Infrastructure as Code and Configuration Management topics are old and boring. It seems like it's almost impossible to have anything conceptually new in this domain, except some drama around licensing.
Yet, in this blogpost Nathan Peck (he works in AWS, IIRC) argues that we could do it differently and that we could do it better.
The core idea is that instead of writing some YAML or DSL to define various resources and then try to group them somehow, we could leverage the same approach that Web technologies took. More specifically, "decorating" objects with properties provided separately. Similarly to what CSS does to HTML.
There's also a discussion of this post on Hacker News
#iac
💡Міністерство оборони України шукає найкращі технологічні рішення для вдосконалення безпілотних систем на фронті.
28-29 січня проводимо Хакатон «Наступ Машин».
Якщо ви — інноватор, інженер чи військовий і маєте ідею щодо розвитку безпілотних систем, реєструйтеся за посиланням: https://forms.gle/Yu7uRrj578ihsXJu6
Серед членів журі Хакатону:
▪️Тарас Чмут (https://www.facebook.com/TarChmut )
▪️Серж Марко (https://www.facebook.com/serg.marco )
▪️Сергій Флеш (https://www.facebook.com/Serhii.Flash )
І це ще не всі – інших анонсуємо згодом.
Перелік челенджів та деталі щодо заходу ви отримаєте після реєстрації.
Наша мета — створення технологічної переваги над ворогом 10:1. Воювати мають машини, а не люди.
Для цього розвиваємо технології перемоги разом! Craft the Future of Unmanned Systems.
Співорганізаторами Хакатону є Генеральний штаб ЗСУ, Міністерство з питань стратегічних галузей промисловості і defence tech кластер Brave1.
You know how it works: people are posting their end-of-the-year results at the end of each year and their predictions for the future at the beginning of each year.
In this video, Viktor Farcic shares his thoughts on the tools to check out (or continue using) in 2024.
#tools #predictions #video
I would like to remind you about the UA Responders foundation that raises funds for tactical medicine.
You can support them here:
https://uaresponders.org/donate/
#donations #Ukraine
A new episode of our voice chat is here! This time we had a single yet broad topic of architecture and the architect role in companies.
The episode is in Ukrainian and available on:
- YouTube
- Substack
- Spotify
- Apple Podcasts
- Google Podcasts
Enjoy!
P.S. Also, CatOps is participating in the DOU Awards "Podcasts" department! I would really appreciate it if you could support us here with your vote!
#voice_chat
Let's start a new year with something entertaining, like talk about hacking train DRM to be able to fix it.
Additional points, if you'll describe in comments which DevOps, Software Engineering, and Legal Practices were violated by the train manufacturer (:
And, don't forget to support Ukraine 🇺🇦.
I was about to leave for the wnter holidays, but then I recalled that I still owe you the last issue of the CatOps Digest of this year.
So, here you are!
https://open.substack.com/pub/catops/p/catops-digest-2023-12-26
I wish you very pleasant holidays and see you next year!
#digest #newsletter
Let's talk a little bit about culture. Culture of sabotage!
That's a nice guide of how to drop productivity to a minimum without being caught. Enjoy!
https://erikbern.com/2023/12/13/simple-sabotage-for-software.html
#culture
A Linux book bundle on Humble Bundle. Now, I know that people have mixed feelings about books by Packt. Some folks say that they are too basic.
So, if you’re unhappy about the Packt books, you may want to check the Software Development bundle that has a couple of books on CI/CD, DevOps, and SRE topics.
#books
If you are running dynamic environments in Kubernetes or any other ephemeral workloads, you need a way to clean up things once these environments are no longer needed or once your tests are done.
k8s-cleaner may help with it. It's a controller that deletes Kubernetes resources, including custom resources, on a schedule. It supports dry run and some options for customizations.
#kubernetes
A brief glance into how Uber’s ETA calculator works.
tl;dr: Graph segmentation and smart guessing.
#programming #system_design
A new issue of the CatOps Digest is here!
https://open.substack.com/pub/catops/p/catops-digest-2023-12-10
#digest #newsletter
A collection of video tutorials on various DevOps-ish topics on Humble Bundle.
I don’t know if any of those are good, but there are some of the big names behind some videos.
If you’re not interested in videos, there’s also a bundle of book on ML and AI from O’Reilly. Those are usually good.
#books
A new fundraiser by Come Back Alive to strengthen Ukrainian snipers.
Unfortunately, the page is only available in Ukrainian as for now. Yet, all the modern browsers have the translate function these days.
The goal is 220M UAH.
#donations #Ukraine
Aqua Security warn people about the danger of the supply chain attacks using Kubernetes Secrets.
We all know this story: base64
is not an encryption, Kubernetes Secrets may have a ton of sensitive information, etc. The article just provides some data from Aqua’s recent research.
However! There’s another viewpoint on Kubernetes Secrets - Plain Kubernetes Secrets are fine. This is the thing I wanted to share with you today.
The main gist of this article is that you cannot really tell if something is secure or not without a threat modeling. Also, that the auto-unsealing feature in Vault kinda negates some if its security features.
