This week has been highlighted by multiple security events
What an incredibly busy week news wise. No matter where you are in your DevOps journey it’s very likely one of the major events this week affected you. I am in the process of fighting off a sinus infection too so this week was a lot to handle.
Department of Sane Workplaces
Unless you live under a rock I am almost certain you have heard about the insanity Susan J. Fowler went through during her time at Uber. This shit is #NotOkay, folks, period. If you proposition your coworkers, you are in the wrong. If you harass your coworkers, you are in the wrong. If you cover up sexual misconduct, workplace violence, or any other human resource issue in your organization, YOU ARE IN THE WRONG. I have said this a lot in the past year, I did not spend 11 years in the military so ignorant jerks can harass people. You can read the incredibly well written piece by Mike Isaac for an impartial point of view.
Department of Choice Concepts
Department of Data Defense
GitLab released all of their runbooks for public consumption. If you need to create documentation this is a good place to start.
Google’s Project Zero discovered a memory leak in a CloudFlare parser. This was a pretty gnarly leak. This summary from Mattias Geniar is spot on, “any site behind Cloudflare might have leaked info from other sites hosted behind Cloudflare. Even if your HTML was perfectly balanced and strict, your site might’ve become the victim of another site with imbalanced HTML tags that leaked your data.”
Google found a SHA1 collision so the already limping hash function is now, for all intents and purposes, dead. Unless you are Linus Torvalds who said, “I doubt the sky is falling for git as a source control management tool. Do we want to migrate to another hash? Yes. Is it ‘game over’ for SHA1 like people want to say? Probably not.”
Netflix open sourced Stethoscope this week. “Stethoscope is a web application that collects information for a given user’s devices and gives them clear and specific recommendations for securing their systems.”
Department of Next Year’s Old Tech
DevOps’ish One-Liner of the Week
I end up sending a lot of work through AWS SQS. This little one liner is handy for blasting more than one message into SQS:
while read N ; do echo $N ; aws send --region=us-east-1 /ACCT/QUEUE --message "$N" ; done < MESSAGES.txt
I'm Chris Short, 20+ veteran of the IT industry and 11 year veteran of the US Air Force. I help people and companies embrace DevOps practices and tools through writing and public speaking. I am a staunch advocate for transparency and open source solutions to problems.