Technology Short Take 184
Published on 27 Nov 2024 · Filed in Information · 618 words (estimated 3 minutes to read)Welcome to Technology Short Take #184! This Tech Short Take is a bit shorter than the usual ones, but then again this week—at least in the US—is a bit shorter than most weeks due to the Thanksgiving holiday. Even so, I hope that I’ve managed to include some information that folks find useful. Also, thanks to some feedback from readers, I’ve tried hard to ensure that links are more descriptive and informative than they’ve sometimes been in the past; let me know how I did. Now, on to the content!
Networking
- I love reading geeky blog posts like this one that combines Linux network namespaces with WireGuard for VPN split tunneling. Neat stuff.
- Scott Laird shares his experience using Pulumi to connect UniFi and Netbox together in his home network.
Security
- Ofek Itach and Yakir Kadkoda discuss a security vulnerability in AWS CDK that could—under the right conditions—allow an attacker to gain administrative access to an AWS account.
- Carlos Mora reviews a (now-patched) confused deputy vulnerability in Amazon DataZone.
Cloud Computing/Cloud Management
- Luc van Donkersgoed explains how he optimized caching for his AWS News site to improve performance.
- Rory McCune takes a moment to explain the many IP addresses of Kubernetes (like node addresses, pod addresses, and service addresses).
- SkyScalpel is an open source tool that “obfuscates, deobfuscates, and detects obfuscated JSON documents”. It makes perfect sense now, but before reading about SkyScalpel I hadn’t considered the idea of obfuscating JSON documents in policy statements (such as an AWS IAM policy) to hide the policy’s true intent. Sneaky hackers!
- Adriana Villela reviews troubleshooting an issue with GitHub Codespaces and KinD (Kubernetes-in-Docker).
- The AWS open source newsletter is always a great source of information; check out issue #204.
- Similarly, the AWS Cloud Security weekly newsletter is another great source of information. Here’s a link to issue 71.
Operating Systems/Applications
- Soatok provides some guidance on what to use instead of PGP.
- Announced recently at KubeCon North America, the eBPF community has recently released an eBPF Security Threat Model and an eBPF verifier code audit. More details are available in this blog post from the eBPF Foundation.
- This blog post lays out a slightly different reason for choosing Linux as your primary operating system.
- Chainguard recently released kernel-independent FIPS images.
- I like
kustomizebut it seems like the functionality the tool offers—as well as the syntax behind the YAML files it uses—is constantly changing. Here’s a case in point: Nick Janetakis describes the replacement functionality forcommonLabels,patchesJson6902, andpatchesStrategicMerge. I genuinely believe that one of the reasonskustomizehasn’t seen greater adoption is that users are having a hard time keeping up with all the changes required to use it.
Storage
- Stephen Foskett discusses how to migrate from Docker Volumes to external storage.
Career/Soft Skills
- Bluesky has been taking off recently as an alternative/replacement for X/Twitter; you can even find yours truly on Bluesky. Bret Fisher has a good “introduction”-type post on Bluesky, and this treatise is helpful if you’re concerned/wondering about Bluesky and decentralization.
- Tom Hollingsworth extols the virtues of being flexible by invoking Gumby, that lovable childhood toy.
That’s all for this week! To my readers in the US, I hope that you have a safe and enjoyable Thanksgiving holiday. In spite of whatever may be happening in the world, there are many things for which to be thankful! For my readers outside the US, I hope that you have an enjoyable rest of the week. Be thankful for the decrease in email from your US-based colleagues! Finally, feel free to follow me or interact with me on social media; I’m available on Twitter, on the Fediverse (via Mastodon), and on Bluesky. I’d love to hear from you!