DevOps'ish

DevOps, Cloud Native, Hybrid Cloud, Open Source, industry news, culture, and the ‘ish between.

Microsoft Exchange

DevOps’ish Microsoft Exchange Hafnium Compromise Index

A one-stop shop for opinion, analysis, and/or coverage of the Microsoft Exchange Hafnium compromise. Coverage includes official statements and filings, accredited media coverage, industry analyisis, and noteworthy blogs, digital media, and other mediums as deemed worthwhile. Note: All links shared here have gone through the normal DevOps’ish editorial and curation process. To add content for review, issue a pull request against this file in GitHub. Official Statements Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: March 2, 2021 (KB5000871) Joint Cybersecurity Advisory Compromise of Microsoft Exchange Server CISA Strongly Urges All Organizations to Immediately Address Microsoft Exchange Vulnerabilities | CISA Microsoft Exchange Server Vulnerabilities Mitigations – updated March 9, 2021 – Microsoft Security Response Center Multiple Security Updates Released for Exchange Server – updated March 12, 2021 – Microsoft Security Response Center “Patching and mitigation is not remediation if the servers have already been compromised. Read more →

DevOps’ish 208 Notes

Every week I comb through 1000s of articles that get curated down to somewhere between 60 to 100 URLs eligible for DevOps'ish. Those URLs land in this notes file that ends up being source material for the newsletter. Being in that group of links is an achievement of its own and should be lauded. It's a shame when I have to choose between having too many links or someone's special thing getting featured in the newsletter. Read more →

DevOps’ish 208: KubeCon problems, tech is the easy part, Okta eats Auth0 whole, Exchange vulns, Digital Ocean IPO, #100DaysOfKubernetes, and more

This week I heard about and witnessed some pretty disgusting behavior in the greater cloud native community. First, I saw a tweet from a CNCF Ambassador saying KubeCon was pay to play (the tweet is gone now but, you better believe they lost a follower that day). If KubeCon were pay to play, I’d have spoken at the last three years of KubeCons. Red Hat spends a shitload of money sponsoring KubeCon and the Linux Foundation. Read more →

DevOps’ish 207 Notes

Every week I comb through 1000s of articles that get curated down to somewhere between 60 to 100 URLs eligible for DevOps'ish. Those URLs land in this notes file that ends up being source material for the newsletter. Being in that group of links is an achievement of its own and should be lauded. It's a shame when I have to choose between having too many links or someone's special thing getting featured in the newsletter. Read more →

DevOps’ish 207: Solarwinds, 4 hour a week Kubernetes maintainer, mischievous Mailchimp, secrets management, Digital Ocean IPO, Sysdig, BOOP, Flux, and More

DevOps’ish is in a state of spring cleaning. First, I’ve found a tool that I like more than Pocket to bookmark and save pages in Raindrop.io. All the Recommended Reads automation is now pulling from Raindrop.io. Then three Zapier rules ferry everything off to the appropriate places. I made that transition midweek. Next is the newsletter service itself. I’ve been unhappy with the current provider ever since doing the never-easy switch from Mailchimp (how forward-thinking that was) to the current provider. Read more →

DevOps’ish 206 Notes

Every week I comb through 1000s of articles that get curated down to somewhere between 60 to 100 URLs eligible for DevOps'ish. Those URLs land in this notes file that ends up being source material for the newsletter. Being in that group of links is an achievement of its own and should be lauded. It's a shame when I have to choose between having too many links or someone's special thing getting featured in the newsletter. Read more →

DevOps’ish 206: Kubernetes README, ‘I will slaughter you’, Corey Quinn in NYT, 200 Million Certificates in 24 Hours, GitOps with Flux2, K8s on ISS, and more

Sometimes you don’t know what the world needs until someone tells you. On Monday this week, a friend asked if I had any additional books to point them to for Kubernetes help. I have a mile-long list in my head. I said, yeah, let me punch that up for you real quick. But, instead of creating a locked down doc or dust bin email, I built a website. Behold, Kubernetes README. Read more →

DevOps’ish 205 Notes

Every week I comb through 1000s of articles that get curated down to somewhere between 60 to 100 URLs eligible for DevOps'ish. Those URLs land in this notes file that ends up being source material for the newsletter. Being in that group of links is an achievement of its own and should be lauded. It's a shame when I have to choose between having too many links or someone's special thing getting featured in the newsletter. Read more →

DevOps’ish 205: Kubernetes Pod Security Policy Deprecation, open source skills are crucial, harms of large language models, Supermicro, water plant breach, VSCode repo FUD, and more

First off, Happy Valentine’s Day. I hope you’re enjoying it as best you can. This week I learned that an organization in the healthcare industry is working on a large project involving Kubernetes Pod Security Policies as a mainstay in their project. In case you haven’t heard, Pod Security Policies (PSPs) will begin the Kubernetes deprecation process in the 1.21 release. Kubernetes 1.21 releases on or about Thursday, April 8th, 2021. Read more →

DevOps’ish 204 Notes

Every week I comb through 1000s of articles that get curated down to somewhere between 60 to 100 URLs eligible for DevOps'ish. Those URLs land in this notes file that ends up being source material for the newsletter. Being in that group of links is an achievement of its own and should be lauded. It's a shame when I have to choose between having too many links or someone's special thing getting featured in the newsletter. Read more →