Apparently, there’s a discussion about this article in a form or a podcast but I haven’t checked it out yet.
Also, if you need some guides for threat modeling, OWASP website is a good place to start.
So, do your due diligence, do threat modeling, and have a nice day!
#security #kubernetes
For today’s Donations Monday you can support our snipers to start your week on a good note.
#donations #Ukraine
Good news in Terraform world!tofu test
syntax is the same (or pretty similar) to terraform test
syntax in 1.6+
Also, it's first GA release of opentofu (about 5 months from forking)
Let's see how it will go. Currently, I can said that there bunch of folks who bombard everything with "please support tofu in N" (before there were any releases) but don't do anything to contribute to projects.
Also, in case you're excited about migration to tofu - firstly, you must fix all your TF code stacks, which is nearly impossible in huge organizations. Or make gradual migration => live with both tf and tofu side by side for months.
#terraform
Just recently Denys made a video about the interviewing process into a “hot” AI startup.
They use Python there (surprise, surprise). And just today I’ve noticed a Python book bundle on Humble Bundle.
Also, if you’d rather switch to the management career track all together, there’s another book bundle for you.
I know that some people complain about the quality of Packt books, but I’m a simple man: I see a relevant book bundle - I share it. Now, you can decide for yourself.
#python #management #books
The first CatOps digest of the year 2024 is available here:
https://newsletter.catops.dev/p/catops-digest-2024-01-07
#digest #newsletter
Start the new year with donations to the Ukrainian military!
Back and Alive raise 220M UAH for Ukrainian snipers.
You can join the fundraiser here
#donations #Ukraine
Root Cause Chronicles: Connection Collapse is a hypothetical (or not?) scenario of a production outage.
What I like about such hypothetical scenarios compared to postmortem articles is that they usually focus on the process, while postmortems focus on outcomes. In other words, in articles like this you see something like: “We checked an app A and then an app B, and then this DB and that cluster; and finally we found it!”, while postmortems tend to condence the same process into dry statements like: “After thorough investigation we found that it was a DNS issue”.
Thus, such hypothetical articles better showcase an actual process of the incident resolution, in my opinion.
Bonus: InfraCloud (authors of this article) have a repository with such incident scenarios that you can study.
#sre #oncall #incident_management
**Database Fundamentals.**
Because it just fundamentals, it can take a few hours to read and understand + mandatory breaks :)
It's one of the best articles I've seen on general DB topics, with a huge amount of links and notes to go deeper into Rabbit Hole. Definitely recommend it to read.
#databases
Protect the Sky fundraiser has 5% left to close its goal!
It was 10% two weeks ago, when I previously posted this fundraiser.
Thus, I believe it’s possible to close it before the end of the year!
#donations #Ukraine
An interesting read by Monzo about how they implemented Kubernetes Network Policies for 1.5k microservices.
There are some questionable parts in there, in my opinion. For example, why building your own tool to "guess" where an app connects to if you could use a network monitoring tool. However, those are not directly related to the main topic.
An interesting part is how folks in Monzo "reverted" the idea behind Network Policies using templating. So, instead of a target services allowing internal connections, a caller can specify the groups of services it wants to connect to.
Although, I think it partially negates the idea of Network Policies, I can completely understand, why Monzo did that from the UX perspective.
Also, here's a Reddit discussion on the topic. I love the top comment there:
How would you even know that another team plans to connect your apps?
- By communicating...
Less than 10% left to fulfill the Protect the Sky fundraiser that Come Back Alive is doing together with Nova Posta.
This is a big one, but let’s pull out!
#donations #Ukraine
I haven’t participated in salary surveys by DOU because it was limited to people based in Ukraine. This limitation is lifted now.
Also, this time (not sure if it was always like this) salary survey comes together with the survey about the popularity of programming languages. It would be interesting to compare its results with the similar research by StackOverflow.
Yet, for the results to be representative, make sure to spend a couple of minutes and fill out the survey!
An opinionated article that claims that one has to keep all the dependencies in version control.
Now, I don’t have strong opinions here. On one hand the proposal in this article sounds extreme. On another hand, my team has quite a few Go projects and we use vendored modules there.
So, we actually keep the dependencies in VCS. As anything else, it has its pros and cons. I could build a project and run some isolated tests on a plane. But also it almost impossible to review a PR that touches that vendor/
directory.
The author points out that it’s Git’s fault that it’s not designed to work with large number of files and files of a large size. Yes, I’d ask for a reality check here, some Git is omnipresent these days.
#programming #git #opinion
A new episode of the CatOps Voice Chat is here!
This time we have talked about mentoring other people and some other topics.
You can find it on:
- YouTube
- Substack
- Spotify
- Apple Podcasts
- Google Podcasts
#voice #mentorship
You likely know that this weekend more than 70 Shahed drones were shot down.
It’s crucial to support Air Defense and Come Back Alive together with Nova Posta do just that!
Donate to strengthen the Air Defense. Currently, 84% of the total goal is reached.
#donations #Ukraine