Scott's Weblog The weblog of an IT pro focusing on cloud computing, Kubernetes, Linux, containers, and networking

Technology Short Take 164

Welcome to Technology Short Take #164! I’ve got another collection of links to articles on networking, security, cloud, programming, and career development—hopefully you find something useful!

Networking

  • William Morgan’s 2022 service mesh recap captures some of the significant events in service mesh in 2022, although through a Linkerd-colored lens. I do agree that the synergy between service mesh and the Gateway API was a surprise for a lot of folks, but they really are a good match.
  • Back in October of last year, Tom Hollingsworth weighed in on Hedgehog, the networking company that has set out to commercialize SONiC, a Linux-based NOS used extensively in Azure.
  • Ah, the bygone sounds of yesteryear…what a blast from the past!

Servers/Hardware

  • What do you think of the ThinkPhone? (Hat tip to James Kane for bringing this to my attention.)
  • I just found this article buried in my list of “articles to include in a future TST”: it’s a list of blade server resources from “blade server guy” Kevin Houston.

Security

Cloud Computing/Cloud Management

Operating Systems/Applications

Storage

Programming

  • Here is Raul Jordan’s list of Rust concepts he wishes he’d learned earlier.

Virtualization

Career/Soft Skills

That’s all for now! If you found something useful here, feel free to share a link to this post via your social media channels. I’d also love to hear from you if you have any feedback on how I might improve posts like this (or other content); feel free to contact me on Twitter, on Mastodon, or on Slack (the Kubernetes and Pulumi Slack communities are where you’ll find me most often). Thanks for reading!

Technology Short Take 163

Welcome to Technology Short Take #163, the first of 2023! If you’re new to this site, the Technology Short Takes are essentially “link lists”—I collect links and articles about various technologies and I share them about every 3-4 weeks (sometimes more frequently). I’ll often add a bit of commentary here and there, but the real focus is the information in the linked articles. But enough of this, let’s get on with it! Here’s hoping you find something useful here.

Networking

Servers/Hardware

  • Back during the AWS re:Invent 2022 timeframe, I came across this newsletter focused on AWS custom chips (Graviton, Trainium, Inferencia). If staying up-to-date with this topic is important for your role, then subscribing is probably a good idea. (I did.)
  • I enjoyed this story on the mass extinction of UNIX workstations and the trials and travails of trying to run your own UNIX workstation.

Security

  • This could be bad—a wormable vulnerability that could allow attackers to remotely execute code by exploiting potentially any Windows application protocol that provides authentication, including (potentially) SMTP or HTTP. Ouch. Get more details in this article.
  • Nigel Douglas shows how to mitigate DoS (Denial of Service) attacks in Kubernetes. The article title led me to believe that both Falco and Calico would be used; although they are both discussed (Falco for detection and Calico for prevention), the bulk of the work falls to Calico.
  • Now that a fix has been supplied, Microsoft publicly discusses Achilles, a vulnerability they discovered in the macOS Gatekeeper security mechanism.
  • Let’s hope this doesn’t turn out to be a significant issue for folks.

Cloud Computing/Cloud Management

Operating Systems/Applications

Virtualization

Career/Soft Skills

That’s all for now! As always, I love to hear from readers, so please feel free to engage with me through a variety of channels: you can engage with me on Twitter, I’m also on Mastodon (via the excellent Fosstodon instance), and you can find me in a variety of Slack communities (the Kubernetes and Pulumi communities are great examples). Thanks for reading!

A Depth Year in 2023

Off and on for a number of years, I published a “projects for the coming year” post and a “report card for last year’s projects” post (you can find links to all of these here). Typically, the project list was composed of new things I would learn and/or new things I would create or do. While there’s nothing wrong with this sort of thing—not at all!—I came across an idea while reading that I’ve decided I’ll adopt for 2023: a depth year.

The idea comes from this article, which I found while searching for some other information. Basically, a “depth year” is a year focused on going “deeper” (increasing your expertise in things you already know) instead of going “wider” (adding new things to what you know). Don’t take on new hobbies; instead, focus on getting better at the hobbies you already have. Don’t buy new books; instead, read the unread books that you keep meaning to get around to but never actually do. Don’t buy courses to learn something new; instead, finish the courses you already purchased.

