134: Kubernetes Security, multicloud marvels, BGP bungle, Bill’s biggest blunder, Big Blue blows through EU, Big Red roiling JEDI requisition, and more

Your subscription could not be saved. Please try again. Your subscription has been successful. Enter your email SUBSCRIBE

I spent a lot of time this week struggling with an odd problem. How do you make a multicloud platform without having to do a ton of work? I was trying to figure out why it’s so damn hard to get a multicloud platform going. People want this for various reasons but, struggle with it. Why? What was I trying to do? Host the DevOps’ish web site where it was less likely to be blocked based on a visitor’s geography.

The idea was if someone were in Hong Kong they’d hit a bucket in Alibaba Cloud. The US and Europe would likely draw from Google Cloud Storage. Everywhere else was going to fall to the algorithms. Turns out Route53 doesn’t let you route traffic based on geography to anything outside of AWS. Same for Google’s Cloud DNS. Digital Ocean spaces aren’t quite ready for prime time yet either.

Folks have to pick a cloud or build a platform across them. This is why Kubernetes is such a big deal. This is why Google’s dominance in the Kubernetes space matters so much. No one is going to be able to work a cloud providers primitives into the ANYCAST hybrid multicloud of their dreams. But if something is built on top of the primitives magic might be possible. For now, though, I’m using Google Cloud CDN. At least it’s not blocked in most places. Turns out there are some handy sites for testing a domain’s accessibility in other nations:

2019 State of Multicloud

A Report on the Underlying Dynamics Fueling Multicloud Strategies. Download Today! SPONSORED

DevOps’ish Last Week’s Top Five

People

Bill Gates on making “one of the greatest mistakes of all time” — “You know, in the software world, in particular for platforms, these are winner-take-all markets. So, you know, the greatest mistake ever is the whatever mismanagement I engaged in that caused Microsoft not to be what Android is, [meaning] Android is the standard non-Apple phone form platform. That was a natural thing for Microsoft to win.”

Without Any Warrants, CBP Searched My Devices at the Airport — Pretty disturbing country I’m living in these days.

How I use Slack—alone—to get more done — How Owen Williams gets less email with Slack. The Asana, Twitter, Google Calendar, and Google Drive Slack integrations are crucial to my work productivity. I am considering a similar setup to Owen because it would save me a ton of time.

I spend too much time in Zoom… — Joe Beda takes nerd to the next level.

I care about Ansible — Debatable. In my opinion, if someone cares about Ansible they wouldn’t berate Ansible team members publicly. Nor would they heckle them at conferences, ever. That’s bare minimum civility, in my opinion. Any project matters WAY less than the people that keep it afloat. All the pull requests in the world don’t matter if no one is there to merge them.

He Cyberstalked Teen Girls for Years—Then They Fought Back — This is some really vile stuff. Eight years in prison doesn’t seem like enough.

Command Line Heroes: Season 3: Python’s Tale — ”In this episode, Emily Morehouse makes the connection between Python’s technical extensibility and its inclusive community. Michael Kennedy explains how Python is both easy to learn and powerful enough to build YouTube and Instagram. And Diane Mueller highlights how the Python community took the lead on so many inclusive practices that are spreading in tech—including the rise of community-led decision-making.”

DevOps’ish Telegram — Join the 300+ DevOps, Kubernetes, SRE, and other technology professionals discussing real-world problems, breaking technology events and outages, and the occasional Spotify playlist. DevOps’ish Code of Conduct applies.

Process

New Kubernetes command-line flaw discovered — ”Latest kubectl vulnerability linked to incomplete patch of previous flaw discovered in March.” Oops… This was discovered by Charles Holmes as part of a CNCF-sponsored security audit.

Joint Chiefs CIO on JEDI: ‘Our warfighters need this capability now’ — Oracle is essentially tying the hands of US warfighters at this point. The DOD has done this to themselves though for having an acquisition process as convoluted as they do. But, I question whether Oracle really has a leg to stand on here technologically.

BGP super-blunder: How Verizon today sparked a ‘cascading catastrophic failure’ that knackered Cloudflare, Amazon, etc — ”Verizon sent a big chunk of the internet down a black hole… after it wrongly accepted a network misconfiguration from a small ISP in Pennsylvania, USA.” Verizon needs to be broken up. They’re so big they can’t manage their networks now. One of the worst outages I ever experienced was at Bankrate. Our site was down hard most of a long Independence Day weekend. Why? A faulty node someone in Verizon’s network that Fastly ended up identifying and routing around. I bought Fastly employees drinks whenever I saw them that year.

