In a first, there are two DevOps’ish Indexes in flight right now. I did not want this day to ever happen but here we are. Solarwinds and Microsoft both have their hands full. DevOps’ish has your back. Here’s all the data points for both incidents so far.
- NEW DevOps’ish Microsoft Exchange Hafnium Compromise Index
- DevOps’ish Solarwinds supply chain compromise Index
What a time to be alive.
Also, DevOps’ish is 101 subscribers from officially passing the 5,000 subscribers mark. This is a critical point in a newsletter’s life. I’d be very appreciative if you forwarded this to a friend, tweeted about the newsletter, or posted something on LinkedIn. Thank you!
Allan McDonald, Who Refused To Approve Shuttle Challenger Launch, Dead At 83
“His job was to sign and submit an official form. Sign the form, he believed, and he’d risk the lives of the seven astronauts set to board the spacecraft the next morning. Refuse to sign, and he’d risk his job, his career and the good life he’d built for his wife and four children.
‘And I made the smartest decision I ever made in my lifetime,’ McDonald told me. ‘I refused to sign it. I just thought we were taking risks we shouldn’t be taking.’”
dhcpcd will need a new maintainer
“I have been dealing with cancer for some time and sadly the treatment has not worked. My life expentancy is now fairly short.” I’m deeply saddened to read this news.
Go beyond observability hype and get into the specifics of what it means to have Observability for Developers. Which data is actually useful to gather? How should you approach front-end services differently? What should you log and how? We show you what matters.
Ready to try it? Sign up for free. Stop guessing and start knowing with Honeycomb. SPONSORED
The DevRel Path to Success: Awareness, Enablement, Engagement
“In order for a technical individual to succeed with your product, they need to be confident that they have the ability to use your product, or at least the confidence that they can find the resources which will make them successful.”
Antiracist Economist Kim Crayton on How to Beat the Systemic Racism of IT
“Crayton taught Antiracism 101. Now, this coach of tech leaders is focused on building out an ecosystem based on acknowledging and revolutionizing around four guiding principles:
- Tech is not neutral. Nor is it apolitical.
- Intention without strategy is chaos.
- Lack of inclusion is a risk and crisis management issue.
- Prioritize the most vulnerable.”
Pandemic Has Devastating Effect on Women in the Workforce on Cheddar
“The pandemic has had a devastating effect on jobs in the U.S., but no one was impacted as much as women. According to the U.S. Bureau of Labor Statistics, nearly 3 million women have left the workforce in the last year. Stephanie Heath, Founder & CEO of Soul Work & Six Figures, joined Cheddar to discuss.”
Google advised mental health care when workers complained about racism and sexism
Google approach to HBCUs may account for Silicon Valley’s lack of Black engineers
“‘Google allocated resources so disparagingly because of how they tiered — and thought of — our schools,’ said former recruiter April Christina Curley, who helped lead Google’s outreach to HBCUs for six years. Curley, who is Black, said she was fired in September largely as a result of continually raising concerns about bias against HBCU students in the interview and hiring process.”
The technical interview practice gap, and how it keeps underrepresented groups out of software engineering
“I won’t name any specific companies here, but tech giants (many with good intentions and with marching orders to boost their diversity numbers) often do a considerable amount of outreach and pre-interview engagement with candidates from underrepresented backgrounds. This outreach is usually an info session where one engineer speaks to a virtual room of candidates from underrepresented backgrounds. The engineer tells them what to expect in technical interviews, encourages them to learn how to articulate their thought process out loud while solving a problem, and recommends resources like Cracking the Coding Interview. Some companies even go so far as to offer their underrepresented candidates a mock interview or two.
Unfortunately, for candidates who are unfamiliar with the process, neither of these interventions is nearly enough.”
OVH founder says UPS fixed up day before blaze is early suspect as source of data centre destruction
What a disaster. It takes things to a whole other when the CEO retweets out to activate your disaster recovery plans, you know things are really bad.
Never wait for a staging environment again 👩💻🧑💻👨💻👩💻
Do you find that your engineers spend too much time creating and maintaining staging environments and yet, there never seems to be enough environments to go around? A shortage of environments is a top driver of low developer productivity and often impacts an engineering team’s ability to ship features on time. With Release, you can get a full instance of your app with all of its services with every pull request. You’ll never have to wait around for staging environments again. 💡 Get started now 💡 SPONSORED
Google Online Security Blog: A Spectre proof-of-concept for a Spectre-proof web
A look inside the KubeCon + CloudNativeCon schedule selection process
“As part of our commitment to transparency within the cloud native community, we are providing an inside look into the work that goes on behind the scenes to bring the KubeCon + CloudNativeCon schedule to life. Note that every conference we put together has a post-event conference transparency report that includes a lot of the information we cover below. We are committed to improving the process after every conference.”
