Dan McClain Avatar

Dan McClain

Cloud github.com

Cloud native buildpacks

Heroku and Pivotal are working on the next generation of buildpacks and presenting it to the Cloud Native Computing Foundation with the hopes to “greatly improve buildpack interoperability between platforms and attract a wide community of contributors, including buildpack creators and maintainers”.

From buildpacks.io:

Cloud Native Buildpacks are a new effort initiated by Pivotal and Heroku in January 2018. Cloud Native Buildpacks aim to unify the buildpack ecosystems with a platform-to-buildpack contract that is well-defined and that incorporates learnings from maintaining production-grade buildpacks for years at both Pivotal and Heroku, the largest contributors to the buildpack ecosystem.

Buildpacks are pluggable, modular tools that translate source code into container-ready artifacts such as OCI images. They replace Dockerfiles in the app development lifecycle with a higher level of abstraction.

The proposal offers buildpacks as replacement to Dockerfiles, while serving as a higher level of abstraction. The presentation is tonight (Aug 21) @ 8pm PDT and details on joining the meeting are in the CNCF TOC readme.

Netflix Technology Blog Icon Netflix Technology Blog

Open sourcing Zuul 2

Netflix open sourced their cloud gateway:

The Cloud Gateway team at Netflix runs and operates more than 80 clusters of Zuul 2, sending traffic to about 100 (and growing) backend service clusters which amounts to more than 1 million requests per second.

Pretty impressive. Click through to get the details of how Zuul 2 works and how they use it inside Netflix. I love when companies who are operating at webscale (😏) share their practices and code with the rest of us.

Security Medium (via Scribe)

An Efail postmortem

Efail caused a panic at the disco:

… some researchers in Europe published a paper with the bombshell title “Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels.” There were a lot of researchers on that team but in the hours after release Sebastian Schinzel took the point on Twitter for the group.

Oh, my, did the email crypto world blow up. The following are some thoughts that have benefited from a few days for things to settle.

Lots of interesting insights here, perhaps most controversially how the EFF’s handling of the situation may have done more harm than good in the author’s opinion. Also:

we could stand to have a renewed appreciation for OpenPGP’s importance to not just email crypto, but the global economy.

I can say I definitely have more appreciation for it after reading this than I did before. I hadn’t thought about its influence (which is huge) outside of encrypted email.

Player art
  0:00 / 0:00