Every week I comb through 1000s of articles that get curated down to somewhere between 60 to 100 URLs eligible for DevOps'ish. Those URLs land in this notes file that ends up being source material for the newsletter. Being in that group of links is an achievement of its own and should be lauded.

It's a shame when I have to choose between having too many links or someone's special thing getting featured in the newsletter. Here's another chance to shine!

As always, thank you for reading,
Chris Short
He/Him/His
TZ=America/Detroit

The following links and/or notes accompany the corresponding issue of DevOps'ish.

Notes

Log4j

Log4j: A CISO’s Practical Advice

Yet Another Log4j Security Problem Appears – The New Stack

cisagov/log4j-scanner: log4j-scanner is a project derived from other members of the open-source community by CISA to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.

Log4j Attacks - A Week in Review - Lacework

Mitigating Log4Shell and Other Log4j-Related Vulnerabilities | CISA

Log4j XCode vulnerability - resolu… | Apple Developer Forums

Google: More than 35,000 Java packages impacted by Log4j vulnerabilities - The Record by Recorded Future

Log4j Exploits Are Now Being Used to Spread Dridex Banking Trojan

What is the log4j vulnerability and should I do anything to protect myself? - The Washington Post

New Log4j Attack Vector Discovered

Log4j Vulnerability: What You Should Know | Pluralsight

Auth0’s Response to Log4J

Log4j exploit takes down Ministry of Defense email servers in Belgium

Log4J Attacks Confirm Need for DevSecOps, Automation, SBOM

Other Notes

Improving the GitOps Pipeline with the Pulumi Operator | Pulumi Blog

xkcd: December 25th Launch

AWS Offers a Mainframe Modernization Service for Customers to Move from Their Mainframes

OpenELB Joins the CNCF Sandbox, Making Service Exposure in Private Environments Easier

Container scanning updates in Amazon ECR private registries using Amazon Inspector | Containers

As Apache releases new patch, researchers discover new Log4j attack vector - SiliconANGLE

Troy Hunt: Open Source Pwned Passwords with FBI Feed and 225M New NCA Passwords is Now Live!

https://twitter.com/dalailama/status/1472862123919216641?s=12

Best practices for writing code comments - Stack Overflow Blog

5G Speeds in the U.S. Rank Dead Last Among Early Adopters

Greater Than Code: 264: #BlackTechTwitter and Black Tech Pipeline with Pariss Athena

What Kubernetes taught me about development | Opensource.com

Make the Most of One-on-One Meetings with Your Manager

macOS 12.1 vs. Ubuntu vs. Clear Linux vs. Windows Benchmarks - Phoronix

Three Minor Features in Go 1.18 · The Ethically-Trained Programmer

Manjaro 21.2 Released With Better Btrfs Support, Linux 5.15 LTS Powered - Phoronix

Managing the Amazon EBS CSI driver as an Amazon EKS add-on - Amazon EKS

https://twitter.com/amcasari/status/1473321726226452483?s=12

Retail Zombie RadioShack is now a crypto company | TechRadar

Announcing the First Release of kcctl - Gunnar Morling

Boeing, Airbus executives urge delay in U.S. 5G wireless deployment | Reuters

Elon Musk may share blame for sexual harassment lawsuits

The secret Uganda deal that has brought NSO to the brink of collapse | Ars Technica

Ubisoft’s In-game NFTs Have Made Just $400 | Tom’s Hardware

Kim Dotcom Suffers Setback in His U.S. Extradition Battle * TorrentFreak

Is Web3 the future or a scam? Depends who you ask. - Protocol — The people, power and politics of tech

TikTok’s new Live Studio app allegedly violates OBS' licensing policy - The Verge

Inside Ubisoft’s unprecedented “exodus” of developers - Axios

Why I Joined Block - Angie Jones

Log libraries and the tendency to open holes in things

xj — HTML to JSON

Shocking no one, Facebook/Meta earns title of the worst company of the year - 9to5Mac

Against 3X Speed - David Perell

A new attack vector exploits the Log4Shell vulnerability on servers locally — Security Affairs

Instagram has largely replaced TikTok in India, and erased working-class creators - Rest of World

U.S. and Britain Help Ukraine Prepare for Potential Russian Cyberassault - The New York Times

Containers 101: attach vs. exec - what’s the difference?

https://twitter.com/aripap/status/1474039478671003652?s=12

Here are Facebook’s most notable executive departures in 2021

Parca - Open Source infrastructure-wide continuous profiling | Parca

Oracle to Buy Cerner for $28.3 Billion - The New York Times

What’s the secret behind India’s IIT, which produced Twitter chief Parag Agrawal and other tech titans? | South China Morning Post

PhobosLab

Introduction to the Sam Text Editor