TNS
SUBSCRIBE
Join our community of software engineering leaders and aspirational developers. Always stay in-the-know by getting the most important news and exclusive content delivered fresh to your inbox to learn more about at-scale software development.
REQUIRED
 
It seems that you've previously unsubscribed from our newsletter in the past. Click the button below to open the re-subscribe form in a new tab. When you're done, simply close that tab and continue with this form to complete your subscription.
Welcome and thank you for joining The New Stack community!
Please answer a few simple questions to help us deliver the news and resources you are interested in.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
Great to meet you!
Tell us a bit about your job so we can cover the topics you find most relevant.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
Welcome!

We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.

What’s next?

Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.

Become a TNS follower on LinkedIn.

Check out the latest featured and trending stories while you wait for your first TNS newsletter.

PREV
of
NEXT
VOXPOP
404 - VOXPOP NOT FOUND
Give use a minute to figure out what's going on here ...
 
Open Source Cloud Native Ecosystem Containers Edge Computing Microservices Networking Serverless Storage
Linux Foundation Backs Open Source LLM Initiative
Aug 18th 2024 6:00am, by Steven J. Vaughan-Nichols
A ‘Nue’ UX Web Framework; Plus Anthropic, OpenAI Boost AI APIs
Aug 17th 2024 3:52am, by Loraine Lawson
Cockroach Rescinds Open Core for a Free Enterprise Version
Aug 16th 2024 12:12pm, by Joab Jackson
Is It Time for an Open LLM To Be Added to the LAMP Stack?
Aug 12th 2024 1:30am, by Richard MacManus
New OpenTofu Release Challenges Terraform's Dominance
Jul 30th 2024 11:46am, by Steven J. Vaughan-Nichols
Execs Invest in Platform Engineering: Here's Why
Aug 19th 2024 10:22am, by Janet Wi
Cockroach Rescinds Open Core for a Free Enterprise Version
Aug 16th 2024 12:12pm, by Joab Jackson
Boost Azure’s FaaS Capabilities With Durable Functions
Aug 15th 2024 8:16am, by Lily Ma and David Justo
Kubernetes 1.31 Arrives with New Support for AI/ML, Networking
Aug 13th 2024 2:00pm, by Chris J. Preimesberger
Database as a Service: The Hidden Cost of Convenience
Aug 12th 2024 2:08pm, by Ann Schlemmer
Chainguard Launches CPU/GPU Containers for AI Frameworks
Aug 19th 2024 12:52pm, by B. Cameron Gain
Runc-Related Leaky Vessels Threaten Container Security
Jul 23rd 2024 10:27am, by Manas Chowdhury
3 Ways To Improve Your Container Build Process
Jul 22nd 2024 10:00am, by Sylvain Kalache
Exploring MicroOS, OpenSUSE's Immutable Container OS
Jul 5th 2024 6:00am, by Jack Wallen
Unverified Container Images Threaten Software Supply Chain
Jul 3rd 2024 8:02am, by Kim Lewandowski and Adrian Mouat
With eLxr, Wind River Brings Debian Linux to the Edge
Aug 12th 2024 1:30pm, by Joab Jackson
How To Get Started Running Small Language Models at the Edge
Jul 24th 2024 6:00am, by Janakiram MSV
How to Apply Microservice Architecture to Embedded Systems
Jul 16th 2024 10:48am, by Bob Reselman
Why We Chose WebAssembly (Wasm) for Our Edge Runtime
May 28th 2024 6:50am, by Bogdan Kurnosov
Cloud Computing at the Edge: From Evolution to Disruption
May 16th 2024 10:00am, by Yoram Novick
Why Staging Doesn't Scale for Microservice Testing
Aug 16th 2024 10:13am, by Arjun Iyer
A Developers Guide to NIM, Nvidia’s AI Application Platform
Aug 13th 2024 8:02am, by Janakiram MSV
Setting Microservices Up for Success: Real-World Advice
