Courtesy of FLY:D
Nexteam is sponsoring this newsletter. Please tell your friends and colleagues about this publication. Thank you.
Passwordless Deployments To The Cloud
A blog post on implementing passwordless deployments to the cloud. If you are not already utilizing OpenID Connect for your GitHub Actions, it is highly recommended to do so. This will eliminate the need to worry about the potential security risk of compromised long-term credentials.
https://github.blog/2023-01-11-passwordless-deployments-to-the-cloud/
The “Database as Code” Manifesto
We believe that we can interact with our databases and storage (including queries, administration, and the entire DB lifecycle) as if they were plain code. And we call it - “Database as Code” (such as “infrastructure as code”, “configuration as code”, “pipeline as code” and so on).
GoTo says hackers stole customers' backups and encryption key
According to an article on BleepingComputer, Goto has reported that hackers have successfully obtained customers' backups and encryption keys.
https://www.bleepstatic.com/images/news/u/1220909/2023/Databases/2/letter.png
Deploy a dashboard for AWS WAF with minimal effort
Deploying a dashboard for AWS WAF with minimal effort is a misnomer, as operating WAF itself is a basic task. Historically, WAF has been easily bypassed by attackers, and now serves only as a compliance requirement. Simply deploying WAF and considering your security efforts complete is inadequate and further security measures must be taken.
https://aws.amazon.com/blogs/security/deploy-dashboard-for-aws-waf-minimal-effort/
EmojiDeploy: Smile! Your Azure web service just got RCE’d ._.
It seems Azure got faster at fixing security issues, only 33 days, although there is room for improvement.
https://ermetic.com/blog/azure/emojideploy-smile-your-azure-web-service-just-got-rced/
Efficient DevSecOps Workflows: Hands-on python-gitlab API automation
Okta for Directory, IdP, and SSO
As a directory, Okta provides a centralized repository for user information, including personal information, credentials, and roles. This information can be used to manage access to applications and services within an organization.
As an IdP, Okta can provide identity verification services, such as multi-factor authentication, to ensure that users are who they claim to be. This helps to reduce the risk of unauthorized access to sensitive information.
As an SSO solution, Okta provides a single sign-on experience for users, allowing them to access all of their applications and services with a single set of credentials. This simplifies the user experience and reduces the risk of password fatigue, which can result in weak passwords or the reuse of passwords across multiple systems.
In conclusion, Okta provides a comprehensive solution for managing user identity and access to applications and services. By centralizing these functions in a cloud-based platform, organizations can simplify their IT infrastructure and reduce the risk of security breaches.
https://medium.com/cloud-security/okta-for-directory-idp-and-sso-e4f4b5be02bb
Unreadable Metrics: Why You Can’t Find Anything in Your Monitoring Dashboards
A post on how to improve monitoring dashboards.
Introducing Hermes, An Open Source Document Management System
The promotion of sharing and collaboration is a key aspect of DevOps practices, and some teams employ a structured writing style to foster this culture. To support this, they may utilize an internal tool named Hermes build, which streamlines the collaboration process among a large team working on RFC-style documents.
https://www.hashicorp.com/blog/introducing-hermes-an-open-source-document-management-system
Getting started with Terraform in DevOps
Another good post on starting with Terraform.
https://www.aviator.co/blog/getting-started-with-terraform-in-devops/
Go 1.20 is released!
Profile-guided optimization (PGO) is a new (in preview) feature using profile runs of your app to optimize its future compilation.
Direct slice to array conversion.
Perf improvements in the garbage collector.
Errors can now wrap up multiple other errors.
A new crypto/ecdh package implementing Elliptic Curve Diffie-Hellman key exchanges.
1.20 is the final release that will run on macOS 10.13/10.14 or Windows 7/8.
What’s New in Go 1.20, Part III: Minor Standard Library Changes
A blog post on the new Go 1.20.
https://blog.carlmjohnson.net/post/2023/golang-120-minor-features/
2023 State of Databases for Serverless & Edge
Lee highlights the significant database and backend technology advancements for developers creating serverless and edge computing applications.
https://leerob.io/blog/backend
AWS Lambda Pricing: A Complete Guide to Understanding the Cost of the Serverless Service
Become knowledgeable (or refreshed) about the pricing mechanism of AWS Lambda, which operates on a "pay-per-use" model and charges according to usage, duration, and request count.
