#office-hours (2024-05)
“Office Hours” are every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cloudposse.com/office-hours
Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers!
https://cpco.io/slack-office-hours
Meeting password: sweetops
2024-05-01
@here office hours is starting in 30 minutes! Remember to post your questions here.
Links from today’s office hours:
https://www.careerfair.io/takehome-assessments https://newsletter.goodtechthings.com/p/why-didnt-google-cloud-buy-hashicorp https://github.com/Homebrew/homebrew-core/pull/168090 https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1 https://github.com/cloudposse/terraform-aws-amplify-app/pull/33.diff https://docs.github.com/en/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers#adding-a-repository-to-a-sponsorship-tier https://docs.github.com/en/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors https://opensauced.pizza/ https://resources.arc.net/hc/en-us/articles/19400082392215-Arc-for-Windows https://files.slack.com/files-tmb/T12QC43H7-F071S8EPMGR-7ab9c96179/image_720.png https://incolumitas.com/2021/11/03/so-you-want-to-scrape-like-the-big-boys/ https://github.com/opentofu/opentofu https://github.com/pulumi/pulumi https://opentofu.org/blog/opentofu-1-7-0/ https://opentofu.org/docs/intro/migration/ https://www.atlassian.com/blog/announcements/the-next-era-of-jira?utm_source=alert-email&utm_medium=email&utm_campaign=JSW-JWM-Licenses_EML-18151&jobid=106513649&subid=1515603335 https://crt.sh/?q=amazonaws.com https://ossinsight.io/
2024-05-02
2024-05-08
@here office hours is starting in 30 minutes! Remember to post your questions here.
Links from today’s office hours:
https://github.com/opentofu/opentofu/releases/tag/v1.7.1 https://openssf.org/blog/2024/04/15/open-source-security-openssf-and-openjs-foundations-issue-alert-for-social-engineering-takeovers-of-open-source-projects/ https://www.wsj.com/tech/ai/amazon-gets-more-fuel-for-ai-race-6be44606 https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/ https://techcrunch.com/2024/05/05/coreweaves-1-1b-raise-shows-the-market-for-alternative-clouds-is-booming/amp/?guccounter=1&guce_referrer=aHR0cHM6Ly9uZXdzLmdvb2dsZS5jb20v&guce_referrer_sig=AQAAAC1rKfUxMKdksJjJ4yeqIN8Zhqc8yVSpfIUVL48CPZCKFUdfSPw4G9TsiTjvufHs6TmZ5RPa9tvmcbmBW2LoDqAst54VoOs3BVXStXOmHdB24-QNQZlK9AbhWwbsh3y-Mfxxu1hXd34hsX_-1bHwHWYVntOGSXOsPyLpzwfGE1KC https://www.linkedin.com/posts/ned-bellavance_terraform-activity-7191403171028643840-6nf3/?utm_source=share&utm_medium=member_desktop https://github.com/terraform-linters/tflint/releases/tag/v0.51.0 https://www.theregister.com/AMP/2024/05/01/pulumi_ai_pollution_of_search/ https://thenewstack.io/open-source-is-at-a-crossroads/ https://www.emilyomier.com/podcast/trying-all-the-open-source-business-models-with-brian-fox https://en.wikipedia.org/wiki/DNS_over_HTTPS https://atmos.tools/integrations/github-actions/ https://atmos.tools/ https://masterpoint.io/updates/opentofu-early-adopters/
2024-05-12
This lays to rest my questions over Mercedes auto pilot and Tesla FSD, as we discussed a couple of weeks ago.
Tesla’s pyTorch model is way ahead
2024-05-13
Uh oh, https://blog.leapp.cloud/noovolari-has-officially-come-to-an-end (via @Michael Dizon)
ohhhh no, what is going to happen to Leapp?
The Leapp open-source project will continue under the stewardship of beSharp, our parent company. We are still assessing the resources and effort that will be allocated to this project, but we are hopeful about its future and will keep you informed of any developments.
I’ve migrated to aws-sso-cli – it can mostly work with geodesic, but I’m still working thru some kinks in getting the workflow smoothed out. I can share if you are interested when I have that sussed out.
Talk about a win for hybrid cloud!
“UniSuper had duplication in two geographies as a protection against outages and loss. However, when the deletion of UniSuper’s Private Cloud subscription occurred, it caused deletion across both of these geographies.”
Fortunately, UniSuper had backups at another cloud provider.
12024-05-14
/cdn.vox-cdn.com/uploads/chorus_asset/file/23935560/acastro_STK103__03.jpg)
2024-05-15
@here office hours is starting in 30 minutes! Remember to post your questions here.
Hey @Erik Osterman (Cloud Posse) what is the zoom link?
Sorry, I missed your message.
Have you signed up at cloudposse.com/office-hours?
I just did that when I sent the first message
In one of our environments I’ve been noticing really slow ECR pull times. Particularly when we replace our nodepools. For example an image that normally takes 15 seconds to pull can take as long as 8-10 minutes. During our node pool replacement we have ~~~400 pods with a single container that get their image from ECR. In total it’s ~~~0 distinct images in ~200 private ECR repositories and because of how we have pod anti-affinity/nodes setup the 200 images get pulled twice. That being said I don’t believe we ever exceed 400 pulls per second and the AWS Quota docs make it seem like we could do a multiple more (ex. 2k/second). I’m curious to know if anyone has run into similar issues and if AWS needs to just scale something on their backend.
