Alert (AA22-277A)
Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization
https://www.cisa.gov/uscert/ncas/alerts/aa22-277a
FBI and CISA Publish a PSA on Malicious Cyber Activity Against Election Infrastructure
https://www.cisa.gov/uscert/sites/default/files/publications/PSA_cyber-activity_508.pdf
postgres-wasm
A PostgreSQL running in the browser.
https://github.com/snaplet/postgres-wasm
Alert (AA22-279A)
Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors.
https://www.cisa.gov/uscert/ncas/alerts/aa22-279a
4 HashiConf Global 2022 Takeaways
This week HashiConf Global took place and here you can read some important notes about the conference. I did not know that Mitchell Hashimoto is not CTO anymore.
https://redmonk.com/kholterhoff/2022/10/06/4-hashiconf-global-2022-takeaways/
Stateless — your new state of find with Elasticsearch
Elasticsearch is changing its architecture. With a stateless approach of indexing directly to the object store, only a portion of indexing local data is required. This will significantly reduce the local storage necessary for indexing. They are showing a benchmark of 75% of indexing throughput improvement.
https://www.elastic.co/blog/stateless-your-new-state-of-find-with-elasticsearch
Skyfall: eBPF agent for infrastructure observability
Another introduction to eBPF with a primer on Skyfall, a tool to collect metrics with eBPF.
https://engineering.linkedin.com/blog/2022/skyfall--ebpf-agent-for-infrastructure-observability
A Look Into Real-World AWS Environments
Research by Datadog on security on AWS, the complexities coming from IAM, some (usual) issues due to mismanagement of IAM and standard security policies.
https://www.datadoghq.com/state-of-aws-security/
SigNoz
SigNoz is an open-source APM tool which supports metrics, traces and logs.
https://github.com/signoz/signoz
BadRobot
A static analysis tool to evaluate the rish of bad configuration in Kubernetes.
https://github.com/controlplaneio/badrobot
Go 1.19.2 and Go 1.18.7 are released
They fixed a few security bugs.
https://groups.google.com/g/golang-announce/c/xtuG5faxtaU
Writing your own PostgreSQL driver
https://medium.com/scum-gazeta/writing-your-own-postgresql-driver-ebd5fd6d187d
Real-time Database Events with pg_eventserv
pg_eventserv converts events from the PostgreSQL event bus to standard WebSockets messages that any web client can handle.
https://www.crunchydata.com/blog/real-time-database-events-with-pg_eventserv
The Future of the Web is on the Edge
At least according to Deno.
https://deno.com/blog/the-future-of-web-is-on-the-edge
Hazelcast Aims to Democratize Real-Time Data with Serverless
Launched in beta at the end of July, Viridian Serverless is a self-service provisioning process where the cluster grows and shrinks automatically based on the workload.
https://thenewstack.io/hazelcast-aims-to-democratize-real-time-data-with-serverless/
What I learned from automating millions of web site deploys
https://dev.to/philhawksworth/what-i-learned-from-automating-millions-of-web-site-deploys-3akg
ansible-lint 6.8.0
ansible-lint 6.8.0 is out and contains many bugfixes, also adding a nice summary report.
https://github.com/ansible/ansible-lint/discussions/2568
Ansible Singapore Meetup
Ansible Singapore is having their next in-person event on October 13, 2022, at 6:30 PM SST. Check out the details and register!
https://www.meetup.com/ansible-singapore/events/288946268/