration platform, and Kubernetes is by far the most prominent example. Kubernetes can work with any container that meets the Open Container Initiative (OCI) image specification, which Podman's containers do.

One of the important features of Kubernetes is the concept of a pod, an ephemeral grouping of one or more containers that is the smallest unit of computing that Kubernetes can manage. Podman is also centered on the idea of a pod, as its name implies. A Podman pod also includes one or more containers, which are grouped together in a single namespace, network, and security context. This similarity makes Podman and Kubernetes a natural fit, and from the beginning one of Red Hat's goals was to have Podman users orchestrate containers with Kubernetes.

Podman vs. Docker

The other big name from the world of containers that you've almost certainly heard is Docker. Docker wasn't the first container engine but in many ways it has come to define containerization. Much of how Docker works is the de facto standard for container-based development—enough so that many people use "Docker" as a shorthand for containers.

While Docker and Podman occupy a similar space in the container ecosystem, they are not the same, and they have different philosophies and approaches as to how they work. For instance, Docker is an all-in-one platform with tools for specific tasks, whereas Podman collaborates with other projects for certain purposes—for instance, it relies on Buildah to build container images.

There are also architectural differences: Docker has no native concept of pods, for instance. Another important difference is that Docker relies on a continuously running background daemon program to create images and run containers, whereas Podman launches containers and pods as separate child processes. This aspect of Docker's design has important implications for security, which we'll discuss shortly.

Docker commands on Podman

By design and necessity, Podman and Docker are overall compatible. Part of that compatibility can be attributed to adherence to open standards. Because both engines work with containers that conform to the OCI standard, you can create a container with Docker and modify it in Podman, or vice versa, then deploy either container onto Kubernetes.

When Podman rolled out in 2019, Docker was so dominant that its command-line interface had become a part of many developers' programming routines and muscle memory. In order to make a potential move to Podman more seamless, Podman's creators made sure that its commands and syntax mirrored Docker's as much as possible. They went so far as to make it possible to set an alias that re-routes Docker commands to Podman.

Better security with rootless containers

With Podman and Docker working so similarly in so many ways, why would you choose one over the other? Well, one important reason is security. Remember how Docker relies on a daemon to do much of its ongoing work? That daemon runs as root, which makes it a potential entry point for attackers. This isn't an insurmountable obstacle to secure computing, but it does mean that you have to put some thought into navigating Docker security issues.

In some situations, you'll want to run a container with root privileges on its host machine, and Podman lets you do that. But if you would rather keep your containers safely restricted to user space, you can do that as well, by running what's called a rootless container. A rootless container has no more privileges than the user that launched it; within the container, that user has root privileges. You can also use command-line flags to add privileges to your containers in a granular way.

What about performance?

One area where Docker has a leg up on Podman is performance, at least according to some. While there's little concrete information on this subject, it's not hard to find frustrated developers on Hacker News, Stack Overflow, and Reddit complaining about Podman's performance, especially when it's running rootless. Some Swedish university students ran a benchmark suite on several different container platforms and found Podman lacking, though this was admittedly an older pre-1.0 version of Podman. While there's not a lot of technical information on this topic, anecdotally Podman gets dinged for its performance.

Will Podman replace Docker?

From the discussion so far, it may not sound like any great vibe shift is in the works to replace Docker with Podman. But a major change is coming that will displace Docker from one of its longtime niches: Kubernetes itself.

Kubernetes and Docker have for years been the twin giants of the container world. But their coexistence was always somewhat uneasy. The rise of Kubernetes came after Docker was well established in its niche—indeed, you could say that Kubernetes became popular in part because Docker wasn't up to the task of managing all the containers that needed to be coordinated in a large, distributed application.

Docker (the company) developed its own container orchestration platform in 2015, dubbed Swarm, that was designed to play to Docker's strengths. Swarm was launched with great fanfare, but never quite caught up to Kubernetes. While Swarm still has devotees, Kubernetes has become the de facto standard for container orchestration, just as Docker became the de facto standard for other aspects of the container ecosystem.

