DevOps Industry Updates #0

Welcome to the 4th edition of my DevOps newsletter! You may be wondering why this is issue #0 - I’ve decided to ditch the monthly format in favor of numbered issues instead. And looking around at other tech newsletters, this seems to be the defacto standard. Under this new numerated format, I’m hoping to publish smaller newsletters, more often.

🔥 Top Cream

Since the last we newslettered, here are the top 3 DevOps updates:

  1. jamiehannaford/what-happens-when-k8s
  2. Why you (and your manager) shouldn’t be afraid of remote work
  3. How are Unix pipes implemented?

🌎 Society

  • Secret iPad by Jack Ivers: Gather round, friends. Let me tell you a story of insane pivots, love, beauty, rumors, secret rooms, hidden messages, and the original iPad.

  • Live: see who’s freezing hiring amid coronavirus by David Chouinard: a constantly-updated list of companies freezing hiring (and those that are still hiring).

🏠 WFH, like a boss

🚢 Leadership

📟 DevOps

  • Building Secure and Reliable Systems by Google: in this book, experts from Google share best practices to help your organization design scalable and reliable systems that are fundamentally secure.

  • Things I Wished More Developers Knew About Databases by Jaana Dogan: in this series, I’m sharing a few insights I specifically found useful for developers who are not specialized in the database domain.

  • The Art of Automation by Jessie Frazelle: “Like a lot of programmers, I often ask myself “can this be scripted” when I find myself doing a manual task.”

🛠️ DevOps Tools

☸️ Kubernetes

  • jamiehannaford/what-happens-when-k8s by Jamie Hannaford: this guide will lead you through the full lifecycle of a request from the client to the kubelet, linking off to the source code where necessary to illustrate what’s going on.

  • Migrating to Kubernetes by Todd Campbell: a great summary of what to consider when architecting your application for Kubernetes execution.

  • Improvements to the Ingress API in Kubernetes 1.18 by Rob Scott (Google) & Christopher Luciano (IBM): the Ingress API in Kubernetes has enabled a large number of controllers to provide simple and powerful ways to manage inbound network traffic to Kubernetes workloads. In Kubernetes 1.18, we’ve made 3 significant additions to this API: a new pathType field that can specify how Ingress paths should be matched, a new IngressClass resource that can specify how Ingresses should be implemented by controllers and support for wildcards in hostnames.

  • ManagedKube/kubernetes-common-services: a collection of opinionated Kubernetes cluster services, curated and tested on all the major Kubernetes clusters and clouds.

  • Crafting Kubernetes Operators by Josh Wood and Burr Sutter: this workshop guides you through creating and deploying an Operator using the Operator Framework and SDK to simplify the process of creating an Operator that packages, delivers, and manages your applications on Kubernetes.

💻 Programming

🔐 Security

🔍 Zoom’s personal corner of shame:

  • War Dialing’ Tool Exposes Zoom’s Password Problems by Brian Krebs: as the Coronavirus pandemic continues to force people to work from home, countless companies are now holding daily meetings using videoconferencing services from Zoom. But without the protection of a password, there’s a decent chance your next Zoom meeting could be “Zoom bombed” — attended or disrupted by someone who doesn’t belong.

  • Zoom Rushes to Improve Privacy for Consumers Flooding Its Service by Natasha Singer: the features that allowed companies to hop on video conferences also made it easy for trolls to hijack meetings and harass students.

  • Move Fast & Roll Your Own Crypto: A Quick Look at the Confidentiality of Zoom Meetings by Bill Marczak and John Scott-Railton: this report examines the encryption that protects meetings in the popular Zoom teleconference app. We find that Zoom has “rolled their own” encryption scheme, which has significant weaknesses. In addition, we identify potential areas of concern in Zoom’s infrastructure, including observing the transmission of meeting encryption keys through China.

☁️ Cloud

Amazon Web Services

  • Amazon’s Arm-based Graviton2 Against AMD and Intel: Comparing Cloud Compute by Andrei Frumusanu: it’s been a year and a half since Amazon released their first-generation Graviton Arm-based processor core, publicly available in AWS EC2 as ‘A1’ instances. While the processor didn’t impress all too much in terms of its performance, it was a signal and first step of what’s to come over the next few years.

AWS service updates

  • Introducing the AWS CDK public roadmap: AWS has published their AWS Cloud Development Kit (CDK) roadmap on GitHub to improve transparency and to make it easier to follow upcoming features.

AWS has also been hard at work on EFS improvements:

Azure

DigitalOcean

  • DigitalOcean introduces VPCs by Rafael Rosa: we’re pleased to introduce DigitalOcean Virtual Private Cloud (VPC) and our new Trust Platform to better help secure enterprise workloads.

Article version: 1.0.0

Written on May 7, 2020