DevSecOps Weekly Newsletter, Zeno, a FAUN Newsletter. π View in your browser Β |Β βοΈ Publish on FAUN.dev Β |Β π¦ Become a sponsor
Zeno
Curated DevSecOps news, tutorials, tools and more!
πΎ From FAUNers
faun.dev
We're glad to share with you the latest projects we've been working on recently!
βΉοΈ Our YouTube channel:
We have never been active on Youtube before, but we're now experimenting with a concept of a weekly short video series that we called "5 Minutes FAUN". We're trying to share as much useful information as possible in a short video. The idea is to be efficient and to the point in each video.
So far, we published around 20 short videos. You can find them here .
These are some series we started so far, more are coming soon:
π 5 Minutes Golang
π 5 Minutes Python
π 5 Minutes DevOps
π 5 Minutes CloudNative
π 5 Minutes AI
π 5 Minutes Kubernetes
π 5 Minutes Programming
π 5 Minutes AWS
In less than 2 weeks, we've got:
β 30,000 views
β 500 watch hours
β 200 new subscribers
Some of the most popular videos are:
π Why is Kubernetes Written in Go ?!
π The Real Reason why Go is not so Popular
π Highest Paying Programming Languages
π YAML = Your Abstraction Master Language
π and others!
That's a great start! We're looking forward to growing our Youtube channel and sharing more useful information with you.
Please subscribe to the channel . If there are any topics you'd like us to cover, simply reply to this email or leave a comment on the Youtube channel. We'll do our best to cover them in future videos.
βΉοΈ Our Youtube live music stream:
We're also experimenting with a new concept of a live music stream. This month, we launched a new Lo-Fi music live stream on Youtube . Many people listen to this genre of music while coding, so we thought it would be a good idea to create a live stream for our developer community. We're adding new songs to the stream every week.
You can find the stream here .
Are there other music genres you'd like us to stream? Let us know by replying to this tweet .
We're looking forward to growing this stream and sharing more music with you. Please subscribe to the channel. If there are any topics you'd like us to cover, simply reply to this email or leave a comment on the Youtube channel. We'll do our best to cover them in future videos.
βΉοΈ FAUN community subreddits:
In addition to the old subreddit /r/DevOpsLinks, we launched multiple others. These subreddits are a place for FAUNers who are also Redditors to share links and start discussions. This is the complete list of the subreddits we have today:
π DevOps : /r/DevOpsLinks
π CloudNative : /r/CloudNativeLinks
π DevSecOps : /r/DevSecOpsLinks
π Golang : /r/GolangLinks
π Monitoring/Observability : /r/MonitoringLinks
π Programming : /r/ProgrammingLinks
π Python : /r/PythonLinks
π AI/ML : /r/AILinks
π Kubernetes : /r/KubernetesLinks
Don't forget to join your favorite subreddits! Let's make them a place to share and discuss the latest news and trends in the DevOps, CloudNative, DevSecOps, Golang, Monitoring, Programming, Python, AI, and Kubernetes ecosystems.
More subreddits are coming soon!
βΉοΈ Our coming soon FAUN Topics (Weekly Newsletter):
As you may know, we're working on new weekly FAUN Topics:
π Kala: AI Weekly Newsletter.
π Secra: Security Weekly Newsletter.
If you'd like to subscribe to these newsletters, head over to FAUN website, click on the top menu, then " Newsletters settings ". You can subscribe to any newsletter you like. You can also unsubscribe from any newsletter you no longer want to receive using the same page.
βΉοΈ How to support FAUN?
If you'd like to support FAUN and future projects, you can subscribe or donate here .
Alternatively, follow us on our social media channels, subscribe to our Youtube channel, and share our content with your friends or share your feedback with us by replying to one of our weekly newsletters.
βΉοΈ Our YouTube channel:
We have never been active on Youtube before, but we're now experimenting with a concept of a weekly short video series that we called "5 Minutes FAUN". We're trying to share as much useful information as possible in a short video. The idea is to be efficient and to the point in each video.
So far, we published around 20 short videos. You can find them here .