Additionally, Docker never quite played nice with Kubernetes in terms of its container runtime, the low-level component of the container engine that, among other tasks, works with the underlying operating system (OS) kernel and mounts individual container images. Both Docker and Kubernetes conform to the OCI image spec, which Kubernetes uses to coordinate images built to containers. But Kubernetes also relies on container runtimes compatible with a standardized plugin API called the Container Runtime Interface (CRI), which Docker has never gotten around to implementing.

For a long time, Docker's popularity forced Kubernetes to use Dockershim, a CRI-compliant layer that was an intermediary between Kubernetes and the Docker daemon. This was always something of a hack, however, and earlier this year, Kubernetes jettisoned support for Dockershim. (Podman, by contrast, uses the compatible CRI-O runtime from the Cloud Native Computing Foundation.)

This is part of a larger story about Docker trying and failing to become an enterprise company. In short, Docker was never fully able to break away from Kubernetes. Kubernetes, meanwhile, no longer needs Docker to the extent it once did.

Whether Podman will replace Docker is unclear, but it will definitely be one of the contenders. It helps that Podman is not a flagship product looking to be monetized, but rather a single open source technology offering from a much larger company. We can expect Podman and Kubernetes to remain intertwined for some time to come.

Which container engine should you use?

Hopefully, this discussion gives you a sense of the factors to help you choose between these two container engines. Podman is based on a more secure architecture, while Docker has a deeper history. Podman is native to Kubernetes, whereas Docker also works with Docker Swarm. Docker includes all the functionality you need for many container-related tasks. Podman is modular and lets you experiment with different tools for different purposes.

With that said, the "Podman vs. Docker" question is on some level a false choice. Both platforms create images that conform to the OCI spec, and both are driven by many of the same commands, so you can move seamlessly between the two. You may, for instance, want to use Docker for local development, then use Podman to deploy the containers you built inside Kubernetes.

https://www.infoworld.com/

Healthcare AI in a year: 3 trends to watch

Between the COVID-19 pandemic, a mental health crisis, rising healthcare costs, and aging populations, industry leaders are rushing to develop healthcare-specific artificial intelligence (AI) applications. One signal comes from the venture capital market: over 40 startups have raised significant funding—$20M or more —to build AI solutions for the industry. But how is AI actually being put to use in healthcare? 

The “2022 AI in Healthcare Survey” queried more than 300 respondents from across the globe to better understand the challenges, triumphs, and use cases defining healthcare AI. In its second year, the results did not change significantly, but they do point to some interesting trends foreshadowing how the pendulum will swing in years to come. While parts of this evolution are positive (the democratization of AI), other aspects come with less excitement (a much larger attack surface). Here are the three trends enterprises need to know. 

1. Ease of use and democratization of AI with no-code tools

Gartner estimates by 2025, 70% of new applications developed by enterprises will use no-code or low-code technologies (up from less than 25% in 2020). While low-code has the ability to simplify workloads for programmers, no-code solutions, which require no data science intervention, will have the biggest impact on the enterprise and beyond. That’s why it’s exciting to see a clear shift in AI use from technical titles to the domain experts themselves. 

For healthcare, this means more than half (61%) of respondents from the AI in Healthcare Survey identified clinicians as their target users, followed by healthcare payers (45%), and health IT companies (38%). This, paired with significant developments and investments in healthcare-specific AI applications and availability of open source technologies, is indicative of wider industry adoption.

This is significant: putting code in the hands of healthcare workers in the way that common office tools, like Excel or Photoshop, will change AI for the better. In addition to making the technology more accessible, it also enables more accurate and reliable results, since a medical professional—not a software professional—is now in the driver’s seat. These changes are not happening overnight, but the uptick in domain experts as primary users of AI is a big step forward. 

