Will JavaScript type annotations kill TypeScript?
The creators of Svelte and Turbo 8 both dropped TS recently saying that "it's not worth it".
Yes: If JavaScript gets type annotations then there's no reason for TypeScript to exist.
No: TypeScript remains the best language for structuring large enterprise applications.
TBD: The existing user base and its corpensource owner means that TypeScript isn’t likely to reach EOL without a putting up a fight.
I hope they both die. I mean, if you really need strong types in the browser then you could leverage WASM and use a real programming language.
I don’t know and I don’t care.
DevOps / Security

SaltStack Expands into Security Compliance Scanning and Remediation

Sep 12th, 2018 9:13am by
Featued image for: SaltStack Expands into Security Compliance Scanning and Remediation
Feature image: SaltStack’s Alex Peay, kicking off SaltConf2018.

SaltStack wants to save operations folk from “audit hell.”

A new feature of the company’s flagship configuration management software Saltstack Enterprise will include capabilities for auditing and instant remediation of configuration errors and vulnerabilities.

SaltStack debuted SaltStack SecOps, which will become generally available early next year, at the company’s annual user conference, SaltConf18, being held in Salt Lake City this week.

The feature came about as a result of getting a lot of questions from users about how to extend the Salt configuration management software to also encompass security, noted Alex Peay, SaltStack vice president of product.

An increasing number of organizations have been using scanning assessment tools from security providers. Such tools typically can scan a set of machines to ensure they are configured correctly, and issue a report listing the machines that failed the audit, and what the specific issues are. An incorrectly configured machine can offer malicious attackers and entry point to do damage.

“We approach this problem differently than all the other assessment tools out there,” Peay said, noting that it takes advantage of Salt’s complex targeting capabilities to offer a fully automated discovery and instant remediation service, a first for both configuration management and security compliance software.

While existing services from the security companies can help in meeting external or internal security and compliance requirements, they pose a challenge for operations teams, who must fix the troubled computers after a scan and rerun the scan, Peay explained. Sometimes the machine can be fixed through a tool such as SaltStack’s, or by manual scripts. But the task of moving the list of issues into a remediation process is a manual — and time-consuming — one.

“It leads to a lot of late nights and weekends,” said Peay. And for an organization moving to an automated DevOps process, remediation can be a serious bottleneck.

SaltStack automates the process of discovery and remediation. The software can check thousands of machines, and, if configuration errors are found, immediately fix them. Or, it can generate a report, allowing the administrator to set a time to fix them (during off-hours, for instance).

Initially, SaltStack will use desired configuration settings from the Center for Information Security (CIS), the U.S. Defense Information Agency’s Security Technical Implementation Guides (DISA STIGS), and the National Institute of Standards and Technology (NIST). Such guides have thousands of checks for operating systems, ranging from shutting down a telnet port to defining settings that guide user access permissions. Users can also define their own checks, and use a mixture of external and internal compliance checklists.

Such a remediation service can be easily executed by Salt Minions, the agents installed on each Salt-controlled machine. The service will initially support most widely used Linux and Unix distributions, as well as recent editions of Windows. The configurations will be managed in-house and kept on a public repository (likely GitHub).

Initially, SaltStack SecOps will focus on configuration settings, though over time it may include other security needs, such as patch management and vulnerability remediation, Peay said.

Group Created with Sketch.
TNS owner Insight Partners is an investor in: The New Stack.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.