Infra Weekly #16
Read about infrastructure topics and news every week
Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite
I don't know how many people are still using Zimbra but there is a new vulnerability.
https://www.cisa.gov/uscert/ncas/alerts/aa22-228a
Drupal core - Critical - Multiple vulnerabilities - SA-CORE-2022-016
Twig has released a security update that affects Drupal.
https://www.drupal.org/sa-core-2022-016
Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server
What's Inside Of a Distroless Container Image: Taking a Deeper Look
An introduction to distroless container images.
https://iximiuz.com/en/posts/containers-distroless-images/
What is ‘private cloud’ really supposed to look like?
Thought on how a private cloud should look like.
https://adambenshmuel.medium.com/what-is-private-cloud-really-supposed-to-look-like-148810a63c8e
sbom-operator
Catalogue all images of a Kubernetes cluster to multiple targets with Syft.
https://github.com/ckotzbauer/sbom-operator
Introducing workerd: the Open Source Workers runtime
workerd powers Cloudflare Workers and it is now open source.
https://blog.cloudflare.com/workerd-open-source-workers-runtime/
R2 is now Generally Available
An S3-compatible service for Cloudflare.
https://blog.cloudflare.com/r2-ga/
Run a data processing job on Amazon EMR Serverless with AWS Step Functions
From AWS' blog.
Steampipe
Query the cloud with SQL.
Announcing Rust 1.64.0
https://blog.rust-lang.org/2022/09/22/Rust-1.64.0.html
Haskell in Production: NoRedInk
Another company that is running Haskell in production, from Serokill blog.
https://serokell.io/blog/haskell-in-production-noredink
Sysdig 2022 Threat Report: Cloud-native threats are increasing and maturing
This is something to be aware of.
https://sysdig.com/blog/2022-sysdig-cloud-native-threat-report/
AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes
By just using the API you can mount other customers’ EBS volumes!
zincsearch
A Golang ElasticSearch replacement.
Mastering AWS CDK Aspects
https://blog.jannikwempe.com/mastering-aws-cdk-aspects
Amazon S3 Replication Time Control for predictable replication time is now available in the AWS China (Beijing) and AWS China (Ningxia) Regions
KubeCon 2022 North America
October 24-28, Detroit Michigan. It's virtual too.
https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/
Kubernetes 1.25: alpha support for running Pods with user namespaces
There are mainly two reasons why user namespaces are essential:
improve security since they restrict the IDs a pod can use so that each pod can run in its own separate environment with unique IDs.
enable running workloads as root in a safer manner.
https://kubernetes.io/blog/2022/10/03/userns-alpha/
A data pipeline for MongoDB Atlas and BigQuery using Dataflow
https://cloud.google.com/blog/products/data-analytics/mongodb-atlas-and-bigquery-dataflow-templates/
SQLite for Secrecy Management - Tools and Methods
I did not know that SQLite is used in Avionics! You can read this post about secrets management with SQLite and other projects.
https://www.linuxjournal.com/content/sqlite-secrecy-management-tools-and-methods
FileRun on Linode
https://www.linuxjournal.com/content/filerun-docker
ChefConf ‘22 Recap: Product Announcements & Key Takeaways
https://www.chef.io/blog/chefconf-22-recap-product-announcements-key-takeaways