Technology Short Take 106
Published on 9 Nov 2018 · Filed in Information · 793 words (estimated 4 minutes to read)Welcome to Technology Short Take #106! It’s been quite a while (over a month) since the last Tech Short Take, as this one kept getting pushed back. Sorry about that, folks! Hopefully I’ve still managed to find useful and helpful links to include below. Enjoy!
Networking
- Julia Evans provides some Envoy basics. Envoy is a useful project with which to be familiar; it serves as the data plane for the Istio service mesh, and it is the data plane for Heptio’s Contour ingress controller (and, by extension, Heptio’s Gimbal multi-cluster routing solution).
- Continuing on that Envoy theme, you may find this article by Matt Klein—one of the primary authors of Envoy—helpful in understanding some of the concepts behind modern load balancing and proxying. Many of these concepts had direct impacts on the design of Envoy.
Servers/Hardware
- The Intel Management Engine (ME) has received a bit of attention as a potential security vulnerability; in this article, authors Maxim Goryachy and Mark Ermolov expose some new concerns around the Intel ME and its undocumented Manufacturing Mode.
- Serve The Home takes a critical look at the Bloomberg Supermicro stories, debunking or at least calling into question many details of the alleged hardware hack as reported by Bloomberg.
Security
- From an unknown author, we have this security rant on Flatpak.
- Google’s Project Zero team posted an update on finding and exploiting Safari bugs using publicly available tools.
- This page has a list of ways to exploit (or hack) macOS. I share this not to encourage illegal activities, but instead to point out that no operating system is secure, so be alert at all times and use good computing practices regardless of your OS.
- Björn Wenzel shows how to use HashiCorp Vault to generate short-lived certificates for use with
kubectlfor managing/interacting with a Kubernetes cluster. This is a pretty neat idea, but keep in mind you also have the “overhead” of managing a Vault installation (which has its own set of challenges).
Cloud Computing/Cloud Management
- Ric Harvey shows how to automatically deploy Hugo updates using AWS CodeBuild. This is something I’ve been considering for my own site, but just haven’t taken the time to really dig in. Thanks for (potentially) saving me some time, Ric!
- If you use the AWS CLI but haven’t read this post by Eric Hammond yet, you are doing yourself a disservice.
- Maish Saidel-Keesing examines the design trade-offs for NAT gateways versus AWS PrivateLink.
- I, for one, was very glad to see this. Non-code contributions are, in my opinion, an important but oft-overlooked aspect of open source communities.
- Clement Pang, co-founder and Chief Architect of Wavefront, talks about building a highly-available service.
- Dušan Šušic has a write-up on using Traefik as a Kubernetes ingress controller.
- Fellow VMware alum Steve Flanders has a write-up on running Kubernetes locally (on a Mac). Steve also shares what he thinks are some must-have tools for Kubernetes.
- Steven Acreman shares a brief, high-level comparison of the major Kubernetes ingress solutions.
- I enjoy Michael Hausenblas’ “appops reloaded” posts, which are similar to my Tech Short Takes but more tightly focused on cloud-native stuff. He recently hit post number 100 in the series. Good stuff!
Operating Systems/Applications
- Denzil Ferreira shares some experiences with the Microsoft Surface Pro 4 and Fedora 28. The “TL;DR” is that it works, but there’s a fair amount of effort involved to get there.
- This got a fair amount of attention recently.
- Ed Haletky shares his experience in migrating to a new MacBook Pro; perhaps some of the information he shares will be helpful to others.
- Daniele Polencic shares 3 tricks for smaller Docker images. The title is a bit misleading; the article is really more about using different base images to optimize for size. Useful nevertheless, though.
- I loved this set of Bash tips.
- Andrej Yemelianov has a quick introduction to managing containers in
runC.
Storage
Nothing this time around, but I’ll stay alert for items I can include in the next Technology Short Take.
Virtualization
- In August of this year (2018), SSD published this article on a guest-to-host escape found in VirtualBox. It looks like the VirtualBox community fixed the issue fairly quickly, but you may want to double-check your version to make sure you aren’t vulnerable.
Career/Soft Skills
- Consider this to be a career skills “anti-pattern,” if you will (a list of things not to do or be).
- Nick Shrock provides some guidelines and advice on performing code reviews.
OK, that’s all I have for now. Question for the readers (we’ll see how many of you make it this far)—which is better for you, regular Tech Short Takes that might be shorter or Tech Short Takes about this length (~30-ish links) but less frequently? Hit me on Twitter and let me know. Thanks!