Welcome to the 4th edition of my DevOps newsletter! You may be wondering why this is issue #0 - I’ve decided to ditch the monthly format in favor of numbered issues instead. And looking around at other tech newsletters, this seems to be the defacto standard. Under this new numerated format, I’m hoping to publish smaller newsletters, more often.

🔥 Top Cream

Since the last we newslettered, here are the top 3 DevOps updates:

1. jamiehannaford/what-happens-when-k8s
2. Why you (and your manager) shouldn’t be afraid of remote work
3. How are Unix pipes implemented?

🌎 Society

• Secret iPad by Jack Ivers: Gather round, friends. Let me tell you a story of insane pivots, love, beauty, rumors, secret rooms, hidden messages, and the original iPad.

• Live: see who’s freezing hiring amid coronavirus by David Chouinard: a constantly-updated list of companies freezing hiring (and those that are still hiring).

• Microsoft staff giggle beneath the weight of a 52,000-person Reply-All email storm by Simon Sharwood: team Redmond stokes the flames as an exercise in black humor.

🏠 WFH, like a boss

• We’re all in this Together: A Wellness Guide from the CNCF Well-Being Working Group.

• 3 Tips to Avoid WFH Burnout by Laura M. Giurge and Vanessa K. Bohns: the importance of maintaining physical, social and temporal boundaries and focussing on your most important work.

• 25 things we’ve implemented at Front to keep a great culture while being remote by Mathilde Collin: some great ideas and lessons-learned from an HR team that did a great job translating their in-office culture into an optimal remote culture.

• Remote Software Developers Earn 22% More Than Non-Remote Developers by Nnamdi Iregbulem: even when controlling for various observable factors (including age, experience, hours worked, size of employer, programming languages, and more), fully-remote software developers earn 9.4% more than developers who never or only rarely work remotely.

• Work from home productivity data: Why you (and your manager) shouldn’t be afraid of remote work by Jory MacKay: according to RescueTime’s data, knowledge workers, software developers, and IT professionals are all more productive when they work from home. This was true both at small and medium businesses and large companies (over 500 employees).

• Buffer shares 9 lessons for becoming a better remote worker by Jose Gilgado: as an employee in a fully remote company for the last few years, I’ve learned a few things that have helped me make the most of remote work. Here are some of my biggest take-aways.

• NASA’s Curiosity Keeps Rolling As Team Operates Rover From Home by Andrew Good & Alana Johnson: as Chris Short said: “if these folks can control a rover on another fucking planet while working from home, what’s your organization’s excuse?”

🚢 Leadership

• The Psychology of Founders Who Win in Downturns by James Currier: eight mind shifts of CEOs of companies that survived, then thrived, despite downturns.

• Why Linux containers are a CIO’s best friend by Brian Gracely: there are many tools that can help CIOs improve development and delivery of new applications, but one of the most important is Linux containers.

• Creating Business Value Through Observability by Chris Bailey: a recorded webinar that explores the application of observability principles to a company moving from legacy infrastructure to a modern solution.

📟 DevOps

• Building Secure and Reliable Systems by Google: in this book, experts from Google share best practices to help your organization design scalable and reliable systems that are fundamentally secure.

• Things I Wished More Developers Knew About Databases by Jaana Dogan: in this series, I’m sharing a few insights I specifically found useful for developers who are not specialized in the database domain.

• The Art of Automation by Jessie Frazelle: “Like a lot of programmers, I often ask myself “can this be scripted” when I find myself doing a manual task.”

• Deploys at Slack by Michael Deng and Jonathan Chang: how Slack balances speed and reliability in their deployments while achieving quick iterations, fast feedback loops and prompt responsiveness to customer feedback.

• Forget AWS Lambda, Kubernetes AND Fargate - what we need is beyond all three by Lee Atchison: the case for containers without thinking about servers.

• Remote hands flub takes out much of Cloudflare by Juha Saarinen: “During planned maintenance, remote hands decommissioned some equipment that they shouldn’t have.”

🛠️ DevOps Tools

• Percona XtraBackup: Backup and Restore of a Single Table or Database by Manish Chawla: the backup and restore of a complete database is an extensive exercise. But what if you need to restore just one table which has been mistakenly modified by an incorrect query? Help is at hand with Percona XtraBackup.

• alexellis/awesome-baremetal by Alex Ellis: Bare-metal is awesome. Let’s share our favourite tools.

• Open Source SQL Editor and Database Manager: use Beekeeper Studio to query and manage your relational databases, like MySQL, Postgres, SQLite, and SQL Server.

• ankane/pgsync by Andrew Kane: Sync data from one Postgres database to another.

• axl89/s3cr3t by Axel Arnold: a supercharged S3 reverse proxy.

☸️ Kubernetes

• jamiehannaford/what-happens-when-k8s by Jamie Hannaford: this guide will lead you through the full lifecycle of a request from the client to the kubelet, linking off to the source code where necessary to illustrate what’s going on.

• 14 Kubernetes interview questions: For hiring managers and job seekers by Kevin Casey: filling Kubernetes jobs can be tricky because the technology is relatively young. Experts share interview questions to help hiring managers sort candidates – and help job seekers prepare.