2. Growing sophistication of tools, and the growing utility of text

Additional encouraging findings involved advances in AI tools and a desire for users to drill down on specific models. When asked what technologies they plan to have in place by the end of 2022, technical leaders from the survey cited data integration (46%), BI (44%), NLP (43%), and data annotation (38%). Text is now the most likely data type used in AI applications and the emphasis on Natural Language Processing (NLP) and data annotation indicate an uptick in more sophisticated AI technologies.  

These tools enable important activities like clinical decision support, drug discovery, and medical policy assessment. After living through two years of the pandemic, it’s clear how crucial progress in these areas is, as we develop new vaccines and uncover how to better support healthcare system needs in the wake of a mass event. And by these examples, it’s also evident that healthcare’s use of AI varies greatly from other industries, requiring a different approach. 

As such, it should come as no surprise that technical leaders and respondents from mature organizations both cited the availability of healthcare-specific models and algorithms as the most important requirement for evaluating locally installed software libraries or SaaS solutions. As seen by the venture capital landscape, existing libraries on the market, and the demand from AI users, healthcare-specific models will only grow in coming years. 

3. Security & safety concerns grow

With all the AI progress that’s been made over the past year, it’s also opened up a range of new attack vectors. When asked what types of software respondents are using to build their AI applications, the most popular selections were locally installed commercial software (37%), and open source software (35%). Most notably was a 12% decline in use of cloud services (30%) from last year’s survey, most likely due to privacy concerns around data sharing. 

Additionally, a majority of respondents (53%) chose to rely on their own data to validate models, rather than on third-party or software vendor metrics. Respondents from mature organizations (68%) signaled a clear preference for using in-house evaluation and for tuning their models themselves. Again, with stringent controls and procedures around healthcare data handling, it’s obvious why AI users would want to keep operations in-house when possible. 

But regardless of software preferences or how users validate models, escalating security threats to healthcare are likely to have a substantial impact. While other critical infrastructure services face challenges, healthcare breaches have ramifications beyond reputational and financial loss. The loss of data or tampering with hospital devices can be the difference between life and death. 

AI is poised for even more significant growth as developers and investors work to get the technology in the hands of everyday users. But as AI becomes more widely available, and as models and tools improve, security, safety, and ethics will take center stage as an important area to keep tabs on. It will be interesting to see how these areas of AI in healthcare evolve this year, and what it means for the future of the industry. 

https://www.cio.com/

What is RPA? A revolution in business process automation

 What is robotic process automation?

Robotic process automation (RPA) is an application of technology, governed by business logic and structured inputs, aimed at automating business processes. Using RPA tools, a company can configure software, or a “robot,” to capture and interpret applications for processing a transaction, manipulating data, triggering responses, and communicating with other digital systems. RPA scenarios range from generating an automatic response to an email to deploying thousands of bots, each programmed to automate jobs in an ERP system.

Many CIOs are turning to RPA to streamline enterprise operations and reduce costs. Businesses can automate mundane rules-based business processes, enabling business users to devote more time to serving customers or other higher-value work. Others see RPA as a stopgap en route to intelligent automation (IA) via machine learning (ML) and artificial intelligence (AI) tools, which can be trained to make judgments about future outputs.

What are the benefits of RPA?

RPA provides organizations with the ability to reduce staffing costs and human error. Intelligent automation specialist Kofax says the principle is simple: Let human employees work on what humans excel at while using robots to handle tasks that get in the way.

Bots are typically low-cost and easy to implement, requiring no custom software or deep systems integration. Such characteristics are crucial as organizations pursue growth without adding significant expenditures or friction among workers.

When properly configured, software robots can increase a team’s capacity for work by 35% to 50%, according to Kofax. For example, simple, repetitive tasks such as copying and pasting information between business systems can be accelerated by 30% to 50% when completed using robots. Automating such tasks can also improve accuracy by eliminating opportunities for human error, such as transposing numbers during data entry.

Enterprises can also supercharge their automation efforts by injecting RPA with cognitive technologies such as ML, speech recognition, and natural language processing, automating higher-order tasks that in the past required the perceptual and judgment capabilities of humans.

Such RPA implementations, in which upwards of 15 to 20 steps may be automated, are part of a value chain known as intelligent automation (IA).

