Technology Short Take 168
Published on 12 May 2023 · Filed in Information · 990 words (estimated 5 minutes to read)Welcome to Technology Short Take #168! Although this weekend is (in the US, at least) celebrated as Mother’s Day weekend—don’t forget to call or visit your mom!—I thought you all might want some light weekend reading. I’m here to help, after all. To that end, here’s the latest Technology Short Take, with links to a variety of articles in various disciplines. Enjoy!
Networking
- Ivan Pepelnjak has been on a bit of a DHCP relaying kick. He’s recently published articles on DHCP relaying in VXLAN segments, DHCP relaying in EVPN VRFs, and most recently DHCP relaying with redundant DHCP servers.
- William Collins has a two-part series on site-to-site VPN with AWS. In part 1, Collins shows how VPN connections directly to VPCs don’t scale (both bandwidth-wise and operationally). In part 2, Collins shows how Transit VPC and Transit Gateway address scaling concerns.
- Daryll Swer talks about BGP zombie routes on JunOS.
- One notable challenge with Kubernetes is handling traffic outbound from the cluster and securing (or controlling) that traffic. Aadhil Abdul Majeed with Tigera reviews how using Calico Egress gateway and access controls enables users/operators to secure this outbound traffic.
Security
- Via Russ White, I came across an article on Fully Homomorphic Encryption (FHE) as a privacy-enhancing technology (PET). Unfortunately, the article didn’t even bother to define terms like FHE and PET, which made it quite difficult to parse. Let this be a reminder to you (and me!): not everyone immediately understands the acronyms you’re using, so define them on first use, please.
- In Technology Short Take 166 I linked to an article about BlackLotus, an exploit capable of bypassing UEFI Secure Boot. Microsoft responded to the BlackLotus threat with this guidance related to Secure Boot Manager changes which address the bypass vulnerability used by BlackLotus.
- Again I ask: why Cedar instead of Open Policy Agent (OPA)? What problems does Cedar solve that OPA doesn’t? Is it performance? Scale? Flexibility? Does AWS feel that Cedar is “more secure” or “more correct” than OPA?
Cloud Computing/Cloud Management
- I shared this on Twitter recently, but I wanted to share it here as well. David Egbert wrote up a tutorial on using Pulumi to deploy a production-grade static site on AWS. What I liked about David’s tutorial—in contrast to so many others—is that David didn’t stop at the standard S3/CloudFront component. He went on to add Route53 entries and TLS certificates via ACM. Additionally, David showed one way to break up your Pulumi code (he used Python) into multiple files. Well worth the read, in my opinion.
- Via a colleague at work, I was pointed to Jim Ferrari’s article on integrating Azure Key Vault with Azure Kubernetes Service. (Completely unrelated side note: What a cool last name! Thankfully he didn’t have the last name Lamborghini, can you imagine trying to learn to spell that as a kid in school?)
- I appreciate Nigel Poulton’s clear writing on WebAssembly, containerd, and WASM. First, he has a two-part series discussing WebAssembly on Kubernetes; part 1 provides a high-level overview of the various components, and part 2 is more of a hands-on tutorial. Also, Nigel has another article on understanding containerd shims as they relate to WebAssembly.
- Yan Cui addresses concerns about complex serverless application diagrams.
- I also found an article about a really neat Cilium feature involving integration with AWS security groups. I’m not providing a link here because it was behind a “regwall” (you had to create a free account in order to read it). I’m not a fan of such mechanisms, so…
- Eric Pauley’s analysis of rising EC2 spot instance pricing prompts the question of whether we should bid farewell to the era of cheap EC2 spot instances.
Operating Systems/Applications
- Just when you think you’re getting a handle on Git, then it all blows up in your face and you realize you have no idea how Git works. At least Nick Janetakis’ recent article can show you how to restore files to their latest commit (along with deleting untracked files, too).
- Sven Walther discusses disaster recovery for the Kong API Gateway.
- Jimmi Dyson provides an overview of two very useful container image tools (
skopeoandcrane). - This is a slightly older post, but if you’re looking for an introduction to Git this is a reasonable place to start (especially if you’re not a developer, as this article was written specifically to non-developer audiences).
Storage
- Peter Boros with Percona reviews the performance of various EBS storage types in AWS. The details on gp2 versus gp3 are particularly interesting, in my opinion, and show that price isn’t the only dimension by which you need to measure your configuration.
Virtualization
- Daniƫl Zuthof shows readers how to fix missing NIC drivers for ESXi hosts.
- Christian Mohn shares more information—and a resolution—for an obscure error when upgrading to vCenter 8 Update 1.
Career/Soft Skills
- I appreciated Carly Richmond’s piece on respecting the social battery. There are times when my social battery is depleted and I need a bit of quiet time to recharge. I also appreciated Carly’s description of extroversion and introversion as a spectrum; so many discussions of this topic tend to classify folks as either one or the other, instead of recognizing that people can have tendencies of both.
- Chasing the productivity Holy Grail can be draining…and even counter-productive. Josh Mitrani’s review of the book titled How to Calm Your Mind (written by former “productivity guru” Chris Bailey) talks a bit about that. I can definitely identify with some of the things mentioned here.
That’s all I have for you this time around; hopefully you’ve found something helpful, informative, educational, or at least interesting. If you have feedback for me on this post (or any post on my site), I always love hearing from readers. The best way to interact with me is via Twitter, Mastodon, or Slack (you can find me in the Kubernetes and Pulumi communities pretty much all the time). Feel free to reach out!