#office-hours (2024-07)

@here office hours is starting in 30 minutes! Remember to post your questions here.

Links from today’s office hours:

https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server https://github.com/cloudposse/atmos/pkgs/container/atmos/versions https://buttons.github.io/ https://expensio.co/why-self-hosting-is-better https://github.com/sponsors/cloudposse https://www.linen.dev/s/sweetops https://www.kaspersky.com/blog/openssh-vulnerability-mitigation-cve-2024-6387-regresshion/51603/ https://github.com/hashicorp/vscode-terraform/issues/1557#issuecomment-2172984054

DevOps “Office Hours” (2024-07-03)

Potential discussion item on AWS now supporting CloudShell environments in VPCs: https://aws.amazon.com/about-aws/whats-new/2024/06/aws-cloudshell-amazon-virtual-private-cloud/

@here office hours is starting in 30 minutes! Remember to post your questions here.

Can someone send me the link to the office hours Zoom?

Same. Looks like it feel off my calendar.

Links from today’s office hours:

https://aws.amazon.com/about-aws/whats-new/2024/06/aws-cloudshell-amazon-virtual-private-cloud/ https://aws.amazon.com/about-aws/whats-new/2024/01/aws-cloudshell-docker-13-regions/ https://github.com/cloudposse/geodesic https://github.com/leg100/pug https://github.blog/changelog/2024-07-08-github-actions-gpu-hosted-runners-are-now-generally-available/ https://github.com/grafana/loki/issues/8756 https://github.com/cloudposse/terraform-aws-components/tree/main/modules/eks/loki https://grafana.com/blog/2024/06/27/grafana-security-update-grafana-loki-and-unintended-data-write-attempts-to-amazon-s3-buckets/ https://dexidp.io/ https://github.com/ory/hydra https://github.com/gravitational/teleport https://www.pomerium.com/ https://github.com/pomerium https://grafana.com/oss/tempo/ https://signoz.io/ https://aws.amazon.com/xray/ https://sorry-cypress.dev/ https://claude.ai/login?returnTo=%2F%3F https://kagi.com/

DevOps “Office Hours” (2024-07-10)

Not sure if this has been talked about already, but I thought it was a worthwhile read (https://log.martinatkins.me/2024/05/22/terraform-ephemeral-values/)

@here office hours is starting in 30 minutes! Remember to post your questions here.

Can you send me a link to the office hours?

On the secrets agent, you have to pass the ssrf token which helps with the chicken and egg deal with accessing secrets. How do you authenticate to the secrets vault without having to have a secret… https://github.com/aws/aws-secretsmanager-agent?tab=readme-ov-file#step-3-retrieve-secrets-with-the-secrets-manager-agent

Links from today’s office hours:

https://www.investing.com/news/stock-market-news/google-near-deal-to-acquire-cybersecurity-startup-wiz-for-23-billion--wsj-3518269 https://github.com/sauljabin/kaskade https://arstechnica.com/security/2024/07/new-blast-radius-attack-breaks-30-year-old-protocol-used-in-networks-everywhere/ https://www.theregister.com/2024/07/12/cisa_broke_into_fed_agency/ https://github.com/taubyte/tau https://labs.leaningtech.com/blog/mini-webvm-your-linux-box-from-dockerfile-via-wasm https://github.com/aws/aws-secretsmanager-agent https://ochagavia.nl/blog/using-s3-as-a-container-registry/ https://techcrunch.com/2024/07/10/aws-app-studio-promises-to-generate-enterprise-apps-from-a-written-prompt/ https://krebsonsecurity.com/2024/07/researchers-weak-security-defaults-enabled-squarespace-domains-hijacks/ https://porkbun.com/ https://porkbun.com/tld/design/?url=https://porkbun.com%3Futm_source%3DGoogle_Search%26utm_medium%3DHomepage_OldDesignCampaign%26gad_source%3D1&coupon=GOOG19A&utm_source=google&utm_medium=cpc&gclid=CjwKCAjw1920BhA3EiwAJT3lSXxG6xXQBeRZQQLVeFS1yTCr5_4o-S5A18CVU-R2qyUL31_D2VTBrRoCqk0QAvD_BwE https://krebsonsecurity.com/2024/07/researchers-weak-security-defaults-enabled-squarespace-domains-hijacks/ https://webvm.io/ https://www.cursor.com/ https://supermaven.com/ https://coderabbit.ai/ https://www.codium.ai/ https://aws.amazon.com/blogs/aws/introducing-amazon-guardduty-malware-protection-for-amazon-s3/ https://docs.k8ssandra.io/ https://d2908q01vomqb2.cloudfront.net/f1f836cb4ea6efb2a0b1b99f41ad8b103eff4b59/2024/05/02/ML-16059_image004.png https://aws.amazon.com/blogs/machine-learning/build-a-serverless-exam-generator-application-from-your-own-lecture-content-using-amazon-bedrock/ https://github.com/kubernetes-sigs/secrets-store-csi-driver https://infisical.com/docs/documentation/guides/local-development https://www.2ndquadrant.com/en/resources/ https://reuters.com/markets/deals/google-backed-software-developer-gitlab-explores-sale-sources-say-2024-07-17/

