Google Announces Kubeflow to Bring Kubernetes to Machine Learning

After Kubernetes and TensorFlow, Google has now released Kubeflow, a new open source project that makes it easy to consume machine learning (ML) stacks with Kubernetes.

Kubernetes is being touted as the cloud Linux, and an increasing number of people are employing it in different use cases. Machine learning is one of the fastest growing use cases for Kubernetes, but it's quite a challenge to get the entire machine learning stack up and running.

"Building any production-ready machine learning system involves various components, often mixing vendors and hand-rolled solutions. Connecting and managing these services for even moderately sophisticated setups introduces huge barriers of complexity in adopting machine learning," said David Aronchick and Jeremy Lewi, project manager and engineer, respectively, on the Kubeflow project. "Infrastructure engineers will often spend a significant amount of time manually tweaking deployments and hand rolling solutions before a single model can be tested."

Kubeflow solves this problem because it makes using ML stacks on Kubernetes fast and extensible. It's hosted on GitHub, and the repository contains three components: JupyterHub, to create and manage interactive Jupyter notebooks; a TensorFlow (TF) Custom Resource Definition (CRD) that can be configured to use CPUs or GPUs and adjusted to the size of a cluster with a single setting; and a TF Serving container.

Kubeflow is a multicloud solution. If you can run Kubernetes in your environment, you can run Kubeflow.

Critical Flaw in phpMyAdmin

A security researcher has found a critical flaw in phpMyAdmin that allows an attacker to damage databases. According to Hacker News, "The vulnerability is a cross-site request forgery (CSRF) attack and affects phpMyAdmin versions 4.7.x (prior to 4.7.7)."

The vulnerability was discovered by researcher Ashutosh Barot. Barot wrote in a blog post, "In this case (phpMyAdmin), a database admin/Developer can be tricked into performing database operations like DROP TABLE using CSRF. It can cause devastating incidents! The vulnerability allows an attacker to send a crafted URL to the victim and if she (authenticated user) clicks it, the victim may perform a DROP TABLE query on her database."

On its advisory page, phpMyAdmin wrote that "by deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables, etc." The phpMyAdmin project has already released a patch and suggests users either apply the patch to the existing installs or upgrade to phpMyAdmin 4.7.7 or newer.

phpMyAdmin is an open source tool for managing MySQL over the web. It supports a wide range of functions, including management of database, tables, columns, relations, indexes, users, permissions, etc. via the user interface, instead of using a command-line interface. This ease of use has made phpMyAdmin a very popular tool for hosting providers.