Grab your coffee: the 4th edition of DevOps Industry Updates is here! As always, I’ve been tracking the latest and greatest developments in DevOps and big software and we have some great nuggets to cover:

🔥 Top Cream

This issue’s top 5 stories:

1. Attack of the mutant tags! Or why tag mutability is a real security threat
2. Engineering Dropbox Transfer: Making simple even simpler
3. Hardcoded secrets, unverified tokens, and other common JWT mistakes
4. How to save a lot of money with a Baker in the spot market?
5. dowjones/hammer

🌎 Society

• macOS Big Sur Preview: macOS Big Sur includes the biggest Safari update ever and powerful enhancements to Messages, Maps, and privacy.

• Wrongfully Accused by an Algorithm by Kashmir Hill: in what may be the first known case of its kind, a faulty facial recognition match led to a Michigan man’s arrest for a crime he did not commit.

• KubeCon Europe 2020 goes virtual (Aug 17-20): join dozens of companies leading the charge on Kubernetes development as the community gathers for four days to further the education and advancement of cloud native computing.

📟 DevOps

• Attack of the mutant tags! Or why tag mutability is a real security threat by Álvaro Iradier: tag mutability can introduce multiple functional and security issues. Tags can change unexpectedly, and at any moment. In this article, we’ll learn about the risk of tag mutability and how we can prevent it.

• HashiCorp Consul 1.8 now General Available by Neena Pemmaraju: Consul 1.8 adds features that lower the barrier to entry for adopting a service mesh in heterogeneous environments. These include a new ingress and terminating gateways, which allow applications inside and outside the service mesh to communicate.

• Announcing HashiCorp Terraform 0.13 Beta by Petros Kolyvas: the 0.13 release of Terraform builds on the powerful language improvements made with 0.12, with a focus on improved usability for module-specific workflows and enhancements to our vibrant and growing provider ecosystem.

• HashiCorp Cloud Platform Announcement by Mitchell Hashimoto & Matthew Irish: new flagship cloud offering HashiCorp Cloud Platform (HCP) is a fully managed platform offering HashiCorp products as a service to automate infrastructure on any cloud.

• API Gateway HTTP APIs - Cheaper and Faster REST APIs? by Andreas Wittig: this review takes a closer look at the new service API Gateway HTTP APIs which promised faster HTTP APIs that are cheaper than its predecessor, with a focus on hard numbers over marketing fluff.

• How to save a lot of money with a Baker in the spot market? by Tommaso Visconti: how NextRoll replaced their one-minute file generator Apache Storm service with Baker, their in-house data processing software (written in Go), deployed across all AWS regions using spot instances only.

• Automating safe, hands-off deployments by Clare Liguori: a fantastic overview of how Amazon adopted continuous delivery across the company as a way to automate and standardize how they deployed software and to reduce the time it took for changes to reach production.

• How To Remotely Access GUI Applications Using Docker and Caddy on Ubuntu 20.04 by Patrick Gaskin: even with the growing popularity of cloud services, the need for running native applications still exists.By using noVNC and TigerVNC, you can run native applications inside a Docker container and access them remotely using a web browser.

🛠️ DevOps Tools

• dowjones/hammer by Dow Jones: Dow Jones Hammer is a multi-account cloud security tool for AWS. It identifies misconfigurations and insecure data exposures within most popular AWS resources, across all regions and accounts. It has near real-time reporting capabilities to provide quick feedback to engineers and can perform auto-remediation of some misconfigurations.

• AWS Snow Family Infographic by Jerry Hargrove: another great infographic from @awsgeek!

• maxgoedjen/secretive by Max Goedjen: Secretive is an app for storing and managing SSH keys in the Secure Enclave. It is inspired by the sekey project, but rewritten in Swift with no external dependencies and with a handy native management app.

• schenkd/nginx-ui by David Schenk: Nginx UI allows you to access and modify the nginx configurations files without cli.

• alexcasalboni/aws-lambda-power-tuning by Alex Casalboni: tool to help you visualize and fine-tune the memory/power configuration of Lambda functions. It runs in your own AWS account and it supports three optimization strategies: cost, speed, and balanced.

