DevOps'ish

DevOps, Cloud Native, Open Source, and the ‘ish in between.

It's a Patty Melt. Get it?
patty melt by Dale Cruse

057: The Spectre of Meltdown, 20 Years of Open Source, Docker Deathwatch, Kubernetes…

Is anything going on in the InfoSec arena this week? I couldn’t tell. If you have been under a rock this week I have some news for you. There are two vulnerabilities in CPU designs that essentially put everything we thought we knew about computer security on its head. Meltdown and Spectre are vulnerabilities affecting virtually all modern CPUs. I don’t think I could ever visualize a complete picture of all the vulnerable systems that are impacted. But, to put it in perspective, my first Windows PC was a used Dell something or other with a 486 DX2 66 MHz CPU I got back in 1995. If I still had it, I would not need to patch it. But, if you have a 120 MHz Intel Pentium CPU based system laying around, it’s impacted.

The blast radius of these vulnerabilities is massive. Considering that, I am making a new section of the newsletter this week dedicated to Meltdown and Spectre. The reason for this is twofold: 1) There’s so much information in this space it could be a newsletter edition all by itself. 2) You might have some fatigue from these vulnerabilities. I don’t want you to skip over other awesome things in the newsletter. Scroll down past Tools for the Meltdown and Spectre section. Stay vigilant, keep your eyes open for patches, and rest assured Linus is PISSED.

Two personal notes: 1. I ran my first Kubernetes Community meeting this week (and it was awesome)! Kubernetes 1.10 is coming Wednesday, March 21st. 2. I have some job news coming very soon so stay tuned to chrisshort.net.

GoCD — Open Source Continuous Delivery Server
GoCD is a continuous delivery tool supporting modern infrastructure with elastic on-demand agents and cloud deployments. With GoCD, you can easily model, orchestrate and visualize complex workflows from end to end. It’s open source, free to use and download. SPONSORED

People

Vincent Batts: An Open Source Career from KDE to OCI: Vincent is a friend, and an absolutely wonderful person. It’s awesome to see him get the recognition he deserves.

20 years of the Open Source Initiative (OSI): The ‘open source’ label itself was created at a strategy session held by members of the group that we now call the Open Source Initiative (OSI) on February 3rd, 1998 in Palo Alto, California USA.

What Would Really Happen If Russia Attacked Undersea Internet Cables

How and why we teach non-engineers to use GitHub at Thread

Taking the Certified Kubernetes Administrator Exam

Top 21 conferences for DevOps and sysadmins in 2018

What I learned in 2017 Writing Go

“Oh My God, This Is So F — -ed Up”: Inside Silicon Valley’s Secretive, Orgiastic Dark Side

2017 SRE & DevOps Influencers

Process

Docker, Inc isn’t Dead: Dylan Stamat of iron.io responded to my Docker Inc is Dead story. I’m not quite sure Dylan’s response is outright disproving anything I wrote (it might actually reinforce it) but, it’s interesting to see opposing opinions.

The evolution of Fastly’s Open Source and Nonprofit Program: supporting an ethical and open internet

The Limitations of Chaos Engineering: It’s evident that Chaos Engineering has become a technology trend, with more and more companies adopting it.

Creative ways to encourage the integration of DevOps processes

Selecting a Cloud Provider by Etsy

The future of DevOps is mastery of multi-cloud environments

It’s 2018 and your Docker containers need to be secure

Tools

The DevOps Glossary: Whether you’re new to the world of DevOps or a seasoned guru looking to brush up on pesky terminology, look no further. This glossary covers some of the core definitions you and your team need to know.

Staging endpoint for ACME v2: The Let’s Encrypt wildcard certs are coming.

7 systems engineering and operations trends to watch in 2018

9 New Programming Languages To Learn In 2018

Top 5: Best of 2017, the future of DevOps, and more

Get Started with Spinnaker on Kubernetes: A walkthrough on how to run Spinnaker on Minikube.

A Brief History of sed: Their story is interesting, not least because it can’t be told without mentioning many acknowledged giants of computer science. It’s especially interesting when you interpret it in the context of all the other emerging parts of the nascent UNIX ecosystem that were also in motion at the time.

Kubernetes, OpenShift build hybrid cloud outside Silicon Valley

These Kubernetes developments make the platform ripe to explode in 2018

kubernetes-incubator/kube-arbitrator: kube-arbitrator provides policy based resource sharing for a Kubernetes cluster.

samoshkin/docker-letsencrypt-certgen: Docker image allowing to generate, renew, revoke RSA and/or ECDSA SSL certificates from LetsEncrypt CA using certbot and acme.sh clients in automated fashion.

khenidak/dysk: Dysk mounts Azure disks as Linux block devices directly on VMs without dependency on the host. Dysks can be used within Azure VMs or on-prem machines.

alexellis/mine-with-docker: This repository contains Docker images that lets you get from zero to mining in around 5 minutes on any Linux host anywhere.

Meltdown and Spectre

Intel’s CEO reportedly sold shares after the company already knew about massive security flaws

Nearly Every Computer Made Since 1995 Is Dangerously Flawed. Here’s What You Need to Know. (I tech reviewed this article before it was published)

“Meltdown” and “Spectre”: Every modern processor has unfixable security flaws

Apple Says All Macs, iPhones and iPads Exposed to Chip Security Flaws

An Update on AMD Processor Security

Arm Processor Security Update

Processor Speculative Execution Research Disclosure via AWS

A collection of Meltdown/Spectre postings via LWN.net

Addressing Meltdown and Spectre in the kernel via LWN.net

Guide to Meltdown / Spectre CPU Vulnerabilities via Packet

Why Raspberry Pi isn’t vulnerable to Spectre or Meltdown: “Both vulnerabilities exploit performance features (caching and speculative execution) common to many modern processors to leak data via a so-called side-channel attack. Happily, the Raspberry Pi isn’t susceptible to these vulnerabilities, because of the particular ARM cores that we use.”

How a researcher hacked his own computer and found ‘worst’ chip flaw

Intel Issues Updates to Protect Systems from Security Exploits

Mitigations landing for new class of timing attack via Mozilla

Initial Benchmarks Of The Performance Impact Resulting From Linux’s x86 Security Changes

Intel facing multiple class action suits over chip security flaw: As you can imagine, Linus is not the only one pissed about Meltdown and Spectre.

Why Intel x86 must die: Our cloud-centric future depends on open source chips

Speculative Execution Exploit Performance Impacts — Describing the performance impacts to security patches for CVE-2017–5754 CVE-2017–5753 and CVE-2017–5715

dig +short txt istheinternetonfire.com

Tweet of the Week

whoami

I’m Chris Short, 20+ year veteran of the IT industry and 11 year veteran of the US Air Force. I help people and companies embrace DevOps practices and tools through writing and public speaking. I am a staunch advocate for transparency and open source solutions to problems. Follow me on Twitter!


Share