Kubernetes 1.22 shipped this week. I suggest you, at a minimum, read the release blog post or take a gander at the CHANGELOG and definitely read the No, really, you MUST read this before you upgrade. Some of the bigger changes:
Audit log files are created with mode 0600 (owner read-only) Rootless mode containers moving to alpha: In my opinion, if you use Podman, you’re used to this. If you’re not, you should be using rootless containers intentionally for security reasons (more on that later).
Read more →We don’t talk about salaries in the US like people do in other countries. Apparently, we citizens of the United States are extremely conservative when it comes to this topic. I’d like to see that change in my lifetime.
I sat down and looked at my W-2 like I do every year. A number hit me out of the blue. It proved to me job hopping works (to a point).
Read more →The first full work week of the year has already been filled with news. But, Monday saw a Slack outage, Wednesday saw an insurrection in the US, and there is a new twist in the Solarwinds supply chain compromise. We’ll discuss two of these topics and more.
Note: I’m looking for an intern this summer to help with OpenShift.tv (live streaming). If you know anyone that may be interested, please ask them to apply.
Read more →Remember last week how I said things would be punchier? Well, I updated the DevOps’ish Solarwinds supply chain compromise Index. By the way, Microsoft says it was, “used by a different threat actor.”
I wrote the parts of the newsletter below, which are probably helpful. ¯\_(ツ)_/¯
The past few days have been incredibly challenging mentally and physically. I’m not sure if I would do it all the same way again.
Read more →This being a holiday break my intros will probably be a little bit shorter than normal. “More punchy” as my first boss at Red Hat would say. Let’s start with the thing with an ever-increasing blast radius: Solarwinds.
Solarwinds Supply Chain Compromise For the record, Reuters has been all over this coverage wise. I can’t do them justice. This story has been evolving so rapidly that by the time I hit send, my coverage will be incomplete.
Read more →A one-stop shop for opinion, analysis, and/or coverage of the Solarwinds supply chain compromise. Coverage includes official statements and filings, accredited media coverage, industry analyisis, and noteworthy blogs, digital media, and other mediums as deemed worthwhile.
Note: All links shared here have gone through the normal DevOps’ish editorial and curation process.
To add content for review, issue a pull request against this file in GitHub.
Official Statements Security Advisory | SolarWinds Solarwinds US SEC 8K Mitigate SolarWinds Orion Code Compromise - Emergency Directive 21-01 CISA Updates Alert and Releases Supplemental Guidance on Emergency Directive for SolarWinds Orion Compromise | CISA Microsoft Internal Solorigate Investigation Update – Microsoft Security Response Center Statement on the story from The New York Times regarding JetBrains and SolarWinds | JetBrains Blog CLASS ACTION COMPLAINT FOR VIOLATION OF THE FEDERAL SECURITIES LAWS SOLARWINDS CORPORATION, KEVIN B.
Read more →