☸️ Kubernetes

• Vault & Kubernetes: Better Together by Jason O’Donnell: Watch Jason O’Donnell from the HashiCorp Vault Ecosystem team demo the Vault Agent Injector using static secrets, dynamic secrets, and encryption-as-a-service.

• Docker and Kubernetes — root vs. privileged by Bryant Hagadorn: New to containers? Here are some considerations for running container processes with the root user and using the --privileged flag, as well as their relation to the host OS.

🔐 Security

• Hardcoded secrets, unverified tokens, and other common JWT mistakes by Vasilii Ermilov: using static analysis tooling, Vasilii Ermilov examined 2,000 npm modules for security weaknesses and vulnerabilities. This post summarizes some common mistakes that were found during his research.

• Journalist’s phone hacked by new ‘invisible’ technique by Marco Chown Oved: a report published by Amnesty International shows Omar Radi was targeted by a new and frighteningly stealthy technique. All he had to do was visit one website. Any website.

• Dating Apps Exposed 845 GB of Explicit Photos, Chats, and More by Lily Newman: security researchers Noam Rotem and Ran Locar were scanning the open internet on May 24 when they stumbled upon a collection of publicly accessible AWS S3 buckets. Each contained a trove of data from nine different specialized dating apps from hundreds of thousands of users.

• Domestic Abuse Prevention App Exposes Victims in Massive Data Breach by vpnMentor research team: back at it again, renowned analysts Noam Rotem and Ran Locar also discovered an incredibly sensitive data breach originating from the domestic violence prevention app Aspire News App.

• Applause for Apple’s IDFA Decision by Ashley Boyd: Apple is giving consumers the option to opt-out of tracking in each app, essentially turning off IDFA (a unique ID that lets advertisers track the actions users take when they use apps).

• Logging a User into Your App with Face ID or Touch ID: Face ID and Touch ID provide a frictionless experience when logging in — and now you can use them on your websites in Safari with the Web Authentication API.

• Apple adds support for encrypted DNS by Catalin Cimpanu: Apple said that iOS 14 and macOS 11 will support the DNS-over-HTTPS and DNS-over-TLS protocols.

💻 Programming

• 3K, 60fps, 130ms: achieving it with Rust by Jake McGinty: how we chose the Rust programming language to advance the state-of-the-art in real-time communication.

• Speeding up function calls with just one line in Python: if we’re calling expensive functions in the program very frequently, it’s best to save the result of a function call and use it for future purposes rather than calling the function every time.

• Worrying about the NPM ecosystem by Sam Bleckley: there are too many packages and too many dependencies, too deeply nested. Can we measure the problem? And what do we do about it?

• Launching docs.github.com by Jenn Leaver: the new site combines the product content that was on help.github.com and developer.github.com into a unified experience.

• The Wrong Abstraction by Sandi Metz: why “duplication is far cheaper than the wrong abstraction” and the consequences of the “wrong abstraction.”

• A multiplayer board game in Rust and WebAssembly by Matt Keeter: Pont is an online implementation of Qwirkle, a board game by Mindware Games. It was written for my parents, so they could play with friends and family during the COVID-19 stay-at-home era.

• Announcing Perl 7 by Brian Foy: Perl has a new plan moving forward. While work on Perl 7 is already underway, it’s not going to be a huge change in code or syntax. Long story short - it’s Perl 5 with modern defaults and it sets the stage for bigger changes later.

📖 Machine Learning

• MIT apologizes, permanently pulls offline huge dataset that taught AI systems to use offensive terms by Katyanna Quach: MIT has taken offline its highly cited dataset that trained AI systems to potentially describe people using racist, misogynistic, and other problematic terms.

🐧 Linux

• How Did Vim Become So Popular by Nikola Đuza: How did Vim take over the world?

• Dynamic linking by Drew DeVault: Do your installed programs share dynamic libraries? A look at how dynamic linking can make your programs faster and improve security.

🔩 Hardware

• Apple is switching Macs to its own processors starting later this year by Tom Warren: Apple is officially moving to its own silicon chips for some of its Mac hardware. Calling it a “historic day for the Mac,” Apple CEO Tim Cook detailed the transition plan for Apple to adopt their own ARM-powered silicon in Macs later this year.