For a deeper look at the benefits of RPA, see “Why bots are poised to disrupt the enterprise” and “Robotic process automation is a killer app for cognitive computing.”

What are the top RPA tools?

The RPA market consists of a mix of new, purpose-built tools and older tools that have added new features to support automation. Some were originally business process management (BPM) tools. Some vendors position their tools as “workflow automation” or “work process management.” Overall, the RPA software market is expected to grow from $2.4 billion in 2021 to $6.5 billion by 2025, according to Forrester research.

Some of the top RPA tools vendors include:

Appian

Automation Anywhere

AutomationEdge

Blue Prism

Cyclone Robotics

Datamatics

EdgeVerve Systems

HelpSystems

IBM

Kofax

Kryon

Laiye

Microsoft

NICE

Nintex

NTT-AT

Pegasystems

Samsung SDS

Servicetrace

WorkFusion

https://www.cio.com/

What is data science? The ultimate guide

 Data science is the field of applying advanced analytics techniques and scientific principles to extract valuable information from data for business decision-making, strategic planning and other uses. It's increasingly critical to businesses: The insights that data science generates help organizations increase operational efficiency, identify new business opportunities and improve marketing and sales programs, among other benefits. Ultimately, they can lead to competitive advantages over business rivals.

Data science incorporates various disciplines -- for example, data engineering, data preparation, data mining, predictive analytics, machine learning and data visualization, as well as statistics, mathematics and software programming. It's primarily done by skilled data scientists, although lower-level data analysts may also be involved. In addition, many organizations now rely partly on citizen data scientists, a group that can include business intelligence (BI) professionals, business analysts, data-savvy business users, data engineers and other workers who don't have a formal data science background.

This comprehensive guide to data science further explains what it is, why it's important to organizations, how it works, the business benefits it provides and the challenges it poses. You'll also find an overview of data science applications, tools and techniques, plus information on what data scientists do and the skills they need. Throughout the guide, there are hyperlinks to related TechTarget articles that delve more deeply into the topics covered here and offer insight and expert advice on data science initiatives.

Why is data science important?

Data science plays an important role in virtually all aspects of business operations and strategies. For example, it provides information about customers that helps companies create stronger marketing campaigns and targeted advertising to increase product sales. It aids in managing financial risks, detecting fraudulent transactions and preventing equipment breakdowns in manufacturing plants and other industrial settings. It helps block cyber attacks and other security threats in IT systems.

From an operational standpoint, data science initiatives can optimize management of supply chains, product inventories, distribution networks and customer service. On a more fundamental level, they point the way to increased efficiency and reduced costs. Data science also enables companies to create business plans and strategies that are based on informed analysis of customer behavior, market trends and competition. Without it, businesses may miss opportunities and make flawed decisions.

Data science is also vital in areas beyond regular business operations. In healthcare, its uses include diagnosis of medical conditions, image analysis, treatment planning and medical research. Academic institutions use data science to monitor student performance and improve their marketing to prospective students. Sports teams analyze player performance and plan game strategies via data science. Government agencies and public policy organizations are also big users.

Data science process and lifecycle

Data science projects involve a series of data collection and analysis steps. In an article that describes the data science process, Donald Farmer, principal of analytics consultancy TreeHive Strategy, outlined these six primary steps:

• Identify a business-related hypothesis to test.
• Gather data and prepare it for analysis.
• Experiment with different analytical models.
• Pick the best model and run it against the data.
• Present the results to business executives.
• Deploy the model for ongoing use with fresh data.

Farmer said the process does make data science a scientific endeavor. However, he wrote that in corporate enterprises, data science work "will always be most usefully focused on straightforward commercial realities" that can benefit the business. As a result, he added, data scientists should collaborate with business stakeholders on projects throughout the analytics lifecycle.

