Hi everyone! Since the last issue, I’ve had my ear to the ground, listening to the latest news, forum posts and mailing lists for the hottest advancements in DevOps and software engineering. Then, I take that firehose of information, filter it just right and distill it into a single, easy-to-consume page that is my DevOps Industry Updates newsletter. Enjoy!

🔥 Top Cream

This issue’s top 4 stories:

1. Optimizing a Multimillion-Dollar Cloud Bill
2. Async Python is not faster
3. Read-only Jenkins Configuration
4. Why Skylake CPUs Are Sometimes 50% Slower

🌎 Society

• One-year moratorium on police use of Rekognition: AWS hopes this one-year moratorium will give Congress enough time to implement the appropriate rules for the ethical use of facial recognition technology.

• Words Matter: Finally, Tech Looks at Removing Exclusionary Language by Jennifer Riggins: this month the tech industry’s lexicon is seeing a small but significant shift: common technical phrases, most notably “master/slave” and “whitelist/blacklist” that have been red-flagged as offensive, or even racist, are getting updates.

• Zoom says China asked it to censor pro-democracy activists in the US and it obeyed by Nico Grant: Chinese officials had reached out to Zoom in May and early June about four video conference calls that were publicized on social media to commemorate Tiananmen Square protests.

• Remembering Windows 2000, Microsoft’s Forgotten Masterpiece by Benj Edwards: 20 years ago, Microsoft released Windows 2000, a rock-solid, 32-bit business-oriented alternative to Windows 98 and Windows Millennium Edition.

• The Return of the 90s Web by Max Bock: in big cultural concepts like music or fashion, things have a way of coming around full circle, and the 90s Web is no exception.

📟 DevOps

• Limiting the Blast Radius of Deployment Systems by Scott Alexander: a look at a mature process where the build and release process is separated into multiple steps to ensure that breaching any single account doesn’t result in an ability to escalate to multiple accounts.

• Read-only Jenkins Configuration by Tim Jacomb: the ‘read-only’ Jenkins feature allows restricting configuration UIs and APIs while providing access to essential Jenkins system configuration, diagnostics, and self-monitoring tools through Web UI.

• Short term usability is not the same as long term usability by Jussi Pakkanen: I’ve heard this argument applied to user interfaces, but I also think it applies just as much to DevOps tooling and processes, too.

🛠️ DevOps Tools

• Announcing the Terraform Visual Studio Code Extension v2.0.0 by Paul Tyng: as part of their ongoing initiative to provide beetteer syntax highlighting and code completion, HashiCorp is excited to announce the first HashiCorp release for the Visual Studio Code extension. There are two main features in this release: Terraform 0.12 syntax support and default usage of the HashiCorp Terraform Language Server.

• flosell/trailscraper by Florian Sellmayr: a CLI tool to get valuable information out of AWS CloudTrail.

• ripgrep 12 released: in case you haven’t heard of it before, ripgrep is a line-oriented search tool that recursively searches your current directory for a regex pattern.

• 7 Awesome Rust-powered Command-line Utilities by Shinichi Okada: in this article, you will find the top seven Rust command-line utilities you can start using today.

☸️ Kubernetes

• Introducing the CNCF Technology Radar: the goal of the CNCF Technology Radar is to share what tools are actively being used by end users, the tools they would recommend, and their patterns of usage.

• Spring Boot Library for Integration with Istio by Piotr Mińkowski: an annotation-based Spring Boot library for integration with Istio that provides auto-configuration, so you don’t have to do anything more than including it to your dependencies to be able to use it.

🔐 Security

• Beware: ongoing AWS phishing campaign by Chris and James: an interesting analysis of an on-going campaign to steal AWS accounts through phishing, including recommendations on how to secure your AWS accounts against these kinds of attacks.

• The Capital One Data Breach a Year Later by Alex Corstorphine: a look at what went wrong and how you can avoid a similar fate by securing your AWS resources, including recommendations for major services like EC2, S3 and IAM.

• How Hackers Use An Ordinary Light Bulb To Spy On Conversations 80 Feet Away by Davey Winder: what if a hacker could use an ordinary, dumb, old-fashioned light bulb to spy on your conversations from afar? Here’s the bad news.

• Understanding Certificate Pinning by CrazyContini: certificate pinning offers very high security, but it does come with some downsides that need to be considered by the business. This blog explains the security and business considerations for certificate pinning, and shows the trade-offs that can be made according to the need of the organisation implementing it.

• Authenticating shared web caches by Jamey Sharp: some interesting thoughts on potential mechanisms to ensure shared caches serve original copies of web pages.

• Exploitability vs Vulnerability by Swarup Kumar Sahoo: leveraging exploitability as a way to prioritize the most important vulnerabilities and focus on remediating them first.

