| |
| 🔗 Stories, Tutorials & Articles |
| |
|
| |
| Live Migrating Production Clusters From Calico to Cilium |
| |
| |
Kubernetes clusters can run on different CNIs, and switching between them is complex. Migrating from Calico to Cilium, for example, involves deploying Cilium alongside Calico, testing connectivity, and gradually switching workloads to use Cilium. This method ensures minimal downtime and service disruption. |
|
| |
|
| |
|
| |
| Revealing the Inner Structure of AWS Session Tokens ✅ |
| |
| |
Researchers have successfully reverse-engineered AWS Session Tokens, revealing their internal structure and cryptographic methods. They created open-source tools for analyzing and modifying these tokens and tested their resilience against forging attacks, finding them robust. Additionally, they identified five distinct token variants and detailed AWS's key management practices. |
|
| |
|
| |
|
| |
| Making Damn Vulnerable Web Application (DVWA) almost unhackable with Cilium and Tetragon ✅ |
| |
| |
Cilium and Tetragon are two powerful tools combined to defend the Damn Vulnerable Web Application (DVWA) against attacks by harnessing the power of eBPF technology in the Kubernetes universe. By utilizing Cilium for process, file, HTTP, and network-based defenses alongside Tetragon for security observability and runtime enforcement, the DVWA becomes almost impervious to common OWASP vulnerabilities. The integration of Cilium and Tetragon in an enterprise setting bridges the gap between developers and security by providing robust defenses against known threats. |
|
| |
|
| |
|
| |
| Is Cloudflare overcharging us for their images service? ✅ |
| |
| |
| The author investigated unexpectedly high charges from Cloudflare Images for EphemeraSearch , involving complex billing cycles and credits. They discovered that changing image storage capacity triggers immediate charges, with credits applied the following month, leading to temporary overbilling. Despite the good service, the pricing model proved unsuitable for their needs, prompting exploration of alternative storage solutions. |
|
| |
|
| |
|
| |
| The DevOps Guide to SaaS Security |
| |
| |
In February 2023, LastPass experienced a security breach involving a targeted attack on a DevOps engineer’s access to the corporate vault. This incident highlights the critical importance of robust access controls and security practices in SaaS environments, where customers must secure applications, data, and configurations. Implementing strong authentication, least privilege access controls, and automated identity governance are essential for maintaining SaaS security. |
|
| |
|
| |
|
| |
| CVE-2024-5535: `SSL_select_next_proto` buffer overread |
| |
| |
CVE-2024-5535 is a bug in OpenSSL that has been present since 2011, allowing the leakage of up to 255 bytes of the client's heap data to the server when the SSL_select_next_proto function is called with a client buffer that is not a valid list of protocols. This bug affects OpenSSL, BoringSSL, Node.js, and Python versions prior to specific updates that removed NPN support. Despite being low severity, it could have resulted in memory safety issues. |
|
| |
|
| |
|
| |
| How I discovered the Organization ID of any AWS Account ✅ |
| |
| |
The author's research led to a new finding, prompting AWS to make significant changes to VPC Endpoint behavior by preventing information discovery using VPC endpoints. The change includes restrictions on the usage of wildcard characters in VPC Endpoint policies, specifically in relation to global context keys like aws:PrincipalAccount. This change was swiftly implemented by AWS in response to the author's findings, with updates to the documentation reflecting the new policy restrictions. |
|
| |
|
| |
|
| |
| 2024 Stack Overflow Developer Survey ✅ |
| |
| |
Here are some key findings:- 66% of developers have a BA/BS or MA/MS degree
- PostgreSQL is the most popular database for the second year in a row
- Docker is used the most by professional developers and npm is used the most by developers learning to code
- Jira and Confluence are the most used asynchronous tools
- Rust is the most-admired programming language
- Erlang developers have the highest reported median salary
- ChatGPT is the most used AI tool, with many developers wanting to use GitHub Copilot next year
- 76% of respondents are currently using or planning to use AI tools in their development process
- Most developers agree that AI tools will be more integrated in documentation, testing, and writing code in the next year
- 75% of developers are more likely to endorse technologies that provide access to APIs
|
|
| |
|
| |
|
| |
| 10 Open-Source Tools for Optimizing Cloud Expenses |
| |
| |
Explore 10 open-source tools that can reduce cloud costs and may be chosen as cost optimization tools. |
|
| |
|
| |
|
| |
| Kubernetes 1.31 - What’s new? ✅ |
| |
| |
Kubernetes 1.31 introduces several major enhancements, including AppArmor support for defining security profiles at the container or pod level. Another notable change is the removal of all in-tree integrations with cloud providers, pushing Kubernetes towards vendor neutrality. Additionally, improvements include better handling of pod-level resource limits, enhanced connectivity reliability for KubeProxy Ingress, and various user-friendly updates like a randomized algorithm for Pod selection when downscaling ReplicaSets. |
|
| |
|
| |
