|
🔗 From the web |
|
|
|
We discovered an AWS access vulnerability |
|
|
AWS IAM was used extensively by Stedi to enforce role-based access control for customers. A vulnerability was discovered in AWS STS where role trust policy statements were evaluated incorrectly, allowing unauthorized access to AWS accounts. Stedi shared their discovery process and collaboration with AWS, highlighting the importance of rigorous testing and communication with service providers. |
|
|
|
|
|
|
State of DevSecOps ✅ |
|
|
An analysis of security posture across a range of applications written in various programming languages found that Java services are disproportionately affected by vulnerabilities, with a high percentage of services vulnerable to critical, high-severity issues introduced by third-party libraries. Vulnerabilities in Java services often originate from indirect dependencies, emphasizing the importance of considering the full dependency tree and regularly updating dependencies to mitigate risks. Priority frameworks for vulnerability assessment and efficient infrastructure code practices, such as using lightweight container images and implementing Infrastructure as Code (IaC) with version control, are crucial for organizations to address cybersecurity threats effectively and reduce potential risks. |
|
|
|
|
|
|
Distributed SQLite: Paradigm shift or hype? |
|
|
SQLite is a fast embedded database designed for client-side applications. Projects like Cloudflare D1, fly.io, and Turso are trying to use SQLite as an edge database, but they face challenges with eventual consistency and lack of support for interactive transactions. Using HTTP caching may be a simpler solution for achieving fast web applications globally. Most teams will benefit more from using PostgreSQL as a backend database instead of trying to retrofit SQLite for backend applications. |
|
|
|
|
|
|
How I Tripped Over the Debian Weak Keys Vulnerability |
|
|
Next month will mark the 16th anniversary of the disclosure of a major vulnerability in the Debian OpenSSL package that resulted in predictable private keys. In 2008, a solution was implemented at Engine Yard to address slow SSH login times for GitHub users, involving patching OpenSSH to lookup keys in a MySQL database. However, a month later, users were able to access other users' repositories over SSH due to key collisions caused by the Debian weak keys vulnerability. |
|
|
|
|
|
|
Stop going to the cloud and getting scammed ♻️ |
|
|
$200 infra to serve your startup till 100k monthly users in 15 minutes. Self-hosted Postgres, caddyserver and docker-compose FTW. |
|
|
|
|
|
|
Why Fugaku, Japan’s fastest supercomputer, went virtual on AWS |
|
|
The supercomputer Fugaku, developed by Japan's RIKEN Center for Computational Science, is now available on the Amazon Web Services (AWS) Cloud for easier access. Fugaku has been used for various societal needs, from COVID-19 simulations to drug discovery and economic forecasting. |
|
|
|
|
|
|
Redis is forked |
|
|
Redis has played a significant role in many developers' work on high-scale, low-latency web services for the past fifteen years. It is a reliable and efficient tool that empowers developers and handles high throughput with low latency, making it a go-to choice in the industry. The recent licensing changes and potential impacts on future projects and contributions to Redis are still uncertain, leading to some hesitation in the developer community. |
|
|
|
|
|
|
Transitioning to OpenTelemetry |
|
|
In this guest blog, Einar Norðfjörð walks through Birdie's journey moving from logs to OpenTelemetry and Honeycomb's tracing. |
|
|
|
|
|
|
How to Build a Data Center in 5 Steps |
|
|
Establishing internal network infrastructure: Configuring a robust internal network infrastructure is key to efficient data center operations. This involves setting up switches, routers, and firewalls to manage data flow and protect against intrusions. Redundancy is critical for ensuring high availability and reliability. Strategies include redundant network paths, failover mechanisms, and load balancing to maintain seamless connectivity. |
|
|
|
|
|
|
The Scary Thing About Automating Deploys ✅ |
|
|
Most of Slack runs on a monolithic service called "The Webapp" with hundreds of developers making hundreds of changes weekly. Deploying at this scale poses a unique challenge, especially in implementing continuous deployment. Slack deploys from its Webapp repository 30-40 times a day to its production fleet, with a median deploy size of 3 PRs, managed by ReleaseBot for automation. Monitoring deployments for anomalies is crucial, with z scores and dynamic thresholds used by Slack to detect anomalous behavior during deployments. |
|
|
|
|
|