KubeCon hangover is real. I grossly overestimated how much I’d be able to do in four days, of course. I spent my little break between jobs trying to sleep in most days. Spend extra time with Max (daddy pick-ups from school are a real thing now). But, any time I went to do something technical or constructive, it took a lot longer than I thought it would. I did a lot of little niceties to various websites, pre-employment stuff, write the $newjob blog post, and generally did not think about complex things. I wanted to tinker with a list of little projects, but I opted to read maybe or play Madden instead. It wasn’t bad, but to say I’ve recovered from KubeCon is a gross overestimation. I’m going to shut myself in and lay on heating packs all day tomorrow, more than likely. Two bad ankles, a bone spur in the neck, and a bad shoulder all snarling at you doesn’t make for a good time.

People

Report: 47% of U.S. employees say they are underpaid
The educational challenges stiffing people’s growth.

Teleport allows engineers and security professionals to unify access for SSH servers, Kubernetes clusters, web applications, and databases across all environments. Learn more. SPONSORED

Mark Zuckerberg to Be Added to Facebook Privacy Suit
“Mark Zuckerberg, the chief executive of Facebook, had an active role in decisions that are under scrutiny, the District of Columbia’s attorney general said.” How’s that name change going?

CentOS Project Chair Karanbir Singh Steps Down
CentOS Stream has a wide blast radius it would seem.

Cloud Native Computing Foundation Announces 2021 Community Awards Winners
I’m incredibly proud of Anaïs Urlichs, Nikhita Raghunath, Tim Bannister, Emily Fox, Aeva Black, Tasha Drew, Carlos Panato, and Carolyn Van Slyck.

Process

How a simple Linux kernel memory corruption bug can lead to complete system compromise
“This blog post describes a straightforward Linux kernel locking bug and how I exploited it against Debian Buster’s 4.19.0-13-amd64 kernel. Based on that, it explores options for security mitigations that could prevent or hinder exploitation of issues similar to this one.”

Collaboration and Automation for Infrastructure as Code
See how env0 automates and simplifies the provisioning of cloud deployments for Terraform, Terragrunt and GitOps workflows. Variables and Secrets granularity, Full CLI support, integration with OPA, Dynamic RBAC and quality of life features. Free Demo SPONSORED

How Honeycomb Is Using $50M in New Funding to Bring Observability to All
“We’re using this investment to support the growth of our customers and community, ensure the benefits of observability can be realized by all engineering teams, and expand the ways we can better serve you.”

Incident Review and Postmortem Best Practices
A survey of how companies deal with incidents today, and a peek into the best practices of the future. NOTE: I’m not too fond of the premise of best practices. They’re practices that work well today. But, in a year could be table stakes.

Navigating ATOs
My government friends will appreciate this.

Tools

The Only Bash Scripting Cheat Sheet That You Will Ever Need
A bold statement.

In modern architecture, slow is the new down. Distributed tracing shows your deeply hidden problems so you can fix the right issue the first time. It’s never been easier to get started. Use Honeycomb and OpenTelemetry to quickly find hidden slowness–for free. SPONSORED

What’s in a hostname?
A lot more than you probably realize.

New HTTP standards for caching on the modern web
Remember when we ran Varnish servers at scale? I’m sure they’re still out there but, I haven’t had to think much about caching since switching to a static site using various services to put together a website

Brave Removes Google as its Default Search Engine
The 90s advice, “never use the default search engine” is now back in style.

Iterating on how we do NFS at Wikimedia Cloud Services
The way anyone manages a massive amount of data is always interesting to me.

SuDump: Exploiting suid binaries through the kernel
“In this research we dug deeper into how core dump handling happens inside the Linux kernel. We explored several different mechanisms which are all individually valid, but combined together can create dangerous unwanted behavior.”

maxgoedjen/secretive
Store SSH keys in the Secure Enclave

IntelLabs/control-flag
A system to flag anomalous source code expressions by learning typical expressions from training data

ossf/scorecard
Security Scorecards - Security health metrics for Open Source

ddosify/ddosify
High-performance load testing tool, written in Golang.

Netflix/flamescope
FlameScope is a visualization tool for exploring different time ranges as Flame Graphs.

l0phtcrack
Now open source.

DevOps’ish Tweet of the Week

julia ferraioli @juliaferraioli on Twitter) “Mastodon founder Eugen Rochko told The Post on Thursday that Trump’s site may violate Mastodon’s licensing rules, which require developers to share any modifications and link to the original source code.” laughs in open source

Want more? Be sure to check out the notes from this week’s issue to see what didn’t make it to the newsletter but are still worth your time.