Technology Short Take 155
Published on 27 May 2022 · Filed in Information · 917 words (estimated 5 minutes to read)Welcome to Technology Short Take #155, just in time for the 2022 Memorial Day holiday weekend! (Here in the US, at least.) I mean, don’t you want to spend this weekend catching up on some technology-related articles instead of cooking on the grill and gathering with friends and family? I certainly hope not! Still, for those who need a little technology fix over the weekend, hopefully I’ve included something useful in the list of articles below. Enjoy!
Networking
- Isovalent—the company behind the Cilium project—has been talking a lot about how the use of eBPF will transform things, including the architecture of a service mesh. Along those lines, one of their latest articles discusses how to achieve identity-based mutual authentication leveraging eBPF. If I’m understanding the article correctly (and feel free to correct me if I am mistaken) it looks as if Cilium Service Mesh will leverage/does leverage a combination of certificate-based mTLS for identity at the workload level and node-based transport encryption (via WireGuard) for data confidentiality. Even though I know that the underlying mechanisms are different, subjectively this feels a lot like using tunnels to connect workloads on different compute nodes (i.e., network virtualization). Is the relationship between network virtualization and service mesh closer than some folks might wish to admit?
Servers/Hardware
- Researchers have uncovered a potential security flaw in Apple Silicon CPUs; more details in this 9to5Mac article. I’m not sure how I feel about security researchers calling this flaw “not that bad.”
- Colin Percival shares some benchmarks using FreeBSD on the Graviton 3.
Security
- An earlier security vulnerability that exposed APC Smart-UPS devices (see details here—attackers could even destroy the UPS!) now has a follow-up exploit that exposes Aruba and Avaya network switches to remote code execution. In both cases, it’s a problem with the TLS implementation in a library called NanoSSL.
- Steven J. Vaughan-Nichols writes about the first malware discovered running on AWS Lambda.
- Attacks that can affect iPhones when they’re turned off? Yikes. Fortunately, such an attack vector isn’t very straightforward.
- Via Teri Radichel, I saw this article from Google Project Zero about zero-click security vulnerabilities in Zoom. Fortunately, it looks like these vulnerabilities have been patched, so be sure to update your Zoom client. I know it’s a pain, but it’s one of those things you just need to do.
Cloud Computing/Cloud Management
- Kubernetes 1.24 marks the first release of the open source container orchestration platform that is signed using Sigstore (more details here). As I understand it, this is the culmination of an effort launched about a year ago when Google started signing the “distroless” images.
- Kat Cosgrove provides some historical context for the removal of dockershim in Kubernetes 1.24.
- Although a bit older (from June 2021), this article on unknown values in Terraform feels like a direct response to the rise of tools leveraging general purpose programming languages for declarative infrastructure management (think tools like Pulumi, AWS CDK, etc.).
- Manoj Bhagwat provides a high-level overview of Kiali and how to install it.
- Lee Briggs talks about the YAML (he’s discussing the recent addition of YAML support in Pulumi).
- Viktor van den Berg shares his CKAD exam experience and some tips on how to prepare.
- Here’s a user’s perspective on using
infracost
to bring cloud spend into your Terraform worfklows.
Operating Systems/Applications
- The new utility
zq
claims to be an easier and faster alternative tojq
.
Programming
- This article helped me better understand the relationship(s) between SLSA and SBOMs.
- Bashayr Alabdullah provides an example of building your own admission controllers in Kubernetes using Go.
- John Breen’s article on patterns with promises and asynchronous programming in JavaScript provides some practical advice on understanding these concepts. (Hat tip to Corey Quinn for sharing this article via Twitter.)
- Alex Edwards’ post on Golang interfaces explained was helpful.
Storage
- For relevant storage news, I’d recommend having a look at J Metz’ Storage Short Take 42.
Virtualization
- The state of virtualization on Apple Silicon hardware has seen a few developments in recent days and weeks. One project that caught my attention was Tart, a CLI-driven tool that leverages the virtualization support present in macOS to run virtual macOS instances. This will become even more useful, in my opinion, when Linux support is added. (The possibility of a Vagrant provider just seals the deal, in my opinion.)
- The world of virtualization—nay, more than just virtualization—will be forever changed with the announcement of Broadcom’s acquisition of VMware.
Career/Soft Skills
- Mike McQuaid shares some details on how he gets things done.
- Ashley Janssen discusses how time-blocking may help improve productivity. This is not a technique I’ve generally used, so I’d be curious to hear from readers who may have used or are currently using techniques like this.
- Here’s some advice on “starting your diagramming career” (let’s be real, many IT folk need to create diagrams on a regular basis, so tips on creating diagrams might prove really useful).
Other
- I’ve seen a lot of work-from-home desk setups, but this one stood out as actually having some budget-conscious selections (which is often not the case). The use of 3M Command strips to affix stuff under the desk is also so blindingly obvious that I’m surprised I hadn’t thought of it already.
It’s time to wrap up. I hope you all have a wonderful weekend! Feel free to reach out to me if you have questions, comments, suggestions for improvement, or if you just want to say hi. The easiest way to contact me is via Twitter. Thanks for reading!