How Verizon and a BGP Optimizer Knocked Large Parts of the Internet Offline Today — “This should never have happened because Verizon should never have forwarded those routes to the rest of the Internet. To understand why, read on.”

What 36,000 OSS Projects and 12,000 Commercial Dev Teams Taught Us About Secure Coding Practices — Sonatype’s 2019 State of the Software Supply Chain report is now available.

Kubernetes Security Myths Debunked — Some really good tips for making containers and Kubernetes security.

How SRE teams are organized, and how to get started — It’s not a Deloitte or Accenture ratio of lines of code to the number of people. SRE is a process that when considered will help figure out what it’s going to take to get to the desired outcome. Now, with that being said, calculus is hard.

CVE-less vulnerabilities — ”The sheer number of bugs being reported is overwhelming many (most?) free-software projects, which simply do not have enough eyeballs to fix, or even triage, many of the reports they receive. A discussion about that is currently playing out on the oss-security mailing list.”

Pillaging The Jenkins Treasure Chest — “Jenkins tends to be a treasure trove of information in certain organizations, and it’s all too easy for a developer or operations team to leave something behind ‘just to get things done’.”

What is DevOps — “DevOps is the professional practice of frequent, continued, and iterative improvements through measurable changes, the goal of which is to become a high-velocity organization thus improving business outcomes.”

European Commission - PRESS RELEASES - Press release - Mergers: Commission approves acquisition of Red Hat by IBM — Only a handful of approvals left. I’ll still be a Red Hat employee when the deal closes so 😛😛😛.

Introducing Waxosuit — ”I didn’t want my development teams to have to re-write, copy/paste, or cargo cult stale implementations of NFRs for things like logging, tracing, contextual tracing (e.g. OpenTracing/Jaeger), Application Performance Monitoring (APM), health checking (e.g. live/readiness probes), message broker client wrappers, key-value store client wrappers, HTTP server endpoint wrappers, and so on.”

A deep dive into Linux namespaces — ”In this series of posts we will look closely at one of the main ingredients in a container - Namespaces”

Raspberry Pi 4 on sale now from $35 — A $55 (USD) version is available with 4 GB of RAM. This is a full computer now for a lot of folks. I can’t believe how far this platform has come.

The Raspberry Pi 4 launch site runs on a Pi 4 cluster — ”The launch site for the Raspberry Pi 4 Model B is mostly running on a cluster of 18 of the little devices themselves. Fourteen handle PHP code execution, two serve static files, and two run memcached.” But, they’re using Cloudflare and an external database. I mean, I/O would be a nightmare.

New property of light discovered — ”researchers have found that light can also be twisted, a property called angular momentum. Beams with highly structured angular momentum are said to have orbital angular momentum (OAM), and are called vortex beams.” This could potentially be an evolutionary step in communications.

The in and outs of Microsoft’s new Windows Terminal — Handy features in the Store applications, but the underlying infrastructure changes matter more

After 4 years with nginx, we switched to Caddy - Here is why

Security Crawl Maze: An Open Source Tool to Test Web Security Crawlers — ”Security Crawl Maze is a simple Python application built with the Flask framework that contains a wide variety of cases for ways in which a web based application can link other resources on the Web.”

2001: Linux is cancer, says Microsoft. 2019: Hey friends, ah, can we join the official linux-distros mailing list, plz? — I know for a fact Microsoft was a little late to the party on a major Kubernetes vulnerability in the past year because they didn’t have solid representation on this list. This is a good thing for everyone in the end.

Proposal: leave “if err != nil” alone? · Issue #32825 · golang/go

chrisshort/homebrew — Yep. The Linux version of the venerable homebrew for Mac in a ubi8 container. Why? Well… Long story. It’s not perfect but it’ll do.

google/ko — Build and deploy Go applications on Kubernetes

alexrs/mobile-devops — A curated list of resources for mobile devops, including blog posts and talks about tooling and infrastructure for mobile apps

DevOps’ish Tweet of the Week

Success in a whiteboard coding interview has little correlation to your ability as a developer. The problems are designed to test problem-solving skills, not practical skills you might need on the job. Is anyone actually good at these types of interviews? 🙅‍♀️ — Emma Bostian 🐞 (@EmmaBostian) June 29, 2019

Notes from this week’s issue can be found here.

Sponsor DevOps'ish and put your brand in front of thousands of highly skilled operators, maintainers, developers, and leaders from Amazon, Apple, Google, IBM, Intel, Microsoft, Red Hat, many of the Fortune 100, and beyond. Download the DevOps'ish Sponsorship Prospectus now!

Join the Conversation

Join the DevOps'ish group on Telegram for insight and in-depth discussions about real technical challenges facing real people. Also, join //devopsish for a stream of news and content throughout the week.