DevOps “Office Hours” (2024-07-17)

Fun article on using S3 as a container registry and potential performance benefits: https://ochagavia.nl/blog/using-s3-as-a-container-registry/

https://www.linkedin.com/posts/srinidhi-sivakumar-771a46116_devops-itchallenges-techt[…]204274302977-hUVU?utm_source=share&utm_medium=member_desktop

Curious about the biggest hurdles in DevOps? Share your thoughts and join the discussion!

AWS are end-of-lifing QLDB (Quantum Ledger Database) in a year. Surprise announcement via AWS Health, no explanation I’ve seen and no explicit blog post that I can see (this and this allude to it and there are banners on the docs and sales pages). Anyone else been using it? Any recommendations for audit log storage, or wisdom on audit logging in general? I feel like the kind of detail expected by NIST 800-53 is hard to reconcile with user-friendly presentation, but outsourcing audit logging seems crazy.

Interesting results from Stack Overflow’s Annual Developer Survey https://stackoverflow.blog/2024/07/24/developers-want-more-more-more-the-2024-results-from-stack-overflow-s-annual-developer-survey/

@here office hours is starting in 30 minutes! Remember to post your questions here.

Anyone has experience on working on single node kubernetes? Will be used for demoing App software functionality (comments or reactions welcomed!)

Tech list: (Hardware is workstation with multi-cpu/large memory/large storage/Nvidia GPU)
(1) OS: Flatcar Linux
(2) k3s - Kubernetes
(3) postgresql in kubernetes
(4) Localstack in kubernetes to make some AWS requirements transparent
(5) GPU suport (nvidia operator)

Links from today’s office hours:

https://slack-imgs.com/?c=1&o1=ro&url=https%3A%2F%2Fmedia.licdn.com%2Fdms%2Fimage%2FD5622AQFyLU-m9y39nw%2Ffeedshare-shrink_800%2F0%2F1721837908603%3Fe%3D2147483647%26v%3Dbeta%26t%3DTv5iIMHFHduplR53pZFSvhpyPRQ4LgCzqSlJYGTyvGM https://www.linkedin.com/posts/jonassteinberg_wow-does-this-suck-i-understand-it-in-a-activity-7221911632501731330-4xog?utm_source=share&utm_medium=member_desktop https://www.ubicloud.com/blog/difference-between-running-postgres-for-yourself-and-for-others https://www.bloomberg.com/news/articles/2024-07-23/cyber-firm-wiz-rejects-alphabet-s-23-billion-offer-seeks-ipo https://fakemail.stream/ https://lokal.so/ https://github.com/ivbeg/awesome-status-pages https://www.techtarget.com/whatis/feature/Explaining-the-largest-IT-outage-in-history-and-whats-next https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/ https://x.com/George_Kurtz/status/1814235001745027317 https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/ https://github.com/orgs/github/projects/4247/views/1?filterQuery=is%3Aopen+-status%3A%22Q4+2022+%E2%80%93+Oct-Dec%22%2C%22Q2+2023+%E2%80%93+Apr-Jun%22%2C%22Q3+2023+%E2%80%93+Jul-Sep%22%2C%22Q4+2023+%E2%80%93+Oct-Dec%22+label%3Aactions https://github.com/julienlevasseur/terraform-provider-uname https://aws.amazon.com/blogs/database/replace-amazon-qldb-with-amazon-aurora-postgresql-for-audit-use-cases/ https://stackoverflow.blog/2024/07/24/developers-want-more-more-more-the-2024-results-from-stack-overflow-s-annual-developer-survey/ https://www.yugabyte.com/ https://open.nytimes.com/enhancing-the-new-york-times-web-performance-with-react-18-d6f91a7c5af8 https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html#kubernetes-release-calendar https://www.vcluster.com/

@here office hours is starting in 30 minutes! Remember to post your questions here.