Aug 1st 2024 6:03am, by Charles Humble
How to Apply Microservice Architecture to Embedded Systems
Jul 16th 2024 10:48am, by Bob Reselman
The 5 Worst Anti-Patterns in API Management
Jun 26th 2024 10:00am, by Emile Vauge
Linux: Display and Manage IP Address Settings
Aug 18th 2024 12:00pm, by Damon M. Garn
Linux: Mount Remote Directories With SSHFS
Aug 3rd 2024 6:00am, by Jack Wallen
Client-Side Monitoring Is a Must for Mobile Apps
Jul 19th 2024 11:26am, by Fredric Newberg
VMware's 'Private Cloud' Solution Emerges Under Broadcom
Jul 17th 2024 7:04am, by B. Cameron Gain
Using ngrok in Production: Not Just for Testing Anymore
Jul 10th 2024 8:10am, by Scott M. Fulton III
Momento: Caching at Scale and More, Without All the Hassle
Jul 22nd 2024 11:23am, by Susan Hall
WebAssembly and Kubernetes Go Better Together: Matt Butcher
May 22nd 2024 2:00pm, by Raghavan "Rags" Srinivas
How to Conquer Cold Starts for Better Performance
Apr 25th 2024 9:17am, by Henry Hamid Safi
Meet DBOS: A Database Alternative to Kubernetes 
Mar 12th 2024 4:00am, by Joab Jackson
Pulumi Templates for GenAI Stacks: Pinecone, LangChain First
Feb 21st 2024 9:00am, by Joab Jackson
Linux: Low-level Data Copying with dd
Aug 17th 2024 6:00am, by Jack Wallen
Momento: Caching at Scale and More, Without All the Hassle
Jul 22nd 2024 11:23am, by Susan Hall
Unfreeze Apache Iceberg to Thaw Your Data Lakehouse
Jul 22nd 2024 7:28am, by Dave Eyler
The Do’s and Don’ts of Implementing Search in Your App
Jul 19th 2024 5:54am, by Ben Greenberg
Linux: Synchronize Local and Remote Directories With Rsync
Jul 13th 2024 5:00am, by Jack Wallen
AI Large Language Models Frontend Development Software Development API Management Python JavaScript TypeScript WebAssembly Cloud Services Data Security
Chainguard Launches CPU/GPU Containers for AI Frameworks
Aug 19th 2024 12:52pm, by
Building a Steampipe Dashboard for WordPress, With LLM Help
Aug 19th 2024 9:22am, by
Build a RAG App With Nvidia NIM APIs and a Vector Database
Aug 19th 2024 7:20am, by
Be an AI Power User: Success Strategies in the AI Landscape
Aug 19th 2024 6:01am, by
Copilot Autofix: AI's Answer to Code Vulnerability Woes
Aug 19th 2024 5:05am, by
Building a Steampipe Dashboard for WordPress, With LLM Help
Aug 19th 2024 9:22am, by
Build a RAG App With Nvidia NIM APIs and a Vector Database
Aug 19th 2024 7:20am, by
Be an AI Power User: Success Strategies in the AI Landscape
Aug 19th 2024 6:01am, by
Mitigating Safety Risks with AI-Powered Applications
Aug 16th 2024 5:05am, by and
Machine Unlearning: Why Teaching AI To Forget Is Crucial
Aug 15th 2024 5:50am, by
A ‘Nue’ UX Web Framework; Plus Anthropic, OpenAI Boost AI APIs
Aug 17th 2024 3:52am, by
Development Server Vite Gets Independent Team and Rust-ifies
Aug 13th 2024 11:05am, by
Meet Toddle: the Next Open Source Web App Builder
Aug 12th 2024 8:00am, by
JetBrains Improves AI Code Completion, OpenAI Boosts JSON
Aug 10th 2024 8:00am, by
Google Angular Lead Sees Convergence in JavaScript Frameworks
Aug 9th 2024 8:20am, by
Ambient Mesh: Can Sidecar-less Istio Make Applications Faster?
Aug 19th 2024 11:10am, by
Agile Reinvented: A Look Into the Future
Aug 19th 2024 8:35am, by
Rust vs. Zig in Reality: A (Somewhat) Friendly Debate 
Aug 19th 2024 7:09am, by
Copilot Autofix: AI's Answer to Code Vulnerability Woes
Aug 19th 2024 5:05am, by
Frontend Strategies: Frameworks or Pure JavaScript?
Aug 17th 2024 1:58pm, by
Master API Connections in Azure with Bicep
Aug 14th 2024 10:00am, by
5 API Testing Best Practices to Tame the Wild West
Aug 13th 2024 5:01am, by
GraphQL vs. OpenAPI: Pros and Cons for Data Governance