• Kubernetes Event-driven Autoscaling (KEDA) is now an official CNCF Sandbox project by KEDA Maintainers: the KEDA project addresses an essential missing feature in the Kubernetes autoscaling story. Namely, the ability to autoscale on arbitrary metrics. To address this need, KEDA provides a simple, unified API to autoscale deployments without an in-depth knowledge of Kubernetes internals.

• The Power of Kubernetes Cron Jobs by Cameron Manavian: tips-and-tricks for scheduling jobs using Kubernetes. “Cron is like a hammer, and timely jobs are the nail.”

• Best practices for deploying to Kubernetes using Helm by Colin Walker: one of the hardest challenges with new Kubernetes deployments is wading through all of the best practices and opinions - this post helps with that.

• Monitoring Kubernetes workloads with Prometheus and Thanos by Idan Levin: how to horizontally scale Prometheus for HA production workloads.

• Migrating to Kubernetes by Todd Campbell: a great summary of what to consider when architecting your application for Kubernetes execution.

• Improvements to the Ingress API in Kubernetes 1.18 by Rob Scott (Google) & Christopher Luciano (IBM): the Ingress API in Kubernetes has enabled a large number of controllers to provide simple and powerful ways to manage inbound network traffic to Kubernetes workloads. In Kubernetes 1.18, we’ve made 3 significant additions to this API: a new pathType field that can specify how Ingress paths should be matched, a new IngressClass resource that can specify how Ingresses should be implemented by controllers and support for wildcards in hostnames.

• ManagedKube/kubernetes-common-services: a collection of opinionated Kubernetes cluster services, curated and tested on all the major Kubernetes clusters and clouds.

• Crafting Kubernetes Operators by Josh Wood and Burr Sutter: this workshop guides you through creating and deploying an Operator using the Operator Framework and SDK to simplify the process of creating an Operator that packages, delivers, and manages your applications on Kubernetes.

💻 Programming

• What happens when the maintainer of a JS library downloaded 26m times a week goes to prison for killing someone with a motorbike? Core-js just found out by Thomas Claburn: what will be the fate of an open-source project relied upon by so many?

• How are Unix pipes implemented? by Abhijit Menon-Sen: a beautiful deep-dive into how pipes are implemented in the Unix kernel.

• SVT-AV1: open-source AV1 encoder and decoder by Netflix: the current status of the SVT-AV1 project, as well as the characteristics and performance of the encoder and decoder.

• GitHub drops some huge updates: GitHub is now free for teams, early access to Codespaces opens, GitHub Advanced Security (repository secret scanning) launches public beta and GitHub Insights launches for teams using GitHub One.

🔐 Security

• WireGuard 1.0.0 Christened As A Modern Secure VPN Alternative To OpenVPN/IPsec by Michael Larabel: WireGuard mainlined in Linux v5.6!

• A hacker has wiped, defaced more than 15,000 Elasticsearch servers by Catalin Cimpanu: hacker tries to pin the blame on Night Lion Security, a US cyber-security firm.

• Microsoft Buys Corp.com So Bad Guys Can’t by Brian Krebs: Microsoft Corp. kindly agreed to buy the domain in a bid to keep it out of the hands of those who might abuse its awesome power.

• Decade of the RATs: Novel APT Attacks Targeting Linux, Windows and Android by The BlackBerry Research and Intelligence Team: a new report that examines how five related APT groups operating in the interest of the Chinese government have systematically targeted Linux servers, Windows systems and Android mobile devices while remaining undetected for nearly a decade.

• Be careful when pulling images by short name by Jason Shepherd: many people pull container images from public registries, full of user generated content. Do they really know who built them, how they were built, or whether they are trustworthy?

• Russian telco hijacks internet traffic for Google, AWS, Cloudflare, and others by Catalin Cimpanu: Rostelecom involved in BGP hijacking incident this week impacting more than 200 CDNs and cloud providers.

• Sawfish phishing campaign targets GitHub users by GitHub SIRT: GitHub has received reports related to a phishing campaign targeting our customers. We’re publishing this blog to increase awareness of this ongoing threat.

• CVE-2020-8835: Linux Kernel Privilege Escalation via Improper eBPF Program Verification by Manfred Paul: this blog post explains the technical details of an exploit using the Linux eBPF feature to achieve local privilege escalation.

• Is BGP Safe Yet? No. But we are tracking it carefully by Louis Poinsignon: BGP leaks and hijacks have been accepted as an unavoidable part of the Internet for far too long. We relied on protection at the upper layers like TLS and DNSSEC to ensure an untampered delivery of packets, but a hijacked route often results in an unreachable IP address. Which results in an Internet outage.

• Microsoft’s GitHub account allegedly hacked, 500GB stolen by Lawrence Abrams: a hacker going by the name Shiny Hunters contacted BleepingComputer to tell them they had hacked into the Microsoft GitHub account, gaining full access to the software giant’s ‘Private’ repositories.