• Xbox Architecture: A Practical Analysis by Rodrigo Copetti: the latest article in the Architecture of Consoles series, Rodrigo Copetti delivers another great in-depth console hardware analysis, this time for the original Xbox.

• Die shrink: How Intel scaled down the 8086 processor by Ken Shirriff: a die shrink provides a way to improve the performance of a processor and reduce its cost without the effort of a complete redesign. By comparing two similar 8086 chips, Ken Shirriff shows that a die shrink is more complex than uniformly shrinking the whole die.

🚢 Leadership

• Engineering Dropbox Transfer: Making simple even simpler by Nick Sundin: one of the challenges of application engineering within an established company like Dropbox is to break out of the cycle of incremental improvements and look at a problem fresh.

• 7 things in your DevOps workflow that kill your developer productivity by Kaspar von Grünberg: a look into one of the biggest killers in developer productivity: the way you configure and setup your DevOps workflow. In almost all situations, the author has come across some quick-wins that help you avoid most of the problems.

☁️ Cloud

• What happens when you update your DNS? by Julia Evans: a quick exploration of what’s happening behind the scenes when you update a DNS record.

• How CDNs Generate Certificates by Thomas Ptacek: it’s time to talk about certificate infrastructure.

AWS

• AWS Lambda support for Amazon Elastic File System now GA: you can now use AWS Lambda and EFS together to build data-intensive applications that can process larger amounts of data in a highly distributed manner, sharing data across functions, containers and instances.

• Announcing Amazon Aurora Serverless with MySQL 5.7 compatibility: Aurora Serverless is an on-demand, auto-scaling configuration for Amazon Aurora, where the database will automatically start up, shut down, and scale capacity up or down based on your application’s needs. It’s a simple, cost-effective option for infrequent, intermittent, or unpredictable workloads.

• Amazon EC2 Auto Scaling now supports Instance Refresh within Auto Scaling Groups: EC2 Auto Scaling now lets you automatically update the instances in your Auto Scaling Groups to simplify releasing new application versions and/or roll-out infrastructure changes.

• Amazon EKS now Supports EC2 Inf1 Instances: EC2 Inf1 instances deliver high performance and the lowest cost machine learning inference in the cloud. With EKS and the AWS Neuron Kubernetes device plugin, it’s easy to combine multiple Inferentia devices in your cluster to run high performance and cost-effective inference workloads at scale.

• AWS Certificate Manager Extends Automation of Certificate Issuance Via CloudFormation: Finally! AWS Certificate Manager (ACM) now supports CloudFormation templates for automating SSL/TLS certificate issuance for DNS-validated certificates with domains managed in Route 53.

• Introducing AWS CloudFormation Guard (Preview): CloudFormation announces the preview of CloudFormation Guard (cfn-guard), an open-source command line interface that helps enterprises keep their AWS infrastructure and application resources in compliance with their company policy guidelines.

• Detailed Cost Management Data is now available on AWS Console Mobile Application: allows you to see your detailed costs on-the-go with your mobile device, including your current month-to-date data, forecasted month end costs, and daily costs.

• Multi-Region Application Architecture: helps demonstrate a fault-tolerant application with easy failover to a backup region. This solution leverages Amazon Simple Storage Service (Amazon S3) Cross-Region replication and Amazon DynamoDB Global Tables to asynchronously replicate application data between the primary and secondary AWS Region.

• Introducing Amazon Honeycode – Build Web & Mobile Apps Without Writing Code by Jeff Barr: this new fully-managed AWS service gives you the power to build powerful mobile & web applications without writing any code.

• AWS App2Container: AWS App2Container is a command-line tool for modernizing .NET and Java applications into containerized applications, automagically!

Azure

• Azure Firewall Manager is now generally available by Gopikrishna Kannan: Azure Firewall Manager is now generally available and includes Azure Firewall Policy, Azure Firewall in a Virtual WAN Hub (Secure Virtual Hub), and Hub Virtual Network.

Article version: 1.1.0