Newsletter of Carlos Santana — Issue #27

News

How to Make Package Signing Usefulblog.chainguard.dev
The Case for Farm-to-Table Package SigningThe benefits and limitations of signing an open source package–using a private key to create a unique digital signature–are a surprisingly contentious topic. One of the maintainers associated with the Python Package Index maintainer has a cogent blog post called “Why Package Signing

Shades of DevOps — Related Job titleswww.jedi.be
A quick overview of the titles/roles use to related to devops related subject matter experts. I will stick with my definition of devops regardless of job title: Dev(sec)Ops: everything you do to overcome the friction created by silos … All the rest is plain engineering

Scaling Kubernetes to Over 4k Nodes and 200k Pods | by Abdul Qadeer | The PayPal Technology Blog | Jan, 2022 | Mediummedium.com
At PayPal, we recently started testing the waters with Kubernetes. A majority of our workloads run on Apache Mesos, and as part of this migration, we needed to understand several performance aspects…

Amazon more than doubles max base pay to $350k for corporate and tech workers, citing labor market — GeekWirewww.geekwire.com
Amazon will boost its maximum base pay to $350,000 for corporate and tech employees, from $160,000 previously, as part of an overall increase in total…

A modern toolkit to start working with container images on macOS that meets your needs without requiring Docker Desktop medium.com
Most of us stepped into the containerization world with Docker. So, we’ll always be grateful to Docker for that. But, to be honest, even we’re working with Docker, we know that it is not the only…

CNCF Annual Survey 2021 | Cloud Native Computing Foundationwww.cncf.io
Featuring production data and insights from Datadog, New Relic, and SlashData download report View the complete raw data on GitHub Are you a CNCF member with in…

A decade of major cache incidents at Twitter

PodSecurityPolicy is dead. Long live…? | Appvia.iowww.appvia.io
PodSecurityPolicy is being deprecated. Find out what replaces it and how to migrate with our online free tool

DSHR’s Blog: EE380 Talkblog.dshr.org
I was asked at short notice to fill in for a speaker in Stanford’s EE380 course who had to cancel. Below the fold is a hastily updated vers…

The Top 7 Open Source Tools for Securing Your Kubernetes Clustermattermost.com
This article from the Mattermost community explores how to secure production Kubernetes clusters with the help of open source tools.

OCI Artifacts Explained. Are they real? Kind of! | by Dan Lorenc | Mediumdlorenc.medium.com
The OCI (Open Containers Initiative) manages a few specifications and projects related to the storage, distribution, and execution of container images. If you’ve ever run a docker container, you’ve…

CNCF Sees Record Kubernetes and Container Adoption in 2021 Cloud Native Survey | Cloud Native Computing Foundationwww.cncf.io
Record number of organizations are using or evaluating Kubernetes as the technology goes mainstream and users start to move up the stack SAN FRANCISCO, Calif.

Falco 0.31.0 a.k.a. “the Gyrfalcon” | Falco

falco.org

Falco 0.31.0 finally ships with the brand new plugin system 🎉

BeyondCorp is dead, long live BeyondCorp

mayakaczorowski.com
No organization has successfully implemented a fully zero trust architecture. Many proponents of zero trust, including the US government, have ignored device…

Connecting Go Profiling With Tracing · Felix Geisendörfer

felixge.de

Profiling Improvements in Go 1.18

SLOConf — Service Level Objective Conference

www.sloconf.com
The first Service Level Objective Conference for Site Reliability Engineers

Detecting a Container Escape with Cilium and eBPFisovalent.com
Learn how to use Isovalent Cilium Enterprise observability to detect container escapes

Prodspec and Annealing | USENIXwww.usenix.org

focus on the state you want to reach. Instead of maintaining step-by-step workflows

IPVS-Based In-Cluster Load Balancing Deep Dive | Kubernetes

kubernetes.io
Author: Jun Du(Huawei), Haibin Xie(Huawei), Wei Liang(Huawei) Editor’s note: this post is part of a series of in-depth articles on what’s new in Kubernetes 1.11 Introduction Per the Kubernetes 1.11 release blog post , we announced that IPVS-Based In-Cluster Service Load Balancing graduates to General Availability. In this blog, we will take you through a deep dive of the feature. What Is IPVS? IPVS (IP Virtual Server) is built on top of the Netfilter and implements transport-layer load balancing as part of the Linux kernel.

Zanzibar Implementations

authzed.com
Reviewing the current landscape of Zanzibar implementations.

Crypto, NFTs, and sports betting: Money is now a hobby — Voxwww.vox.com
Why (mostly) 20- and 30-something dudes made crypto and sports betting their personality.

Assets

GitHub — sbstp/kubie: A more powerful alternative to kubectx and kubensgithub.com
A more powerful alternative to kubectx and kubens. Contribute to sbstp/kubie development by creating an account on GitHub.

GitHub — apiaryio/curl-trace-parser: Parser for output from Curl — trace optiongithub.com
Parser for output from Curl — trace option. Contribute to apiaryio/curl-trace-parser development by creating an account on GitHub.

GitHub — ruoshan/autoportforward: Bidirectional port-forwarding for docker, podman and kubernetesgithub.com
Bidirectional port-forwarding for docker, podman and kubernetes — GitHub — ruoshan/autoportforward: Bidirectional port-forwarding for docker, podman and kubernetes

GitHub — kameshsampath/kluster: Tool to run local k3s clusters backed by multipass vmsgithub.com
Tool to run local k3s clusters backed by multipass vms — GitHub — kameshsampath/kluster: Tool to run local k3s clusters backed by multipass vms

GitHub — anchore/grype: A vulnerability scanner for container images and filesystemsgithub.com
A vulnerability scanner for container images and filesystems — GitHub — anchore/grype: A vulnerability scanner for container images and filesystems

Skills

Comparing kube-proxy modes: iptables or IPVS?

www.tigera.io

Performance Comparison

What is MicroK8s?

www.youtube.com
K3s, Kind, Minikube, VM’s with Kubespray… why MicroK8s? What makes it interesting and unique to me? In this video, I’ll show off three killer features that…

CORS is not meant to secure an API endpoint

nikofischer.com
A few days ago I came across this article. The author shows how to access a Drupal system in the backend with a Vue.js app. For authentication he uses an API key — and I find that dangerous. Here’s why.

HTTP/3: Everything you need to know about the next-generation web protocol | The Daily Swigportswigger.net
QUIC march

Kubernetes and Checkpoint Restore — Adrian Reber, Red Hatwww.youtube.com
https://youtu.be/0RUDoTi-Lw4

From AWS Lambda & API Gateway To Knative & Kong API Gateway | Blogwww.pmbanugo.me
How to build a serverless function API using Knative, Kong, and kazi

Introducing the ApplicationSet Controller for Argo CD | by Jonathan West | Argo Projectblog.argoproj.io
I am excited to announce the first release of the Argo CD ApplicationSet controller, v0.1.0, releasing now alongside Argo CD v2.0! Unlike with an Argo CD Application resource, which deploys resources…

Kernel Community | Kernelkernel.community
A peer-to-peer, lifelong learning community of the most talented individuals in web3

The Work of Edward Tufte and Graphics Presswww.edwardtufte.com
Edward Tufte home page for books, posters, sculpture, fine art and one-day course: Presenting Data and Information

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store