Dan Guido mentioned this might be a thing on our Algo VPN episode. Turns out he was right (once version 5.6 of the Linux kernel hits package mirrors for download).
Linus had this to say about WireGuard:
“Can I just once again state my love for it and hope it gets merged soon? Maybe the code isn’t perfect, but I’ve skimmed it, and compared to the horrors that are OpenVPN and IPSec, it’s a work of art,”
If you’ve been following along in the open source news cycle lately, you’ve probably heard that Red Hat has dropped the docker container runtime engine from both its Red Hat Enterprise Linux (RHEL) and CentOS Linux distributions.
I must not be following along, because that’s news to me.
That being the case, what do you do when you need to deploy containers? Fortunately, they’ve created a near drop-in replacement for docker, called Podman.
Podman is a rename from kpod, sorta. The new thing is actually called libpod, and Podman exists as the CLI for that library. It’s all a bit confusing, but what’s cool is none of this requires a daemon like the Docker Engine.
If you’d like to give it a go, this walk-through by The New Stack will get you started.
Arijit Mukherji on The New Stack:
We all have our favorite urban legends. From cow tipping to chupacabras, these myths persist despite a lack of definitive proof (and often evidence to the contrary). Technology isn’t immune to this phenomenon. It has its own set of urban legends and myths that emerge alongside new technologies and continue well into mass adoption. As organizations consider the shift from monitoring to Observability, I hear three common misperceptions. It’s time to debunk the myths.
Jack Wallen:
A new cryptojacking worm, named Graboid, has been spread into more than 2,000 Docker hosts, according to the Unit 42 researchers from Palo Alto Networks. This is the first time such a piece of malware has spread via containers within the Docker Engine (specifically docker-ce).
Scary stuff, and (at the moment) difficult to detect & prevent:
We’ve reached a point with containers where security must be constantly on the front burner. Antivirus and anti-malware applications currently have no means of analyzing and cleaning containers and container images. That’s the heart of the issue.
Graboid may be the first malware to target containers, but it certainly won’t be the last.
Developers and IT decision-makers should not be surprised by the recent Capital One data breach: Misconfigurations have long been the top cloud security concern. A new StackRox survey of IT decision-makers supports this finding as 60% of respondents are more worried about misconfigurations or exposures, as compared to attacks and generic vulnerabilities.
We’re not 💯 on what exactly happened, but the evidence is pointing toward a misconfigured firewall.
It’s hard to believe it’s already been 9 years since Rust was first announced to the world. The New Stack has a nice interview with Graydon Hoare…
sharing his thoughts on everything from the state of systems programming, to the difficulty of defining safety on ever-more complex systems — and whether we’re truly more secure today, or confronting an inherited software mess that will take decades to clean up.
David Cassel with a nice rundown and analysis of interesting/creative 404s around the web.
Maybe this is where geek culture really lives — in the hidden messages left behind by webmasters who were hoping they’d never need to be read.
An interview with James Shubin (DevOps/config-management hacker and physiologist from Canada who works on a next-generation config-management project he started called mgmt) about his open source work and how it contributes to the cloud native landscape.
One of the most exciting announcements from last week’s AWS re:Invent was Firecracker — an open source project that delivers the speed of containers with the security of VMs.
Firecracker’s focus is transient and short-lived processes, so it differs from containers in that it’s optimized for startup speed.
Why can’t we use containers? The answer is simple — slower cold start. While LXC and Docker are certainly faster and lighter than full-blown virtual machines, they still don’t match the speed expected by functions.
There are also some security wins with how Firecracker is architected:
Firecracker takes a radically different approach to isolation. It takes advantage of the acceleration from KVM, which is built into every Linux Kernel with version 4.14 or above. KVM, the Kernel Virtual Machine, is a type-1 hypervisor that works in tandem with the hardware virtualization capabilities exposed by Intel and AMD.
There’s a lot to be intrigued by here. We should probably line up an episode on Firecracker. In the meantime, click through to go deeper on the topic.
One of the oft-toted virtues of serverless infrastructure is metered pricing. Like, super-metered pricing down to function invocations and memory use. That’s awesome, but also harder to predict than flat-rate (or at least flatter-rate) pricing. In this article, The New Stack goes deep into the weeds trying to estimate actual serverless costs across providers.
David Cassel has a great recap of the recent Decentralized Web Summit and what it was all about.
It’s a follow-up to a similar event in 2016, though now “People are starting to show real working code and real projects. They’re building whole technology stacks that are more decentralized, in large part fueled by the excitement of the cryptocurrency systems. The altcoins and Bitcoins are proving that interesting and complicated systems are starting to work out there.”
Click through for lots of quotes and takeaways. I think Changelog might have to get involved if they do this again next year…
Michelle Gienow:
The recent release of the Fitbit Ionic marked Fitbit’s first true smartwatch. More significant to the JavaScript developer community, though, is the fact that the Ionic was produced and shipped using JerryScript, a lightweight JavaScript engine built to power the Internet of Things.
I heard some hubbub about JerryScript last year at OSCON EU, but not much since. Fitbit using it in their first attempt at a production smart watch is a big vote of confidence for the project.
David Cassel:
It’s easy to list the achievements of John Perry Barlow — everything from co-founding the Electronic Frontier Foundation to writing lyrics for the Grateful Dead. But it’s harder to quantify the amount of inspiration he delivered to the internet in the early 1990s. In the truest spirit of the word pioneer, he created a vision that helped shape the world that was to come.
This is a great compilation of stories, quotes, and personal remembrances of a man to whom we all owe a debt of gratitude. Whether we know it or not.
A fun read, but does it fall pray to Betteridge’s Law of Headlines? 😏
