Technology Short Take 158
Published on 12 Aug 2022 · Filed in Information · 690 words (estimated 4 minutes to read)Welcome to Technology Short Take #158! What do I have in store for you this time around? Well, you’ll have to read the whole article to find out for sure, but I have links to articles on…well, lots of different topics! DNS, BGP, hardware-based security, Kubernetes, Linux—they’re all in here. Hopefully I’ve managed to find something useful for someone.
Networking
- Shank Mohan explains some details on NSX-T Tier-1 Service Router (SR) placement.
- See this page for instructions on how to enable BBR on Debian 10.
- Christopher Vierheller supplies a concise guide on how to add custom symbols to EVE-NG.
- Alex Neihaus provides readers with a walkthrough for adding BGP routes to AWS security groups.
- Via Russ White, RFC 9199 was drawn to my attention (“Considerations for Large Authoritative DNS Server Operators”).
Servers/Hardware
- Gabriel Sieben ruminates on the potential dangers of Microsoft Pluton, a new security chip co-developed by Microsoft and AMD.
Security
- Jason Avery walks readers through using Atomic Red Team to test Falco rules in Kubernetes environments. This is pretty neat.
- Also on the Sysdig blog, Miguel Hernández recaps his KubeCon EU 2022 talk on how attackers used an exposed Prometheus server to exploit Kubernetes clusters.
- Kat Traxler discusses abusing the AWS S3 replication service to exfiltrate data.
- A “highly evasive” Linux malware named OrBit has emerged; see here for more details.
- This article is an interesting discussion on how to treat failure when it comes to breaches or security vulnerabilities. I like the author’s focus on keeping the discussion positive.
Cloud Computing/Cloud Management
- There’s a fair chance you may not have had the opportunity to work with the
kubectl patch
command, but never fear: Matt Bargenquast has you covered. - Mehul Arora discusses ephemeral containers, some neat new functionality that should hit the stable status in Kubernetes 1.25.
- Chip Zoller shows readers how to combine a few different components for attesting image scans (to protect against vulnerabilities).
- Ivan Velichko takes readers on a journey of how Kubernetes reinvented virtual machines (in a good sense).
- Lee Briggs has a bit of a rant on imperative, declarative, and idempotent, and why this seems to confuse a lot of people.
- Eduardo Minguez has an article on the Sysdig blog on how to apply security at the source using GitOps.
- Piotr Minkowski takes readers through managing Kubernetes clusters with Terraform and ArgoCD.
- Robert Guske shares a couple of scripts that are useful for demoing Knative.
- Ricard Bejerano makes the case that Terraform should have remained stateless. I’m not sure I agree with some of his points…but I need to ponder the topic a bit more.
Operating Systems/Applications
- Jorge Castro tears into the “wasting disk space” argument against the Flatpak application package format.
- Interested in hardening macOS? See this list of guidelines from Richard Bejarano.
- Here’s an article on updating running Docker containers using Watchtower.
Programming
- Are you ready to give up GitHub?
Storage
- For your fix of storage-related links, J Metz has relatively recently published Storage Short Take #47.
Virtualization
- Edwin Weijdema shares how he uses VMware Fusion 12 on his MacBook Pro (Intel-based, I’m assuming) to run a mobile lab with nested ESXi hypervisors.
- Howard Oakley takes a look at virtualization on Apple silicon Macs.
- William Lam confirms that ESXi 7.x will be the last version to officially support macOS virtualization.
Career/Soft Skills
- I don’t remember how this article got in front of me, but I wanted to share it here because I know that job burnout is real. If this article helps even one person, then it will be worth including it here.
- I appreciated this post on learning a technical subject. A lot of this resonated with me; I’d be curious to know if readers feel the same way.
And that’s a wrap! Thanks for reading, and feel free to reach out to me if you have any feedback, corrections (mistakes do creep in from time to time!), suggestions for improvement, or links you think I should include in the next Technology Short Take. You can reach me on Twitter, or find me in any number of Slack communities (the Kubernetes Slack community is one I frequently visit, among others).