Cisco CX Cloud Agent Privilege Escalation Vulnerabilities
Serverless logging with Amazon OpenSearch Serverless and Amazon Kinesis Data Firehose
This blog post provides information about how to implement serverless logging using Amazon's OpenSearch Serverless and Kinesis Data Firehose services. These services can be used to efficiently collect, process, and store large amounts of log data in real time, without the need for manual provisioning and scaling of resources. The article explains how to set up and configure these services to create a serverless logging solution.
Cisco Identity Services Engine Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-7Q4TNYUx
CVE-2023-20008 Detail
A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software.
https://nvd.nist.gov/vuln/detail/CVE-2023-20008
CVE-2022-47015 Detail
MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. The function spider_db_mbase::print_warnings can dereference a null pointer.
https://nvd.nist.gov/vuln/detail/CVE-2022-47015
Apigee Edge - Moderately critical - Access bypass - SA-CONTRIB-2023-005
A Drupal vulnerability.
https://www.drupal.org/sa-contrib-2023-005
Rust Nation 2023
16TH & 17TH FEBRUARY 2023. The Brewery, London, EC1Y 4SA.
HashiTalks 2023
The 24-hour global community event is back for its fifth edition on February 16-17, 2023.
https://events.hashicorp.com/hashitalks2023
CNCF Kicks Off Cloud Native SecurityCon NA 2023
The Cloud Native SecurityCon North America 2023 kicked off this week in Seattle. The first dedicated event focused on Cloud Native Security with over 800 attendees, 70 sessions, 50 sponsors, and vendors organized by the Cloud Native Computing Foundation (CNCF).
https://www.infoq.com/news/2023/02/cloudnative-securitycon-na-2023/
AWS Grows in Germany as More Firms Go Cloud-Native
Changes in MySQL 8.0.32 (2023-01-17, General Availability)
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-32.html
Oracle MySQL Live and On-Demand Webinars
A list of live webinars about MySQL from Oracle.
https://go.oracle.com/LP=127708
pre-FOSDEM MySQL Days 2023
FOSDEM 2023, in person Brussels, has just happened
https://blogs.oracle.com/mysql/post/pre-fosdem-mysql-days-2023
https://www.youtube.com/@fosdemtalks/videos - videos should show up soon
SCALE 20x
Pasadena, CA. March 9-12, 2023. The schedule looks full of interesting talks on infrastructure and scaling.
https://www.socallinuxexpo.org/scale/20x
Tulip: Modernizing META's Data Platform
A blog post by Facebook's engineering team, discussing their latest project, Tulip. Tulip is a modern data platform aimed at solving the scalability, reliability, and performance challenges faced by Facebook's META data infrastructure.
The article highlights the key features of Tulip, including its ability to support high data volume and velocity, its scalable architecture, and its ability to handle real-time data processing. Tulip also offers several benefits, such as faster data processing, improved reliability, and more efficient resource utilization.
The blog post also describes the challenges faced by the engineering team during the development of Tulip and how they were able to overcome them. This included overcoming limitations in existing infrastructure and building a system that could handle large amounts of data while maintaining high levels of reliability.
In conclusion, Tulip is a major step forward in modernizing Facebook's data platform, offering improved scalability, reliability, and performance. The article concludes by stating that Tulip will play a critical role in supporting Facebook's data infrastructure and enabling the company to continue delivering new and innovative products and services to its users.
https://engineering.fb.com/2023/01/26/data-infrastructure/tulip-modernizing-metas-data-platform/
Is Databricks’s autoscaling cost efficient?
Autoscaling has both advantages and disadvantages. The ability to automatically scale up and down is crucial in the data pipeline to accommodate spikes in workload during peak hours. The author presents an intriguing comparison of Databricks autoscaling against fixed computing, showcasing benchmark results.
https://medium.com/sync-computing/is-databrickss-autoscaling-cost-efficient-610e6ece4831
Writing data product pipelines with Airflow
The Data Contract idea strives to clarify the guarantees and expectations of a production-ready pipeline. The definition of expectations and constraints is crucial, and developer productivity is a vital component. Miro's article focuses on creating a product pipeline using Airflow and takes a hands-on approach to incorporate data contracts into the batch pipeline.
https://medium.com/miro-engineering/writing-data-product-pipelines-with-airflow-1ace222f8f5a
Beta Release of Eleventy V2.0
Eleventy 2.0 includes some major changes to reduce its dependencies and decrease build times, plus new plugins including edge and i18n.
