#random (2018-07)
Non-work banter and water cooler conversation
A place for non-work-related flimflam, faffing, hodge-podge or jibber-jabber you’d prefer to keep out of more focused work-related channels.
Archive: https://archive.sweetops.com/random/
2018-07-13
On July 12th, 2018, an attacker compromised the npm account of an ESLint maintainer and published malicious versions of the eslint-scope and eslint-config-eslint packages to the npm registry. On installation, the malicious packages downloaded and executed code from pastebin.com which sent the contents of the user’s .npmrc file to the attacker. An .npmrc file typically contains access tokens for publishing to npm.
Scope of this could be much, much larger
As many npm module repos could now be compromised
Scary
npm has revoked all access tokens issued before 2018-07-12 12:30 UTC. As a result, all access tokens compromised by this attack should no longer be usable.
Thank god
I signed our cloudposse team up for it! Thanks for sharing.
@Daren @dave.yu @Max Moon @Jeremy G (Cloud Posse) check this out!
On neat
We also use http://ptsochantaris.github.io/trailer/
Hah! Was just about to share
I end up drowning in trailer. Also, doesn’t work as well if you use 2 laptops (home and work)
nice!
Reposting: http://ptsochantaris.github.io/trailer/
These PR stats in “pullreminder” are nice
@Erik Osterman (Cloud Posse) uploaded a file: image.png
@Erik Osterman (Cloud Posse) uploaded a file: Pasted image at 2018-07-13, 4:11 PM
@Erik Osterman (Cloud Posse) uploaded a file: Pasted image at 2018-07-13, 4:11 PM
@Erik Osterman (Cloud Posse) uploaded a file: Pasted image at 2018-07-13, 4:13 PM
@Daren :point_up: you don’t get this with trailer
@Erik Osterman (Cloud Posse) uploaded a file: image.png
2018-07-20
I need to have more of us know about this app: https://github.com/nvbn/thefuck/blob/master/README.md
Also, this tool for ecs deployments. https://getmu.io/ which i would like to test and compare to doing it all in terraform.
oh ya i use to use thefuck lol
now i do more screensharing with clients though
maybe i could start again and alias it lol
hehe
change it to “please”
Also, has anyone used weaveworks?
it’s one of the standard network drivers for kubernetes
but haven’t considered it for ECS
@jamie what’s the driver for you?
As in what motivates me? Or what network mesh am I currently using? Or why am I looking at weave for ecs?
what problem are you looking to solve by adding weave into the mix?
mu looks pretty would like a primer on how to best leverage it in combination with terraform
Weave Net simplifies by handling service discovery and load balancing for you.
not problems we are currently facing
I haven’t had a need or a problem to use weave for. But I wanted to get on to using it as my project scopes are becoming larger
Weave Net supports other use cases, which include transparent cross-region connectivity, cross-cloud, and multicast.
sounds more interesting
but no project scope large enough
I had thought in the past it might be the bridge between onsite development environments and the hosted resources
That could be used in a way as if they were local
Sandboxes dev environments with debugging and tracing capacity that allow high pace of change and testing locally without having to push to git or start a pipeline is a common requirement
kuberentes has this: https://www.telepresence.io/
And sometimes you can just use offline versions of technologies, like dynamodb and sns etc
which is kind of like what you say
have you seen this project? it’s sweet
Oh that’s nice
I haven’t
I am wanting something for serverless dev too
you deploy a service in your cluster that identifies itself as the service you need
but then it creates a reverse proxy tunnel back to your laptop
that way you can develop locally, but other services in the cluster talk to it as though it were natively running in kubernetes
Do we (the cloudposse massive) have an awesome-xyz style key reading/tools/reference page?
Kind of
Sec
Also, not sure if you’ve seen our massive glossary. https://github.com/cloudposse/docs/tree/master/content/glossary
This automatically highlights terms across the site
Our tools page is currently focused on what we use. We could add a page like awesome though
Hi all! What’s the best channel to post a question about an issue I have with one of your modules? Thank you!
hey! thanks for asking
2018-07-23
2018-07-25
One of my clients wants to hire me, but I’m moving out of London in 5 months plus I’m employed. So it won’t work. If there are any freelancers that are aws skilled, Terraform, dev team management background peeps on here in London… let me know and I’ll put you forward. :)
interesting article about using separate AWS accounts https://hackernoon.com/managing-seperate-aws-accounts-iam-deployments-e7e3ca038d53
2018-07-26
@Andriy Knysh (Cloud Posse) tl;dr is that covering orgs?
Orgs are probably my favorite feature right now
Quality lesson about security happening with LifeLock right now
If you haven’t caught the news, I’m sure it’ll be coming up soon.
Lesson learned: you can have the most bad ass cloud security, but things still happen.
Oh wow
Reading about it now
yeah, leanring more about it today
Apparently the guy told us, we dropped that part of the site ( yeah for microservices ) pushed a patch and fixed the problem
IMHO, that’s about the best outcome you could ask for
yea, it’s bad for LifeLock
what I learned some time ago is that using integers on URLs as IDs is a very bad idea
use GUIDs
@krogebry Org is just metadata on top of the root account. The article confirms what we’ve been doing - use separate AWS accounts for more security and control
Used orgs with a client with something like 5 accounts for security, like you say
The neat thing was that we could just switch between accounts without having to relog
i agree
it’s more complicated to setup and provision, but you get a lot of benefits from it
R.I.P. stride
I am elated that I won’t have to join anymore Hipchat or stride teams
lol
hipchat left a lot to be desired. do not miss it.
never tried stride.
Seriously thought that was an onion article at first
HAHA yea, me too. I had to reread it to make sure it said what I thought it said.
This is the 2018 followup based on the original Google SRE book
2018-07-27
the SRE book is also free to read online right now https://landing.google.com/sre/book.html
Is that “y’all suck so bad we’re giving this to you free” or “we love the community so much we want to help make it better” ?
i think it’s Attention Deficit Disorder - nobody will read a 500-page book these days
Lol it’s good stuff, but pretty dense
Btw, we have our own former Google SRE here 
@tamsky
ohh nice
I read the book
Had some dry parts for sure, but plenty of usable snippets to pull out as justification for removing the gun from a clients own foot
2018-07-30
Hi all! Let me introduce myself. I’m super interested in the intersection of Dev, Devops, and Quality. I’m a proponent of containers, Kubernetes, Terraform, and feedback loops. I worked with Erik briefly a couple years back, thanks for inviting me!
I twit err tweet at johntellsall ; blog at <http://johntellsall.com>
Welcome @johntellsall! Glad to have you onboard
Too bad not terraform modules!
But it does support submodules and docker!
@Max Moon pretty cool way to keep your geodesic account modules up to date
yaaaaaassssss!
Upvote!
I highly recommend dependabot - the dev is also super responsive, and overall seems like a great person
sweet
I’m really liking it so far.
That’s some sexy ascii work right there
Yea, seriously
I want this for kube
Hey everyone! I’m a DevOps enthusiast from Chile, looking to learn/improve as a SRE and hopefully contribute as well. Nice to be here, and thanks for the invite @Erik Osterman (Cloud Posse)
1
welcome @fernando! thanks for the contributions to our projects
Moving to #terraform
2018-07-31
Hi Fellas, I’m in the process of discovery / audit with a new customer. 12factor is a great reference here, but I’m wondering if there are other reference materials which can be used to audit.
AWS Well-Architected Framework
CIS Foundations Framework
Dockerfile Best Practices (by docker)
(slack “All Unreads”)
“Sorted scientifically” must be the best sort order label I’ve seen. Gave me a good laugh.