Next week’s DevOps’ish (177) will be the last DevOps’ish for a while. I’m going to be putting DevOps’ish on a COVID-19 hiatus. A large part of making this newsletter is reading the news every day. Even with very heavy-handed filtering, the amount of data I read about the ongoing pandemic is far higher than one should be consuming. I’m pausing DevOps’ish because the news is hard to read these days. I’ll still be around. I’ve got something I’m pretty excited about in the works. Stay tuned on Twitter and chrishort.net for more info on that.
Sawfish phishing campaign targets GitHub users
“Over the last week, GitHub has received reports related to a phishing campaign targeting our customers. We’re publishing this blog to increase awareness of this ongoing threat.”
DevOps Chats: DevSecOps and OpenShift, with Red Hat
When Kirsten Newcomer speaks, I listen. “We’re seeing that shift left a lot, but then there’s all these other range of things that you should be doing and can be doing to build security into the platform. And so, when we saw pod security policies in Kubernetes, for example, that’s a way that the Kube admin can take advantage of the Linux features that enable container isolation at the Kubernetes layer and enforce things like ensure that a container doesn’t run with unnecessary privileges.”
Stop Making Students Use Eclipse
“When students don’t understand what a file is, or haven’t ever edited text in anything but Microsoft Word and don’t realize they can edit code outside of an IDE, they will not be able to do the crucial work of self-directed learning that is a hallmark of all computer science success.”
How Working Parents Can Support One Another
I know there are thousands of working parents juggling kids right now. Yes, Max is around most of the day, but we’re fortunate in that we’re a single-income household. If you’re working with folks that are tagging out of meetings and directly into parenting so their partner can do their meeting, please give them the advantage of every ounce of flexibility you have.
NASA’s Curiosity Keeps Rolling As Team Operates Rover From Home
If these folks can control a rover on another fucking planet while working from home, what’s your organization’s excuse? I’ve talked to four different doctors the past couple weeks and every, single one of them thinks we might have changed medicine forever at this point.
Is It Even Possible to Focus on Anything Right Now?
It’s not. Stop acting like we’re all okay.
Zero Day Initiative - CVE-2020-8835: Linux Kernel Privilege Escalation via Improper eBPF Program Verification
“This blog explains the technical details of an exploit using the Linux eBPF feature to achieve local privilege escalation. Due to the nature of the bug(s), which are rather subtle misbehaviors of a safety-critical feature called the “verifier”, some explanations about the inner workings of eBPF need to be provided first.”
SoftBank expects $24 billion in losses from Vision Fund, WeWork and OneWeb investments
Now we all have to figure out what definition of vision is the correct one for Vision Fund.
Online Workshop: Practical Steps to Reduce Your AWS Bill
Learn about practical steps you can take now to reduce your AWS bill. In this workshop, you’ll learn common causes of cloud waste, how to get cost visibility with proper tagging and account segmentation, and how to analyze your cost in the context of your business. Looking to get immediate visibility into your costs? Check out the only engineering-first cloud cost management tool and start a free trial at www.cloudzero.com. SPONSORED
Is BGP Safe Yet? No. But we are tracking it carefully
BGP will take a significant amount of work to become safe. The fact that as a 19-year old I could redirect a whole country’s network traffic on accident to a router I controlled (and things like that are still happening today) shows just how far we have to go with BGP.
Verizon will buy video conferencing company BlueJeans
I wonder if I should start taking my BlueJeans meetings over my Verizon connection.
‘Remote hands’ flub takes out much of Cloudflare
“During planned maintenance remote hands decommissioned some equipment that they shouldn’t have.” This has happened to me before.
Crafting Kubernetes Operators
“In this talk, you’ll learn about crafting Kubernetes Operators from Josh Wood and Burr Sutter.”
Git Releases Security Update With Newline Character Creating Possible Credential Leak
“A member of Google’s Project Zero team discovered that a specially crafted URL could trick the Git client into sending credential information for an alternative host to an attacker’s host.”
EKS vs. GKE vs. AKS - Comparing the top three cloud providers
Not all managed Kubernetes services are created the same. They support different features and options for their cluster control planes and nodes, and they vary in how much management they really provide. To help cut through the fog, StackRox performed a hands-on, side-by-side comparison of the top three services (EKS, AKS, GKE) to help you understand their current state and trade-offs - updated April 2020 SPONSORED
OpenTelemetry Steps up to Manage the Mayhem of Microservices
“Work continues to make OpenTelemetry the standard set of vendor-neutral specifications and associated tools for capturing cloud native operational data.”
The Good Parts of AWS
I bought this book to read after I finish The Unicorn Project (finally).
Fedora Silverblue is an amazing immutable desktop
Layers aren’t just for containers.
Online Debug for AWS Lambda on your IDE!
Thundra allows you to natively debug your serverless applications on the cloud with their own permissions. Thundra’s online-debugger sets up a secure bridge between your AWS Lambda environment and your IDE. VSCode and IntelliJ IDEA are natively supported with plugins. For other IDEs, we provide a portable client to foster the integration with any IDEs. Start debugging Node.js, Python and Java functions for free today! SPONSORED
“Bare-metal is awesome. Let’s share our favourite tools.”
“The best flat theme for Vim, Atom, Sublime Text, Jetbrains Editors, Terminal.app, iTerm, Xcode and XTerm” I switched to this theme in VSCode while writing this newsletter. I had to turn the brightness down on my monitor, that’s probably a good thing. So far, I like it.
DevOps’ish Tweet of the Week
If you're deploying to production by running "kubectl apply" from GitHub Actions against your publicly exposed Kubernetes API, that's not #GitOps, it's just an easy way to get hacked 💥— Stefan Prodan (@stefanprodan) April 11, 2020
Want more? Be sure to check out the notes from this week’s issue to see what didn’t make it to the newsletter.
Sponsor DevOps'ish and put your brand in front of thousands of highly skilled operators, maintainers, developers, and leaders from Amazon, Apple, Google, IBM, Intel, Microsoft, Red Hat, many of the Fortune 100, and beyond. Download the DevOps'ish Sponsorship Prospectus now!
Join the Conversation
Join the DevOps'ish group on Telegram for insight and in-depth discussions about real technical challenges facing real people. Also, join //devopsish for a stream of news and content throughout the week.