Technology Short Take 176
Published on 15 Mar 2024 · Filed in Information · 697 words (estimated 4 minutes to read)Welcome to Technology Short Take #176! This Tech Short Take is a bit heavy on security-related links, but there’s still some additional content in a number of other areas, so you should be able to find something useful—or at least interesting—in here. Thanks for reading!
Networking
- Lee Briggs (formerly of Pulumi, now with Tailscale) shows how to use the Tailscale Operator to create “free” Kubernetes load balancers (“free” as in no additional charge above and beyond what it would normally cost to operate a Kubernetes cluster).
- Ivan Pepelnjak dives deep on DHCP relaying on a Linux host.
- I also enjoyed Ivan’s realistic take on rollbacks in a network automation environment. (TL;DR: It’s not as easy as it might seem.)
Servers/Hardware
- Menno Finlay-Smits shares information on reducing fan noise on Intel NUCs.
- Rob McBryde shares his story of reviving a 2012 MacBook Pro with Linux.
- Kevin Houston previews the first AMD-powered Cisco UCS blade server.
Security
- In early February a vulnerability was uncovered in a key component of the Linux boot process. The vulnerability affects virtually all Linux distributions and allows attackers to bypass the secure boot protections and insert a low-level bootkit. While the requirements for exploiting the vulnerability are not insurmountable, they do require a certain level of effort. More details available via Ars Technica and via ZDnet.
- Nick Frichette shares how to bypass GuardDuty Tor client findings (basically, how to connect to Tor without GuardDuty detecting it).
- The Sysdig Threat Research Team uncovered the malicious use of a network mapping tool called SSH-Snake. Read more about it in this post.
- VMware is patching a set of severe “sandbox escape” bugs. Two of the vulnerabilities are rated a 9.3 out of 10, and even VMware’s flagship ESXi hypervisor is affected. More details are available from Ars Technica.
- Think Linux doesn’t have malware? A new Bifrost remote access trojan (RAT) for Linux employs a number of techniques to remain hidden, including using a “VMware-esque” domain name for command and control servers.
- And here’s another example of malware that is targeting Linux (along with Windows).
- This would be why I hate it when companies force me to use SMS for two-factor authentication—at least let me use a one-time passcode or something.
Cloud Computing/Cloud Management
- Mina Abadir shares some experiences around migrating from PlanetScale to Amazon Aurora.
- Rory McCune explains Kubernetes authentication.
- Falco has graduated within the CNCF.
Operating Systems/Applications
- Here’s one person’s take on
sudo
for Windows. - This is a handy trick.
- David Both has an article on using systemd journals for troubleshooting. It looks like this is part of a larger series on systemd.
- Major Hayden talks about connecting Caddy to Porkbun to help with automating TLS certificates.
Storage
- Gergely Imreh discusses ZFS on a Raspberry Pi.
- Cal Paterson explains why S3 is not a filesystem.
Virtualization
- In the wake of Broadcom discontinuing VMware ESXi Free, Nutanix is hoping to fill the gap with Nutanix Community Edition. Vladan Seget provides some additional details in his blog post. Given that Nutanix Community Edition is based on the open source KVM hypervisor, this could lead to greater KVM adoption among small businesses and virtualization hobbyists who formerly would have used VMware’s solution.
- Staf Wagemakers (I think I have the name right) describes running OpenBSD as a UEFI virtual machine on a Raspberry Pi.
- I stumbled across a pair of articles by Greg Gant on the use of QEMU to run older versions of Mac OS (including pre-Mac OS X versions): there’s the original piece, and then an updated piece.
Career/Soft Skills
- Robb Owen shares why it’s OK to abandon your side project.
- This distinction between stories and tasks is probably applicable even outside agile development environments and practices, especially when it boils down to “you must still think about what the user needs”. Good stuff!
That’s all for now! I always love hearing from readers, so if you found something useful in this post—or in any post—don’t hesitate to reach out! You can reach me on Twitter, on the Fediverse, or in a number of different Slack communities. You’re also welcome to drop me an e-mail; my address is here on the site (it’s not hard to find). Enjoy!