I love this idea. Now, I know already that there is one small area where I’ll violate the rule of not starting something new (stay tuned for that), but I’m going to try to adhere to the spirit of the depth year as much as possible:

  • I can finish reading Deep Work by Cal Newport, which I started and never finished. And, since I have two of my sons finally reading it, I may go re-read So Good They Can’t Ignore You again (one of my favorite books).
  • Perhaps I’ll finish reading Mindshift by Barbara Oakley, which I also started but never finished.
  • I have several other books that are on my shelf that I haven’t even started yet; those include Soft-Wired and Tinker Dabble Doodle Try.
  • I can work on becoming more proficient with Golang by finishing some of the Go courses that I purchased a couple years ago.
  • I can revisit topics I blogged about in past years to be sure the knowledge is still correct and accurate, and write or update posts accordingly.

Those are just a few potential “deeper not wider” efforts that I can take on in 2023. I’m sure there are far more; like so many of us, there is a pile of abandoned projects and efforts to pull from.

What about you? What are your plans for 2023? Have you considered taking a depth year, to focus on going deeper instead of going wider? I’d like to hear your thoughts—feel free to engage with me on Twitter, with me on Mastodon, or with me in any of the various Slack communities in which I participate (the Pulumi community Slack and the Kubernetes community Slack are two great options). Let me know what you think about taking a depth year!

Technology Short Take 162

Welcome to Technology Short Take #162! It’s taken me a bit longer than I would have liked to get this post assembled, but it’s finally here. Hopefully I’ve managed to find something you’ll find useful! As usual, the links below are organized by technology area/discipline, and I’ve added a little bit of commentary to some of the links where it felt necessary. Enjoy!

Networking

Security

  • Rory McCune has a series of articles on PCI compliance in containerized and Kubernetes environments. These are worth a read if security and compliance are your jam (see here, here, here, here, here, here, and here). I suspect more are in the works, so stay tuned to his site!
  • Persistent malware in ESXi hypervisor environments? Ugh! See here for more details.
  • The corny (cheesy?) food references in the title of this article are almost too much. Hey, at least they’re having fun with it.
  • Chris Farris shares some tips for securing GitHub organizations. The article is a tad focused on Steampipe, but there are general takeaways that I think are useful.
  • This article is an interesting look at Internet scanning.

Cloud Computing/Cloud Management

  • This was a neat article that came out of one of Pulumi’s recent “Pulumi Challenges.”
  • Dave Hall has an article about tracking infrastructure using Terraform and AWS SSM Parameter Store.
  • Jim Counts’ beginner’s guide to Pulumi CI/CD pipelines provides an overview of Pulumi and a guide on using it with Azure DevOps. (Note: this article is a couple years old, so keep that in mind—some things may have changed with both Pulumi and Azure DevOps since this article was published.)
  • Engin Diri’s article on continuous cluster audit scanning with Trivy is a “two-for-one” article: you get to see some Pulumi YAML to create a Kubernetes cluster on Civo, and you get to see writing policies for the Trivy Operator. Nice.
  • Ricardo Sueiras captured some great links on open source at AWS in this newsletter.
  • I shared this via Twitter, but wanted to include it here because I think it’s a really cool use case. Muhammad Bhatti shares an example of using Pulumi code in an AWS Lambda to create a mechanism for running containers on-demand.
  • Apparently due to the way the integration between Antrea and VMware NSX was designed, it’s possible for “stale” Antrea-enabled clusters (clusters that once existed but are no longer present/valid) to show up in the NSX UI. Bassem Rezkalla shows how to remove these stale clusters.

Operating Systems/Applications

  • Curious about what a JWT is? This article from Teleport may be helpful.
  • Jeff Johnson points out an obvious but I suspect often-overlooked aspect of macOS’ Full Disk Access.
  • Even if you use an online service such as GitHub, GitLab, or Codeberg, you still need to ensure you have backups of your repositories. This article provides one potential solution.
  • GitOps is all the rage these days (and there are valid reasons why), but I liked this article by Jim Sheldon because it discusses something more mundane yet critically important: how to structure the code in your Git repositories for GitOps. Sans the short Harness commercial at the end, I found this article to be useful.

Storage

Virtualization

Programming

  • Engin Diri has two relatively recent posts on Rust, which he’s been spending some time learning. The first is how to async/await in Rust (tackling the issue of asynchronous programming); the second is creating a gRPC-based microservice in Rust. If you’re learning Rust (or interested in learning Rust), I think these articles will be helpful to you.

