Scott's Weblog The weblog of an IT pro focusing on cloud computing, Kubernetes, Linux, containers, and networking

Technology Short Take 178

Welcome to Technology Short Take #178! This one is notably shorter than many of the Technology Short Takes I publish; I’m still trying to fine-tune my collection of RSS feeds (such a useful technology that seems to have fallen out of favor), removing inactive feeds and looking for new feeds to replace them. Regardless, I have managed to collect a few links for your reading pleasure this weekend. Enjoy!

Networking

Security

  • Matt Moore, CTO of Chainguard, goes into some detail on how Chainguard intends to honor the principles behind the CISA’s Secure by Design pledge.
  • Ars Technica examines TunnelVision, a vulnerability that has existed since 2002 and has the potential to render VPN apps useless. From my reading of the article, the greatest concern lies with untrusted networks where an attacker could manipulate things in their favor. Join that Wi-Fi network at the coffee shop at your own risk!
  • Here’s a slightly older post (March 2023) on using AppArmor to restrict app permissions, with a particular focus on containers (including Kubernetes). It’s a bit basic, but it does (in my opinion) provide some useful information.
  • Nick Frichette shares some research around using non-production AWS API endpoints as a potential attack surface.

Cloud Computing/Cloud Management

  • Yan Cui lays out how to manage Route 53 hosted zones in multi-account environments. Yan notes it’s a problem for IaC products to deal with multiple accounts. For Pulumi, at least, this isn’t typically an issue—although I haven’t tried the specific instance that Yan mentions in the article (an ACM certificate request originating in a different account than where the domain is hosted).
  • This trick for “de-Googling Google” has been making the rounds on social medial for the last few days. I haven’t personally tried it yet—have you?
  • If you’re interested in blocking the bots that various companies use to scrape your site for LLM training data, there’s some good information here.
  • Muhammad Bhatti shares some code and information for “bootstrapping” Pulumi (that is, using Pulumi to create the necessary AWS infrastructure for a self-managed backend).
  • Jacob Gillespie of Depot shares some neat tricks for making EC2 boot time 8x faster.

Operating Systems/Applications

Storage

Career/Soft Skills

That’s all for now! I sincerely hope you found something useful among these links. As always, I welcome any and all feedback; find me online and let me know what you think of this post or the site in general. I’m on Twitter, in the Fediverse, it’s not hard to locate me in any of the various Slack communities I frequent, and I even take the time to respond to legitimate e-mail messages from readers. Don’t be shy, reach out and say hi!

Metadata and Navigation

Be social and share this post!