Aug 12th 2024 12:55pm, by
OpenAI's ChatGPT Now Formats Output to Developer Queries
Aug 7th 2024 12:00pm, by
Make Data Governance Automation Suck Less With a Supergraph
Aug 5th 2024 12:39pm, by
How To Use Inheritance in Python
Aug 13th 2024 5:00pm, by
What Is the Python join() Function and When Should You Use It?
Aug 12th 2024 5:00pm, by
What Is Python's sum() Function and How Do You Use It?
Aug 11th 2024 6:00am, by
What Is the Python Match Case Statement and Why Use It?
Aug 8th 2024 5:00pm, by
Excel Gets Local Python Boost With Anaconda Code
Jul 31st 2024 11:38am, by
Frontend Strategies: Frameworks or Pure JavaScript?
Aug 17th 2024 1:58pm, by
Development Server Vite Gets Independent Team and Rust-ifies
Aug 13th 2024 11:05am, by
Google Angular Lead Sees Convergence in JavaScript Frameworks
Aug 9th 2024 8:20am, by
Netlify Aims To Simplify the Frontend With Cloud Primitives
Aug 7th 2024 11:08am, by
How To Build Scalable Real-Time Applications With JavaScript
Aug 6th 2024 6:50am, by
TypeScript 5.5: Faster, Smarter and More Powerful
Jun 25th 2024 6:41am, by
UIX: A Full Stack Web Dev Framework Leveraging Deno
Jun 11th 2024 11:30am, by
TanStack Introduces New Meta-Framework Based on Its Router
Jun 5th 2024 11:38am, by
In a TypeScript World, Code Generation Is Key for API SDKs
May 8th 2024 4:00am, by
TypeScript Meets API Design in Microsoft's Game-Changing TypeSpec
May 7th 2024 7:30am, by
Golang for WebAssembly Can Now Work Like IT Should
Aug 9th 2024 9:00am, by
How To Run WebAssembly on Kubernetes
Jul 28th 2024 10:00am, by
Chicory: Write to WebAssembly, Overcome JVM Shortcomings 
Jul 19th 2024 12:33pm, by
What’s Next for Flutter After Layoffs Hit Google Team
Jul 17th 2024 9:01am, by
Demos: Deploying LLMs With WasmEdge 
Jul 16th 2024 8:28am, by
Boost Azure’s FaaS Capabilities With Durable Functions
Aug 15th 2024 8:16am, by and
Google Cloud Adds GenAI, Core Enhancements Across Data Platform
Aug 1st 2024 8:30am, by
AWS Discontinues Git-Hosting Service CodeCommit
Jul 31st 2024 12:10pm, by
How to Deploy the Nextcloud Cloud Server on AlmaLinux
Jul 23rd 2024 11:43am, by
Observability Takes Flight With Cloud Canaries
Jul 23rd 2024 5:00am, by
Building a Steampipe Dashboard for WordPress, With LLM Help
Aug 19th 2024 9:22am, by
Rust vs. Zig in Reality: A (Somewhat) Friendly Debate 
Aug 19th 2024 7:09am, by
Be an AI Power User: Success Strategies in the AI Landscape
Aug 19th 2024 6:01am, by
Linux: Low-level Data Copying with dd
Aug 17th 2024 6:00am, by
OpsMill Infrahub Automates IaC with GitOps and a Database
Aug 14th 2024 6:47am, by
Chainguard Launches CPU/GPU Containers for AI Frameworks
Aug 19th 2024 12:52pm, by
Copilot Autofix: AI's Answer to Code Vulnerability Woes
Aug 19th 2024 5:05am, by
How to Manage a Linux Firewall
Aug 18th 2024 12:00pm, by
As Malware Embraces Rust, a New Effort Emerges to Fight Back
Aug 16th 2024 2:05pm, by
Mitigating Safety Risks with AI-Powered Applications
Aug 16th 2024 5:05am, by and
Platform Engineering Operations CI/CD Tech Careers Tech Culture DevOps Kubernetes Observability Service Mesh
Execs Invest in Platform Engineering: Here's Why
Aug 19th 2024 10:22am, by Janet Wi
How a DevOps Team Became a Platform Engineering Team
Aug 17th 2024 6:43am, by Jennifer Riggins
Are Shared Service Platforms Too Restrictive?
Aug 14th 2024 5:35am, by Lawrence E Hecht
5 Hacks Learned by Writing Thousands of Lines of IaC
Aug 13th 2024 7:25am, by Eran Bibi
Internal Developer Portals: 3 Real World Examples
Aug 12th 2024 4:00am, by Sooraj Shah
Ambient Mesh: Can Sidecar-less Istio Make Applications Faster?
