This being a holiday break my intros will probably be a little bit shorter than normal. “More punchy” as my first boss at Red Hat would say. Let’s start with the thing with an ever-increasing blast radius: Solarwinds.
Solarwinds Supply Chain Compromise
For the record, Reuters has been all over this coverage wise. I can’t do them justice. This story has been evolving so rapidly that by the time I hit send, my coverage will be incomplete. Everything from Russian hackers to insider trading to putting a global sinkhole in place for the command and control (C2) domain.
This is a truly terrifying compromise at a company I genuinely enjoyed working for in the past. No, I never touched the Orion product while I worked there. Perhaps I should have. But, over the years, I’ve been in contact with more places than I can count that use Solarwinds Orion. It really is everywhere that has a big enough footprint to justify it. Governments included. This might turn out to be bigger than the OPM hack when the dust settles. I decided to build an Index page to provide continuing coverage of the Solarwinds supply chain compromise. When in doubt, go to this page for vetted info.
There’s already a lot of coverage and it will continue to grow. Here’s where you the reader can help round out the coverage. Feel free to add missing links yourself (and help me enjoy my downtime a little more); pull requests welcome or you can e-mail or DM me on Twitter.
DevOps’ish is brought to you by Accurics
People
Use OKRs to Set Goals for Teams, Not Individuals
This drove me a little batty at one employer. Now I at least no why. “Setting individual OKRs generally leads to goals that are either not true indications of meaningful progress or that are easily gameable. Instead, individual contributors should be assessed based on the extent to which their work contributes to team goals that add real value to the company and its customers.”
State of Women in Tech Report 2020
Women Who Tech’s annual report shows that half of women founders have been harassed in the past twelve months; 41% of that harassment was sexual harassment. “Nearly 50% of women founders were told they would raise more money if they were a man.” Additionally, “Women in tech aren’t reporting the harassment they experience to senior leadership at the same rate as they have previously.” WOMEN DESERVE BETTER! Forward this to a scumbag you know. Tell them you expect better. The only way we stop this vile and insane behavior is by having people that look like the scumbags standing up against them. They’re bullies and criminals, they should be treated and dealt with as such. I’m tired of this shit and I’m pulling cards in 2021, believe that.
Device and data access when personal safety is at risk
Apple’s 20-page guide to protecting yourself. “If you’re concerned that someone is accessing information you did not share from your Apple device, this guide will also help you identify risks, and walk you through the steps to help make the technology you rely on as private and secure as you want it to be.”
China-Based Executive at U.S. Telecommunications Company Charged with Disrupting Video Meetings Commemorating Tiananmen Square Massacre
This is super shady behavior. Xinjiang Jin no longer works at Zoom now.
Why Capable People Are Reluctant to Lead
I don’t want to lead folks right now for a variety of reasons. Mainly because the last time I managed people I was brought in to help transform an org, which to leadership, meant to be an ax. I don’t roll like that. It’s on the list of things I need to tackle through therapy, to be honest. As a matter of fact, that job likely led to an acceleration of a decline in my mental health. Leadership is brutal in some orgs.
Retail Sales Fell More Than Expected as Spending Slowed
I foresee a tougher economy ahead. A lot tougher as our change in behavior due to COVID-19 changes a number of spending habit changes across the world. The US administration could do something about it to help, but I do not think what is being kicked around in Congress is going to help anything long term.
Process
Download today: Kubernetes security ebook - tips, tricks, best practices
The rapid adoption of Kubernetes to manage containerized workloads is driving great efficiencies in application development, deployment, and scalability. However, when security becomes an afterthought, you risk diminishing the greatest gain of containerization - agility. Download this ebook to learn how to (1) build secure images and prevent untrusted/vulnerable code, (2) configure RBAC, network policies, and runtime privileges, (3) detect unauthorized runtime activity, and (4) secure your Kubernetes infrastructure components such as the API server. SPONSORED
nixcraft’s NET4 India Debacle
NET4 India sounds like an awful registrar. Now they’re out of business with their director in prison for fraud. Hundreds of thousands of domains now remain in limbo. The good news is, Nixi permits Net4India domain name customers to shift to other registrars
Boeing ‘inappropriately coached’ pilots in 737 MAX testing: U.S. Senate report
“The committee concluded Federal Aviation Administration (FAA) and Boeing officials ‘had established a pre-determined outcome to reaffirm a long-held human factor assumption related to pilot reaction time … It appears, in this instance, FAA and Boeing were attempting to cover up important information that may have contributed to the 737 MAX tragedies.’” My God…
Google Cloud Status Dashboard
“On Monday 14 December, 2020, for a duration of 47 minutes, customer-facing Google services that required Google OAuth access were unavailable. Cloud Service accounts used by GCP workloads were not impacted and continued to function. We apologize to our customers whose services or businesses were impacted during this incident, and we are taking immediate steps to improve the platform’s performance and availability.” A fascinating read into how Google accidentally broke things.
