DevOps Industry Updates #4

Grab your coffee: the 4th edition of DevOps Industry Updates is here! As always, I’ve been tracking the latest and greatest developments in DevOps and big software and we have some great nuggets to cover:

🔥 Top Cream

This issue’s top 5 stories:

  1. Attack of the mutant tags! Or why tag mutability is a real security threat
  2. Engineering Dropbox Transfer: Making simple even simpler
  3. Hardcoded secrets, unverified tokens, and other common JWT mistakes
  4. How to save a lot of money with a Baker in the spot market?
  5. dowjones/hammer

🌎 Society

  • macOS Big Sur Preview: macOS Big Sur includes the biggest Safari update ever and powerful enhancements to Messages, Maps, and privacy.

  • Wrongfully Accused by an Algorithm by Kashmir Hill: in what may be the first known case of its kind, a faulty facial recognition match led to a Michigan man’s arrest for a crime he did not commit.

  • KubeCon Europe 2020 goes virtual (Aug 17-20): join dozens of companies leading the charge on Kubernetes development as the community gathers for four days to further the education and advancement of cloud native computing.

📟 DevOps

  • HashiCorp Consul 1.8 now General Available by Neena Pemmaraju: Consul 1.8 adds features that lower the barrier to entry for adopting a service mesh in heterogeneous environments. These include a new ingress and terminating gateways, which allow applications inside and outside the service mesh to communicate.

  • Announcing HashiCorp Terraform 0.13 Beta by Petros Kolyvas: the 0.13 release of Terraform builds on the powerful language improvements made with 0.12, with a focus on improved usability for module-specific workflows and enhancements to our vibrant and growing provider ecosystem.

  • HashiCorp Cloud Platform Announcement by Mitchell Hashimoto & Matthew Irish: new flagship cloud offering HashiCorp Cloud Platform (HCP) is a fully managed platform offering HashiCorp products as a service to automate infrastructure on any cloud.

  • API Gateway HTTP APIs - Cheaper and Faster REST APIs? by Andreas Wittig: this review takes a closer look at the new service API Gateway HTTP APIs which promised faster HTTP APIs that are cheaper than its predecessor, with a focus on hard numbers over marketing fluff.

  • Automating safe, hands-off deployments by Clare Liguori: a fantastic overview of how Amazon adopted continuous delivery across the company as a way to automate and standardize how they deployed software and to reduce the time it took for changes to reach production.

🛠️ DevOps Tools

  • dowjones/hammer by Dow Jones: Dow Jones Hammer is a multi-account cloud security tool for AWS. It identifies misconfigurations and insecure data exposures within most popular AWS resources, across all regions and accounts. It has near real-time reporting capabilities to provide quick feedback to engineers and can perform auto-remediation of some misconfigurations.

  • maxgoedjen/secretive by Max Goedjen: Secretive is an app for storing and managing SSH keys in the Secure Enclave. It is inspired by the sekey project, but rewritten in Swift with no external dependencies and with a handy native management app.

  • schenkd/nginx-ui by David Schenk: Nginx UI allows you to access and modify the nginx configurations files without cli.

  • alexcasalboni/aws-lambda-power-tuning by Alex Casalboni: tool to help you visualize and fine-tune the memory/power configuration of Lambda functions. It runs in your own AWS account and it supports three optimization strategies: cost, speed, and balanced.

☸️ Kubernetes

  • Vault & Kubernetes: Better Together by Jason O’Donnell: Watch Jason O’Donnell from the HashiCorp Vault Ecosystem team demo the Vault Agent Injector using static secrets, dynamic secrets, and encryption-as-a-service.

  • Docker and Kubernetes — root vs. privileged by Bryant Hagadorn: New to containers? Here are some considerations for running container processes with the root user and using the --privileged flag, as well as their relation to the host OS.

🔐 Security

💻 Programming

  • Worrying about the NPM ecosystem by Sam Bleckley: there are too many packages and too many dependencies, too deeply nested. Can we measure the problem? And what do we do about it?

  • Launching by Jenn Leaver: the new site combines the product content that was on and into a unified experience.

  • The Wrong Abstraction by Sandi Metz: why “duplication is far cheaper than the wrong abstraction” and the consequences of the “wrong abstraction.”

  • A multiplayer board game in Rust and WebAssembly by Matt Keeter: Pont is an online implementation of Qwirkle, a board game by Mindware Games. It was written for my parents, so they could play with friends and family during the COVID-19 stay-at-home era.

  • Announcing Perl 7 by Brian Foy: Perl has a new plan moving forward. While work on Perl 7 is already underway, it’s not going to be a huge change in code or syntax. Long story short - it’s Perl 5 with modern defaults and it sets the stage for bigger changes later.

📖 Machine Learning

🐧 Linux

  • Dynamic linking by Drew DeVault: Do your installed programs share dynamic libraries? A look at how dynamic linking can make your programs faster and improve security.

🔩 Hardware

  • Xbox Architecture: A Practical Analysis by Rodrigo Copetti: the latest article in the Architecture of Consoles series, Rodrigo Copetti delivers another great in-depth console hardware analysis, this time for the original Xbox.

  • Die shrink: How Intel scaled down the 8086 processor by Ken Shirriff: a die shrink provides a way to improve the performance of a processor and reduce its cost without the effort of a complete redesign. By comparing two similar 8086 chips, Ken Shirriff shows that a die shrink is more complex than uniformly shrinking the whole die.

🚢 Leadership

☁️ Cloud


  • Amazon EKS now Supports EC2 Inf1 Instances: EC2 Inf1 instances deliver high performance and the lowest cost machine learning inference in the cloud. With EKS and the AWS Neuron Kubernetes device plugin, it’s easy to combine multiple Inferentia devices in your cluster to run high performance and cost-effective inference workloads at scale.

  • Multi-Region Application Architecture: helps demonstrate a fault-tolerant application with easy failover to a backup region. This solution leverages Amazon Simple Storage Service (Amazon S3) Cross-Region replication and Amazon DynamoDB Global Tables to asynchronously replicate application data between the primary and secondary AWS Region.

  • AWS App2Container: AWS App2Container is a command-line tool for modernizing .NET and Java applications into containerized applications, automagically!


Article version: 1.1.0

Written on July 6, 2020