Supervisor Mode Access Prevention (SMAP) is a feature of some CPU implementations such as the Intel Broadwell microarchitecture that allows supervisor mode programs to optionally set user-space memory mappings so that access to those mappings from supervisor mode will cause a trap. This makes it harder for malicious programs to "trick" the kernel into using instructions or data from a user-space program. == History == Supervisor Mode Access Prevention is designed to complement Supervisor Mode Execution Prevention (SMEP), which was introduced earlier. SMEP can be used to prevent supervisor mode from unintentionally executing user-space code. SMAP extends this protection to reads and writes. == Benefits == Without Supervisor Mode Access Prevention, supervisor code usually has full read and write access to user-space memory mappings (or has the ability to obtain full access). This has led to the development of several security exploits, including privilege escalation exploits, which operate by causing the kernel to access user-space memory when it did not intend to. Operating systems can block these exploits by using SMAP to force unintended user-space memory accesses to trigger page faults. Additionally, SMAP can expose flawed kernel code which does not follow the intended procedures for accessing user-space memory. However, the use of SMAP in an operating system may lead to a larger kernel size and slower user-space memory accesses from supervisor code, because SMAP must be temporarily disabled any time supervisor code intends to access user-space memory. == Technical details == Processors indicate support for Supervisor Mode Access Prevention through the Extended Features CPUID leaf. SMAP is enabled when memory paging is active and the SMAP bit in the CR4 control register is set. SMAP can be temporarily disabled for explicit memory accesses by setting the EFLAGS.AC (Alignment Check) flag. The stac (Set AC Flag) and clac (Clear AC Flag) instructions can be used to easily set or clear the flag. When the SMAP bit in CR4 is set, explicit memory reads and writes to user-mode pages performed by code running with a privilege level less than 3 will always result in a page fault if the EFLAGS.AC flag is not set. Implicit reads and writes (such as those made to descriptor tables) to user-mode pages will always trigger a page fault if SMAP is enabled, regardless of the value of EFLAGS.AC. == Operating system support == Linux kernel support for Supervisor Mode Access Prevention was implemented by H. Peter Anvin. It was merged into the mainline Linux 3.7 kernel (released December 2012) and it is enabled by default for processors which support the feature. FreeBSD has supported Supervisor Mode Execution Prevention since 2012 and Supervisor Mode Access Prevention since 2018. OpenBSD has supported Supervisor Mode Access Prevention and the related Supervisor Mode Execution Prevention since 2012, with OpenBSD 5.3 being the first release with support for the feature enabled. NetBSD support for Supervisor Mode Execution Prevention (SMEP) was implemented by Maxime Villard in December 2015. Support for Supervisor Mode Access Prevention (SMAP) was also implemented by Maxime Villard, in August 2017. NetBSD 8.0 was the first release with both features supported and enabled. Haiku support for Supervisor Mode Execution Prevention (SMEP) was implemented by Jérôme Duval in January 2018. macOS has support for SMAP at least since macOS 10.13 released 2017.