🔍 Zoom’s personal corner of shame:

• Ever wondered how the @zoom_us macOS installer does it’s job without you ever clicking install? by Felix (@c1truz_): turns out they (ab)use pre-installation scripts, manually unpack the app using a bundled 7zip and install it to /Applications if the current user is in the admin group (no root needed).

• War Dialing’ Tool Exposes Zoom’s Password Problems by Brian Krebs: as the Coronavirus pandemic continues to force people to work from home, countless companies are now holding daily meetings using videoconferencing services from Zoom. But without the protection of a password, there’s a decent chance your next Zoom meeting could be “Zoom bombed” — attended or disrupted by someone who doesn’t belong.

• Zoom Rushes to Improve Privacy for Consumers Flooding Its Service by Natasha Singer: the features that allowed companies to hop on video conferences also made it easy for trolls to hijack meetings and harass students.

• Move Fast & Roll Your Own Crypto: A Quick Look at the Confidentiality of Zoom Meetings by Bill Marczak and John Scott-Railton: this report examines the encryption that protects meetings in the popular Zoom teleconference app. We find that Zoom has “rolled their own” encryption scheme, which has significant weaknesses. In addition, we identify potential areas of concern in Zoom’s infrastructure, including observing the transmission of meeting encryption keys through China.

☁️ Cloud

Amazon Web Services

• So You Inherited an AWS Account by Matt Fuller: detailed guide to help you filter through the mess, isolate the changes you need to make, and start to tame your environment.

• Reducing AWS EBS Volume Cost — Lessons from an Instana SRE by Bastian Spanneberg: we recently did a review of our cost structure with Mike Julian and Corey Quinn from Duckbill Group, and they pointed out that we have a lot of volumes that could be actually switched from GP2 to ST1. This would be a significant cost reduction as ST1 volumes are roughly half the cost!

• How to Increase AWS EKS Availability while using EC2 Spot by Nir Forer: running workloads on EKS using spot instances with on-demand instances fallback.

• Amazon’s Arm-based Graviton2 Against AMD and Intel: Comparing Cloud Compute by Andrei Frumusanu: it’s been a year and a half since Amazon released their first-generation Graviton Arm-based processor core, publicly available in AWS EC2 as ‘A1’ instances. While the processor didn’t impress all too much in terms of its performance, it was a signal and first step of what’s to come over the next few years.

AWS service updates

• EKS now supports Kubernetes version 1.16: Amazon Elastic Kubernetes Service (EKS) now supports Kubernetes version 1.16 for all clusters. Highlights of the Kubernetes 1.16 release include Volume resizing support, Windows GMSA, and Finalizer Protection for Service LoadBalancers reaching beta status.

• Amazon EKS managed node groups allow fully private cluster networking: managed node groups now allow fully private cluster networking by ensuring that only private IP addresses are assigned to EC2 instances managed by EKS.

• Amazon CloudWatch Synthetics is now generally available by Author: look-out Pingdom - AWS announced the general availability of Amazon CloudWatch Synthetics, a new feature that supports monitoring your REST APIs, URLs, and website content every minute, 24x7, and alerts you when your application endpoints don’t behave as expected.

• Introducing the AWS CDK public roadmap: AWS has published their AWS Cloud Development Kit (CDK) roadmap on GitHub to improve transparency and to make it easier to follow upcoming features.

• AWS Chatbot Now Generally Available: Have you ever wanted to invoke a Lambda from Slack? If so, check this out!

• AWS Cost Explorer Rightsizing Recommendations Integrates with AWS Compute Optimizer: Cost Explorer users can now opt to see rightsizing recommendations for instances not only within the same EC2 instance family, but also across instance families.

AWS has also been hard at work on EFS improvements:

• Amazon Elastic File System announces 400% increase in read operations for General Purpose mode file systems: Amazon Elastic File System (EFS) General Purpose mode file systems support up to 35,000 read operations per second, a 400% increase from the previous limit of 7,000. Maximum write operations are unchanged at 7,000 per second.

• ECS & AWS Fargate now support EFS by Martin Beeby: until now, to get EFS working with ECS you needed to run your containers on a cluster of EC2 instances with EFS mounted. However, if you wanted to use AWS Fargate as your container data plane, you couldn’t mount an EFS file system. Not anymore!

• Amazon EFS Updates Service Level Agreement to 99.99%: previously, Amazon EFS offered an SLA of 99.9%. Now, Amazon EFS has increased the SLA to 99.99%.

Azure

• Update #2 on Microsoft cloud services continuity by Microsoft: Microsoft Teams maintains an impressive uptime during a period of massive growth.

• How to burn the most money with a single click in Azure by Nemanja Mijailovic: if you are in quarantine and you have insane amounts of money to spend, I got you covered: you only need one Pay-As-You-Go Azure subscription, and I promise I’ll help you make all your hard-earned money disappear in a second!

DigitalOcean

• DigitalOcean introduces VPCs by Rafael Rosa: we’re pleased to introduce DigitalOcean Virtual Private Cloud (VPC) and our new Trust Platform to better help secure enterprise workloads.

Article version: 1.0.0