#office-hours (2024-09)
“Office Hours” are every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers! https://cloudposse.com/office-hours
Public “Office Hours” are held every Wednesday at 11:30 PST via Zoom. It’s open to everyone. Ask questions related to DevOps & Cloud and get answers!
https://cpco.io/slack-office-hours
Meeting password: sweetops
2024-09-04
@here office hours is starting in 30 minutes! Remember to post your questions here.
Links from today’s office hours:
https://www.elastic.co/blog/elasticsearch-is-open-source-again https://www.bleepingcomputer.com/news/security/halliburton-cyberattack-linked-to-ransomhub-ransomware-gang/ https://www.dogesec.com/blog/full_text_rss_atom_blog_feeds/ https://llmstxt.org/ https://www.infoq.com/news/2024/09/figma-ecs-kubernetes-eks/?utm_source=tldrdevops https://aws.amazon.com/about-aws/whats-new/2024/08/amazon-s3-conditional-writes/ https://aws.amazon.com/about-aws/whats-new/2024/09/amazon-dynamodb-attribute-based-access-control/ https://repost.aws/articles/ARZy0AK1RZSLSL7wKU8SmO9g/a-first-look-at-aws-cloudformation-iac-generator https://aws.amazon.com/about-aws/whats-new/2024/08/cloudformation-resource-discovery-template-review-iac-generator/ https://github.com/opentofu/opentofu/blob/main/TSC_SUMMARY.md#sanctions-russia-vs-registry-access https://forums.docker.com/t/docker-hub-is-not-accessible-from-russia/141678/12 https://github.com/opentofu/registry/pull/824 https://github.com/yandex-cloud/terraform-provider-yandex/issues/258#issue-1234059608 https://github.com/opentofu/opentofu/releases/tag/v1.8.0-alpha1 https://www.freshrss.org/ https://github.com/muchdogesec/history4feed https://www.arl.org/blog/training-generative-ai-models-on-copyrighted-works-is-fair-use/ https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set.html https://medium.com/@joachim8675309/devops-concepts-snowflake-vs-phoenix-845e56006ccc https://masterpoint.io/updates/passing-on-crossplane/ https://www.vcluster.com/
2024-09-05
looks interesting
2024-09-11
@here office hours is starting in 30 minutes! Remember to post your questions here.
Is this some kind of meeting?
Hey guys, I sent in an request to connect to future meetings, please approve me)
I can introduce myself, I’m a DevOps engineer and I’m currently looking for ways to lighten our infrastructure built on terraform/terragrunt. My website with contacts: https://d3vops.us
Sorry, just saw this
You might have joined an old meeting link
Have you registered at cloudposse.com/office-hours
I sent in an new request to connect
Let me know if you don’t get it
I got it, thatnx!
Links from today’s office hours:
https://github.com/aws/amazon-ecs-cli https://www.law.com/therecorder/2024/08/07/red-hat-files-complaint-to-counter-patent-cases-against-ibm-hp-google-amazon/ https://search.opentofu.org/ https://www.pulumi.com/blog/any-terraform-provider/?utm_campaign=blog&utm_content=305906828&utm_medium=social&utm_source=twitter&hss_channel=tw-837770064870817792 https://github.com/opentofu/registry/issues/920 https://arstechnica.com/tech-policy/2013/07/the-webs-longest-nightmare-ends-eolas-patents-are-dead-on-appeal/ https://github.com/opentofu/opentofu/issues/741 https://log.martinatkins.me/2024/05/22/terraform-ephemeral-values/ https://cloudtrail-events-react.pages.dev/ https://reclaim-the-stack.com/ https://github.com/stacklok/minder https://github.com/stacklok/minder-rules-and-profiles/tree/main https://github.com/stacklok/minder-rules-and-profiles/blob/main/rule-types/github/scorecard_enabled.yaml https://aws.permissions.cloud/ https://aws.permissions.cloud/iam/ce https://netflixtechblog.com/noisy-neighbor-detection-with-ebpf-64b1f4b3bbdd https://github.com/hamzabouissi/fissaa https://www.waypointproject.io/ https://dagger.io/ https://garden.io/ https://discuss.hashicorp.com/t/refresh-state-after-apply-recommendations-best-practices/34354/3 https://registry.terraform.io/providers/hashicorp/awscc/latest
2024-09-12
So I went to ChatGPT, and asked some questions about concepts I wanted to do, and wow, it is so clear. Questions for concepts I would ask are:
- In DevOps, what’s pets vs cattle
- In DevOps, what’s bake vs fry
- In DevOps, what’s snowflake server vs phoenix server
- In DevOps, what’s service discovery vs change configuration In the later, it actually got stuff right. For SD, it mentioned consul, etcd, and kubernetes built-in w kube-proxy, and it also for change configuration, mentioned Puppet, Ansible, and Terraform.