Imieliński–Lipski algebra
In database theory, Imieliński–Lipski algebra is an extension of relational algebra onto tables with different types of null values. It is used to operate on relations with incomplete information. Imieliński–Lipski algebras are defined to satisfy precise conditions for semantically meaningful extension of the usual relational operators, such as projection, selection, union, and join, from operators on relations to operators on relations with various kinds of "null values". These conditions require that the system be safe in the sense that no incorrect conclusion is derivable by using a specified subset F of the relational operators; and that it be complete in the sense that all valid conclusions expressible by relational expressions using operators in F are in fact derivable in this system. For example, it is well known that the three-valued logic approach to deal with null values, supported treatment of nulls values by SQL is not complete, see Ullman book. To show this, let T be: Take SQL query Q SQL query Q will return empty set (no results) under 3-valued semantics currently adopted by all variants of SQL. This is the case because in SQL, NULL is never equal to any constant – in this case, neither to “Spring” nor “Fall” nor “Winter” (if there is Winter semester in this school). NULL='Spring' will evaluate to MAYBE and so will NULL='Fall'. The disjunction MAYBE OR MAYBE evaluates to MAYBE (not TRUE). Thus Igor will not be part of the answer (and of course neither will Rohit). But Igor should be returned as the answer. Indeed, regardless what semester Igor took the Networks class (no matter what was the unknown value of NULL), the selection condition will be true. This “Igor” will be missed by SQL and the SQL answer would be incomplete according to completeness requirements specified in Tomasz Imieliński, Witold Lipski, 'Incomplete Information in Relational Databases'. It is also argued there that 3-valued logic (TRUE, FALSE, MAYBE) can never provide guarantee of complete answer for tables with incomplete information. Three algebras which satisfy conditions of safety and completeness are defined as Imielinski–Lipski algebras: the Codd-Tables algebra, the V-tables algebra and the Conditional tables (C-tables) algebra. == Codd-tables algebra == Codd-tables algebra is based on the usual Codd's single NULL values. The table T above is an example of Codd-table. Codd-table algebra supports projection and positive selections only. It is also demonstrated in [IL84 that it is not possible to correctly extend more relational operators over Codd-Tables. For example, such basic operation as join is not extendable over Codd-tables. It is not possible to define selections with Boolean conditions involving negation and preserve completeness. For example, queries like the above query Q cannot be supported. In order to be able to extend more relational operators, more expressive form of null value representation is needed in tables which are called V-table. == V-tables algebra == V-tables algebra is based on many different ("marked") null values or variables allowed to appear in a table. V-tables allow to show that a value may be unknown but the same for different tuples. For example, in the table below Gaurav and Igor order the same (but unknown) beer in two unknown bars (which may, or may not be different – but remain unknown). Gaurav and Jane frequent the same unknown bar (Y1). Thus, instead one NULL value, we use indexed variables, or Skolem constants . V-tables algebra is shown to correctly support projection, positive selection (with no negation occurring in the selection condition), union, and renaming of attributes, which allows for processing arbitrary conjunctive queries. A very desirable property enjoyed by the V-table algebra is that all relational operators on tables are performed in exactly the same way as in the case of the usual relations. === Conditional tables (c-tables) algebra === Example of conditional table (c-table) is shown below. It has additional column “con” which is a Boolean condition involving variables, null values – same as in V-tables. over the following table c-table Conditional tables algebra, mainly of theoretical interest, supports projection, selection, union, join, and renaming. Under closed-world assumption, it can also handle the operator of difference, thus it can support all relational operators. == History == Imieliński–Lipski algebras were introduced by Tomasz Imieliński and Witold Lipski Jr. in Incomplete Information in Relational Databases.
Woken Furies