These are some series we started so far, more are coming soon:
π 5 Minutes Golang
π 5 Minutes Python
π 5 Minutes DevOps
π 5 Minutes CloudNative
π 5 Minutes AI
π 5 Minutes Kubernetes
π 5 Minutes Programming
π 5 Minutes AWS
In less than 2 weeks, we've got:
β 30,000 views
β 500 watch hours
β 200 new subscribers
Some of the most popular videos are:
π Why is Kubernetes Written in Go ?!
π The Real Reason why Go is not so Popular
π Highest Paying Programming Languages
π YAML = Your Abstraction Master Language
π and others!
That's a great start! We're looking forward to growing our Youtube channel and sharing more useful information with you.
Please subscribe to the channel . If there are any topics you'd like us to cover, simply reply to this email or leave a comment on the Youtube channel. We'll do our best to cover them in future videos.
βΉοΈ Our Youtube live music stream:
We're also experimenting with a new concept of a live music stream. This month, we launched a new Lo-Fi music live stream on Youtube . Many people listen to this genre of music while coding, so we thought it would be a good idea to create a live stream for our developer community. We're adding new songs to the stream every week.
You can find the stream here .
Are there other music genres you'd like us to stream? Let us know by replying to this tweet .
We're looking forward to growing this stream and sharing more music with you. Please subscribe to the channel. If there are any topics you'd like us to cover, simply reply to this email or leave a comment on the Youtube channel. We'll do our best to cover them in future videos.
βΉοΈ FAUN community subreddits:
In addition to the old subreddit /r/DevOpsLinks, we launched multiple others. These subreddits are a place for FAUNers who are also Redditors to share links and start discussions. This is the complete list of the subreddits we have today:
π DevOps : /r/DevOpsLinks
π CloudNative : /r/CloudNativeLinks
π DevSecOps : /r/DevSecOpsLinks
π Golang : /r/GolangLinks
π Monitoring/Observability : /r/MonitoringLinks
π Programming : /r/ProgrammingLinks
π Python : /r/PythonLinks
π AI/ML : /r/AILinks
π Kubernetes : /r/KubernetesLinks
Don't forget to join your favorite subreddits! Let's make them a place to share and discuss the latest news and trends in the DevOps, CloudNative, DevSecOps, Golang, Monitoring, Programming, Python, AI, and Kubernetes ecosystems.
More subreddits are coming soon!
βΉοΈ Our coming soon FAUN Topics (Weekly Newsletter):
As you may know, we're working on new weekly FAUN Topics:
π Kala: AI Weekly Newsletter.
π Secra: Security Weekly Newsletter.
If you'd like to subscribe to these newsletters, head over to FAUN website, click on the top menu, then " Newsletters settings ". You can subscribe to any newsletter you like. You can also unsubscribe from any newsletter you no longer want to receive using the same page.
βΉοΈ How to support FAUN?
If you'd like to support FAUN and future projects, you can subscribe or donate here .
Alternatively, follow us on our social media channels, subscribe to our Youtube channel, and share our content with your friends or share your feedback with us by replying to one of our weekly newsletters.
π Stories, Tutorials & Articles
www.forbes.com
DevSecOps brings development, security and operations teams together to build better processes and products. However, adopting DevSecOps isnβt a simple, single step; it requires new partnerships and processes backed by the full commitment of stakeholders.
16 members of Forbes Technology Council share common reasons why DevSecOps efforts fail and how these missteps can be avoided.
16 members of Forbes Technology Council share common reasons why DevSecOps efforts fail and how these missteps can be avoided.
grafana.com
Logs are a key pillar of observability for many reasons, such as how they are stuffed full of details. Yet searching logs for indications of compromise (IOCs) is not an easy job.
One project to help security teams identify suspicious or even malicious activity is the open source Sigma project.
SigmaHQ created a pySigma Grafana Loki backend, which can take the Sigma rules you are interested in searching for and produce a Log
One project to help security teams identify suspicious or even malicious activity is the open source Sigma project.
SigmaHQ created a pySigma Grafana Loki backend, which can take the Sigma rules you are interested in searching for and produce a Log
cloud.google.com
From Google's new report on supply chain security vulnerabilities, CISO Phil Venables offers five tips on how Google Cloud can help secure your software.
