Technology Short Take 105

 Published on 5 Oct 2018 ·  Filed in Information ·  764 words (estimated 4 minutes to read)

Welcome to Technology Short Take #105! Here’s another collection of articles and blog posts about some of the common technologies that modern IT professionals will typically encounter. I hope that something I’ve included here proves to be useful for you.

Networking

• Jon Williams discusses deploying Anycast DNS using OpenBSD and BGP.
• Brian Boucheron provides a great article on how to inspect and debug Kubernetes network primitives. The information in this article is a great foundation upon which to build, in my opinion.

Servers/Hardware

• The big news in the hardware space recently was the article regarding the purported Chinese hardware supply chain attack. This has generated a lot of discussion. First, we have Amazon’s reply, in which they categorically deny all such claims. Apple’s response similarly denies the allegations in the report. Of the (innumerable) articles commenting on the hardware hack, this article by Joe FitzPatrick and this ErrataSec article caught my eye. Both articles point out the incredible difficulty of finding such a hardware hack, and point out that exploiting software vulnerabilities would probably be a much faster/easier way to accomplish the same goal. Will we ever know the truth as to whether this actually happened? Probably not.

Security

• I suspect I’ll find myself here at some point, so Jeff Geerling’s script to get AWS STS session tokens for MFA with AWS CLI is probably going to be handy when that time comes.
• Sathyajith Bhat covers five open source tools for container security.
• Cory O’Daniel explains how to use role-based access control to assign Pod Security Policies (PSPs) to Kubernetes workloads.

Cloud Computing/Cloud Management

• I talk about Terraform a fair amount (and I use it a fair amount). Many times that’s in the context of a public cloud (since that’s where I spend most of my time), but here’s an example of using it for vSphere and OpenStack.
• Chris Herrera tackles a little bit of the “why” in this article on Kubernetes cluster design.
• Bob Killen discusses exposing StatefulSets in Kubernetes.
• Lots of folks are super-bullish on Helm, but Bartlomiej Antoniak suggests users think twice before using Helm.
• Robert Verdam has a two-part series on deploying an application to AWS with Terraform and Ansible (part 1, part 2). Of particular interest—to me, anyway—was Robert’s use of the Terraform provider+inventory script, which I’m exploring for use in some of my own projects.
• The kubespy tool, released by the Pulumi folks, looks interesting. Have a look at part 1 and part 2 of their blog posts about the CLI tool.
• Grant Orchard has a three-part series (so far) on VMware Cloud Assembly (part 1, part 2, part 3).
• The folks at Platform9 recently open-sourced a tool called etcdadm (inspired by kubeadm). The GitHub repository is here, and the blog post with the announcement is here.

Operating Systems/Applications

• Sayan Chowdhury talks about Fedora 28 AMIs gaining Elastic Network Adapter (ENA) support.
• I’ve been looking into Dropbox replacements; Syncthing is a leading candidate at the moment. Here’s an article on Syncthing that provides some basic details. If any Syncthing users have any feedback they’d like to share, hit me up on Twitter.
• This looks interesting, although I don’t (personally) have a use case just yet. It might be worth watching as eBPF grows in importance in the Linux community, though.
• I mentioned this article on Pandoc in a tweet recently. I’m a long-time Pandoc user, but I hadn’t thought/didn’t know about using the -s parameter with an external YAML file to control styling for different output formats. That’s a neat trick.
• Matthew Green rants on Chrome’s new forced login policy. I’m not a fan, either.
• Here’s a nice deep dive on Linux executables.
• I’m (increasingly) not a fan of Google services, but I thought it was interesting to find this Google Hangouts desktop client.

Storage

I don’t have anything to share this time, but I’ll stay alert for content or links to include next time.

Virtualization

• William Lam explores some of the caveats/gotchas of Nested ESXi on VMware Cloud on AWS (VMC). Some of these gotchas are fairly significant (no inter-host networking for VMs running on nested HV’s, for example).

Career/Soft Skills

• I found a couple of resources for folks interested in learning Golang. First up is this Go study group, which has both US and India meeting times. Next up is Awesome Go, which is—in the author’s words—“a curated list of awesome Go frameworks, libraries, and software.”

That’s all for this Technology Short Take. Thanks for reading! If you have questions, comments, or suggestions for improvement, feel free to contact me on Twitter. Have a great weekend!

Metadata and Navigation

 Networking  Hardware  Security  Storage  Virtualization  AWS  Kubernetes  vSphere  OpenStack  Terraform  Ansible  Linux  Fedora  CLI  BSD  Go
Previous Post: VMworld EMEA 2018 and Spousetivities
Next Post: Validating RAML Files Using Docker

Be social and share this post!