Woken Furies (2005) is a science fiction novel by British writer Richard Morgan. It is the third novel featuring the anti-hero Takeshi Kovacs and is the sequel to Broken Angels. This addition to the series casts light upon Kovacs' early life providing information on his post-envoy activities. Morgan's official website and interviews suggest that Woken Furies could be the last Kovacs novel, although in 2018 (before Netflix cancelled the show) Morgan stated that the Netflix adaptation has "kind of woken it all up again" after all these years, making him possibly reconsider being done with Kovacs. == Plot == Takeshi Kovacs finds himself in a new "sleeve," or human body, back on his home planet of Harlan's World. He is on the run after making numerous attacks against the Knights of the New Revelation, an extremist religious order responsible for the death of his lost love and her daughter. Because she had violated tenets about resleeving, her executioners dropped her and her daughter's cortical stacks in the sea, effectively preventing them from being resleeved (into new bodies). While trying to secure passage after his most recent attack, Kovacs saves a woman named Sylvie from a group of religious zealots. In return, she allows him to take refuge with her mercenary "deCom" crew as they head out to decommission sentient military hardware that has run amok on the island of New Hokkaido (AKA New Hok). Sylvie is the "command head" of her crew, co-ordinating them during missions by using her biologically implanted circuitry and software. During one of these missions, Sylvie collapses, regains consciousness, and Kovacs realizes that her personality seems to have been replaced by that of long-dead revolutionary leader Quellcrist Falconer. Harlan's World is surrounded by automated "orbitals" which target flying objects, such as vehicles, with high-energy beam weapons known as "angelfire"; Falconer is believed to have died without a backup of her cortical stack when her getaway aircraft was destroyed by angelfire 300 years prior. When Sylvie's crew returns from New Hok, they discover a younger version of Kovacs has been illegally duplicated into a different body (AKA "double sleeved") and is hunting them on behalf of the Harlan family that rules the planet. Most of Sylvie's crew is killed and Sylvie/Quellcrist is captured. Kovacs schemes to rescue Sylvie by approaching old criminal associates of his, the Little Blue Bugs. The Little Blue Bugs mount a semi-successful attack on a Harlan fortress and rescue Sylvie/Quellcrist. Hiding from Harlan forces in a floating base, the neo-Quellists are sold out by its owner and recaptured. An assault by Kovacs and a single UN Envoy on the base ends badly when Kovacs is betrayed by the Envoy who was actually embedded with several colleagues. However, Sylvie/Quellcrist has established a connection with the orbitals and calls down angelfire, eliminating their captors. The younger Kovacs is killed in the aftermath. Sylvie explains that angelfire is a destructive recording device. Thus, in destroying Quellcrist and the helicopter carrying her, it copied her. When the technology of the deCom crews advanced far enough, her persona was able to insert itself into Sylvie's implants and co-exist in her body. The novel ends with Kovacs, Virginia Vidaura, and Sylvie/Quellcrist waiting to see if they can use Sylvie/Quellcrist's newfound connection to the orbitals and the expansion of a long-dormant genetic virus to turn the population against the ruling oligarchy.
AI-assisted targeting in the Gaza Strip
As part of the Gaza war, the Israel Defense Forces (IDF) have used artificial intelligence to rapidly and automatically perform much of the process of determining what to bomb. Israel has greatly expanded the bombing of the Gaza Strip, which in previous wars had been limited by the Israeli Air Force running out of targets. These tools include the Gospel, an AI which automatically reviews surveillance data looking for buildings, equipment and people thought to belong to the enemy, and upon finding them, recommends bombing targets to a human analyst who may then decide whether to pass it along to the field. Another is Lavender, an "AI-powered database" which lists tens of thousands of Palestinian men linked by AI to Hamas or Palestinian Islamic Jihad, and which is also used for target recommendation. Critics have argued the use of these AI tools puts civilians at risk, blurs accountability, and results in militarily disproportionate violence in violation of international humanitarian law. == The Gospel == Israel uses an AI system dubbed "Habsora", "the Gospel", to determine which targets the Israeli Air Force would bomb. It automatically provides a targeting recommendation to a human analyst, who decides whether to pass it along to soldiers in the field. The recommendations can be anything from individual fighters, rocket launchers, Hamas command posts, to private homes of suspected Hamas or Islamic Jihad members. AI can process military intelligence far faster than humans. Retired Lt Gen. Aviv Kohavi, head of the IDF until 2023, stated that the system could produce 100 bombing targets in Gaza a day, with real-time recommendations which ones to attack, where human analysts might produce 50 a year. A lecturer interviewed by NPR estimated these figures as 50–100 targets in 300 days for 20 intelligence officers, and 200 targets within 10–12 days for the Gospel. === Technological background === The Gospel uses machine learning, where an AI is tasked with identifying commonalities in vast amounts of data (e.g. scans of cancerous tissue, photos of a facial expression, surveillance of Hamas members identified by human analysts), then looking for those commonalities in new material. What information the Gospel uses is not known, but it is thought to combine surveillance data from diverse sources in enormous amounts. Recommendations are based on pattern-matching. A person with enough similarities to other people labeled as enemy combatants may be labelled a combatant