DevOps’ish is brought to you by Honeycomb.
“Stop Letting Complexity Slow You Down”
Honeycomb makes it easy to understand and troubleshoot complex relationships within your distributed services. Solve problems faster. Ship reliable and performant features. SPONSORED
5G became an absolute shit show this week. But, at the end of it all, Airline CEOs made a 180-degree turn and are now saying 5G isn’t a big problem for altimeters. They are a few 100 megahertz apart. But, the summary might piss you off, “After stalling for almost two years, FAA cleared 78% of planes in the past week.” I’m pretty sure the FAA has had a tumultuous past couple of years like many other employers. Productivity and staffing issues were probably significant limitations. You can’t work in a lab if you can’t go into the building. There’s only so much simulating you can do before you need to make sure you’re not going to kill a test pilot and need to touch the hardware in test conditions. Those skills are probably in high demand right now too. But, when you get the President’s attention, you get what you need in government. That’s how it works (I didn’t say it was right; it’s politics, and I’ve been there and done that).
Meanwhile, I saw three weirdly related headlines in a rather exciting succession this week:
- Looking At The New “Critical” Security Firmware Update Hitting Systems - Delivers New Intel Microcode - Phoronix
- Chinese Hackers Spotted Using New UEFI Firmware Implant in Targeted Attacks
- New MoonBounce UEFI bootkit can’t be removed by replacing the hard drive - The Record by Recorded Future
MoonBounce is what, I fear, is going to be the start of a wave of firmware vulnerabilities. I hope I’m wrong but, we were warned about this years ago. It’s a ripe mark in an environment that has been neglected. The bottom line is security teams will continue to have their hands full as this attack vector matures.
Exclusive: Intel Reveals Plans for Massive Factory in Ohio
Mike DeWine’d and dined while Jon Husted hustled to get Intel to feel at home in Ohio. This is a big win for the entire midwest which is RIPE for developments like Intel’s.
Army spouse uses Apple AirTag to track down shady moving truck driver
The interstate moving industry is a ruthless, lightly regulated network. We had to get a lawyer involved to get our stuff back from the mover’s when we moved to Michigan. This is a brilliant idea.
Inside Google’s Brewing Mental Health Crisis, Claims of Toxic Work Environment
So much for Google’s Project Aristotle. Being an SRE at Google sounds like hell.
Merck wins cyber-insurance lawsuit related to NotPetya attack
“Having failed to change the policy language, Merck had every right to anticipate that the exclusion policy applied only to traditional forms of warfare.” Yeah, malware running rampant is not an act of war. It’s a design goal of the malware.
Roblox Return to Service 10/28-10/31 2021
Roblox’s HashiStack (Nomad, Consul and Vault) took a nap and Roblox had to tap Hashicorp to come in to help. The team did such a good job, “Roblox did not have a single significant production incident during the December surge.”
When SimCity got serious: the story of Maxis Business Simulations and SimRefinery
I had no idea this was happening at the time. SimCity was a game changer in more than one market.
Open source creates value, but how do you measure it?
How do you measure it? What’s the economic impact for your customers by you working upstream? What’s the perception of your work upstream by your potential customers who already understand the benefit of open source? But, more importantly, do people want you working on their projects?
SolarWinds Serv-U bug exploited in attacks in the wild
I really should’ve gone and worked on the Solarwinds core products when I was there. I’m not saying I’m some security expert or anything. But, I am really good at making sure my ass is covered. Oh and breaking things, I’ve broken a lot of stuff in my time.
Monitoring Linux Audit
auditd in the house!
SUSE announces CentOS-like Liberty Linux
“SUSE will build the software using its own Open Build Service tooling. All of the user-land of the new offering will be built from Red Hat’s official Source RPMs (SRPMs), with the exception of the kernel. That comes from SUSE’s own SLE enterprise distribution, currently on version 15 SP3, but compiled using a Red Hat-compatible configuration.”
Free for developers
All the cool stuff you can get for FREE! Just not a Google G Suite account anymore. I’ve considered getting off Google (I currently have two domain on Google accounts so this isn’t a cheap venture). Also, paying money to feed information into an ad system isn’t my idea of fair.
Introducing vAPI – an open source lab environment to learn about API security
Dewan learns Kafka - architecture principles and recent changes
My friend Dewan is diving into Kafka. A good read.
4 Big GitOps Moments of 2021
The inception of OpenGitOps and the establishment of GitOps Principles are big deals. Cool to be a tiny part of this.
“Focalboard is an open source, self-hosted alternative to Trello, Notion, and Asana.”
I always find these solutions interesting. “My self-hosting infrastructure, fully automated from empty disk to operating services”
DevOps’ish Tweet of the Week
Want more? Be sure to check out the notes from this week’s issue to see what didn’t make it to the newsletter but are still worth your time.