the last post is not public accessible
Does it work now?
yeah, it does, thanks
2024-09-13
2024-09-14
2024-09-15
2024-09-17
Might not make the meeting but for this week… https://blog.kubecost.com/blog/ibm-acquisition-announcement/
2024-09-18
Does anyone have favorite sources for incident recaps? I enjoy reading the GitHub blog and Google status page but curious where others like!
@here office hours is starting in 30 minutes! Remember to post your questions here.
The Secrets store csi driver works very well for those with hashicorp vault in their environment https://secrets-store-csi-driver.sigs.k8s.io/ (it supports aws/azure/vault providers)
Links from today’s office hours:
https://github.com/aws/amazon-ecs-cli https://prometheus.io/blog/2024/09/11/prometheus-3-beta/ https://github.com/noperator/sol https://blog.kubecost.com/blog/ibm-acquisition-announcement/ https://docs.cloudposse.com/layers/eks/design-decisions/decide-on-secrets-management-for-eks/ https://docs.cloudposse.com/layers/github-actions/design-decisions/decide-on-self-hosted-runner-architecture/ https://coolaj86.com/articles/vanilla-devops-git-credentials-cheatsheet/ https://serverlessca.com/ https://cyberinsider.com/20-domain-purchase-exposed-mobis-critical-security-flaw/ https://medium.com/@KevsAlex/interpreting-terraform-plan-outputs-with-the-help-of-an-llm-8f9824c63ecd https://medium.com/@williamwarley/harnessing-apache-mesos-and-marathon-a-practical-deployment-guide-on-vmware-and-aws-4919d95ffaf7 https://github.com/bitnami-labs/sealed-secrets
2024-09-20
I’ve requested an invite to the Office Hours call a few times, but never seem to get an invite sent. Any suggestions on what I should do?
I’ll reach out in DM
Interesting… Should there be a link or something that allows me to join office hours live?
Yep, once you receive the invite there will be a Zoom link you can use to join
2024-09-22
Super interesting vulnerability discovery that allows remote code execution without any interaction for the Arc Browser: https://kibty.town/blog/arc/
2024-09-23
2024-09-24
| [Best Secrets Management Strategy For EKS | Cloud Posse Explains](https://www.youtube.com/watch?v=xvZj9KYsLOU) |
2024-09-25
| [Avoid Platform Fees While Running CI Jobs | Cloud Posse Explains](https://www.youtube.com/watch?v=DnT_yHmKIac) |
@here office hours is starting in 30 minutes! Remember to post your questions here.
