DevOps'ish

Cloud Native, DevOps, Open Source, industry news, culture, and the ‘ish between.

DevOps’ish 211: He who was mentioned in DevOps’ish 145, OpenSSL updates, New AWS CEO, Apple linked to Chinese tracking apps, 92% of all on-premises Microsoft Exchange servers patched, TSMC, coffee shortage, and more

Well, what’s it like living in the last throes of the Free Software Foundation (FSF)? Many companies came out against the FSF’s recent decision to re-add he who was mentioned in DevOps’ish 145. Red Hat probably gave the most scathing repudiation. I can think of no worse strategy than bringing back someone who for so long abused, criticized, belittled, harassed, and bullied the people (especially women) around them. I used to support FSF and only did so after he who was mentioned in DevOps’ish 145 (droves of others are denouncing the decision too). Read more →

Microsoft Exchange

DevOps’ish Microsoft Exchange Hafnium Compromise Index

A one-stop shop for opinion, analysis, and/or coverage of the Microsoft Exchange Hafnium compromise. Coverage includes official statements and filings, accredited media coverage, industry analyisis, and noteworthy blogs, digital media, and other mediums as deemed worthwhile. Note: All links shared here have gone through the normal DevOps’ish editorial and curation process. To add content for review, issue a pull request against this file in GitHub. Official Statements Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: March 2, 2021 (KB5000871) Joint Cybersecurity Advisory Compromise of Microsoft Exchange Server CISA Strongly Urges All Organizations to Immediately Address Microsoft Exchange Vulnerabilities | CISA Microsoft Exchange Server Vulnerabilities Mitigations – updated March 9, 2021 – Microsoft Security Response Center Multiple Security Updates Released for Exchange Server – updated March 12, 2021 – Microsoft Security Response Center “Patching and mitigation is not remediation if the servers have already been compromised. Read more →

DevOps’ish 207: Solarwinds, 4 hour a week Kubernetes maintainer, mischievous Mailchimp, secrets management, Digital Ocean IPO, Sysdig, BOOP, Flux, and More

DevOps’ish is in a state of spring cleaning. First, I’ve found a tool that I like more than Pocket to bookmark and save pages in Raindrop.io. All the Recommended Reads automation is now pulling from Raindrop.io. Then three Zapier rules ferry everything off to the appropriate places. I made that transition midweek. Next is the newsletter service itself. I’ve been unhappy with the current provider ever since doing the never-easy switch from Mailchimp (how forward-thinking that was) to the current provider. Read more →

DevOps’ish 205: Kubernetes Pod Security Policy Deprecation, open source skills are crucial, harms of large language models, Supermicro, water plant breach, VSCode repo FUD, and more

First off, Happy Valentine’s Day. I hope you’re enjoying it as best you can. This week I learned that an organization in the healthcare industry is working on a large project involving Kubernetes Pod Security Policies as a mainstay in their project. In case you haven’t heard, Pod Security Policies (PSPs) will begin the Kubernetes deprecation process in the 1.21 release. Kubernetes 1.21 releases on or about Thursday, April 8th, 2021. Read more →

128: MDS, Mined Minds, Red Hat & IBM, Kubernetes Operating Systems, ReactiveOps Polaris, Best Practices, and More

No. Contrary to what everyone I’ve talked to this week thinks, I’m not going to KubeCon Barcelona. I don’t think I was really planning on it at the beginning of the year. I believe it was added to my schedule right before my Shingles diagnosis. Let me tell you, Shingles is bullshit. I’ve been battling a flare-up of the nerve pain today and it’s gnarly af. I was going to discuss the use of the term “best practice” this week but, I need to go get some rest. Read more →