DevOps'ish

DevOps, Cloud Native, Hybrid Cloud, Open Source, industry news, and the ‘ish between.

DevOps’ish 205: Kubernetes Pod Security Policy Deprecation, open source skills are crucial, harms of large language models, Supermicro, water plant breach, VSCode repo FUD, and more

First off, Happy Valentine’s Day. I hope you’re enjoying it as best you can. This week I learned that an organization in the healthcare industry is working on a large project involving Kubernetes Pod Security Policies as a mainstay in their project. In case you haven’t heard, Pod Security Policies (PSPs) will begin the Kubernetes deprecation process in the 1.21 release. Kubernetes 1.21 releases on or about Thursday, April 8th, 2021. Read more →

DevOps’ish 202: AWS/Elastic drama, prioritize disability issues, ADT Peeping Tom, Software Is Your Competitive Advantage, Traefik to Caddy, No-Cost RHEL, serverless with Podman and more

Unpopular opinion alert (and Disclaimer)… Call me old fashioned, but I thought two of the top tenets of open source were candor and goodwill. I thought it was good practice to contribute to a project before baking it into a product. This was often the case for open source friendly vendors. But, it feels like AWS came along and never got that memo. I feel like AWS has done a lot more taking and productizing (aka making AWS a trillion-dollar, with a T, business) than contributing back to open source. Read more →

DevOps’ish 201: Elastic’s license problem, Dropbox layoffs, CISA recommending ad blockers, KubeLinter, kube-state-metrics, awesome-limits, folks fleeing for Signal & Telegram, and more

I lost a co-worker from the Ansible team this week. I’ve been struggling to get past the insanity of people younger than dying. 2021 is off to a real shit start. But, I think the biggest tech story of the week comes from Elastic. Keep reading for the details on Elastic’s idiocy. Here’s your weekly reminder that open source isn’t a business model, though. But, there’s been a moment of justice for those here in Michigan who were impacted by the Flint Water Crisis. Read more →

DevOps’ish 200: Solarwinds plot thickens, Women hit hard in jobless report, Red Hat acquires StackRox, Slack outage, Podman and Docker Compose, WebAssembly training, greatsuspender compromise, and more

The first full work week of the year has already been filled with news. But, Monday saw a Slack outage, Wednesday saw an insurrection in the US, and there is a new twist in the Solarwinds supply chain compromise. We’ll discuss two of these topics and more. Note: I’m looking for an intern this summer to help with OpenShift.tv (live streaming). If you know anyone that may be interested, please ask them to apply. Read more →

DevOps’ish 199: Women are better leaders in crisis, 97 Things Every Cloud Engineer Should Know, Merging Microservices Back Into The Monolith, Why are my tests so slow?, and more

Note: If you’re reading this, you’re winning. You beat 2020. Also, the DevOps’ish Solarwinds supply chain compromise Index has been updated. I was talking to DevOps’ish readers a bit this week. One reader, in particular, has mentioned in the past that they’d be willing to help put the newsletter together when I’m recovering from surgeries or need a day off. This morning I sat down to get a headstart on the newsletter and realized I should instead work on a checklist or HOWTO or whatever it would end up getting called. Read more →

DevOps’ish 198

Remember last week how I said things would be punchier? Well, I updated the DevOps’ish Solarwinds supply chain compromise Index. By the way, Microsoft says it was, “used by a different threat actor.” I wrote the parts of the newsletter below, which are probably helpful. ¯\_(ツ)_/¯ The past few days have been incredibly challenging mentally and physically. I’m not sure if I would do it all the same way again. Read more →

DevOps’ish 197

This being a holiday break my intros will probably be a little bit shorter than normal. “More punchy” as my first boss at Red Hat would say. Let’s start with the thing with an ever-increasing blast radius: Solarwinds. Solarwinds Supply Chain Compromise For the record, Reuters has been all over this coverage wise. I can’t do them justice. This story has been evolving so rapidly that by the time I hit send, my coverage will be incomplete. Read more →

Solarwinds

DevOps’ish Solarwinds supply chain compromise Index

A one-stop shop for opinion, analysis, and/or coverage of the Solarwinds supply chain compromise. Coverage includes official statements and filings, accredited media coverage, industry analyisis, and noteworthy blogs, digital media, and other mediums as deemed worthwhile. Official Statements Security Advisory | SolarWinds Solarwinds US SEC 8K Mitigate SolarWinds Orion Code Compromise - Emergency Directive 21-01 CISA Updates Alert and Releases Supplemental Guidance on Emergency Directive for SolarWinds Orion Compromise | CISA Microsoft Internal Solorigate Investigation Update – Microsoft Security Response Center Statement on the story from The New York Times regarding JetBrains and SolarWinds | JetBrains Blog CLASS ACTION COMPLAINT FOR VIOLATION OF THE FEDERAL SECURITIES LAWS SOLARWINDS CORPORATION, KEVIN B. Read more →

DevOps’ish 196

Some people understand that the advancement of technology is marching at an ever quickening pace. We’re talking about exponential advancement every year. Five years ago, Kubernetes was brand new. Now it’s democratizing computing across clouds. Docker, the company behind some glue technology that made containers the new norm in software, has died twice now. The size and shape of infrastructure has changed so much in the past two years, it’s hard to remember ten years ago when Vagrant was brand new. Read more →

DevOps’ish 195

A few themes to this week’s news are worth discussing here in the newsletter’s introduction to give folks a clearer picture of each topic. We’ll tackle them in the same People, Process, and Tools format DevOps’ish uses (which are the three core components of DevOps, in order of importance). Surprisingly, I have to explain the Tools section of the news the most because it involves one of the world’s most toxic companies, Docker. Read more →