DevOps'ish

DevOps, Cloud Native, Hybrid Cloud, Open Source, industry news, culture, and the ‘ish between.

DevOps’ish 212: Linux lawsuit, universities breached, massive Facebook breach, Amazon’s horrible PR in light of conditions, Git Submodules = 👿, GitOpsCon CFP, and more

An old headline rears its ugly head again this week. The company that now owns the remnants of The SCO Group (whose claim to fame was going bankrupt in suing Linux distro makers until their dying breath), Xinuos, has decided to try this strategy out for itself in hopes of a different outcome. Xinuos is suing IBM and Red Hat for using Linux.

Talk about bringing back ancient memories of trying to keep up with a new and essential thing to me back in the early 2000s: Linux. Back then, getting your hands on Linux was a challenge, and Linux users were easy marks, according to SCO. Back in those days, SCO even said it would go after individual end-users. While it made Linux seem a little untrustworthy at the time to the outsider, insiders knew this was all bullshit. IBM was doubling and tripling down on Linux, and Red Hat was a public company. Yes, there felt like a potential disaster could happen with one lousy court ruling. But that day never came. It was a wilder world back then.

Now Xinuos looks to walk in The SCO Group’s bankruptcy-inducing tactics or threaten and harass Linux users. We knew better and told SCO to pound sand way back then. Twenty years removed, with history repeating itself, all I can do now is laugh. Really hard too. Xinuos? Who? Lulz. Good luck on your journey to being the next “Most Hated Company In Tech.

See also: SCO Linux FUD returns from the dead by Steven J. Vaughan-Nichols

Event Call for Papers

The GitOps Working Group is putting together a KubeCon + CloudNativeCon Day 0 event! Come share your experiences, practices, and challenges with us at #GitOpsConEU2021! Call for papers open through April 16, 2021.

People

Update on campaign targeting security researchers
This is intense and a very complicated campaign designed to look increasingly convincing to someone that can’t connect all the dots like Google, Microsoft, or Facebook could. Keep your cover out there.

Never wait for a staging environment again 👩‍💻🧑‍💻👨‍💻👩‍💻
Do you find that your engineers spend too much time creating and maintaining staging environments and yet, there never seems to be enough environments to go around? A shortage of environments is a top driver of low developer productivity and often impacts an engineering team’s ability to ship features on time. With Release, you can get a full instance of your app with all of its services with every pull request. You’ll never have to wait around for staging environments again. 💡 Get started now 💡 SPONSORED

LEGO IDEAS - Women of Computing
“This proposed set celebrates six notable women in computing and provides an educational building experience to support LEGO fans of all ages in learning about the history of women in technology. The six Women of Computing are mathematicians, computer scientists, and more”

100 Women Share Their Earliest Memories of Experiencing Racism
“Tiffany Haddish, Patti LaBelle, Secretary Deb Haaland, Misty Copeland, Gayle King, and dozens more remind us that words matter.”

You Can’t Trust Amazon When It Feels Threatened
“Wait a second. Are you seriously asking if I believe in something that has been independently reported by multiple reputable media outlets?”

Our recent response to Representative Pocan
In which AWS apologizes for acting like a really shitty company to work at but, “We apologize to Representative Pocan.” That’s it?!?! This is really bad PR followed by worse PR. I still can’t believe how many AWS employees I’ve had to elbow this week to not carry the company message on this one.

Process

Massive security breach at US universities
”…including Stanford University, University of California, University of Miami, University of Colorado Boulder, Yeshiva University, Syracuse University, and University of Maryland, Baltimore.”

Observability started out as a fairly obscure technical term but has recently received a lot of attention. Our Achieving Observability guide discusses the history, concept, goals, and approaches to achieving observability in today’s software industry, with an eye to the future benefits and potential evolution of the software development practice as a whole.

Observe, debug, and improve with Honeycomb. SPONSORED

Stolen Data of 533 Million Facebook Users Leaked Online
Great… Something tells me Facebook is going to get off scott free on this one.

AMD Zen 3 CPUs vulnerable to Spectre-like attacks via PSF feature
“US chipmaker AMD advised customers last week to disable a new performance feature if they plan to use CPUs for sensitive operations, as this feature is vulnerable to Spectre-like side-channel attacks.”