These recommendations can enable customers to benefit from Googleβs extensive security experience and reduce their need to develop, maintain, and operate complex processes to secure their open source dependencies .
Google also strongly recommends you evaluate how you distribute software and the terms of software licenses in all of your dependencies.
These recommendations can enable customers to benefit from Googleβs extensive security experience and reduce their need to develop, maintain, and operate complex processes to secure their open source dependencies .
Google also strongly recommends you evaluate how you distribute software and the terms of software licenses in all of your dependencies.
www.neowin.net
PyTorch, an open-source machine learning framework, has seemingly been the target of a supply chain attack.
A problematic package with the same name was uploaded to the Python Package Index (PyPI) repository over the holidays. An investigation by PyTorch determined that the malicious "torchtriton" package sent system data from a user's computer to a recent domain.
The owner of the malicious package and the domain where user data was being sent defended their actions as being ethical research and apologized.
A problematic package with the same name was uploaded to the Python Package Index (PyPI) repository over the holidays. An investigation by PyTorch determined that the malicious "torchtriton" package sent system data from a user's computer to a recent domain.
The owner of the malicious package and the domain where user data was being sent defended their actions as being ethical research and apologized.
blog.phylum.io
Phylum analyzes open-source packagesβ source code and metadata as they are published into several popular ecosystems.
This year, they analyzed 627M source files across 11M package publications. Phylum reported on three large-scale campaigns targeting NPM and PyPI, with many smaller campaigns occurring during the last six months.
Developers are the new high-value targets, and attackers are exploiting this friction to gain an advantage in targeting developers directly. The battle between security teams wanting more visibility and developers wanting to code without interruptions has caused noticeable friction between these two teams.
This year, they analyzed 627M source files across 11M package publications. Phylum reported on three large-scale campaigns targeting NPM and PyPI, with many smaller campaigns occurring during the last six months.
Developers are the new high-value targets, and attackers are exploiting this friction to gain an advantage in targeting developers directly. The battle between security teams wanting more visibility and developers wanting to code without interruptions has caused noticeable friction between these two teams.
πΊ Quick Hits
With just one click, admins in GitHub Advanced Security organizations can protect their custom patterns on push.
A high-severity security vulnerability in the Kyverno admission controller for container images could allow malicious actors to import a raft of nefarious code into cloud production environments.
β Supporters
faun.dev
FAUN's Job Board offers an exceptional platform to connect with skilled developers, DevOps professionals, and software engineers who are eager to contribute to the success of your organization.
Post your job openings on FAUN's Job Board today and watch your talent pool grow.
Get started now .
Post your job openings on FAUN's Job Board today and watch your talent pool grow.
Get started now .
faun.dev
π If you're a Developer or a maintainer of a widely adopted Open Source project and you think it's worth talking about it and your experiences in building it, join Humans Behind Code and get interviewed and published on faun.dev!
faun.dev
Meet developers where they are, not where you want them to be. Fill out the form and download our mediakit .
π¦ Videos, Talks & Presentations
π Book picks
www.amazon.com
Learning how to interact and automate with Linux is essential for millions of professionals. Python makes it much easier. With this book, you'll learn how to develop software and solve problems using containers, as well as how to monitor, instrument, load-test, and operationalize your software. Looking for effective ways to "get stuff done" in Python? This is your guide.
- Python foundations, including a brief introduction to the language
- How to automate text, write command-line tools, and automate the filesystem
- Linux utilities, package management, build systems, monitoring and instrumentation, and automated testing
- Cloud computing, infrastructure as code, Kubernetes, and serverless
- Machine learning operations and data engineering from a DevOps perspective
- Building, deploying, and operationalizing a machine learning project
βοΈ Tools, Apps & Software
github.com
This repository contains a curated list of resources I suggest on LinkedIn and Twitter
github.com
CLI tool for directly patching container images using reports from vulnerability scanners
π€ Did you know?
ENIAC (Electronic Numerical Integrator and Computer) was the first programmable, electronic, general-purpose digital computer, completed in 1945.
π Meme of the week
