Is anything going on in the InfoSec arena this week? I couldn’t tell. If you have been under a rock this week I have some news for you. There are two vulnerabilities in CPU designs that essentially put everything we thought we knew about computer security on its head. Meltdown and Spectre are vulnerabilities affecting virtually all modern CPUs. I don’t think I could ever visualize a complete picture of all the vulnerable systems that are impacted. But, to put it in perspective, my first Windows PC was a used Dell something or other with a 486 DX2 66 MHz CPU I got back in 1995. If I still had it, I would not need to patch it. But, if you have a 120 MHz Intel Pentium CPU based system laying around, it’s impacted.
The blast radius of these vulnerabilities is massive. Considering that, I am making a new section of the newsletter this week dedicated to Meltdown and Spectre. The reason for this is twofold: 1) There’s so much information in this space it could be a newsletter edition all by itself. 2) You might have some fatigue from these vulnerabilities. I don’t want you to skip over other awesome things in the newsletter. Scroll down past Tools for the Meltdown and Spectre section. Stay vigilant, keep your eyes open for patches, and rest assured Linus is PISSED.
Two personal notes:
- I ran my first Kubernetes Community meeting this week (and it was awesome)! Kubernetes 1.10 is coming Wednesday, March 21st.
- I have some job news coming very soon so stay tuned to chrisshort.net.
GoCD — Open Source Continuous Delivery Server
GoCD is a continuous delivery tool supporting modern infrastructure with elastic on-demand agents and cloud deployments. With GoCD, you can easily model, orchestrate and visualize complex workflows from end to end. It’s open source, free to use and download. SPONSORED
This newsletter won't run without sponsors. Sponsor DevOps'ish and connect with thousands of motivated DevOps, cloud native, and open source professionals from across the globe.
Vincent Batts: An Open Source Career from KDE to OCI: Vincent is a friend, and an absolutely wonderful person. It’s awesome to see him get the recognition he deserves.
20 years of the Open Source Initiative (OSI): The ‘open source’ label itself was created at a strategy session held by members of the group that we now call the Open Source Initiative (OSI) on February 3rd, 1998 in Palo Alto, California USA.
Docker, Inc isn’t Dead: Dylan Stamat of iron.io responded to my Docker Inc is Dead story. I’m not quite sure Dylan’s response is outright disproving anything I wrote (it might actually reinforce it) but, it’s interesting to see opposing opinions.
The Limitations of Chaos Engineering: It’s evident that Chaos Engineering has become a technology trend, with more and more companies adopting it.
Selecting a Cloud Provider by Etsy
The DevOps Glossary: Whether you’re new to the world of DevOps or a seasoned guru looking to brush up on pesky terminology, look no further. This glossary covers some of the core definitions you and your team need to know.
Staging endpoint for ACME v2: The Let’s Encrypt wildcard certs are coming.
Get Started with Spinnaker on Kubernetes: A walkthrough on how to run Spinnaker on Minikube.
A Brief History of sed: Their story is interesting, not least because it can’t be told without mentioning many acknowledged giants of computer science. It’s especially interesting when you interpret it in the context of all the other emerging parts of the nascent UNIX ecosystem that were also in motion at the time.
kubernetes-incubator/kube-arbitrator: kube-arbitrator provides policy based resource sharing for a Kubernetes cluster.
samoshkin/docker-letsencrypt-certgen: Docker image allowing to generate, renew, revoke RSA and/or ECDSA SSL certificates from LetsEncrypt CA using certbot and acme.sh clients in automated fashion.
khenidak/dysk: Dysk mounts Azure disks as Linux block devices directly on VMs without dependency on the host. Dysks can be used within Azure VMs or on-prem machines.
alexellis/mine-with-docker: This repository contains Docker images that lets you get from zero to mining in around 5 minutes on any Linux host anywhere.
Meltdown and Spectre
A collection of Meltdown/Spectre postings via LWN.net
Addressing Meltdown and Spectre in the kernel via LWN.net
Why Raspberry Pi isn’t vulnerable to Spectre or Meltdown: “Both vulnerabilities exploit performance features (caching and speculative execution) common to many modern processors to leak data via a so-called side-channel attack. Happily, the Raspberry Pi isn’t susceptible to these vulnerabilities, because of the particular ARM cores that we use.”
Intel facing multiple class action suits over chip security flaw: As you can imagine, Linus is not the only one pissed about Meltdown and Spectre.
dig +short txt istheinternetonfire.com
DevOps’ish Tweet of the Week
— SwiftOnSecurity (@SwiftOnSecurity) January 4, 2018
I'm Chris Short, 20+ veteran of the IT industry and 11 year veteran of the US Air Force. I help people and companies embrace DevOps practices and tools through writing and public speaking. I am a staunch advocate for transparency and open source solutions to problems.