Universal “netmask” npm package, used by 270,000+ projects, vulnerable to octal input data: server-side request forgery, remote file inclusion, local file inclusion, and more (CVE-2021-28918)
“The following research outlines a vulnerability discovered in netmask npm package that is currently used by 278,722+ other projects. The vulnerability has been present for 9 years.” 🤯🤯🤯

php.internals: Changes to Git commit workflow
Someone broke into the OS of the PHP community’s private Git server. Eek!

Tools

What’s Next for Sigstore? Project Update March 2021 — Building Trust!
“If you’re new to the Sigstore project, we officially launched on March 9th 2021 with a mission of improving the open source supply chain by making it easy to sign and verify code. We’re planning to provide free tools, APIs, and services as a public-benefit/non-profit. This post is to give a quick recap of where we are today, where we’re headed and what we’re focusing on next.”

[Free Book] Definitive Guide to Feature Management
Feature management is a new class of software development tools & techniques powered by feature flags. A feature management platform like LaunchDarkly fills the gaps of conventional feature toggles. Learn the ins & outs of feature management today. Ship Fast. Rest Easy. LaunchDarkly. SPONSORED

Dependencies in DevOps 2021
“Dependencies in DevOps 2021, which is executed jointly by researchers from both the Software Technology Group at the Technical University of Darmstadt, Germany, and the Programming Group at the University of St. Gallen, Switzerland.”

One Year of Graviton2 at Honeycomb: A Retrospective
“Traffic to Honeycomb has surged in the past year, but the expense for serving and the complexity of our services hasn’t. Graviton2 is a large part of how we do it. We proactively were able to double the number of threads (and dramatically improve the performance per thread) available to our “retriever” query engine when we switched from i3.xlarge instances to m6gd.2xlarge instances, without needing to double the cost.” Damn!

Ask an OpenShift Admin Office Hour - CNI plugins and Multus
Multus acts as a CNI multiplexer in essence but is still capable of high performance.

K8s Service Mesh Comparison: Linkerd, Consul, Istio & More
“When discussing microservices architecture and containerization, one set of production-proven tools has captured most of the attention in recent years: the service mesh.”

A tool to spy on your DNS queries: dnspeep
“dnspeep lets you see what DNS queries your computer is making, and what responses it’s getting. It’s about 250 lines of Rust right now.”

Why you should (probably) not use submodules
Git submodules are the devil. They’ll stab you multiple times and leave your ass for dead at 3 AM. (DevOps’ish uses submodules)

Podman v3.1.0 Released
“The new Podman release includes a number of exciting new features, including the podman secret command for managing secrets, support for a volume chown option to fix permissions automatically, improved support for volumes in podman generate kube, and over 60 bug fixes, many to the HTTP API.”

simplenetes-io/simplenetes
“The sns tool is used to manage the full life cycle of your Simplenetes clusters. It integrates with the Simplenetes Podcompiler project podc to compile pods.” The joke here is that it’s a 17,000 line bash file and called “simple.“​

magnologan/awesome-k8s-security
A curated list for Awesome Kubernetes Security resources

DevOps’ish Tweet of the Week

This is crazy y’all. The level of devastation, the cleanup effort, and putting it all back together again will be an enormous triumph for OVH.

@olesovhcom on Twitter: "Update March,24 6:30pm The cleaning takes time. We have 80 people (SBG3) + 20 people (Croix). On the left, a motherboard with the smoke pollution on the CPU socket. It’s very corrosive ! If we power up, it’s dead. Same the disk. On the right, the same device 24h after cleaned up"

Want more? Be sure to check out the notes from this week’s issue to see what didn’t make it to the newsletter but are still worth your time.


Sponsor DevOps'ish and put your brand in front of thousands of highly skilled operators, maintainers, developers, and leaders from Amazon, Apple, Google, IBM, Intel, Microsoft, Red Hat, many of the Fortune 100, and beyond. Download the DevOps'ish Sponsorship Prospectus now!


Join the Conversation

Join //devopsish for a stream of news and content throughout the week.


Share