DevOps'ish

DevOps, Cloud Native, Hybrid Cloud, Open Source, industry news, culture, and the ‘ish between.

DevOps’ish 211: He who was mentioned in DevOps’ish 145, OpenSSL updates, New AWS CEO, Apple linked to Chinese tracking apps, 92% of all on-premises Microsoft Exchange servers patched, TSMC, coffee shortage, and more

Well, what’s it like living in the last throes of the Free Software Foundation (FSF)? Many companies came out against the FSF’s recent decision to re-add he who was mentioned in DevOps’ish 145. Red Hat probably gave the most scathing repudiation. I can think of no worse strategy than bringing back someone who for so long abused, criticized, belittled, harassed, and bullied the people (especially women) around them. I used to support FSF and only did so after he who was mentioned in DevOps’ish 145 (droves of others are denouncing the decision too). Read more →

Microsoft Exchange

DevOps’ish Microsoft Exchange Hafnium Compromise Index

A one-stop shop for opinion, analysis, and/or coverage of the Microsoft Exchange Hafnium compromise. Coverage includes official statements and filings, accredited media coverage, industry analyisis, and noteworthy blogs, digital media, and other mediums as deemed worthwhile. Note: All links shared here have gone through the normal DevOps’ish editorial and curation process. To add content for review, issue a pull request against this file in GitHub. Official Statements Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: March 2, 2021 (KB5000871) Joint Cybersecurity Advisory Compromise of Microsoft Exchange Server CISA Strongly Urges All Organizations to Immediately Address Microsoft Exchange Vulnerabilities | CISA Microsoft Exchange Server Vulnerabilities Mitigations – updated March 9, 2021 – Microsoft Security Response Center Multiple Security Updates Released for Exchange Server – updated March 12, 2021 – Microsoft Security Response Center “Patching and mitigation is not remediation if the servers have already been compromised. Read more →

DevOps’ish 207: Solarwinds, 4 hour a week Kubernetes maintainer, mischievous Mailchimp, secrets management, Digital Ocean IPO, Sysdig, BOOP, Flux, and More

DevOps’ish is in a state of spring cleaning. First, I’ve found a tool that I like more than Pocket to bookmark and save pages in Raindrop.io. All the Recommended Reads automation is now pulling from Raindrop.io. Then three Zapier rules ferry everything off to the appropriate places. I made that transition midweek. Next is the newsletter service itself. I’ve been unhappy with the current provider ever since doing the never-easy switch from Mailchimp (how forward-thinking that was) to the current provider. Read more →

DevOps’ish 205: Kubernetes Pod Security Policy Deprecation, open source skills are crucial, harms of large language models, Supermicro, water plant breach, VSCode repo FUD, and more

First off, Happy Valentine’s Day. I hope you’re enjoying it as best you can. This week I learned that an organization in the healthcare industry is working on a large project involving Kubernetes Pod Security Policies as a mainstay in their project. In case you haven’t heard, Pod Security Policies (PSPs) will begin the Kubernetes deprecation process in the 1.21 release. Kubernetes 1.21 releases on or about Thursday, April 8th, 2021. Read more →

DevOps’ish 203: Job hopping, Block Party, Perl.com pain, SSPL sucks, sudo vuln, cloud trends, the beauty of Windows 3.11, and more

We don’t talk about salaries in the US like people do in other countries. Apparently, we citizens of the United States are extremely conservative when it comes to this topic. I’d like to see that change in my lifetime. I sat down and looked at my W-2 like I do every year. A number hit me out of the blue. It proved to me job hopping works (to a point). Read more →

DevOps’ish 202: AWS/Elastic drama, prioritize disability issues, ADT Peeping Tom, Software Is Your Competitive Advantage, Traefik to Caddy, No-Cost RHEL, serverless with Podman and more

Unpopular opinion alert (and Disclaimer)… Call me old fashioned, but I thought two of the top tenets of open source were candor and goodwill. I thought it was good practice to contribute to a project before baking it into a product. This was often the case for open source friendly vendors. But, it feels like AWS came along and never got that memo. I feel like AWS has done a lot more taking and productizing (aka making AWS a trillion-dollar, with a T, business) than contributing back to open source. Read more →

DevOps’ish 200: Solarwinds plot thickens, Women hit hard in jobless report, Red Hat acquires StackRox, Slack outage, Podman and Docker Compose, WebAssembly training, greatsuspender compromise, and more

The first full work week of the year has already been filled with news. But, Monday saw a Slack outage, Wednesday saw an insurrection in the US, and there is a new twist in the Solarwinds supply chain compromise. We’ll discuss two of these topics and more. Note: I’m looking for an intern this summer to help with OpenShift.tv (live streaming). If you know anyone that may be interested, please ask them to apply. Read more →

DevOps’ish 198

Remember last week how I said things would be punchier? Well, I updated the DevOps’ish Solarwinds supply chain compromise Index. By the way, Microsoft says it was, “used by a different threat actor.” I wrote the parts of the newsletter below, which are probably helpful. ¯\_(ツ)_/¯ The past few days have been incredibly challenging mentally and physically. I’m not sure if I would do it all the same way again. Read more →

Solarwinds

DevOps’ish Solarwinds supply chain compromise Index

A one-stop shop for opinion, analysis, and/or coverage of the Solarwinds supply chain compromise. Coverage includes official statements and filings, accredited media coverage, industry analyisis, and noteworthy blogs, digital media, and other mediums as deemed worthwhile. Note: All links shared here have gone through the normal DevOps’ish editorial and curation process. To add content for review, issue a pull request against this file in GitHub. Official Statements Security Advisory | SolarWinds Solarwinds US SEC 8K Mitigate SolarWinds Orion Code Compromise - Emergency Directive 21-01 CISA Updates Alert and Releases Supplemental Guidance on Emergency Directive for SolarWinds Orion Compromise | CISA Microsoft Internal Solorigate Investigation Update – Microsoft Security Response Center Statement on the story from The New York Times regarding JetBrains and SolarWinds | JetBrains Blog CLASS ACTION COMPLAINT FOR VIOLATION OF THE FEDERAL SECURITIES LAWS SOLARWINDS CORPORATION, KEVIN B. Read more →

DevOps’ish 196

Some people understand that the advancement of technology is marching at an ever quickening pace. We’re talking about exponential advancement every year. Five years ago, Kubernetes was brand new. Now it’s democratizing computing across clouds. Docker, the company behind some glue technology that made containers the new norm in software, has died twice now. The size and shape of infrastructure has changed so much in the past two years, it’s hard to remember ten years ago when Vagrant was brand new. Read more →