And not so great news about Docker.
Apparently, Docker is now deleting Open Source organizations.
Basically, the bottom line is that you cannot have an organization on a free account. At the first glance, it looks ok: you want a production-grade SaaS - you pay for it.
The main concern is that there's no official statement from Docker that existing names of such organizations will be locked, so no one can get those except original owners, even with paid accounts. Otherwise, it will open a gate for potential malicious code injection attacks.
#docker
UPD: Ah, sh*t, the Google Form was disabled! I have enabled it, so not it should work as expected.
A new Kubernetes operations survey by CatOps.
Last year I did a Kubernetes operations survey. You can find the results here.
There are things that would be interesting to observe in dynamic. Thus, I decided to make it an annual survey. Last year there were 102 responses, I hope there will be more this year. So, I would very appreciate it, if you could spend a couple of minutes to complete it.
I will share the results here, of course.
#kubernetes #survey
A graphical explainer of how CORS works.
BTW, you can subscribe to this author on Substack. They post very nice zines from time to time!
#cors #web
It’s not a security-focus channel, but I post security-related things from time to time.
There is a book bundle related to cybersecurity on sale at Humble Bundle.
I cannot judge the quality of those books since I’m not an expert. Yet, hopefully it may be interesting to some of you.
#security
Spegel is an in-cluster OCI registry mirror.
It allows nodes to pull images from other nodes in a cluster when a public registry (or your private registry) is not available.
It can also help you to avoid rate limiting and decrease outside traffic if you’re using public registries to pull images in your clusters.
#kubernetes
The first spring issue of the CatOps Newsletter in live!
https://catops.substack.com/p/catops-digest-2023-03-05
#newsletter
Remember those interview questions: “What happens during Linux boot process”, “What happens when you open a link in your browser”, and so on?
Well, the new age has come with questions like “What happens when you you do kubectl <command>
”. I was actually asked this question on one of the interviews.
And here’s a guide on GitHub that explains just that.
P.S. Sorry, if I have shared it already. I’m going through some of my old bookmarks and trying to figure out, if there’s anything valuable in there. So, expect some old articles here.
#kubernetes
I don’t want to post anything serious during the weekend. So, here’s a story about how a guy’s Azure account was taken over by his daughter’s school.
I don’t work much with the Microsoft cloud services, so I dunno how common is it.
There’s no morale here. Keep an eye on your Microsoft accounts, I guess ¯\_(ツ)_/¯
We briefly mentioned Crossplane during in our last voice chat. Here is yet another hello word-ish article about Crossplane.
However, what I like about this article that there is a link to a repository with code samples. So, you can examine the code on your own if you want as well as try to run it by yourself.
BTW, I also wrote an article long time ago. Unfortunately, I don’t have a repo with the sample code. I didn’t think of this back then :\
#kubernetes #aws #crossplane
Finally! I have finished processing the recording of our previous Voice chat!
Last time we were talking about testing of Kubernetes and also what it takes to be a mentor. Audio is in Ukrainian.
I cut too many pauses in the end, so the conversation sounds a bit false in the end. I'll try to do better next time.
You can ~watch~ listen to it on YouTube. Audio is also available on Anchor and Spotify. It should be available soon on Apple Podcasts and Google Podcasts as well, but I'm not sure how often do those services read RSS.
Enjoy!
This is an unplanned post for today, but still.
A critical vulnerability was discovered in MacOS and iOS. That allegedly allows an arbitrary code to be executed with kernel privileges.
Please, make sure to update your OS on Apple devices if you have any. Also, make sure that your IT department is aware of this in case you have Apple devices as work machines.
Patched versions:
- MacOS: 13.2.1
- iOS: 16.3.1
The official statement doesn’t have much info. There is more in this Twitter thread.
#security
I posted about S3 encryption not being a panacea back in a day.
Here’s another article about why AWS S3 encryption by default won’t solve security for you and why you still have to pay attention to the bucket settings.
#aws #security
Ok, folks. Now, it's my time to post a recap from Fosdem and Configuration Management Camp conferences.
You can find it on Substack or in my blog.
Also, I would appreciate it if you subscribe to my substack! I consider moving my writing activities there and keep the blog only as a markdown backup.
Unfortunately, I don't write that often, but hey, it's free to subscribe!
#slides #fosdem #cfgmgmt_camp #event
As you may have noticed, there were not that many posts in the recent days. I even missed the newsletter (there will be one, no worries). And generally I may not post much this week.
Yet, the Monday donations post is a must.
So. Musicians Defend Ukraine is a fund created by the folks from Ukrainian music industry. One of them is a good friend of mine (shout-out to Kontrabass Promo!)
If you always dreamed to be a musician but ended up in engineering somehow, do not hesitate to donate! Actually, do not hesitate to donate regardless your relationship with music.
#donations #Ukraine
Docker Buildkit has a new `COPY --link` feature.
With --link
enabled, files added with COPY
won't be copied to the previous layer, but a new layer will be created. This can help you to better cache specific things and accelerate your Docker builds.
#docker
Today's Donations Monday also goes to Come Back Alive.
Long hands of the Territorial Defense has accumulated 75% of its goal already and 7 regions have closed their goal. Let's help other TRDs complete their objectives as well!
If your region is already all-set, you can always help your neighbors or regions that have fewer donations, or Luhansk, which is the next in line.
#donations #Ukraine
Some time ago (initial commit on the 2nd of May 2021) I started a small side-project - an Awesome List of Ukrainian IT Communities.
There are more than 60 chats, groups, channels, and other resources mentioned there already! And I would appreciate if you help to make this list even more awesome 😎
Your PRs are very welcome!
Also, there is web view if you prefer that.
#culture
The recording of our latest voice chat (in Ukrainian) is already available!