Aug 19th 2024 11:10am, by Lin Sun
Rust vs. Zig in Reality: A (Somewhat) Friendly Debate 
Aug 19th 2024 7:09am, by Cynthia Dunlop
How to Manage a Linux Firewall
Aug 18th 2024 12:00pm, by Damon M. Garn
Linux: Low-level Data Copying with dd
Aug 17th 2024 6:00am, by Jack Wallen
How to Create Your First Linux Bash Script
Aug 16th 2024 5:00pm, by Jack Wallen
The Doorway Effect and Developer Experience: Why It Matters
Aug 15th 2024 3:28am, by Steve Fenton
Keep Cloud App Docs Updated with Living Documentation
Aug 14th 2024 7:08am, by Rak Siva
5 API Testing Best Practices to Tame the Wild West
Aug 13th 2024 5:01am, by Lori Marshall
LLM Function Calling: How to Get Started
Aug 9th 2024 6:19am, by Oladimeji Sowole
Tackling the Challenges of Logical Replication in PostgreSQL
Aug 7th 2024 2:00pm, by Susan Hall
In the Age of AI, What Should We Teach Student Programmers?
Aug 7th 2024 4:00am, by David Cassel
Rapid Innovation In Vehicle Connectivity Is Creating New Developer Roles
Aug 6th 2024 10:00am, by Nick Power
What’s Psychological Safety, and Why Does Tech Need It Now?
Aug 4th 2024 7:00am, by Joe Fay
Get Certified in Platform Engineering, Starting Aug. 6
Jul 31st 2024 8:06am, by Todd R. Weiss
Top Developer Skills for AI and Cloud Jobs
Jul 29th 2024 10:22am, by Jennifer Riggins
Developers: The First Line of Defense in Cybersecurity
Aug 12th 2024 10:00am, by Shrav Mehta
An Algorithm-Produced 'Generative' Film Celebrates Brian Eno
Aug 10th 2024 5:00am, by David Cassel
Russ Cox Steps Down as Tech Lead of Go Programming Language
Aug 7th 2024 7:12am, by Steven J. Vaughan-Nichols
DevOps Success Isn't Always Numbers Going Up
Aug 6th 2024 8:00am, by Andy Corrigan
Why AI Can't Fix Your Production Issues
Aug 5th 2024 10:00am, by Siddarth Jain
Ambient Mesh: Can Sidecar-less Istio Make Applications Faster?
Aug 19th 2024 11:10am, by Lin Sun
Execs Invest in Platform Engineering: Here's Why
Aug 19th 2024 10:22am, by Janet Wi
DevOps in 2024: Automate First, AI Second
Aug 18th 2024 6:05am, by David Brooks
How a DevOps Team Became a Platform Engineering Team
Aug 17th 2024 6:43am, by Jennifer Riggins
4 Roadblocks to Real-Time Analytics, and How to Get It Right
Aug 16th 2024 10:15am, by Rahul Pradhan
Kubernetes 1.31 Arrives with New Support for AI/ML, Networking
Aug 13th 2024 2:00pm, by Chris J. Preimesberger
VMware's Golden Path
Aug 8th 2024 10:36am, by Alex Williams
Bypassing eBPF to Protect Runtimes in Kubernetes Apps
Aug 4th 2024 9:00am, by Alex Williams
Cloud Native Use to Double by 2029
Aug 2nd 2024 7:50am, by Janet Wi
Score: New CNCF Sandbox Tool for Infrastructure-Centric Dev
Jul 30th 2024 10:20am, by B. Cameron Gain
What’s the Difference Between Observability and Monitoring?
Aug 7th 2024 8:00am, by Kumar Harsh
Why AI Can't Fix Your Production Issues
Aug 5th 2024 10:00am, by Siddarth Jain
How To Manage Linux Log Services
Aug 3rd 2024 9:00am, by Damon M. Garn
Synthetic Monitoring With OpenTelemetry
Aug 1st 2024 10:42am, by Ken Hamric
Leveraging Keptn for Automated SLO Analysis
Jul 24th 2024 10:08am, by Robert Kimani
Can Cilium Be a Control Plane Beyond Kubernetes?
Jul 28th 2024 6:00am, by Alex Williams
Enhancing Business Security and Compliance with Service Mesh
Apr 1st 2024 10:00am, by Ninad Desai
Some Linkerd Users Must Pay: Fear and Anger Explained
Feb 28th 2024 9:21am, by B. Cameron Gain
Buoyant Revises Release Model for the Linkerd Service Mesh
Feb 21st 2024 9:30am, by Joab Jackson
Istio Advisor Plus GPT: Expert System Meets AI for Service Mesh
Dec 14th 2023 12:15pm, by Steven J. Vaughan-Nichols
AI / Containers / Security