https://www.11ty.dev/blog/eleventy-v2-beta/
10 Lessons Learned In 10 Years Of Data
Mehdio shares ten reflections from a decade-long career in data engineering. The blog post highlights past trends and overhyped claims, such as the notion that cloud computing would replace data engineers, the desire to become data scientists, the rapid adoption of putting notebooks into production, and the confusing state of the modern data stack. The article offers insightful perspectives on the history of the data engineering field.
https://mehdio.medium.com/10-lessons-learned-in-10-years-of-data-1-2-4e3a8c358745
Why We Switched CDNs: How Google's Core Web Vitals Led Us to Cloudflare Pages
The author discusses their experience of switching their website's hosting from GitHub Pages to Cloudflare Pages. Several reasons are cited, including improved performance, better security features, and more control over domains. Cloudflare Pages is easy to set up and use and provides a more flexible and scalable solution compared to GitHub Pages. A detailed comparison is provided, and it is concluded that Cloudflare Pages is a better choice for those who require more control and flexibility over their website's hosting.
https://electricui.com/blog/switching-to-cloudflare-pages
Does the Serverless Edge Live Up to the Hype?
An analysis of serverless edge computing and its differences from traditional edge computing. The benefits and challenges of serverless edge computing are examined, including improved scalability, reduced latency, and increased security, but also limitations such as deployment and management difficulties and limited support for legacy applications. The author argues that while still in its early stages, serverless edge computing has the potential.
https://remotesynthesis.com/blog/serverless-edge-hype/
Amazon Begs Employees Not to Leak Corporate Secrets to ChatGPT
Amazon is worried about the secrets passed in questions to ChatGPT.
https://futurism.com/the-byte/amazon-begs-employees-chatgpt
Announcing Rust 1.67.0
Better error messages for implicit casts, the addition of the "never" type, and the stabilization of the "or_insert_with" method for HashMap. The author also mentions various bug fixes and performance improvements. Overall, the release of Rust 1.67.0 demonstrates the continued development and growth of the language.
https://blog.rust-lang.org/2023/01/26/Rust-1.67.0.html
Scaphandre v0.5.0
A project to measure the energy consumption of servers.
https://github.com/hubblo-org/scaphandre/discussions/258
40x Faster! We rewrote our project with Rust!
The author explains how the team approached the rewrite, including their process for transitioning to Rust and optimizing the code for performance. The article highlights the benefits of using Rust, such as improved reliability and performance, and how the language made it easier for the team to write efficient and scalable code. The author concludes by saying that the project was a great success and provides a strong endorsement for using Rust in other software development projects.
https://medium.com/@xpf6677/40x-faster-we-rewrote-our-project-with-rust-120b006c6abe
Rust's Witchcraft - Macros
Transaction ID Wraparound: A Walk On The Wild Side
A potential issue in PostgreSQL databases is known as "transaction ID wraparound." The article explains that the problem occurs when the number of transactions in a database reaches the maximum value that can be represented by the transaction ID, causing it to wrap around and start over at zero. This can lead to data corruption and loss if not adequately addressed. The article provides a detailed explanation of the problem and its consequences, as well as recommendations for preventing and mitigating the risk of transaction ID wraparound in PostgreSQL databases.
https://www.cybertec-postgresql.com/en/transaction-id-wraparound-a-walk-on-the-wild-side/
PostgreSQL - Not Just Relational
Another post from Chris on how PostgreSQL is flexible.
https://nexteam.co.uk/post/technology/postgresql/postgresql-not-always-relational
Surviving Without A Superuser - Coming to v16
A new feature in PostgreSQL will allow users to run certain operations without having superuser privileges. The author explains that this feature will provide a safer and more secure way to manage PostgreSQL databases, as it reduces the risk of accidentally damaging the system or exposing sensitive data. The author also highlights the benefits of the new feature for PostgreSQL administrators, such as improved control over user privileges and the ability to delegate certain tasks to non-superuser users. The blog post provides an overview of the new feature and its potential impact on PostgreSQL administration and security.
https://rhaas.blogspot.com/2023/01/surviving-without-superuser-coming-to.html
Linux Mint 21.2 Codename, New Features Revealed
https://www.omgubuntu.co.uk/2023/01/linux-mint-21-2-named-victoria
Check Point Expands its Cloud Native Application Protection Platform (CNAPP)
Newsletter sponsor: Nexteam
Technology, Experience, Delivered.
Thanks for reading Infra Weekly Newsletter! Subscribe for free to receive new posts and support my work.