Career/Soft Skills

  • I really enjoyed this post on learning from the past but not living there. I think of this from a career perspective: we need to learn from our past (mistakes, jobs, opportunities, technologies), but our industry is one of change—we can’t stay in the past because we’ll be left behind.
  • Matt Stratton’s presentation on the journey from DevOps to cloud engineering was one I really enjoyed (remotely/virtually, since it was presented at an event in London).
  • I agree with Marc—write more.

This will likely be the very last Technology Short Take of 2022, but I’ll be back in 2023 with more Technology Short Takes, so make sure you stay tuned! In the meantime, feel free to connect with me on Twitter or on Mastodon, or connect with me in any one of the various Slack communities where I’m active (the Kubernetes and Pulumi Slack communities are a pretty sure bet). Thanks for reading!

Technology Short Take 161

Welcome to Technology Short Take #161! It’s been a little over a month since the last Technology Short Take, although the Full Stack Journey recently did an “Audio Edition” of a Technology Short Take that you should probably check out. In any case, I’ve spent the last month collecting links to articles and tutorials from around the web on all the various technologies that us IT folk are likely to encounter in our day-to-day adventures. I hope there’s something here that you find useful!

Networking

Servers/Hardware

  • Howard Oakley has a great series on Apple Silicon; the series is up to three posts so far. The first post provides a high-level overview of how Apple Silicon M-series chips are different, and the second post has more details on the capabilities of the P and E cores. The third post discusses how macOS allocates threads to different cores to maximize performance. Good stuff!
  • Looks like some significant bandwidth increases could be on the horizon; see this article for more details.

Security

Cloud Computing/Cloud Management

Operating Systems/Applications

Programming

Virtualization

Career/Soft Skills

  • I love this idea!
  • Mike McQuaid talks about entitlement in open source. I think some of the lessons in this article could apply to a lot of different scenarios, not just open source usage.

That’s all for now! As always, thank you for taking the time to read this post, and feel free to reach out to me with any feedback or suggestions for improvement. You can reach me on Twitter, or find me in a number of different Slack communities (such as the Pulumi community Slack or the Kubernetes community Slack). I look forward to hearing from you!

Recent Posts

Streamlining the User Experience for Accessing AKS Clusters

Lately I’ve been spending a little bit of time building Pulumi programs to assist with standing up Azure Kubernetes Service (AKS) clusters. I’ve learned a pretty fair amount about Azure and AKS along the way, as expected, but I was taken aback by the poor user experience (in my opinion) when it came to accessing the AKS clusters once they’d been established. In this post, I’ll share a small tweak you can make that will, in most cases, make accessing your AKS clusters a great deal smoother.

Read more...

Technology Short Take 160

Welcome to Technology Short Take #160! This time around, my list of links and articles is a tad skewed toward cloud computing/cloud management, but I’ve still managed to pull together some links on other topics that readers will hopefully find useful. For example, did you know about the secret macOS network quality tool? You didn’t? Lucky for you there’s a link to an article about it below. Read on to get all the details!

Read more...

Referencing Configuration Values in Pulumi YAML

Lately I’ve been doing a fair amount of work with Pulumi’s YAML support (see this blog post announcing it), and I recently ran into a situation where I wanted to read in and use a configuration value (set via pulumi config). When using one of Pulumi’s supported programming languages, like TypeScript or Python or Go, this is pretty easy. It’s also easy in YAML, but not as intuitive as I originally expected. In this post, I’ll share how to read in and use a configuration value when using Pulumi YAML.

Read more...

Managing AWS Key Pairs with Pulumi and Go

As I was winding down things at Kong and getting ready to transition to Pulumi (more information on why I moved to Pulumi here), I casually made the comment on Twitter that I needed to start managing my AWS key pairs using Pulumi. When the opportunity arose last week, I started doing exactly that! In this post, I’ll show you a quick example of how to use Pulumi and Go to declaratively manage AWS key pairs.

Read more...

Technology Short Take 159

Welcome to Technology Short Take #159! If you’re interested in finding some links to articles around the web on topics like WASM, Git, Sigstore, or EKS—among other things—then you’ve come to the right place. I’ve spent the last few weeks collecting articles I think you’ll find useful, gleaning them from the depths of Twitter, RSS feeds, Reddit, and Slack. Enjoy, and never stop learning!