themselves. Regarding the suitability of AIs for the task, NPR cited Heidy Khlaaf, engineering director of AI Assurance at the technology security firm Trail of Bits, as saying "AI algorithms are notoriously flawed with high error rates observed across applications that require precision, accuracy, and safety." Bianca Baggiarini, lecturer at the Australian National University's Strategic and Defence Studies Centre wrote AIs are "more effective in predictable environments where concepts are objective, reasonably stable, and internally consistent." She contrasted this with telling the difference between a combatant and non-combatant, which even humans frequently can't do. Khlaaf went on to point out that such a system's decisions depend entirely on the data it's trained on, and are not based on reasoning, factual evidence or causation, but solely on statistical probability. === Operation === The IAF ran out of targets to strike in the 2014 war and 2021 crisis. In an interview on France 24, investigative journalist Yuval Abraham of +972 Magazine stated that to maintain military pressure, and due to political pressure to continue the war, the military would bomb the same places twice. Since then, the integration of AI tools has significantly sped up the selection of targets. In early November, the IDF stated more than 12,000 targets in Gaza had been identified by the target administration division that uses the Gospel. NPR wrote on December 14 that it was unclear how many targets from the Gospel had been acted upon, but that the Israeli military said it was currently striking as many as 250 targets a day. The bombing, too, has intensified to what the December 14 article called an astonishing pace: the Israeli military stated at the time it had struck more than 22,000 targets inside Gaza, at a daily rate more than double that of the 2021 conflict, more than 3,500 of them since the collapse of the truce on December 1. Early in the offensive the head of the Air Force stated his forces only struck military targets, but added: "We are not being surgical." Once a recommendation is accepted, another AI, Fire Factory, cuts assembling the attack down from hours to minutes by calculating munition loads, prioritizing and assigning targets to aircraft and drones, and proposing a schedule, according to a pre-war Bloomberg article that described such AI tools as tailored for a military confrontation and proxy war with Iran. One change that The Guardian noted is that since senior Hamas leaders disappear into tunnels at the start of an offensive, systems such as the Gospel have allowed the IDF to locate and attack a much larger pool of more junior Hamas operatives. It cited an official who worked on targeting decisions in previous Gaza operations as saying that while the homes of junior Hamas members had previously not been targeted for bombing, the official believes the houses of suspected Hamas operatives were now targeted regardless of rank. In the France 24 interview, Abraham, of +972 Magazine, characterized this as enabling the systematization of dropping a 2000 lb bomb into a home to kill one person and everybody around them, something that had previously been done to a very small group of senior Hamas leaders. NPR cited a report by +972 Magazine and its sister publication Local Call as asserting the system is being used to manufacture targets so that Israeli military forces can continue to bombard Gaza at an enormous rate, punishing the general Palestinian population. NPR noted it had not verified this; it was unclear how many targets are being generated by AI alone, but there had been a substantial increase in targeting, with an enormous civilian toll. In principle, the combination of a computer's speed to identify opportunities and a human's judgment to evaluate them can enable more precise attacks and fewer civilian casualties. Israeli military and media have emphasized this capacity to minimize harm to non-combatants. Richard Moyes, researcher and head of the NGO Article 36, pointed to "the widespread flattening of an urban area with heavy explosive weapons" to question these claims, while Lucy Suchman, professor emeritus at Lancaster University, described the bombing as "aimed at maximum devastation of the Gaza Strip". The Guardian wrote that when a strike was authorized on private homes of those identified as Hamas or Islamic Jihad operatives, target researchers knew in advance the expected number of civilians killed, each target had a file containing a collateral damage score stipulating how many civilians were likely to be killed in a strike, and according to a senior Israeli military source, operatives use a "very accurate" measurement of the rate of civilians evacuating a building shortly before a strike. "We use an algorithm to evaluate how many civilians are remaining. It gives us a green, yellow, red, like a traffic signal." ==== 2021 use ==== Kohavi compared the target division using the Gospel to a machine and stated that once the machine was activated in the war of May 2021, it generated 100 targets a day, with half of them being attacked, in contrast with 50 targets in Gaza per year beforehand. Approximately 200 targets came from the Gospel out of the 1,500 targets Israel struck in Gaza in the war, including both static and moving