I spent the week in Seattle. I’m writing this in SeaTac waiting for my flight back to Detroit because we’re going to a friend’s birthday party tomorrow night. Work is good, but I had a meeting this week to start working on a blog post for a new project I’m contributing to; GitBOM. GitBOM hopes to more clearly and cleanly identify dependencies in code bases without human intervention. GitBOM aims to complement SBOMs, not replace them. GitBOM creates “consistently construct verifiable Artifact Dependency Graph (ADG)s across languages, environments, and packaging formats, with zero developer effort, involvement, or awareness to enable automatic, verifiable artifact resolution across today’s diverse software supply chains.” Why is this important? Why am I getting involved? Because the government standard is far too low to be useful and SBOMs are starting to look like the cookie consent boxes that GDPR brought us. One thing I’m exceptional at is going from an order from the US government to the actual documentation implementing how the order should be followed. As I sat there listening to Aeva Black talk about how compute intensive (and expensive) it is to generate an SBOM of any significant depth. I wanted to know how the Cyber Security Executive Order had been implemented. ...

Not going to lie. The GitHub Action cron job that builds the website automatically for me has not worked for weeks. I moved some sites to various services, and DevOps’ish returned to Netlify because of the branch build command granularity. I use Hugo and future dated articles are built when the -F flag is passed. This is very helpful in ensuring the newsletter is done just how I like it. But, since returning to Netlify, the cron job to build the site at the right time of day has been busted. I finally had to go back in the commit history and copy/pasta all that and replace everything I was doing. It should work. This shows that no matter what, if you know you can look it up, your brain won’t prioritize memorizing it. But, COME ON!!! Free Copy of Honeycomb’s O’Reilly Book: Observability Engineering Looking to make the switch from monitoring to observability? Download your free copy of Honeycomb’s O’Reilly book: Observability Engineering to help you get started. Debrief the chapters with the authors themselves during our Authors’ Cut Series. ...

ICYMI on Notes: In DevOps’ish 277 I stated I will no longer publish the weekly notes file on the website. They are still made available on GitHub as they have been for the past 170 issues. If you’re curious about the why: spam emails that came as a result. Yeah, funny how that works. I occasionally ask for writing prompts from folks on Twitter. Sometimes asking on social media works well. Other times it’s giving someone a good URL. But this week, the people have spoken. They want to learn more about eBPF. What is eBPF? eBPF (which is no longer an acronym for anything) is a revolutionary technology with origins in the Linux kernel that can run sandboxed programs in a privileged context such as the operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel without requiring to change kernel source code or load kernel modules. How does eBPF work? eBPF programs are event-driven and are run when the kernel or an application passes a certain hook point. Pre-defined hooks include system calls, function entry/exit, kernel tracepoints, network events, and several others. ...

A note about notes: I will no longer publish the weekly notes file on the website. They are still made available on GitHub as they have been for the past 170 issues. If you’re curious about the why: spam emails that came as a result. Yeah, funny how that works. The Past Week I’m writing this week’s newsletter intro from a Delta 737-900ER high above the western United States. I’m flying back from Seattle, where I had a great week (minus the fatigue and pain; I need to finish physical therapy). On Monday, I got to meet my new team face-to-face. The team is diverse in cultures, experiences, and skill sets. Share opinions on open source, the CNCF, and the Kubernetes ecosystem, as well as answer even the most basic of questions around governance. This is refreshing because I have the chance to help mentor and help people grow, in addition to my day job. I’m fortunate to be working with this wonderful group of folks. ...

A note about Detroit I have heard through the grapevine many folks hating on Detroit as the city of choice for KubeCon NA 2022. Let me shove that theory into the refuse bin for you. Time just named Detroit one of the World’s 50 greatest places of 2022. That’s right, Detroit is dope af, and I can’t wait for you to experience it at KubeCon NA. Ukraine My friends, I’ve checked in on almost every Ukrainian I know during the past two weeks. To a person, they pleaded, “Please let everyone know that there is still a war in Ukraine.” A donation or a link from your socials to Operation Dvoretskyi (named after my friend Ihor Dvoretskyi) means the world to many of my Ukrainian friends. Ukrainians need our continued support. With the world so focused on the outcomes of Russian sanctions, food shortages, inflation, higher fuel costs, etc. We must remember why we all are enduring this. It’s bigger than all of us. It’s for the world. It’s for Europeans. It’s for Ukrainians. These are all messages from my friends that I share with you at their behest. This is how they’ve asked me to help. ...