Benefits of data science

In an October 2020 webinar organized by Harvard University's Institute for Applied Computational Science, Jessica Stauth, managing director for data science in the Fidelity Labs unit at Fidelity Investments, said there's "a very clear relationship" between data science work and business results. She cited potential business benefits that include higher ROI, sales growth, more efficient operations, faster time to market and increased customer engagement and satisfaction.

Generally speaking, one of data science's biggest benefits is to empower and facilitate better decision-making. Organizations that invest in it can factor quantifiable, data-based evidence into their business decisions. Ideally, such data-driven decisions will lead to stronger business performance, cost savings and smoother business processes and workflows.

The specific business benefits of data science vary depending on the company and industry. In customer-facing organizations, for example, data science helps identify and refine target audiences. Marketing and sales departments can mine customer data to improve conversion rates and create personalized marketing campaigns and promotional offers that produce higher sales.

In other cases, the benefits include reduced fraud, more effective risk management, more profitable financial trading, increased manufacturing uptime, better supply chain performance, stronger cybersecurity protections and improved patient outcomes. Data science also enables real-time analysis of data as it's generated -- read about the benefits that real-time analytics provides, including faster decision-making and increased business agility, in another article by Farmer.

What do data scientists do and what skills do they need?

The primary role of data scientists is analyzing data, often large amounts of it, in an effort to find useful information that can be shared with corporate executives, business managers and workers, as well as government officials, doctors, researchers and many others. Data scientists also create AI tools and technologies for deployment in various applications. In both cases, they gather data, develop analytical models and then train, test and run the models against the data.

As a result, data scientists must possess a combination of data preparation, data mining, predictive modeling, machine learning, statistical analysis and mathematics skills, as well as experience with algorithms and coding -- for example, programming skills in languages such as Python, R and SQL. Many are also tasked with creating data visualizations, dashboards and reports to illustrate analytics findings.

https://www.techtarget.com/searchenterpriseai/definition/data-science

Tester or Developer - What Suits You the Most?

 As our world becomes increasingly digital, there has been an increase in the number of applications being developed for various platforms. No matter whether these apps are for a desktop, laptop, TV, refrigerator, car, or mobile device, they all require a team of testers and developers in order to ensure that the app is completed within time, scope, and budget. The quality of the applications also needs to be top-notch to ensure that no bugs escape out into the wild. However, this may not be as easy as it sounds since the process of developing an application for any platform involves a lot of people working together to ensure that the final product is presentable and usable.

Who Develops Apps?

Modern applications are always growing in terms of complexity and features. Each application requires a complicated set of features that have to work in harmony with each other in order to achieve the app’s goals. When an organization wants to have an app created, requirements are usually defined at the beginning by the party who needs to have the application developed for them working in tandem with the team who will actually build the app.

Apps are developed by an application development team. The team will have several roles, the most important of which are testers and developers. In this article, we’ll examine the difference between a tester and developer, along with a discussion of each role. We hope this information can help you get a clearer picture of whether you want a software testing career or a software developer career.

What Does a Developer Do?

Once the features of the app have been nailed down, they will be converted into actual applications. This is the role of the developer—using a variety of tools including programming languages, data structures, integrated development environments, staging servers, and more to get the system started. 

During the development process, the developer is required to write down and execute basic test cases which will determine whether the application is structurally sound and performing properly. This is usually done through a process known as unit testing. It is important to note that unit testing is not the same as the testing that is done by the tester. Unit tests are used by developers to determine any obvious bugs and ensure that the program works as expected. However, there are other bugs which may not be caught early enough by the developer and this is where the tester’s role comes in.

What Does a Tester Do?

A tester is the person responsible for trying out all the different usage scenarios for an application in order to ensure that it works as expected. The tester reports back to the development team listing the bugs that were discovered and what series of actions led to that particular error. 

These defects, or bugs, are usually addressed before the application can be deployed or shipped to consumers. The work of the tester involves carrying out several activities inside the application—just like a normal user would do. For example, the tester will to try out several different approaches to doing the same thing in order to determine whether a specific combination of steps may lead to an error message, the program crashing, or other unexpected result.