Chainguard Launches CPU/GPU Containers for AI Frameworks

To address security concerns, Chainguard offers a growing suite of CPU and GPU-enabled container images tailored for AI. These images include PyTorch, Conda and Kafka.
Aug 19th, 2024 12:52pm by
Featued image for: Chainguard Launches CPU/GPU Containers for AI Frameworks

The concept is simple. You take a container, usually Docker, with your application and code inside. It likely has some CVEs, if not many. Alternatively, you can build a container using a Chainguard container image, and usually, you can reduce those vulnerabilities to zero. After that, you can port your application, deploy it, share it, etc.

What Chainguard has recently done is apply this process to containers for AI models and large language models (LLMs).  How it achieved this is interesting, but the key point is that, according to Chainguard’s documentation, it works. And as I can confirm and will detail below, I was able to download the image with Docker pull to get started, and it worked seamlessly.

Additionally, how this process works, and information about Chainguard in general, is detailed and covered in its learning center, Chainguard Academy. There, you can get hands-on help, and the team will actually work with you once you’ve completed the course, especially when you pull your own container images from GitHub, for example.

The idea is to address the challenges of securely building ML and GenAI applications. These challenges involve entirely new types of stacks that must be configured to handle the additional complexities of both GPUs and CPUs. This includes neural networking, computing, applications and other computational challenges associated with ML and AI/ML stacks.

Many organizations are just getting started, and security may or may not be an afterthought, given the immense challenges involved in the production cycle, which now requires a new type of workflow. To address security concerns, Chainguard offers a growing suite of CPU and GPU-enabled container images tailored for AI. These images include PyTorch, Conda and Kafka, all of which are hardened and minimal. The goal is to use these containers seamlessly, without hindering the development of applications despite the significant challenges involved.

“While much of the AI security conversation revolves around model security and prompt injections, we can’t overlook foundational aspects of the infrastructure hosting these models and applications,” said Dan Fernandez, staff product manager at Chainguard, told The New Stack. “The entire AI Stack needs robust security. Chainguard Images help organizations tackle vulnerabilities in these often-overlooked components, strengthening the foundation of AI deployments.”