This time we were talking about dynamic (and not only) development environments in a cloud.
As usual, you can listen to it on your favorite platforms:
- Spotify
- Apple Podcasts
- Google Podcasts
- Anchor
It is also available on YouTube
Also, I would appreciate it if you rate CatOps on the platform you’re listening to it or put your 👍 on YouTube.
P.S. If you would like to listen to CatOps on a platform that is currently not available, please, let me know in the chat.
#voice #говорилка
A technological Donations Monday!
One of the biggest Ukrainian charity foundations - Come Back Alive - has announced a "Cyber Fundraiser" together with Portmone.
The goal is to collect 50M UAH for cyber defense and offense. Currently, only 19% is reached.
#donations #Ukraine
As you may have heard, LastPass had a breach recently.
And it looks like things are chaim_sanders/its-all-bad-news-an-update-on-how-the-lastpass-breach-affects-lastpass-sso-9b4fa64466f6">more complex comparing to the initial “some encrypted data was retrieved”.
According to this article, organizations need to re-onboard their users with SSO provider (if they used any) to ensure that their data is secure in LastPass.
Reddit discussion.
#security
What about the Donations Monday? Well, this time it's not really a foundation or a specific need.
Friends of mine are organizing a special fundraising event - Kubernetes Community Days Ukraine.
As you all know, I don't usually post events' announcements here. Yet, there are exceptions like this.
#donations #Ukraine
Mermaid is a popular tool to create diagrams as code.
It was recently adopted by GitHub, so Mermaid diagrams are automatically displayed as diagrams in the Markdown files (not just in GH, BTW).
We use it in my team a lot and we’re very happy with it!
Here’s a Mermaid cheat sheet, so you can start using it as well (if not already)!
Their official documentation is good as well, although more verbose.
#mermaid #diagrams #github
Getting back to Pavlo and Naya for this Donations Monday.
They need to gather ~ €8100 for this week’s needs. 37% is there, 63% more to go! You know what to do!
- Pavlo’s requisites
- Naya’s requisites
#donations #Ukraine
Happy World Cats Day!
Feel free to share your cats in the comments 😏
P.S. It's the first Cats Day in 2023. Up to 7 more are coming
Long time no posts about databases! So, here’s a short story of how Retool migrated their 4TB Postgres database from version 9.6 to 13.
There are a couple of interesting moments in this story:
- “Lift and shift” migrations are still the case. Sometimes it’s better to have a brief period of downtime than risk a migration to fail mid-way
- Cloud solution might not suit or even fail you. Running things in the cloud doesn’t mean that you don’t need to take care of operations whatsoever (especially when it comes to DBs)
- Test using representative workload be it number of requests or the size of DB.
- Even if there’s a tool for a job, it may require some tweaking. Also, sometimes you need to be creative (it’s in the article, they’ve wrote a script to migrate a pair of particularly large tables)
- Write run books :)
I don’t know, how many of you manage databases, but these points are applicable not only to DB migrations I must say.
#databases
Donations Monday again!
TBH, I ran out of funds and charities in which I have personal connections.
So, this week I would appreciate it, if you could donate to my "little motherland" - Chernihiv region in the "Long Hands of TRD" project by Come Back Alive foundation! Of course, it's completely Ok if you want to support any other region.
I don't think this foundation require any sort of introduction. So, you know, what to do ;)
P.S. I need to get a new Linktree list with charities. I'll figure it out, I promise.
#donations #Ukraine
Green Metrics is a tool to measure energy impact and CO2 equivalent of your workloads. This is still an experimental tool, so don't run it in production, please.
Yet, I still want to share it because there's a visible shift in the industry from "just give it more cloud instances" towards resource optimization.
Another example is AWS using Rust for many of their core products to achieve their sustainability goals.
Also, there was a dedicated Energy track on FOSDEM, the first time in its history.
There are multiple driving factors for this shift. Funny enough, one of them being COVID. As a speaker from Meta (Facebook) said: "We would have been happy to add more servers, but there were no more servers because factories in China were closed due to COVID too".
#sustainability #enegry #aws
So, I was out for some time because both FOSDEM and Cfgmgmt Camp conferences are back offline.
Here you can find some notes from a friend of mine on some talks from the Go devroom:
- Summary “Five Steps to Make Your Go Code Faster & More Efficient”
- Summary “Squeezing a go function”
- Summary “Recipes for reducing cognitive load”
I need some time to process both conferences and write something on my own. I'll try to do it this week, but no commitments.
Also, a lot of FOSDEM videos are already available online. You can check them out on the official website.
#slides #go #programing
Charity Majors argues in her article that taking job hierarchy too close to your heart is problematic. We all want to get promotions and have our contributions recognized. However, this is not a race to the bottom. Getting a position that you hate just because it’s higher in the hierarchy can be damaging to your wellbeing.
I think this is an important thing. I know many folks, who strive for “higher” positions not because they want to make an impact, but because “this is how the world works”. Also, I know situations when people are in the positions they’re not qualified for, but they’re just “too long with the company”, etc.
The main argument is that it’s totally fine to be an engineer and stay on the individual contributor’s track.
There are a couple of advices from Charity on how to make this work:
- Treat work hierarchy not as a ladder, but as a data structure: the hierarchy represents, who does what, but not who is “cooler”
- Involve engineers into the decision making process. If becoming a manager is the only way to make your voice heard, you’re in a wrong organization
- Flatten compensation ranges: it’s not necessary for the managers to earn more than individual contributors. In fact, it can be the opposite in many cases
- Be transparent and make sure that people understand not only what do they do, but also why. It’s not the amount of work that makes people burn out in many cases, but a feeling of meaningless of that work.
#culture