Technology Short Take 144
Published on 27 Aug 2021 · Filed in Information · 884 words (estimated 5 minutes to read)Welcome to Technology Short Take #144! I have a fairly diverse set of links for readers this time around, covering topics from microchips to improving your writing, with stops along the way in topics like Kubernetes, virtualization, Linux, and the popular JSON-parsing tool jq
. I hope you find something useful!
Networking
- A short while ago I was helping someone (an acquaintance of a friend) with some odd DNS issues. I never found the root cause, but we did find a workaround; however, along the way, someone shared this article with me. I thought it was useful, so now I’m sharing it with you.
- Michael Kashin shares the journey of containerizing NVIDIA Cumulus Linux.
Servers/Hardware
- Plastic microchips? That’s kind of cool.
- Kevin Houston explores multi-node servers as an alternative to blade servers due to increasing thermal requirements from CPUs. (And since Kevin didn’t define TDP—shame, shame!—see this post for an explanation.)
- This is an interesting deep dive into Intel’s “Ice Lake” Xeon SP architecture.
Security
- A severity score of 9.9 out of 10 for a Hyper-V vulnerability? Ouch.
- Dan Lorenc’s article on policy and attestations does a great job of covering key concepts like signatures, attestations, and provenance. Well worth the read, in my opinion (unless you are already very well-versed in said concepts).
- Valentina Palmiotti discusses finding a local privilege escalation in the Linux kernel via eBPF.
- Teri Radichel uses some basketball analogies to explain why defensive (proactive) security strategies are more desirable than reactive security strategies.
- Good to see some Kubernetes hardening guidance coming from the NSA/CISA.
- A bunch of home Wi-Fi routers are suspectible to attack; see this article for more details.
- Upgrading to Go 1.17 might be a good idea. See here for why.
- Sentinel Labs outlines a major malware push that is bypassing Apple’s malware protections.
Cloud Computing/Cloud Management
- I really enjoyed Evan Cordell’s article on 16 things you didn’t know about Kubernetes APIs and CRDs. Good stuff.
- Pablo Vidal Bouza discusses Segment’s move from SSH bastion hosts to AWS Systems Manager Session Manager. (I was going to make a joke about AWS Systems Manager Session Manager and Corey Quinn, but I couldn’t come up with anything. I’ll leave the humorous snark to Corey.)
- Luciano Mammino’s article on provisioning an Ubuntu-based EC2 instance with CDK is a great introduction to CDK for those who aren’t already familiar. Plus, I also learned about using SSM parameters to look up Ubuntu AMIs. That’s really handy!
- Murat Celep (along with Andy Knapp) wrote an article on using Prometheus and Grafana to visually expose Gatekeeper constraint violations.
- This article provides some great “behind the scenes” information on AWS Lambda. (Also, I didn’t know anything about the galois field in AES; read this if you’re curious.)
Operating Systems/Applications
- This is a great article on using
jq
withkubectl
. It’s not bad as a general introduction tojq
, either. (jq
is probably one of my favorite CLI tools. So useful.) - Bozhidar Batsov shares the story of how he left macOS for Linux and ended up on Windows 10 with WSL.
- I guess I’m on a bit of a
jq
kick this time around. Here’s a cool article by Fabian Keller on five usefuljq
commands for parsing JSON on the CLI. I learned a couple of tricks from this article. - Kudos to J. Austin Hughley for sticking it out through all the challenges and documenting how to use a Windows gaming PC as a (Linux) Docker host.
- Alex Ellis shares some information on how to use
kubectl
to access your private (Kubernetes) cluster. Most of the information centers on the use of the Pro version ofinlets
, one of Alex’s project. Nevertheless, there is some very useful information here. - Blogger Mal shares some “privacy surprises” from well-known password manager 1Password.
- Jason Hall has some information on OCI base image annotations.
- William Lam has a quick tip on setting up Kubernetes using
containerd
on PhotonOS.
Storage
- Chris Bergeron has an interesting (and kind of geeky) post on connecting to a NAS with Thunderbolt.
Virtualization
- Anthony Spiteri looks at deploying KubeVirt with Platform9. KubeVirt, if you’re not aware, is a set of controllers and custom resources to allow Kubernetes to manage virtual machines (VMs).
- Rudi Martinsen has an article on changing the Avi load balancer license tier (this is in the context of using it with vSphere with Tanzu).
- Eric Sloof has information on how to disable VMware plugins in vCenter Server (the context of the article is security vulnerabilities disclosed in plugins).
Career/Soft Skills
- Chad McElligott has a nice post on resources for staying in touch with the tech community.
- Julia Evans has a list of patterns in confusing explanations. I’m sure I’ve done most (if not all) of these things at some point in time, but as Julia points out it’s useful to have the list so that it becomes easier to avoid these mistakes in the future.
I guess I’d better wrap up now! I hope you found something useful here. If you have any questions, comments, suggestions for improvement, or just want to say hello, feel free to reach out to me. You can find me on Twitter, and I’m also active in a number of different Slack communities (Kubernetes, Kuma, Envoy, and Pulumi, to name a few.) I’d love to hear from you!