Zapier’s CEO Reveals How His Automation Startup Reached A $5 Billion Valuation Without Jumping On The VC ‘Hamster Wheel’
“Foster prefers thinking about his customers, he says: museum tour guides, Etsy sellers and coffee shop owners who don’t have time to follow the latest buzzword on tech twitter, or whom VCs have anointed the next big thing.”
Researchers Discover Intel CPU Ring Interconnects Vulnerable To Side Channel Attack
Can we actually trust anything on an Intel system anymore? I welcome the recent growth of ARM and RISC-V based chips. Not that it’s better, but because I hope their cultures are better.
Critics fume after Github removes exploit code for Exchange vulnerabilities
“Microsoft-owned Github pulls down proof-of-concept code posted by researcher.” Given the breadth and damage that could be caused, I agree with this decision.
Daylight Saving Time: Senators once again introduce a bill, Sunshine Protection Act, to make DST permanent
STOP THE MADNESS!!!
git: malicious repositories can execute remote code while cloning
Patch all the git packages.
[Free Book] Definitive Guide to Feature Management.
Ship Fast. Rest Easy LaunchDarkly. SPONSORED
Rust vs. Go: Why They’re Better Together
“While others may see Rust and Go as competitive programming languages, neither the Rust nor the Go teams do.”
Amazon’s AWS 15 year anniversary; S3’s cloud revolution
Amazon’s first real web service brought us everything from Pinterest to coronavirus vaccines. Fifteen years later, insiders tell Protocol how it grew to store 100 trillion objects.
Klustered (Part IV)
“Klustered is a series of live streams in which myself and a guest join forces to fix “broken” Kubernetes clusters … on the clock.
These clusters are broken by members of the Kubernetes community.”
Open Source solutions for chaos engineering in Kubernetes
“Chaos engineering for Kubernetes gets more and more popular, and rightly so: after all, K8s was designed with the ideas of availability and resiliency in mind. Therefore these marvelous features must be tested on real-life projects occasionally.
Fortunately, there are many Open Source solutions available that can help you with experimenting. Hopefully our review of them will be useful in your adventure. But let me start with a brief introduction…”
Announcing Linkerd 2.10: Extensions, Opaque Ports, Multi-cluster TCP, and more!
“This release adds pluggable extensions to Linkerd and dramatically reduces the default control plane size by moving non-critical components into opt-in extensions. The 2.10 release also extends Linkerd’s seamless, secure multi-cluster support to all TCP connections, not just HTTP. Finally, Linkerd 2.10 adds opaque ports as a way of extending Linkerd’s coverage to certain situations that are incompatible with protocol detection.”
Ask an OpenShift Admin (Ep 21): Etcd - the heart of the control plane
“The heart of the Kubernetes control plane in Red Hat OpenShift is etcd, a key/value store used to persist configuration, status and requested state for everything happening in the cluster. Slow etcd means a slow control plane and slow API, which ripples out to every aspect of OpenShift and your applications. In this episode, we dig into etcd, focusing on performance requirements, protecting the data, and periodic maintenance, so don’t miss this one!”
A new type of supply-chain attack with serious consequences is flourishing
“New dependency confusion attacks take aim at Microsoft, Amazon, Slack, Lyft, and Zillow.”
ConsoleMe: A Central Control Plane for AWS Permissions and Access
“At AWS re:Invent 2020, we open sourced two new tools for managing multi-account AWS permissions and access. We’re very excited to bring you ConsoleMe (pronounced: kuhn-soul-mee), and its CLI utility, Weep (pun intended)!”
Introducing sigstore: software signing for the masses
“Sigstore is a project that provides the infrastructure for developers / software maintainers to sign code with no need to manage keys.”
Automatically perform Kubernetes cluster configuration checks using Open Policy Agent (OPA)
A GitHub action that scans the Azure resources for policy violations.
DevOps’ish Tweet of the Week
Want more? Be sure to check out the notes from this week’s issue to see what didn’t make it to the newsletter but are still worth your time.