The vulnerabilities in these hardened containers are addressed in real time, with the status of these vulnerabilities being checked daily. For example, the runtime release of the official PyTorch image on Docker Hub contained one critical, 23 high, 1,189 medium and 72 low CVEs according to the Grype vulnerability scanner as run on July 24. However, these vulnerabilities are mitigated through the use of Chainguard’s hardened images.

Like all Chainguard images, its Chainguard AI Image for PyTorch has zero CVEs “as of today,” and any new CVEs will be rapidly patched, frequently within hours and not days, Chainguard says. ,

“The AI landscape is evolving incredibly fast with new application components emerging almost every day. In this fast-paced environment, using the latest, most secure versions of components is crucial,” Fernandez said. “Machine learning operations teams want to focus on developing better functionality, and they prefer that over the toil of vulnerability remediation, which slows down innovation.”

In addition to speaking with The New Stack,  Fernandez wrote in a blog post that by simplifying and securing the AI/ML stack, Chainguard allows businesses to harness the power of these technologies without the added burden of managing intricate infrastructure.

‍“As we champion the acceleration of AI technologies, we equally emphasize the critical need for cutting-edge security solutions to safeguard these advancements,” said Jacob Rideout, CTO of HiddenLayer, a computer and network security provider, in the blog post. “We have adopted Chainguard Images to reduce the burden of vulnerability triage on our developers so they can focus on building and establishing a secure avenue for the broad adoption of AI technologies.

‍In addition to patching the images on an ongoing basis, Chainguard communicated the following attributes for its hardened containers:

  • Chainguard seeks to keep the “bloat” out of Chainguard Images, including, of course, its images for large AI frameworks.
  • ‍Development and runtime versions of images are provided. Development images provide tools for training or development, while the use of production images are suggested for tasks such as inference.
  • ‍Chainguard Images are smaller on disk than comparable official images, according to Chainguard. This is important for ultra-large frameworks and libraries that tend to break infrastructure such as automated container scanners.
  • ‍Every Chainguard Image comes with an included software bill of materials (SBOM) itemizing all included software artifacts. Chainguard Images are also reproducible from their attestations (signed build configurations).

Starting Block

Getting started with Chainguard was simple. ‍‍

The versions of Chainguard’s PyTorch- and other GPU-enabled images are available to pull in the Chainguard Images Directory. It only required a “docker pull” command to get things going. The subsequent steps, as detailed in Chainguard’s documentation, are straightforward:

Chainguard’s documentation is solid for the rest of the steps required for pulling Chainguard’s PyTorch- and other GPU-enabled images. For running pytorch-cuda12, the documentation describes how PyTorch has prerequisites that need to be configured in the environment prior to running with GPUs (examples are provided in TESTING.md).

The container is launched this way:

Do and Learn

Another interesting aspect of Chainguard’s ML/AI hardened container images is its Chainguard Academy course, which gamifies the learning process. It teaches users not only how to use its newly introduced AI/ML hardened container images but also containers in general. Feel free to test your knowledge. It’s fun to get started, as I can confirm.

For the AI/ML course, Chainguard offers a minimal low-CVE image for what it calls “deep learning” with PyTorch. It includes support for the CUDA parallel computing platform for performing computation on supported GPUs.

This introductory guide to Chainguard’s Pytorch image will walk the learner through fine-tuning an image classification model, saving the model and running it securely for inference, Chainguard says. The security and footprint of the PyTorch Chainguard Image to the official runtime image distributed by PyTorch are compared and ways to adapt the resources in this tutorial are covered for PyTorch.

Stay tuned for a full tutorial and review of Chainguard Academy.

TRENDING STORIES
Group Created with Sketch.
BC Gain is founder and principal analyst for ReveCom Media. His obsession with computers began when he hacked a Space Invaders console to play all day for 25 cents at the local video arcade in the early 1980s. He then...
Read more from B. Cameron Gain
SHARE THIS STORY
TRENDING STORIES
TNS owner Insight Partners is an investor in: Docker.
TRENDING STORIES
TNS DAILY NEWSLETTER Receive a free roundup of the most recent TNS articles in your inbox each day.