Links from today’s office hours:
https://tanka.dev/ https://github.com/octo-sts/app https://www.linkedin.com/posts/navam-w_today-marks-the-end-of-my-eight-year-journey-ugcPost-7244028270067798018-A-Wd?utm_source=share&utm_medium=member_desktop https://kibty.town/blog/arc/ https://www.theregister.com/2024/09/18/open_source_maintainers_underpaid/ https://grafana.com/oss/oncall/ https://www.theregister.com/2024/09/19/kelsey_hightower_civo/ https://www.bleepingcomputer.com/news/security/clever-github-scanner-campaign-abusing-repos-to-push-malware/ https://stack-auth.com/ https://github.com/cmackenzie1/tfstate-worker https://www.zdnet.com/home-and-office/work-life/a-catastrophic-browser-flaw-is-patched-almost-immediately-heres-how/ https://support.atlassian.com/jira-service-management-cloud/docs/start-shifting-from-opsgenie-to-jira-service-management/ https://github.com/cloudposse/helmfiles/blob/b6f6066af5f0fda0fc7dce2e7c0ce28d438b4c26/deprecated/portal.yaml#L138 https://github.com/ory/oathkeeper https://www.pomerium.com/ https://pidgin.im/plugins/?publisher=all&query=&type=
This looks interesting. I will check it out. Also want to find about importing current infra to the tool
Ah did I miss a conversation on this one in yesterday’s office hours? Did anyone have real-life experience of using it yet?
I’ve been hearing about System Initiative for years so I’m glad to see it finally be GA. No experience using it but the buzz has me curious. Looking forward to getting hands on and hearing how other folks fare with testing….and maybe even production deployments!?
2024-09-26
In another slack i commented…
that’s crazy. its another “we made open source and now we’re mad other companies are making money from it” situation.
I mean, I would hope WPEngine would give something back to the code base but, are they legally required to? Is this the beginning of the end of open source WordPress?
Oddly enough, over the past few months I’ve been slowly converting several old WP sites to statics sites on GitHub pages and Netlify. I’m using GCP buckets to serve the images. Its working pretty well.
WP uses GPLv2, https://en-ca.wordpress.org/about/license/, but seems WordPress.org does have right to do so, which is not related to the license
it is only for WP Engine, https://wordpress.org/news/2024/09/wp-engine/
Ah, so you’re saying, based on the license and the change to revisions, that WP Engine is a derivative work and should be licensed and/or treated differently?
no, I meant to say the license do nothing about the dispute between 2 parties, the best way is thru the lawsuit as WP org does
got it.
you are wise to convert WP as early as possible for there are so many backdoors in it
Main reason why i am converting! I was really active on deploying WP in 2008 - 2019. Then got away from the sites during pandemic. Taking a look at them now, they are all filled with malware. Some really hacky, crazy stuff redirecting site visitors to XXX sites and scammy stuff.
So I turned off all plugins and themes and then scoured the host service for all the hacky PHP files hanging around. Its a mess. I’m resigned to just taking the WP hosting offline and going static.
We recently launched our site on wordpress. We keep our plugins/etc. up to date. We also use WP Engine so i’m curious to see what a cluster f’ this turns into for us. Fortunately we have a company that manages our wordpress site for us and they are likely going to handle the manual updates for us.
RE: Security. My understand of wordpress is that if you go into the ecosystem you just have to keep it up to date. I suspect the ones that get hacked don’t do this at all.
RE: Security. My understand of wordpress is that if you go into the ecosystem you just have to keep it up to date. I suspect the ones that get hacked don’t do this at all. not in all cases.
In my case, i was updating diligently, even though i was not actively adding to or developing the site. After analyzing my case, its likely my shared VPS was affected and hackers came over from one of my neighbors. They found the WordPress sights and started dropping malware. That is, I have static sites hosted there and none of them were affected. Only the sites that run PHP apps, specifically the WordPress sites.
That would be a KVM/Hypervisor level hack, no?
No clue. I also suspect a bad/hacked plugin that allowed system access on in my home dir on the VPS.
One of the things that caught be off guard, is the spammy stuff installed as a plugin with a valid looking name or was not listed altogether. so when i logged in and updated, i would just update the base WP and any plugins that asked for it.
After folks reported the malware, I started looking at the home dir and found lots of cruft (that i didn’t create/install).