I have plans to open an AWS support ticket but if I figure I would throw the question out here in case someone has a quick fix for this.
How secure or insecure is to give github actions access to an AWS VPC by implementing Github Self Hosted Runners?
I haven’t done self-hosted runners but I assume it talks back to github servers and awaits instructions. Ex. reverse tunnel/proxy. Regardless you will have to trust Microsoft/GitHub but aside from that a couple things you could do that are pretty easy to help lock things down are:
• Create separate subnet(s) for these selfhosted runners.
• Create separate security groups(s) for these runners. Depending on how your network/securitygroups are laid out, you may want to just add the github runner sg to the resources it needs to access or explicitly allow the particular subnet IP range.
Hope this helps in the short-term. I’m curious to see what others say in the next office hours.
Links from today’s office hours:
https://www.macrumors.com/2024/05/13/chatgpt-mac-app/ https://www.thestack.technology/oracle-dumps-terraform-for-opentofu/ https://aws.amazon.com/about-aws/whats-new/2024/05/amazon-s3-no-charge-http-error-codes/ https://www.aboutamazon.com/news/company-news/leadership-update-aws-adam-selipsky-matt-garman https://github.com/Ileriayo/markdown-badges https://finance.yahoo.com/news/meta-shuttering-workplace-enterprise-version-170030864.html https://techcrunch.com/2024/05/14/google-will-use-gemini-to-detect-scams-during-calls/ https://www.reddit.com/r/Terraform/s/csfnv0t6hM https://github.com/Nutlope/aicommits https://linear.app/blog/why-and-how-we-do-work-trials-at-linear https://github.com/ChristofferNissen/helmper https://github.com/dolthub/dolt https://github.blog/2024-04-29-github-copilot-workspace/ https://en.wikipedia.org/wiki/STIR/SHAKEN
2024-05-21
2024-05-22
@here office hours is starting in 30 minutes! Remember to post your questions here.
Links from today’s office hours:
https://github.com/hashicorp/terraform/issues/9556#issuecomment-2121002133 https://amber-lang.com/ https://sweetops.slack.com/archives/CHDR1EWNA/p1715797809987499 https://sweetops.slack.com/archives/CQA2BH8AG/p1715730916952049 https://www.linkedin.com/posts/argoproj_releases-argoprojargo-cd-activity-7198792053772718081-C23l?utm_source=share&utm_medium=member_ios https://aws.amazon.com/about-aws/whats-new/2024/05/amazon-eks-native-support-autoscaling-coredns-pods/ https://github.com/opentofu/registry/issues/544 https://techcrunch.com/2024/05/17/csc-serviceworks-free-laundry-million-machines/ https://runatlantis.io/ https://github.blog/changelog/2024-05-17-updated-dates-for-actions-runner-using-node20-instead-of-node16-by-default/ https://www.env0.com/blog/terratest-vs-terraform-opentofu-test-in-depth-comparison https://aws.amazon.com/codecommit/ https://github.com/argoproj/argo-cd/commit/f1a449e83ee73f8f14d441563b6a31b504f8d8b0
@Erik Osterman (Cloud Posse) https://github.com/runatlantis/atlantis/issues/3663#issuecomment-1674038026
2024-05-23
Someone yesterday at the office-hours asked about other approaches to managing deployments than using helm : have a look at nelm by werf. It is on github.
2024-05-26
2024-05-29
@here office hours is starting in 30 minutes! Remember to post your questions here.
did the zoom link change some time ago?
yeah old link; got it working now
Links from today’s office hours:
https://github.com/gravitational/teleport/releases https://github.com/nucleuscloud/neosync https://depot.dev/blog/faster-ec2-boot-time https://materializedview.io/p/s3-is-showing-its-age https://arstechnica.com/security/2024/05/dns-glitch-that-threatened-internet-stability-fixed-cause-remains-unclear/ https://atmos.tools/integrations/opentofu/ https://blog.apnic.net/2024/05/23/is-regulated-bgp-security-coming/ https://github.com/dlvhdr/gh-dash https://danielcompton.net/google-cloud-unisuper https://blog.heroku.com/heroku-postgres-essential-launch?preview=2c1272d8d76c4ba79aa96c92a8d5ad17&li_fat_id=7505af2e-9a1b-47fa-9446-a5c4ee7de443&utm_campaign=boosted_ads&utm_medium=paid_social&utm_source=linkedin https://aws.amazon.com/about-aws/whats-new/2024/02/aws-systems-manager-parameter-store-cross-account-sharing/ https://www.reddit.com/r/Terraform/comments/1d266s5/grafana_labs_switched_all_terraform_examples_to/ https://maheshba.bitbucket.io/blog/2024/05/08/2024-ThreeLaws.html https://www.cve.org/ https://www.cve.org/About/Process https://chandanbn.github.io/cvss/ https://sweetops.slack.com/archives/CHDR1EWNA/p1715797727467969 https://github.com/senthilrch/kube-fledged https://github.com/uber/kraken
Hello, and thanks for mentioning runs-on.com, I’m the author so if anyone is interested, I can answer more questions!
2024-05-31
~https://www.hudsonrock.com/blog/snowflake-massive-breach-access-through-infostealer-infection~ don’t think this article was accurate. Recent updates claim that the users didn’t have MFA enabled in their environments. This article appears to have been taken down as well so i question whether or not it was accurate at all.