DevOps'ish

DevOps, Cloud Native, Hybrid Cloud, Open Source, industry news, culture, and the ‘ish between.

DevOps’ish 222: Industry under pressure, Holy $%^& I agree with Torvalds, US Congress begins assault on big tech, polkit vuln, ALPACA, How To Love Kubernetes and Not Wreck The Planet, and more

I want to point out a few signs that I think we’re pushing the industry too hard, too fast. Fires in AWS data centers, Fastly (the CDN) took an hour-long outage triggered by a customer finding a bug, Cloudflare had outages in Chicago and Los Angeles. Ransomware is running through companies like Grant went through Richmond (to the point the US Justice department is equating them, in some ways, to terrorist attacks).

Things need to change. Moving towards a more hybrid and fluid environment is not just a strategic priority; it’s survival at this point. Then making sure that your entire business can’t grind to a halt because lowest common denominator security issues happen. I thought we figured it out in the early 2000s. But, technology has changed so much since then, and there are new zero-days every day. We’re in a very tight position as technologists. If you’re a developer, you’re a target. If you’re an employee, you’re a target. You and every service you touch is a target. Nothing is safe.

People

It’s time to ditch Chrome
Yeah… This has gotten out of control.

Re: Maintainers / Kernel Summit 2021 planning kick-off - Linus Torvalds
Holy shit… I agree with Linux Torvalds. I think this is the second time ever.

Record labels sue another ISP, demanding mass disconnections of Internet users
“Frontier sued amid concerns that ISPs will have to disconnect ‘innocent’ users.”

Less nosy smart speakers
“The system pieces together the ultrasonic information that’s all around us to identify when its services are needed, and sense what’s going on around it. Researchers have demonstrated that it can identify household and office activities with greater than 95% accuracy.”

FBI sold phones to organized crime and read 27 million “encrypted” messages
“But instead of getting backdoors installed into commonly used products—a step that Apple and other companies resisted because it would undermine security for all users—the FBI simply made and sold encrypted devices and monitored the devices’ communications.” If the intelligence community wants you, it’ll find a way.

Process

Congress Introduces 5 Antitrust Bills to Rein in Big Tech
BOHICA! But, long overdue.

Observability is critical for managing and improving complex business-critical systems. With observability, any software engineering team can gain a deeper understanding of system performance, so you can perform ongoing maintenance and ship the features your customers need. Preview Honeycomb’s upcoming O’Reilly book, written by Charity Majors, Liz Fong-Jones, and George Miranda, to understand the value of observable systems and how to build an observability-driven development practice. SPONSORED

How Hackers Used Slack to Break into EA Games
“the process started by purchasing stolen cookies being sold online for $10 and using those to gain access to a Slack channel used by EA. Cookies can save the login details of particular users, and potentially let hackers log into services as that person. In this case, the hackers were able to get into EA’s Slack using the stolen cookie.” Then it was social engineering the IT team at EA and off they went with valid 2FA and all.

McDonald’s Hit by Data Breach
“Hack exposed some U.S. business information, customer data in South Korea and Taiwan”

Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug
“[M]any of the most popular Linux distributions didn’t ship the vulnerable version until more recently.”

ALPACA Attack
“ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session.”

Tools

Cloud Tech Thursdays: How To Love Kubernetes and Not Wreck The Planet
It turns out that managing your cloud spend effectively is good for the planet too. Timely too because CO2 levels are at an all-time high — again.

Teleport allows engineers and security professionals to unify access for SSH servers, Kubernetes clusters, web applications, and databases across all environments. Learn more SPONSORED

How Netflix uses eBPF flow logs at scale for network insight
“Netflix has developed a network observability sidecar called Flow Exporter that uses eBPF tracepoints to capture TCP flows at near real time. At much less than 1% of CPU and memory on the instance, this highly performant sidecar provides flow data at scale for network insight.”

Architecting Kubernetes clusters — choosing the best autoscaling strategy
“TL;DR: Scaling pods and nodes in a Kubernetes cluster could take several minutes with the default settings. Learn how to size your cluster nodes, configure the Horizontal and Cluster Autoscaler, and overprovision your cluster for faster scaling.”

Using Argo to Train Predictive Models
“Andrew Brooks continually works to maintain, analyze, and improve FlightAware’s predictive models as well as the software and infrastructure that supports them.”

50 TB of Cloud Images
“Over the years, the number of Cloud images has been growing in the CERN OpenStack Cloud. We have accumulated more than 50 TB of available Cloud images/snapshots. Unfortunately, Cloud operators have very few tools to control the growth of the OpenStack Image service.”

Introducing kwctl to Kubernetes Administrators
“Kubewarden policies are distributed via OCI container registries, the very same pieces of infrastructure already used to distribute container images.”

Introduction to Red Hat’s UBI Micro
“UBI Micro is constructed from the exact same packages as UBI Standard, Minimal, and Init, but minimizes the individual image size by excluding a package manager and all of its dependencies which are normally pulled into a container image.”

Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments
Sheesh… Windows containers are barely mainsteam and 💥, compromised.

open-cluster-management/multicloud-operators-subscription
“CRD and controller for Subscription (Channel Subscription model) for Multicloud Application.”

ilhaan/kubeCDN
“Self-hosted CDN based on Kubernetes”

DevOps’ish Tweet of the Week

Want more? Be sure to check out the notes from this week’s issue to see what didn’t make it to the newsletter but are still worth your time.


Sponsor DevOps'ish and put your brand in front of thousands of highly skilled operators, maintainers, developers, and leaders from Amazon, Apple, Google, IBM, Intel, Microsoft, Red Hat, many of the Fortune 100, and beyond. Download the DevOps'ish Sponsorship Prospectus now!


Join the Conversation

Join //devopsish for a stream of news and content throughout the week.


Share