The impact of the coronavirus hit the tech events industry hard this week. In a shocking move on Tuesday, O’Reilly announced it has immediately ceased all in-person events. To add insult to injury, O’Reilly laid off their entire events staff during a pandemic. To make matters worse, under US law, they’ll get only a week of health insurance benefits, meager support for COBRA (super expensive health insurance), and any severance is based solely on tenure. DevOps’ish is an O’Reilly community partner. I heard from the O’Reilly partner team this week that they were full steam ahead. I was slated to speak at the O’Reilly Infrastructure & Ops Conference in June). I haven’t heard a peep out of O’Reilly about what happens now. Tim O’Reilly mustered up this ’lipstick on a pig’ post, though, so we should all feel great about it, right? Guess what; I don’t.

People

The Hidden Vulnerabilities of Open Source Software
The increasing use of open source software in most commercial apps has revolutionized software development-but also created hidden vulnerabilities, say Frank Nagle and Jenny Hoffman.

That Discomfort You’re Feeling Is Grief
I know an article is a big deal when my wife says I should read it. “If we can name it, perhaps we can manage it.” An HBR interview with David Kessler.

14 Kubernetes interview questions: For hiring managers and job seekers
Filling Kubernetes jobs can be tricky because the technology is relatively young. Experts share interview questions to help hiring managers sort candidates - and help job seekers prepare

Former Linux Developer Hans Reiser To Remain Locked Up
I didn’t even realize this is what happened to ReiserFS. In other news, when you get 15 to life, don’t expect to be contributing to the kernel anytime soon. Also, never read the comments.

Microsoft staff giggle beneath the weight of a 52,000-person Reply-All email storm
We call these unsubsquirrels at Red Hat and they are generally hilarious. We even have a sticker.

Gresecurity maker finally coughs up $300k to foot open-source pioneer Bruce Perens’ legal bill in row over GPL
In other news, when you sue people because of their opinions, don’t get surprised when you’re forced to pay their legal fees.

What happens when the maintainer of a JS library downloaded 26m times a week goes to prison for killing someone with a motorbike? Core-js just found out
What will be the fate of an open-source project relied upon by so many?

Process

Things no one tells you when you start a newsletter
I took some of my notes and compared them with Gareth Rushgrove (Devops Weekly) and Mattias Geniar (cron.weekly) on what it’s like writing a tech-related newsletter. It’s very rewarding, but it is not trivial.

Elizabeth Warren’s Campaign Is Making Its Software Open Source
One good thing from this US election cycle is that more people in politics will understand open source.

Helping FOSS conferences in the face of a pandemic
“There are some resources listed on the web site, including organizations focused more widely on the problems that COVID-19 is bringing to our world (e.g. the World Health Organization response fund). There are also pointers to web pages covering virtual event organization and the mechanics of running an online event. The FOSS Responders web site makes it clear that many of the items posted there are simply meant as starting points; those with ideas are encouraged to get in touch with the project.”

Definitive Guide to AWS EKS Security - Download eBook
When using Amazon’s Elastic Kubernetes Service (EKS), you must understand which pieces of the security management role fall on you. AWS takes responsibility for securing their infrastructure and addressing security issues in their software. The customer must ensure the security of their own applications while correctly using the controls offered to protect their data and workloads. In this 42-page eBook, StackRox covers general EKS cluster security, including the standard controls and best practices for minimizing the risk around cluster workloads, as well as specific requirements for securing an EKS cluster and its associated infrastructure. SPONSORED

Zoom needs to clean up its privacy act
“A person whose personal data is being shed on Zoom doesn’t know that’s happening because Zoom doesn’t tell them. There’s no red light, like the one you see when a session is being recorded. If you were in a browser instead of an app, an extension such as Privacy Badger could tell you there are trackers sniffing your ass. And, if your browser is one that cares about privacy, such as Brave, Firefox or Safari, there’s a good chance it would be blocking trackers as well. But in the Zoom app, you can’t tell if or how your personal data is being harvested.”

Pentesting a banking FTP service
If you’ve ever had the joy of handling large businesses’ financial records, you know the pleasure of banking FTP servers. How these things are STILL running is just beyond my comprehension.

Tools

Kubernetes 1.18: Fit & Finish
Kubernetes 1.18 was released this week (after a slight delay). “Kubernetes 1.18 consists of 38 enhancements: 15 enhancements are moving to stable, 11 enhancements in beta, and 12 enhancements in alpha.” Thank you to all the contributors and especially the 1.18 release team!

Extended and Improved WebAssemblyHub to Bring the Power of WebAssembly to Envoy and Istio
“A place to build, publish, share, and deploy WebAssembly Envoy extensions”

Serverless Service Mesh with Knative and Linkerd
The Istio requirement has been dropped so you can use Linkerd with Knative now.

Using UBI images to minimize container vulnerabilities
“From a technical perspective, they are nearly identical to Red Hat Enterprise Linux images, which means they have great security, performance, and life cycles. They are released under a different End User License Agreement - It’s possible to build a containerized application using UBI, push it to any registry server, easily share it with others - and because it’s freely redistributable - even deploy it on non-Red Hat platforms.”

Knative Crowds out Other Serverless Software (and Other CNCF Survey Takeaways)
A different and in some ways, better take on the CNCF survey data.

Online Debug for AWS Lambda on your IDE!
Thundra allows you to natively debug your serverless applications on the cloud with their own permissions. Thundra’s online-debugger sets up a secure bridge between your AWS Lambda environment and your IDE. VSCode and IntelliJ IDEA are natively supported with plugins. For other IDEs, we provide a portable client to foster the integration with any IDEs. Start debugging Node.js, Python and Java functions for free today! SPONSORED

spanner.fyi
Bits of knowledge on Spanner from Jaana Dogan and the Cloud Spanner team at Google

Amazon’s Arm-based Graviton2 Against AMD and Intel: Comparing Cloud Compute
If you can cross-compile and run your code on ARM infrastructure, do it! You’ll save a ton of money.

darkbitio/mkit
“MKIT is a ‘Managed Kubernetes Inspection Tool’ that validates several common security-related configuration settings of managed Kubernetes cluster objects and the workloads/resources running inside the cluster.”

codingCoffee/fahclient
Dockerized Folding@home client with NVIDIA GPU support

DevOps’ish Tweet of the Week

Want more? Be sure to check out the notes from this week’s issue to see what didn’t make it to the newsletter.