targets according to the military. The Jewish Institute for National Security of America's after action report identified an issue, stating the system had data on what was a target, but lacked data on what wasn't. The system depends entirely on training data, and intel that human analysts had examined and deemed didn't constitute a target had been discarded, risking bias. The vice president expressed his hopes this had since been rectified. === Organization === The Gospel is used by the military's target administration division (or Directorate of Targets or Targeting Directorate), which was formed in 2019 in the IDF's intelligence directorate to address the air force running out of targets to bomb, and which Kohavi described as "powered by AI capabilities" and including hundreds of officers of soldiers. In addition to its wartime role, The Guardian wrote it'd helped the IDF build a database of between 30,000 and 40,000 suspected militants in recent years, and that systems such as the Gospel had played a critical role in building lists of individuals authorized to be assassinated. The Gospel was developed by Unit 8200 of the Israeli Intelligence C
Agents of S.H.I.E.L.D. season 4
The fourth season of the American television series Agents of S.H.I.E.L.D., based on the Marvel Comics spy organization S.H.I.E.L.D., follows Phil Coulson and other S.H.I.E.L.D. agents and allies after the signing of the Sokovia Accords. It is set in the Marvel Cinematic Universe (MCU) and acknowledges the continuity of the franchise's films. The season was produced by ABC Studios, Marvel Television, and Mutant Enemy Productions, with Jed Whedon, Maurissa Tancharoen, and Jeffrey Bell serving as showrunners. Clark Gregg reprises his role as Coulson from the film series, starring alongside the returning series regulars Ming-Na Wen, Chloe Bennet, Iain De Caestecker, Elizabeth Henstridge, and Henry Simmons. They are joined by John Hannah who was promoted from his recurring guest role in the third season. The fourth season was ordered in March 2016, with production taking place from that July until the following April. Due to its broadcast schedule, the season was split into three "pods": Ghost Rider for the first eight episodes, featuring recurring guest star Gabriel Luna as the supernatural Robbie Reyes / Ghost Rider and exploring mysticism in the MCU alongside the film Doctor Strange (2016); LMD, referring to the new Life Model Decoy program, for the next seven episodes which focus on recurring guest star Mallory Jansen as the LMD Aida; and Agents of Hydra for the final seven episodes, partly set in a "what if" virtual reality that allowed the return of former series regular Brett Dalton as Grant Ward. The season is also affected by the events of the film Captain America: Civil War (2016), and continues storylines established in the canceled series Agent Carter. The first episode premiered at a screening on September 19, 2016, with the season then airing for 22 episodes on ABC, from September 20, 2016, until May 16, 2017. The premiere debuted to 3.58 million viewers, down from previous season premieres but average for the series. Critical response to the season was positive, with many feeling that each pod was better than the last and in particular praising the visual effects and tone of Ghost Rider, the writing and acting of LMD, and the character development and political commentary explored during Agents of Hydra. The season saw series low viewership, but was still considered to have solved ABC's problem during its new Tuesday night timeslot, and the series was renewed for a fifth season in May 2017. == Episodes == == Cast and characters == == Production == === Development === Agents of S.H.I.E.L.D. was renewed for a fourth season on March 3, 2016, earlier than usual for the series. Executive producer Jed Whedon said on this, "We're thrilled to know going into the end of [season three] with certainty that we will be returning, because we can build our story accordingly." Executive producer Maurissa Tancharoen also noted that logistics for hiring directors for the season in advance would be easier, "which is a very nice privilege to have...that's a luxury". The end of the episode "What If..." features an onscreen tribute to Bill Paxton, who died in February 2017 and had portrayed John Garrett in the series' first season. The series paid additional tribute to Paxton in "All the Madame's Men" with promos during The Bakshi Report news segment showcasing John Garrett as a fallen American hero. The end of "World's End" features a similar onscreen tribute to Powers Boothe, who died in May 2017 and had portrayed Gideon Malick in the series' third season. === Writing === The season shifted to the later 10 pm timeslot, allowing it to take on a darker, more mature tone than previous seasons. According to Tancharoen, "The whole tagline for this year is 'Agents of S.H.I.E.L.D. After Dark'". The timeslot gave the series the opportunity to present an increased level of violence and partial nudity, as well as take more risks and present edgier themes. Following the third-season finale, Tancharoen stated that the fourth season would explore the guilt Daisy Johnson has over Lincoln Campbell's death. Executive producer Jeffrey Bell noted the writers tried to continue the tradition of "finding new combinations and new conflicts" between different sets of characters, given "a lot of procedurals [see] the same people doing the same thing for five years". Pairings that would be explored included Coulson and Mack, continuing from the end of season three, who have a mutual respect for one another due to their relationships with Daisy, and Leo Fitz and Holden Radcliffe, who work together. The Fitz-Simmons relationship was also explored more, examining the new challenges it presented for the two "working together, loving each other and living together". Following the third season's dealing with the themes of Captain America: Civil War (2016), such as the opposing reactions to the Inhumans, Whedon said that the question of "How do you deal with a war with powered people at that level, a government level?" was one that they wanted to answer in the fourth season. Tancharoen called the Inhumans "a permanent part of our universe now", with Whedon adding, "we have a quick-fire way of introducing people with powers. It gives us a lot of leeway in our world, and it lets us explore the metaphors of what it is like to be different. We will never close that chapter." With the Inhumans film being removed from Marvel Studios' release schedule, the series had "a little more freedom" and were "able to do a little bit more" with the species, including the potential of introducing some of the "classic" Inhumans, though the series would focus less on Inhumans than the third season which saw "a real significant Inhuman agenda story". It was not intended to be a spin-off of Agents of S.H.I.E.L.D. On the evolution of S.H.I.E.L.D. to featuring so many powered characters, Whedon said "the dynamic in the world has changed. There was one person with powers, and then by The Avengers there were maybe six total ... now they're much more prevalent, so there's reaction from the public based on that." The season is structured into three "pods" based on its airing schedule: the first eight episodes, subtitled Ghost Rider; LMD (Life Model Decoy) for the subsequent seven episodes; and a third pod for the final seven episodes called Agents of Hydra. Elements and characters cross over between the different pods, but the sections "definitely have a different feel" from one another, as Bell explained that 22 episodes "is a long time to hold a big bad or a single plot line, especially for an audience", and for the past two seasons, the series was able to have two separated halves that "allows us to introduce a big bad. And then, something happens and we rise somebody new ... Now, there's three of those." "Financial considerations" were also taken into account in creating the pods for the season, as using LMDs does not "cost as much as setting a guy's head on fire via CGI". In terms of writing the "complicated season", Whedon said the writers were "aware that our fans are our fans and have spent some time with these characters and are clever and see things coming sometimes ... Part of our job is to create not just what we are presenting on plot, but letting the audience be one step ahead of us and being one step ahead of that." He added that the writers knew that they wanted to tell a Ghost Rider story, an LMD story, and a "what if" scenario, and the hardest part was making each pod still fit together as a single season. The major connection ultimately became the Darkhold, which leads from the magic of Ghost Rider to the advanced science of LMD and then the Framework in Agents of Hydra. Ghost Rider also reappears in the final episode of the season, "World's End", as an additional connection. ==== Ghost Rider ==== While planning the fourth season, Marvel suggested that the series introduce Ghost Rider, after the character's film rights had returned to Marvel from Sony in May 2013. Loeb felt that this made the season unquestionably "the series' biggest" with the "most ambitious story yet". He added that "one of the things that we talked about is, S.H.I.E.L.D. always looked out for the weird, the unusual, the things that were and could be a problem for the public", and Marvel realized that Ghost Rider's abilities, which are more mystical than anything seen in the series to date, opened up "a quarter of the universe that we haven't really spent a lot of time exploring ... what happens if our very real, our very grounded agents who are very much a family have to take on something that is as bizarre and powerful and unique as Ghost Rider." Bell added that the producers would have been willing to give an entire season of the show to a Ghost Rider arc if the season was 13 episodes or less, but 22 episodes seemed too long to "feel like one flavor". The Robbie Reyes version of Ghost Rider was chosen over other versions of the character from the comics because of his relationship with his brother Gabe, w
Containerization (computing)
