DevOps Industry Updates #3

Hi everyone! Since the last issue, I’ve had my ear to the ground, listening to the latest news, forum posts and mailing lists for the hottest advancements in DevOps and software engineering. Then, I take that firehose of information, filter it just right and distill it into a single, easy-to-consume page that is my DevOps Industry Updates newsletter. Enjoy!

🔥 Top Cream

This issue’s top 4 stories:

  1. Optimizing a Multimillion-Dollar Cloud Bill
  2. Async Python is not faster
  3. Read-only Jenkins Configuration
  4. Why Skylake CPUs Are Sometimes 50% Slower

🌎 Society

📟 DevOps

  • Limiting the Blast Radius of Deployment Systems by Scott Alexander: a look at a mature process where the build and release process is separated into multiple steps to ensure that breaching any single account doesn’t result in an ability to escalate to multiple accounts.

  • Read-only Jenkins Configuration by Tim Jacomb: the ‘read-only’ Jenkins feature allows restricting configuration UIs and APIs while providing access to essential Jenkins system configuration, diagnostics, and self-monitoring tools through Web UI.

  • Short term usability is not the same as long term usability by Jussi Pakkanen: I’ve heard this argument applied to user interfaces, but I also think it applies just as much to DevOps tooling and processes, too.

🛠️ DevOps Tools

  • Announcing the Terraform Visual Studio Code Extension v2.0.0 by Paul Tyng: as part of their ongoing initiative to provide beetteer syntax highlighting and code completion, HashiCorp is excited to announce the first HashiCorp release for the Visual Studio Code extension. There are two main features in this release: Terraform 0.12 syntax support and default usage of the HashiCorp Terraform Language Server.

  • flosell/trailscraper by Florian Sellmayr: a CLI tool to get valuable information out of AWS CloudTrail.

  • ripgrep 12 released: in case you haven’t heard of it before, ripgrep is a line-oriented search tool that recursively searches your current directory for a regex pattern.

☸️ Kubernetes

  • Introducing the CNCF Technology Radar: the goal of the CNCF Technology Radar is to share what tools are actively being used by end users, the tools they would recommend, and their patterns of usage.

  • Spring Boot Library for Integration with Istio by Piotr Mińkowski: an annotation-based Spring Boot library for integration with Istio that provides auto-configuration, so you don’t have to do anything more than including it to your dependencies to be able to use it.

🔐 Security

  • Beware: ongoing AWS phishing campaign by Chris and James: an interesting analysis of an on-going campaign to steal AWS accounts through phishing, including recommendations on how to secure your AWS accounts against these kinds of attacks.

  • The Capital One Data Breach a Year Later by Alex Corstorphine: a look at what went wrong and how you can avoid a similar fate by securing your AWS resources, including recommendations for major services like EC2, S3 and IAM.

  • Understanding Certificate Pinning by CrazyContini: certificate pinning offers very high security, but it does come with some downsides that need to be considered by the business. This blog explains the security and business considerations for certificate pinning, and shows the trade-offs that can be made according to the need of the organisation implementing it.

  • Authenticating shared web caches by Jamey Sharp: some interesting thoughts on potential mechanisms to ensure shared caches serve original copies of web pages.

  • Exploitability vs Vulnerability by Swarup Kumar Sahoo: leveraging exploitability as a way to prioritize the most important vulnerabilities and focus on remediating them first.

  • Turn on MFA Before Crooks Do It For You by Brian Krebs: thieves are increasingly taking advantage of compromised accounts without multi-factor configured by tying them to a device they control. Here’s the story of one such incident.

💻 Programming

  • Practical Python Programming by David Beazley: a fantastic self-driven course using high-quality course material originally used for training traders, systems admins, astronomers, tinkerers, and even a few hundred rocket scientists.

  • Async Python is not faster by Cal Paterson: async Python is slower than “sync” Python under a realistic benchmark. A bigger worry is that async frameworks go a bit wobbly under load.

  • What’s coming in Go 1.15 by Ben Hoyt: the 16th major version of the Go programming language, due out on August 1st, includes mostly behind-the-scenes and tooling changes. There’s a new linker, performance improvements to the language’s runtime, changes to the architectures supported, and some updates to the standard library.

📖 Machine Learning

🐧 Linux

🔩 Hardware

  • Intel Discloses Lakefield CPUs Specifications by Dr. Ian Cutress: this new processor combines one ‘big’ CPU core with four ‘small’ CPU cores, along with a hefty chunk of graphics. Highlights include a small footprint and a low standby SoC power (2.5 mW), which Intel claims is 91% lower than previous low power Intel processors.

Which wouldn’t be complete without:

🚢 Leadership

☁️ Cloud


  • Software Package Management with AWS CodeArtifact by Steve Roberts: now generally available, AWS CodeArtifact is a fully managed artifact repository servicethat helps securely store and share the software packages used in development, build, and deployment processes. Supports Maven and Gradle (for Java), npm and yarn (for Javascript), and pip and twine (for Python).

  • Introducing AWS Snowcone by Jeff Barr: A Small, Lightweight, Rugged, Secure Edge Computing, Edge Storage, and Data Transfer Device. AWS Snowcone weighs 4.5 pounds and includes 8 terabytes of usable storage.



  • Setting up advanced network threat detection with Packet Mirroring by Shishir Agrawal & Yang Liang: Packet Mirroring offers full packet capture capability, allowing you to identify network anomalies within and across VPCs, internal traffic from VMs to VMs, traffic between end locations on the internet and VMs, and also traffic between VMs to Google services in production.

Article version: 1.0.0

Written on June 22, 2020