It is very important that software bugs are caught as early as possible. When bugs appear in a real-world environment, they can incur decreases in revenue as well as increased costs to fix the bugs. With a tester as part of the development cycle, an application will be shipped with the fewest possible bugs—since the major ones have been discovered by the tester. In short, the work of the tester is to find bugs before they are caught in the wild. In their own way, the tester helps to reduce the overall cost of the project—and that can really add up!

Conclusion

To decide between tester vs. developer, your career choice will depend on your particular interests in the world of software development. A developer needs to have programming skills and proficiency at writing code. Development is usually about creating prototypes and testing these prototypes until they are able to function.

 A tester, on the other hand, is responsible for testing the application and pushing it to its limits. The tester needs to have deep knowledge of the system that is being developed as well as excellent communication skills. Communication skills are necessary because the tester will be reporting the bugs back to the development team so that they can work on the errors and fix them. 

There are a lot of ways in which a person can get started with either of the above, but the most direct route is education and experience. Simplilearn’s online training offers both; many online our courses in software development and testing include real-life projects.

https://www.simplilearn.com/software-tester-or-developer-article

Cloud security risks remain very human

 Talk about cloud security and you’re likely to discuss provider-focused issues: not enough security, not enough auditing, not enough planning. However, the biggest cloud security risks continue to be the people who walk beside you in the hallways. According to the latest “Top Threats to Cloud Computing” report by the Cloud Security Alliance on the HealthITSecurity website, the scary calls are coming from inside the house.

Based on a survey of more than 700 cybersecurity professionals, the report showed that the top 11 threats to cloud security include insecure interfaces and APIs, misconfigurations, lack of a cloud security architecture and strategy, as well as accidental cloud disclosure. The actual threats are not the bad actors sitting in an abandoned warehouse; it’s Mary in accounting, Robert in inventory IT, even Susan in IT security. 

Researchers noted that the current view on cloud security has shifted the responsibility from providers to adopters. If you ask the providers that have always promoted a “shared responsibility” model, they have always required adopters to take responsibility for security on their side of the equation. However, if you survey IT workers and rank-and-file users, I’m sure they would point to cloud providers as the linchpins to good cloud security. 

It is also interesting to see that shared technology vulnerabilities, such as denial of service, communications service providers data loss, and other traditional cloud security issues ranked lower than in previous studies. Yes, they are still a threat, but postmortems of breaches reveal that shared technology vulnerabilities rank much lower on our list of worries. 

The core message is that the real vulnerabilities are not as exciting as we thought. Instead, the lack of security strategy and security architecture now top the list of cloud security “no-nos.” Coming in second was the lack of training, processes, and checks to prevent misconfiguration, which I see most often as the root causes of most security breaches. Of course, these problems have a direct link. The lack of security planning and security architecture are part of the reasons that misconfigurations occur in the first place. 

At the heart of the matter is a lack of resources. Cloud security issues arise when enterprises are not willing or able to spend the money needed for a proper security plan. Also, just as important, organizations need to continuously coach people on proper security procedures until it’s second nature. This needs to be ongoing and coupled with a change in culture from a “mostly trust” to a “zero trust” security mentality.

IT staff still find sticky notes with user IDs and passwords throughout the enterprise and often discover cloud resources being leveraged in unauthorized ways. It sounds absurd, but I know of instances when public cloud storage and compute systems were being used by the children of IT leaders to complete homework assignments—I saw this happen more than once, in more than a few enterprises. I wish I were kidding. 

Fortunately, the solutions to system security problems are easy to define: more resources and a greater focus on cloud security. With that said, you can’t just toss technology at the problem. The fix requires a sound security plan that will define what is to be done during at least the next five years to secure your systems. 

It’s often more difficult to define how the culture needs to change and then implement the changes. All the training in the world won’t do much good if you’re dealing with a culture of apathy.

It’s always nice to blame others for system shortcomings. That’s not possible this time, and it won’t be the case moving forward. It’s time to start addressing your security issues by looking in the mirror.

https://www.infoworld.com/