Update: Discord confirms raising $100M at a valuation of $7B
Discord is the new Slack.
[2012.06884] AIR-FI: Generating Covert Wi-Fi Signals from Air-Gapped Computers
Oh, this is good and terrifying. Researchers have figured out a way to turn the memory bus into a Wi-Fi transmitter. “Our evaluation shows that data can be exfiltrated from air-gapped computers to nearby Wi-Fi receivers located a distance of several meters away.”
CKS Certification Study Guide: Cluster Setup in Kubernetes
“As we dive into studying for the Certified Kubernetes Security Specialist (CKS) program, make sure to understand the test and its structure. A full blog details the Cloud Native Computing Foundation’s (CNCF) announcement about the CKS and its exam structure.”
Tools
Kubernetes is Removing Docker Support, Kubernetes is Not Removing Docker Support
Fellow Red Hatter, Scott McCarty, covers why Docker is so damn confusing to folks in detail and how to manage things going forward. Josh Berkus sums it up well in this tweet, “The fact that the term ‘docker’ refers to a CLI, a server, a container runtime, a container building tool, and an online container host has never not been confusing.”
We need your voice!
In partnership with the team at ClearPath Strategies, Honeycomb.io is collecting insights for changes in software development and operation practices across our industry. How do you see the world and what your team is doing?
Take the survey for a chance to win $500 from Apple, HelloFresh, or Fender. SPONSORED
An Alternate AltaVista Search Engine History Lesson For Internet Nerds
“How AltaVista, our first good search engine, fell into the digital abyss”
How Shopify Uses WebAssembly Outside of the Browser
“We wrap Lucet within a Rust web service which manages the I/O and storage of modules, which we call the Wasm Engine.”
Commits are snapshots, not diffs
“I believe that Git becomes understandable if we peel back the curtain and look at how Git stores your repository data. After we investigate this model, we’ll explore how this new perspective helps us understand commands like git cherry-pick and git rebase.”
Go on ARM and Beyond
ARM is the future. You can run Kubernetes on Raspberry Pis thanks largely to Go’s early embrace of non-x86 architectures. “In the past year, several major vendors have made announcements of new ARM64 hardware for servers, laptops and developer machines. Go was well-positioned for this. For years now, Go has been powering Docker, Kubernetes, and the rest of the Go ecosystem on ARM64 Linux servers, as well as mobile apps on ARM64 Android and iOS devices.”
Deploying to OpenShift using GitHub Actions
“The OpenShift starter workflow uses the Red Hat GitHub Actions to help you get an application up and running by providing a workflow that automatically builds and deploys your application.” This is a viable starting point on your GitOps journey. Perhaps this route will be easier to embrace at first than ArgoCD and Flux. I’m going to be kicking the tires on some of these soon enough. Stay tuned to OpenShift.tv in 2021 for a GitOps Happy Hour on this topic.
A Windows Guy in a Linux World: VS Code and Remote SSH
“Welcome to the final installment of A Windows Guy in a Linux World blog post series where you’ll learn to use VS Code to connect to a remote SSH host. If you have been following along with the series, by now you should already have all of the tools and knowledge to start remotely managing your Linux machines (including editing files).”
Effective Linux & Bash for Data Scientists
“In November 2020, DAGsHub gave a series of guest lectures to the excellent Y-DATA course for aspiring data scientists, which we would now like to share with whoever finds it useful, in blog form!”
martinvonz/jj
Jujube (an experimental VCS)
external-secrets/kubernetes-external-secrets
Integrate external secret management systems with Kubernetes
timescale/tobs
The Observability Stack for Kubernetes. Easy install of a full observability stack into a k8s cluster with a CLI tool or Helm charts.
upptime/upptime
Uptime monitor and status page powered by GitHub
k8spin/k8spin-operator
K8Spin multi-tenant operator
DevOps’ish Tweet of the Week
Want more? Be sure to check out the notes from this week’s issue to see what didn’t make it to the newsletter.