DevOps'ish

DevOps, Cloud Native, Hybrid Cloud, Open Source, industry news, and the ‘ish between.

158: Guinevere Saenger on Kubernetes 1.17 release, devs as a new soft target, need for a college degree, htop, CRDs, Istio, and more

The year 2019 is winding down. This is the time of year I reflect on the past 365 days. I feel a few themes that are predominant but, I’m looking forward “for the next thing” and it’s still Kubernetes and the cloud native ecosystem. This is why I think Kubernetes will become the standard cloud APIs that we all build on in the future. I look at Linux and how it has become table stakes these days. I look at Ansible and see that organizations are using either Ansible or a very similar tool. Seeing application deployment and infrastructure as code as more of the norm than the exception is great! Then there’s Kubernetes. The tool providing a consistent, repeatable, and extensible functionality to every cloud provider. While cloud providers’ lack of interoperability by design attempts to lock folks in (there’s plenty here for everyone, AWS), Kubernetes is there making hybrid solutions possible. I see organizations using it to provide the right blend of on-premises and cloud resource use. I see folks using it for data science to make sure their models run to completion. I see folks building mountains of Raspberry Pi Kubernetes clusters to learn it. Kubernetes is becoming a standard API set folks are starting to expect to exist in data centers and clouds. When I look for what’s next in technology, I generally look for pain points. Kubernetes is solving some pain points and working on improving others with every release. Linux lowered the barrier to quality operating systems. Kubernetes is pushing infrastructure to be API driven. This is what we’ve wanted for years. It’s not perfect but, the future is now.

Calling all DevOps Advocates
Does the idea of helping software professionals build and deploy modern cloud software faster and more collaboratively excite you? Pulumi is looking for a passionate Developer Advocate to build a community outreach program that will help devs and ops folks build innovative cloud software together using their open source infrastructure as code platform. Join the team today! SPONSORED

X-Team is Hiring Go developers with strong AWS skills (Remote)
We are looking for passionate Go developers with strong AWS skills to work with the world’s leading brands, from anywhere. We love to work with Kubernetes, Docker, Serverless, and AWS tools. Travel the world while being part of the most energizing community of developers. We provide the funding needed to help you achieve your goals and grow as a remote developer. Join X-Team! SPONSORED

Events

DeliveryConf
Seattle, WA
January 21-22, 2020
DELIVERY|CONF 2020 is being held to give people a place to get deeper technical information about Continuous Integration (CI) and Continuous Delivery (CD). Our goal isn’t to just tell you to “do the technical thing”; it is to show you real world examples of how others have done it. DELIVERY|CONF 2020 is a not-for-profit event being created by an all-volunteer team with many years of experience both in the technology and with creating conferences.

People

Malicious attackers are zeroing in on developers for their next big score — This has always been a concern of mine. One of my projects early on after getting out of the Air Force was to conduct an educational wake-up call to my company. I setup sptoolkit on the old, old Red Hat OpenShift (the one with cartridges; way before I worked there). This gave me legitimately signed TLS keys on a Red Hat domain. From here I could host a very fake but functional login page for login boxes from Google, Box, Microsoft, and Yahoo. The email was carefully crafted to look suspicious as hell to those that were security-minded already. I made sure one last time everyone in my section was aware of the number of folks we were targeting and whom we weren’t for political reasons. After a final confirmation the op was a go. Upon launching the attack my phone rang, “Chris, did you see this email that just came out?” I said I was looking into it. Instead, I watched the numbers pile up as folks clicked bad links, took another step to log in, and were surprised to be followed by materials that would help them to prevent such attacks for succeeding in the future. No one in the administrative and HR roles in the org ended up getting phished. However, the entire dev team did. If the attack were real, we would have been dealing with compromised credentials to core business applications. Developers are a weak link in the defense-in-depth strategy because they’re humans like the rest of us. But, the implications are greater because of the trust given to engineers over business-critical systems. These people must be hyper-vigilant when it comes to their credential safety.

Do I need a college degree to be a sysadmin? — No. I was a sysadmin and ran day-to-day operations for an internet service provider while I was still in high school. You don’t need a degree in this. But, you definitely need to be really comfortable reading RFCs and figuring things out on your own.

Former Oracle product manager says he was forced out for refusing to deceive customers. Now he’s suing the biz — “For a civil RICO claim to succeed, the plaintiff must show that the defendant committed one of the crimes covered by the statute, such as mail fraud or wire fraud.”

The Rise Of Open-Source Software (YouTube) — ”Open-source software powers nearly all the world’s major companies. This software is freely available, and is developed collaboratively, maintained by a broad network that includes everyone from unpaid volunteers to employees at competing tech companies. Here’s how giving away software for free has proven to be a viable business model.”