@Erik Osterman (Cloud Posse) I need to implement open source CI/CD tool. Can anyone recommend any good tool they use? Our projects are non-containerized. The tools we are checking are:

1. https://docs.gitlab.com/ee/ci/
2. https://jenkins.io/
3. https://drone.io/
4. https://www.gocd.org/
5. https://concourse-ci.org/ Which one should we choose from above list or anyone recommend any other?

Links from today’s office hours:

https://www.theregister.com/2024/07/29/infosec_roundup/ https://github.com/sickcodes/Docker-OSX https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github https://blog.trailofbits.com/2024/07/30/our-audit-of-homebrew/ https://github.com/automq/automq https://repost.aws/questions/QUshILm0xbTjWJZSD8afYVgA/codecommit-cannot-create-a-repository https://github.com/SummitRoute/aws_breaking_changes https://github.com/giscus/giscus https://opentofu.org/blog/opentofu-1-8-0/ https://github.com/opentofu/opentofu/issues/300 https://github.blog/changelog/2024-07-25-actions-usage-metrics-is-generally-available https://siliconfolklore.com/internet-history/ https://github.com/Yelp/detect-secrets https://bitbucket.org/$org/$repo/admin/pipelines/openid-connect https://github.com/orgs/community/discussions/31132 https://www.lemonsqueezy.com/blog/stripe-acquires-lemon-squeezy https://open.spotify.com/episode/3bTJwwDWUTJxjJYBoFJVe1

Just wanted to add that the Internet was pretty clearly - at least as a side effect - designed to route around destroyed infrastructure. All in the context of the Cold War; I mean that context was all encompassing. Licklider and any “higher order” goals of the actual designers were actually extra. You don’t have to be explicitly designing around destruction through nuclear war; that was an implicit reality over decades during the conception and design of the internet even until and after TCP/IP came about in 1983. That HN article is kinda vapor in that sense, still good to try talking about history.

Vint Cerf himself:

The earliest demonstration of the triple network Internet was in July 1977. We had several people involved. In order to link a mobile packet radio in the Bay Area, Jim Mathis was driving a van on the San Francisco Bayshore Freeway with a packet radio system running on an LSI-11. This was connected to a gateway developed by .i.Internet: history of: Strazisar, Virginia; Virginia Strazisar at BBN. Ginny was monitoring the gateway and had artificially adjusted the routing in the system. It went over the Atlantic via a point-to-point satellite link to Norway and down to London, by land line, and then back through the Atlantic Packet Satellite network (SATNET) through a Single Channel Per Carrier (SCPC) system, which had ground stations in Etam, West Virginia, Goonhilly Downs England, and Tanum, Sweden. The German and Italian sites of SATNET hadn’t been hooked in yet. Ginny was responsible for gateways from packet radio to ARPANET, and from ARPANET to SATNET. Traffic passed from the mobile unit on the Packet Radio network across the ARPANET over an internal point-to-point satellite link to University College London, and then back through the SATNET into the ARPANET again, and then across the ARPANET to the USC Information Sciences Institute to one of their DEC KA-10 (ISIC) machines.

So what we were simulating was someone in a mobile battlefield environment going across a continental network, then across an intercontinental satellite network, and then back into a wireline network to a major computing resource in national headquarters. Since the Defense Department was paying for this, we were looking for demonstrations that would translate to militarily interesting scenarios. So the packets were traveling 94,000 miles round trip, as opposed to what would have been an 800-mile round trip directly on the ARPANET. We didn’t lose a bit!

https://netvalley.com/archives/mirrors/cerf-how-inet.html So Elon’s Starlink and its usage during the current Ukraine war is just another natural coming to fruition of that old plan through the way of privatization; all kick-started still during the Reagan’s Cold War years (not an Elon fan btw but still).

DevOps “Office Hours” (2024-07-31)