In software engineering, containerization is operating-system-level virtualization or application-level virtualization over multiple resources so that software applications can run in isolated user spaces called containers in any cloud or non-cloud environment, regardless of type or vendor. The term "container" has different meanings in different contexts, and it is important to ensure that the intended definition aligns with the audience's understanding. == Usage == Each container is basically a fully functional and portable cloud or non-cloud computing environment surrounding the application and keeping it independent of other environments running in parallel. Individually, each container simulates a different software application and runs isolated processes by bundling related configuration files, libraries and dependencies. But, collectively, multiple containers share a common operating system kernel (OS). In recent times, containerization technology has been widely adopted by cloud computing platforms like Amazon Web Services, Microsoft Azure, Google Cloud Platform, and IBM Cloud. Containerization has also been pursued by the U.S. Department of Defense as a way of more rapidly developing and fielding software updates, with first application in its F-22 air superiority fighter. == History == The concept of containerization in computing originated from early operating system–level isolation mechanisms. One of the earliest implementations was the chroot system call introduced in Version 7 Unix in 1979, which changed the apparent root directory for a process and its children, providing a basic form of filesystem isolation. In the early 2000s, more advanced forms of operating system–level virtualization were developed. FreeBSD introduced "jails" in 2000, which extended isolation by restricting processes to a subset of system resources. Around the same time, Solaris introduced "zones" (also known as Solaris Containers), providing similar capabilities with resource management and isolation features. Linux later incorporated comparable functionality through kernel features such as namespaces and control groups (cgroups), which enabled isolation of process IDs, network stacks, filesystems, and resource allocation. These features formed the foundation for Linux Containers (LXC), which provided a userspace interface for managing containers. The widespread adoption of containerization accelerated with the release of Docker in 2013, which introduced a standardized format for packaging applications and their dependencies, along with tooling for image distribution and container management. == Types of containers == OS containers Application containers == Security issues == Because of the shared OS, security threats can affect the whole containerized system. In containerized environments, security scanners generally protect the OS, but not the application containers, which adds unwanted vulnerability. == Container management, orchestration, clustering == Container orchestration or container management is mostly used in the context of application containers. Implementations providing such orchestration include Kubernetes and Docker swarm. == Container cluster management == Container clusters need to be managed. This includes functionality to create a cluster, to upgrade the software or repair it, balance the load between existing instances, scale by starting or stopping instances to adapt to the number of users, to log activities and monitor produced logs or the application itself by querying sensors. Open-source implementations of such software include OKD and Rancher. Quite a number of companies provide container cluster management as a managed service, like Alibaba, Amazon, Google, and Microsoft.
GITEX AI Europe
GITEX AI Europe is an annual technology trade show and conference held in Berlin, Germany, as part of GITEX GLOBAL. The event focuses on the European technology market, specifically in the sectors of artificial intelligence (AI), cybersecurity, quantum computing, and digital infrastructure. The event is organized by Kaoun International GmbH, the international arm of the Dubai World Trade Centre (DWTC), in partnership with Messe Berlin. == History == The establishment of GITEX AI Europe was announced in 2023 as part of a strategic move to bring the GITEX brand to the European market. The inaugural edition took place from May 21 to 23, 2025, at the Messe Berlin exhibition grounds. The launch was supported by the Berlin Senate and the German Federal Ministry for Economic Affairs and Climate Action. The first edition of GITEX AI Europe in 2025 featured 21,650 attendees, 1,434 exhibiting companies, and 755 startups, with 513 speakers representing 125 countries. The next edition is scheduled for June 30 – July 1, 2026 in Berlin. == Program == The event consists of an exhibition floor for corporate displays, several conference stages for keynote speeches, and specialized sub-events. The conference program includes tracks such as "AI Stack Sovereignty," "Cyber Regulation & Trust Convergence," and "Institutional Growth Capital." GITEX AI Europe incorporates brands under its umbrella: AI Everything Europe: Focused on the development and application of generative AI and machine learning. North Star Europe: A dedicated program for startups and venture capital, featuring the "Supernova Challenge" pitch competition. GISEC Europe: A cybersecurity forum discussing regulation and infrastructure defense. GITEX Quantum Expo: Focused on the commercialization of quantum computing. Institutional partners for the event include the German Federal Ministry for Economic Affairs and Climate Action, the European Innovation Council (EIC), the International Telecommunication Union (ITU), Bitkom, and Digital Dubai.