Nexteam is sponsoring this newsletter. Please tell your friends and colleagues about this publication. Thank you.
Introduction to Zero Trust Security
Armon Dadgar, Co-founder & CTO of HashiCorpe explains what is Zero Trust Security and shows how to implement it with Vault and Consul.
https://www.hashicorp.com/resources/introduction-to-zero-trust-security
HashiTalks 2023
The 24-hour global community event is back for its fifth edition on February 16-17, 2023.
https://events.hashicorp.com/hashitalks2023
CNCF Accepts Kubescape as Inaugural Open Source Security Scanner
The Cloud Native Computing Foundation (CNCF) has accepted Kubescape, an open-source security scanner, as its inaugural security scanner. The scanner is designed to help users identify and fix vulnerabilities in Kubernetes clusters. The goal is to improve the security of cloud-native environments by providing a way for users to scan their clusters for potential issues easily.
Mapping Israeli open-source startups
The concept of open-source software can be traced back to the early days of computing when the software was often shared and distributed freely among users. Today, many of the most widely used and effective software programs, such as Linux, Kubernetes, Spark, and others, are open-source. This has led to the rise of companies that are successfully commercializing open-source software, such as Hashicorp, Databricks, Confluent, Elastic, and MongoDB. The benefits of building a company rooted in open-source include leveraging a global community of individuals to shorten development cycles, receive early validation, and target potential hires. However, there are also hazards, such as the potential for "big cloud" players to create their own managed services around open-source projects. In Israel, a new cohort of early-stage open-source startups is emerging across a diverse set of sectors, with a focus on cybersecurity and cloud infrastructure.
https://www.calcalistech.com/ctechnews/article/rjw110xa5j
OVHcloud launches pay-as-you-go bare metal servers, compatible with public cloud
OVHcloud has launched pay-as-you-go bare metal servers that are compatible with the public cloud. This new offering will allow customers to use the same public cloud tools and APIs for their bare metal infrastructure, providing flexibility and cost savings. The servers will be available in OVHcloud's data centers in Canada, France, and the United States, and will support a wide range of operating systems, including Windows and Linux. The company plans to add more data centers and expand the service to other countries in the near future.
Velocity defeats itself. Get acceleration instead
Some important points from this blog post:
clearing the path to production
refactoring to more readable code
evolving architecture to suit the current complexity and scale
upgrading libraries and infrastructure
sharing knowledge among the team
instrumenting for observability
acting on incident reports
automating repeated tasks
fixing the most common errors in your exception tracker
https://jessitron.com/2022/12/22/velocity-defeats-itself-get-acceleration-instead/
For password protection, dump LastPass for open source Bitwarden
https://www.theregister.com/2023/01/16/dump_lastpass_bitwarden/
I scanned every package on PyPi and found 57 live AWS keys
https://tomforb.es/i-scanned-every-package-on-pypi-and-found-57-live-aws-keys/
CircleCI security alert: Rotate any secrets stored in CircleCI (Updated Jan 13)
Are the API keys and tokens stored on hosted CI/CD systems safe? Probably not.
https://circleci.com/blog/january-4-2023-security-alert/
What’s in a PR statement: LastPass breach explained
https://palant.info/2022/12/26/whats-in-a-pr-statement-lastpass-breach-explained/
ACSESSED: Cross-tenant network bypass in Azure Cognitive Search
I think Azure has been always poor regarding security, much like most Microsoft products.
Protect Your Mission-Critical Pods From Eviction With PriorityClass
Pod priority and preemption help to make sure that mission-critical pods are up in the event of a resource crunch by deciding the order of scheduling and eviction.
https://kubernetes.io/blog/2023/01/12/protect-mission-critical-pods-priorityclass/
Kubernetes 1.26: Retroactive Default StorageClass
The v1.25 release of Kubernetes introduced an alpha feature to change how a default StorageClass was assigned to a PersistentVolumeClaim (PVC). With the feature enabled, you no longer need to create a default StorageClass first and PVC second to assign the class. Additionally, any PVCs without a StorageClass assigned can be updated later. This feature was graduated to beta in Kubernetes 1.26.
https://kubernetes.io/blog/2023/01/05/retroactive-default-storage-class/
Kubernetes v1.26: Advancements in Kubernetes Traffic Engineering
Kubernetes v1.26 includes significant advancements in network traffic engineering with the graduation of two features (Service internal traffic policy support, and EndpointSlice terminating conditions) to GA, and a third feature (Proxy terminating endpoints) to beta. The combination of these enhancements aims to address shortcomings in traffic engineering that people face today and unlock new capabilities for the future.
https://kubernetes.io/blog/2022/12/30/advancements-in-kubernetes-traffic-engineering/
Kubernetes v1.26: CPUManager goes GA
The CPU Manager is a part of the kubelet, the Kubernetes node agent, which enables the user to allocate exclusive CPUs to containers.
https://kubernetes.io/blog/2022/12/27/cpumanager-ga/
How to debug large db size issue?
A new article from etcd blog on debugging DB size issues.
https://etcd.io/blog/2023/how_to_debug_large_db_size_issue/
BusyBox, systemd, Gear update in Tumbleweed
The OpenSUSE Tumbleweed is a rolling release version of OpenSUSE Linux distribution that gives users daily updates of software packages. The latest snapshot 20230111, brought updates to packages such as yast2, samba, kdump, Linux Kernel, ncurses, vim, and libqt5. The snapshot also fixed vulnerabilities and bugs and added new features to the packages. Other updates in the previous snapshots include busybox, gnome-software, evolution, GraphicsMagick, php8, hidapi and libmfx, libstorage-ng, and python-cryptography.
https://news.opensuse.org/2023/01/13/busybox-systemd-gear-up-in-tw/
openSUSE Conference Call for Papers is Open
https://news.opensuse.org/2023/01/10/osc-cfp-opens/
Run faster and more cost-effective Dataproc jobs
Dataproc is a fully managed service for hosting open-source distributed processing platforms such as Apache Hive, Apache Spark, Presto, Apache Flink, and Apache Hadoop on Google Cloud.
https://cloud.google.com/blog/products/data-analytics/dataproc-job-optimization-how-to-guide/
Announcing the GA of BigQuery multi-statement transactions
Newsletter sponsor: Nexteam
Technology, Experience, Delivered.