• Turn on MFA Before Crooks Do It For You by Brian Krebs: thieves are increasingly taking advantage of compromised accounts without multi-factor configured by tying them to a device they control. Here’s the story of one such incident.

💻 Programming

• Practical Python Programming by David Beazley: a fantastic self-driven course using high-quality course material originally used for training traders, systems admins, astronomers, tinkerers, and even a few hundred rocket scientists.

• Async Python is not faster by Cal Paterson: async Python is slower than “sync” Python under a realistic benchmark. A bigger worry is that async frameworks go a bit wobbly under load.

• What’s coming in Go 1.15 by Ben Hoyt: the 16th major version of the Go programming language, due out on August 1st, includes mostly behind-the-scenes and tooling changes. There’s a new linker, performance improvements to the language’s runtime, changes to the architectures supported, and some updates to the standard library.

• Microsoft: Rust Is the Industry’s ‘Best Chance’ at Safe Systems Programming by Joab Jackson: no matter how much investment software companies may put into tooling and training their developers, “C++, at its core, is not a safe language”.

• Errors in Rust: a deep dive by Ivan Ostric: Rust’s error handling is precise and curious. In this article, we are going to take a look at why that is the case.

📖 Machine Learning

• YOLOv5 is Here: State-of-the-Art Object Detection at 140 FPS by Joseph Nelson & Jacob Solawetz: less than 50 days after the release of YOLOv4, “YOLOv5” is released which improves accessibility for real time object detection. Of course, like a lot of articles that make lofty tech claims, there was some criticism, which RoboFlow responded to with yet another blog post.

🐧 Linux

• SCP - Familiar, Simple, Insecure, and Slow by Andrew Lytvynov: SCP? It’s that handy file-transfer feature of SSH, right? Well, not quite.

🔩 Hardware

• Intel Discloses Lakefield CPUs Specifications by Dr. Ian Cutress: this new processor combines one ‘big’ CPU core with four ‘small’ CPU cores, along with a hefty chunk of graphics. Highlights include a small footprint and a low standby SoC power (2.5 mW), which Intel claims is 91% lower than previous low power Intel processors.

Which wouldn’t be complete without:

• Why Skylake CPUs Are Sometimes 50% Slower by Alois Kraus: How Intel Has Broken Existing Code.

🚢 Leadership

• Company Culture Is How You Are Different, Not How You Are The Same by Auren Hoffman: an interesting take on how your company’s culture can be defined by what it does differently, and how that mindset pays dividends long-term.

• Written communication is remote work super power by Snir David: a communication system that is adapted to the remote work reality can unlock amazing benefits: better productivity, a competitive advantage in the long-run and much a better work-life balance on top of it all.

☁️ Cloud

AWS

• Planning on using AWS Step Functions? Think again by Bassem Dghaidi: TLDR; Step Functions is a great product for a specific set of use cases.

• Software Package Management with AWS CodeArtifact by Steve Roberts: now generally available, AWS CodeArtifact is a fully managed artifact repository servicethat helps securely store and share the software packages used in development, build, and deployment processes. Supports Maven and Gradle (for Java), npm and yarn (for Javascript), and pip and twine (for Python).

• Optimizing a Multimillion-Dollar Cloud Bill by Forrest Brazeal: a great overview of how to approach cloud cost control using KPIs and how to optimize them using AWS features like Reserved Instances and Savings Plans.

• AWS Shield Advanced now supports proactive response to events: AWS Shield Advanced now allows proactive engagement from the DDoS Response Team (DRT) when a DDoS event is detected.

• Amazon Redshift now supports writing to external tables in Amazon S3: you can now write the results of an Amazon Redshift query to an external table in Amazon S3 either in text or Apache Parquet formats.

• AWS Hit With a Record 2.3 Tbps DDoS Attack: the attack on AWS was a CLDAP reflection-based attack, and was 44% larger than anything AWS has seen before.

• Introducing AWS Snowcone by Jeff Barr: A Small, Lightweight, Rugged, Secure Edge Computing, Edge Storage, and Data Transfer Device. AWS Snowcone weighs 4.5 pounds and includes 8 terabytes of usable storage.

Azure

• General availability of Azure Files on-premises Active Directory Domain Services authentication by Mike Emard: you can now sync Active Directory to Azure AD, making the migration from on-premises to cloud extremely simple as the same authentication and authorization can be used in Azure as traditional file servers.

• New features and insights in Azure Monitor by Rahul Bagaria: send your Application Insights logs to a common Log Analytics Workspace, keeping application, infrastructure, and platform logs altogether.

GCP

• Setting up advanced network threat detection with Packet Mirroring by Shishir Agrawal & Yang Liang: Packet Mirroring offers full packet capture capability, allowing you to identify network anomalies within and across VPCs, internal traffic from VMs to VMs, traffic between end locations on the internet and VMs, and also traffic between VMs to Google services in production.

Article version: 1.0.0