This is Infra Weekly Newsletter, a newsletter about infrastructure, cloud, DevOps, automation, servers, Linux and related subjects.
Open source bug leaves hundreds of thousands of sites open to attack
A quite generic article but I think it is about secrets stored in Git history (in .git directory). There are also many cloned repositories
containing code with malicious software, so beware of what you do on Github or shared code repository.
https://www.techradar.com/news/open-source-bug-leaves-hundreds-of-thousands-of-sites-open-to-attack
gitleaks
gitleaks is a tool to discover leaks in Git history but it is far for perfect. I used it in CI/CD scripts to detect leaks.
https://github.com/zricethezav/gitleaks
Cloudera users get fully managed data lakehouse platform
Cloudera is offering a managed data lakehouse. A similar solution have been available for a while from Databricks.
What is a Data Lakehouse?
An article from Snowflake explains what is a Data Lakehouse. If you have Snowflake you already have a data warehouse and data lakehouse solution, since you can directly query data from S3 as external tables and Snowflake is using S3 as storage.
https://www.snowflake.com/guides/what-data-lakehouse
Google Kubernetes Engine: It’s Shouldn’t Be This Hard
Another article complained about the complexity of Kubernetes. Although GKE Autopilot can help, Google Cloud Run and Cloud Functions have less complexity than Kubernetes. You can implement GitOps with Terraform and some scripts in the CI/CD server, instead of adopting GitOps solutions. AWS ECS and AWS Lambda are the counterparts of Google Cloud Run and Cloud Functions.
https://cloud.google.com/functions
Snyk finds PyPi malware that steals Discord and Roblox credential and payment info
An interesting factor is that it uses PyInstaller: 'to inhibit detection by bundling in dependencies instead of downloading them from a remote server to the host and to provide an executable ready to run without an interpreter’.
https://snyk.io/blog/pypi-malware-discord-roblox-credential-payment-info/
CJ Moses might be the CISO of AWS, but service leaders own their own security
Moses previously led the technical analysis of computer and network intrusion efforts for the FBI’s cyber division and was a computer crime investigator as a special agent with the Air Force Office of Special Investigations. He is currently CISO of AWS.
https://www.protocol.com/enterprise/cj-moses-aws-ciso
What You Need to Know About Ransomware in AWS
https://www.firemon.com/what-you-need-to-know-about-ransomware-in-aws/
AWS re:Inforce 2022 - Keynote
Although it happened last month, AWS re:Inforce is about security on AWS. The link below is relative to the keynote for the 2022 event with Stephen Schmidt, CJ Moses, Lena Smart and Kurt Kufeld.
How to use customer-managed policies in AWS IAM Identity Center for advanced use cases
Vulnerable AWS Lambda function – Initial access in cloud attacks
https://sysdig.com/blog/exploit-mitigate-aws-lambdas-mitre/
HTTP/3 Support for Amazon CloudFront
It seems that on Safari HTTP/3 has to be manually enabled.
https://aws.amazon.com/blogs/aws/new-http-3-support-for-amazon-cloudfront/
Managing Kubernetes control plane events in Amazon EKS
https://aws.amazon.com/blogs/containers/managing-kubernetes-control-plane-events-in-amazon-eks/
Amazon DynamoDB can now import Amazon S3 data into a new table
Customize AWS Config resource tracking in AWS Control Tower environment
Take a look inside the lab where AWS makes custom chips
https://www.aboutamazon.com/news/aws/take-a-look-inside-the-lab-where-aws-makes-custom-chips
Spotlight on SIG Storage
SIG Storage is responsible for ensuring that different types of file and block storage (whether ephemeral or persistent, local or remote) are available wherever a container is scheduled (including provisioning/creating, attaching, mounting, unmounting, detaching, and deleting volumes), storage capacity management (container ephemeral storage usage, volume resizing, etc.), influencing scheduling of containers based on storage (data gravity, availability, etc.), and generic operations on storage (snapshotting, etc.).
In this SIG Storage spotlight, Frederico Muñoz (Cloud & Architecture Lead at SAS) talked with Xing Yang, Tech Lead at VMware and co-chair of SIG Storage, on how the SIG is organized, what are the current challenges and how anyone can get involved and contribute.
https://kubernetes.io/blog/2022/08/22/sig-storage-spotlight/
https://github.com/kubernetes/community/blob/master/sig-storage/README.md
How to run Kubernetes workloads in systemd with Podman
https://www.redhat.com/sysadmin/kubernetes-workloads-podman-systemd
How to deploy MicroShift on your laptop quickly
https://www.redhat.com/sysadmin/deploy-microshift-laptop
https://next.redhat.com/project/microshift/
The point of a dashboard isn't to use a dashboard
A dashboard should prove that data is been gathered.
https://shkspr.mobi/blog/2022/08/the-point-of-a-dashboard-isnt-to-use-a-dashboard/
Falling for Kubernetes
A strong proponent of using bare metal infrastructure, a Kubernetes sceptic, is making a point about why to use Kubernetes.
https://freeman.vc/notes/falling-for-kubernetes
A Developer’s Guide to Terraform
A simple basic introduction to Terraform.
https://semaphoreci.com/blog/terraform
Optimizing TCP for high WAN throughput while preserving low latency
A Cloudflare blog post on optimizing TCP.
https://blog.cloudflare.com/optimizing-tcp-for-high-throughput-and-low-latency/