Welcome to Technology Short Take #132! My list of links and articles from around the web seems to be a bit heavy on security-related topics this time. Still, there’s a decent collection of networking, cloud computing, and virtualization articles as well as a smattering of other topics for you to peruse. I hope you find something useful!
- I think a fair number of folks may not be aware that the Nginx ingress controller for Kubernetes—both the community version and the Nginx-maintained open source version—do suffer from timeouts and errors resulting from changes in the back-end application’s list of endpoints (think pods being added or removed). This performance testing post lays out all the details. In particular, see the section titled “Timeout and Error Results for the Dynamic Deployment.”
- Ivan Pepelnjak attempts to answer the question, “How much do I need to know about Linux networking?”
- Speaking of Linux networking…Marek Majkowski of Cloudflare digs deep into conntrack, used for stateful firewalling functionality.
- Normally I talk about server hardware and such here, but with so much moving to public cloud providers, let’s expand that focus a little bit: in this post, Jeramiah Dooley provides his perspective on the Surface Duo after a month of use.
- I recently stumbled across this utility to help protect your macOS-based system against persistent malware.
- I’m not sure if I should put this under “Hardware” or here under “Security”: Apple’s T2 chip has an “unfixable vulnerability” that could lead to significant system compromise. There’s more detail available in this post as well.
- Here’s an interesting read: the story of some security researchers who hacked on Apple for three months.
- Brad Geesaman has a write-up on CVE-2020-15157, aka “ContainerDrip,” that you may want to review.
- Intel has released a security advisory for BlueZ, which is related to Bluetooth support in the Linux kernel.
- It appears that Apple may have left themselves a “network backdoor” in macOS Big Sur. This article provides links to a Twitter thread that outlines the backdoor in more detail, but the gist of the situation is that kernel extensions have been deprecated in Big Sur and their replacement appears not to affect some Apple applications (most notably the App Store).
Cloud Computing/Cloud Management
- Brandon Willmott has a post outlining the important directories to know when working with Kubernetes (it’s also helpful for the CKA exam).
- Docker recently open-sourced the Docker Compose integration for Amazon ECS and Microsoft ACI. This code hasn’t made it into the
docker-composeCLI yet. This Docker blog post has more details.
- This is a slightly older post, but Rich Burroughs has a nice summary/recap of KubeCon EU 2020.
- Ahmed Bham and Marcelo Boeira of AWS have a walkthrough for migrating a self-managed Kubernetes cluster on EC2 to Amazon EKS.
- Yann Hamon of Contentful shares that they have open-sourced a Kubernetes operator to sync Kubernetes Secrets from AWS Secrets Manager.
- In this post, Docker shares they they are delaying the enforcement of their new image retention policy, and reminds folks of the image pull rate limits that are due to start on November 1. I know that Docker Hub must consume enormous resources for the company (and thus has a large associated cost), but limiting the ubiquity of Docker Hub—and thus driving developers/users elsewhere—seems shortsighted. I guess time will tell.
- Chip Zoller has information on deploying Harbor on Photon OS.
- Here’s a decent article on using tee and xargs.
- This is a neat trick to enhance Git’s
- Maarten Van Driessen shows readers that clearing the DNS cache on PhotonOS is just a matter of restarting the DNSMasq service.
- Duncan Epping walks readers through VMware Cloud Disaster Recovery, which—if I’m reading this correctly—is the evolution of the Datrium product.
- Alex Edwards has compiled a list of “surprises” and “gotchas” that come from working with Go’s
- Patrick Kremer shares some information on using the VMC (VMware Cloud on AWS) API to troubleshoot the connected VPC.
- Robert Guske takes readers through a guide aimed at setting up a local VEBA environment using
kindand the vCenter simulator. VEBA, for those who aren’t familiar, is the VMware Event Broker Appliance.
- Anthony Spiteri talks about deploying Tanzu on a single ESXi host.
- Ben Kuhn shares some information on how to create more immersive video calls.
- In a post written in the context of network engineers learning automation tools, Ethan Banks shares that you don’t need to become a developer but simply use their tools. I think that this maxim holds true for other disciplines as well, not just network engineers.
That’s all for now, folks! Thanks for taking the time to read, and I hope that I was able to share something you’ll find useful. If you have any feedback on this post, or on the site in general, feel free to hit me on Twitter. I’d love to hear your feedback!