Maersk CISO Says NotPeyta Devastated Several Unnamed US firms — “At least two companies may have been dealt even more damage than the shipping giant, which lost nearly its entire global IT infrastructure.”

When You Work in a Male-Dominated Industry — “Research shows that even well-meaning mentors direct female engineers into less technical, less valued roles. It’s no wonder so many women end up leaving the industry. We talk to a professor and two students at Olin College of Engineering about their experiences working among mostly men, what it means to “play nice,” and how male colleagues can help (listen!).”

Google under investigation from NLRB — ”The U.S. National Labor Relations Board has begun an official investigation into Google after the recent firing of four employees.”

High-tech job growth concentrated in just 5 cities, driving ‘national inequality,’ report finds — Gravity matters. Detroit has a chance to become a Raleigh or even one of these cities. But, when you look at some of the challenges the high-tech hubs have and the ones Detroit is facing, there are many lessons Detroit will have to learn earlier in its transformation. This will likely lead to better outcomes for its citizens than those of San Francisco, Seattle, and Austin. That’s my hope at least.

Process

FAQ for December 2019 TOC Nominations — This process got really confusing. Thank you for this, Amye.

Introduction to DevSecOps by John Willis — ”Why traditional DevOps has shifted and what this shift means. How DevSecOps can change the game for your team. How to get DevSecOps initiatives started within your organization.”

Number-crunchers set new record for cracking online encryption keys — “A new record has been set for the largest encryption key ever cracked – but your secrets should be safe for now.”

We Need To Save .ORG From Arbitrary Censorship By Halting the Private Equity Buy-Out — “EFF has joined with over 250 respected nonprofits to oppose the sale of Public Interest Registry, the (currently) nonprofit entity that operates the .ORG domain, to Ethos Capital.”

Snyk’s Gareth Rushgrove on How Visibility Is Driving Security — I always enjoy reading things about my friends are doing. Snyk is up to some cool things.

What Aircraft Crews Know About Managing High-Pressure Situations — ”Debris from the exploded engine hit the left wing, destroying a number of electrical and hydraulic lines. Thereafter, several essential aircraft control systems failed. Over the next harrowing two hours, the pilots flew in a holding pattern…”

Intel Unveils Cryogenic Chip To Speed Quantum Computing — ”Horse Ridge cryogenic control chip will let Intel increase the number of qubits”

Agile project management: 4 lessons learned this year — ”Eighteen years after the publishing of the Agile Manifesto, how do its principles hold up? Pretty well. But we’ve also learned some new lessons for agile teams”

Red Hat Wins 2019 Ford IT Innovation Award — This is a significant award to me. Ford is the automaker I’ve driven since 2003. Kubernetes is a project I’ve worked on since 2016. Red Hat is the company I’ve worked at for a year and a half. OpenShift is a product I’ve worked on since this summer. It’s really cool to see all this in one place.

9 of the biggest open source stories in 2019

Tools

Kubernetes 1.17

SSH to remote hosts though a proxy or bastion with ProxyJump — I love me some SSH ProxyJump.

similarweb/finala — A resource cloud scanner that analyzes and reports about wasteful and unused resources to cut unwanted expenses.

CRD in Kubernetes: Powerful boost for an already powerful platform — Everyone can create APIs with CRDs, literally everyone. That’s why CRDs exploded into the Kubernetes scene this year.

Reducing Istio proxy resource consumption with outbound traffic restrictions — Istio is a beast. There are lighter-weight tools out there, like Linkerd, that might better fit your needs. But, the industry has put a lot of weight behind Istio for large scale use cases. Naturally, folks want to learn Istio. Step one: it’s a resource hog, be ready.

Running Cassandra in Kubernetes: challenges and solutions

Linux process management improved with htop — I keep running into people who haven’t heard of htop somehow.

kyma-project/rafter — Kubernetes-native S3-like files/assets store based on CRDs and powered by MinIO

Istio finds pair of critical vulnerabilities, issues trio of updates — Patch your meshes

How to Export Kubernetes Events for Observability and Alerting — ”A hidden gem in Kubernetes might be holding a lot of information”

How to test and validate DNSSEC using dig command line — This is new enough technology that I haven’t memorized this yet but, definitely run into more frequently.

Tweet of the Week


Sponsor DevOps'ish and put your brand in front of thousands of highly skilled operators, maintainers, developers, and leaders from Amazon, Apple, Google, IBM, Intel, Microsoft, Red Hat, many of the Fortune 100, and beyond. Download the DevOps'ish Sponsorship Prospectus now!


Join the Conversation

Join the DevOps'ish group on Telegram for insight and in-depth discussions about real technical challenges facing real people. Also, join //devopsish for a stream of news and content throughout the week.


Share