Read more...

Jumping Off Cliffs

For quite a few years, I’ve had this desktop wallpaper that I really love. I don’t even remember where I got it or where it came from, so I can’t properly attribute it to anyone. I use this wallpaper from time to time when I want to be reminded to challenge myself, to learn new things, and to step outside of what is comfortable in order to explore the as-yet-unknown. Looking at this wallpaper on my desktop a little while ago, I realized that I may have started taking the inspirational phrase on this wallpaper for granted, instead of truly applying it to my life.

Read more...

Technology Short Take 158

Welcome to Technology Short Take #158! What do I have in store for you this time around? Well, you’ll have to read the whole article to find out for sure, but I have links to articles on…well, lots of different topics! DNS, BGP, hardware-based security, Kubernetes, Linux—they’re all in here. Hopefully I’ve managed to find something useful for someone.

Read more...

Revisiting X.509 Certificates in Kubeconfig Files

In 2018, I wrote an article on examining X.509 certificates embedded in Kubeconfig files. In that article, I showed one way of extracting client certificate data from a Kubeconfig file and looking at the properties of the client certificate data. While there’s nothing technically wrong with that article, since then I’ve found another tool that makes the process a tad easier. In this post, I’ll revisit the topic of examining embedded X.509v3 certificates in Kubeconfig files.

Read more...

Posts from the Past, August 2022

I thought I might start highlighting some older posts here on the site through a semi-regular “Posts from the Past” series. I’ll start with posts published in the month of August through the years. Here’s hoping you find something that is useful (or perhaps entertaining, at least)!

Read more...

Site Category Changes

This weekend I made a couple of small changes to the categories on the site, in an effort to make navigation a bit more intuitive. In the past, readers had expressed some confusion over the “Education” and “Explanation” categories, and—to be frank—their confusion was warranted. I also wasn’t clear on the distinction between those categories, so this post explains the changes I’ve made.

Read more...

Using Default AWS Resources with Pulumi

Per the AWS documentation (although I’m sure there are exceptions), when you start using AWS you are given some automatically-created resources: a default VPC that contains public subnets in each availability zone in the region along with an Internet gateway and settings to enable DNS resolution. Most of the infrastructure-as-code tutorials that I’ve seen start with creating a VPC and subnets and gateway, but what if you wanted to use these default resources instead? I wasn’t really able to find a good walkthrough on how to do this, so this post provides some sample Go code you can use with Pulumi to identify these default AWS resources and use them.

Read more...

Technology Short Take 157

Welcome to Technology Short Take 157! I hope that this collection of links I’ve gathered is useful to someone out there. In particular, the “Career/Soft Skills” section is a bit bigger than usual this time around, as is the “Security” section.

Read more...

Network Programmability and Automation, Second Edition

In late 2015, I was lucky enough to be part of a small crew of authors who launched a new book project targeting “next-generation network engineering skills.” That book, Network Programmability and Automation, was published by O’Reilly and has garnered praise and accolades for tackling head-on the topics that network engineers should consider mastering as the field of network engineering continues to grow and evolve. I was excited about that announcement, and I’m even more excited to announce that the early release of the second edition of Network Programmability and Automation is now available!

Read more...

Technology Short Take 156

Welcome to Technology Short Take #156! It’s been about a month since the last Technology Short Take, and in that time I’ve been gathering links that I wanted to share with my readers. (I still have quite the backlog of links to read!) Hopefully something I share here will prove useful to someone. Enjoy the links below, and enjoy your weekend!

Read more...

Making Flatpak Firefox use Private Browsing by Default

In April 2021 I wrote a post on making Firefox use Private Browsing by default, in which I showed how to modify the GNOME desktop file so that Firefox would open private windows by default without restricting access to normal browsing windows and functionality. I’ve used that technique on all my Fedora-based systems since that time, until just recently. What happened recently, you ask? I switched to the Flatpak version of Firefox. Fortunately, with some minor tweaks, this technique works with the Flatpak version of Firefox as well. In this post, I’ll share with you the changes needed to make the Flatpak version of Firefox also use private browsing by default.

Read more...

Older Posts

Find more posts by browsing the post categories, content tags, or site archives pages. Thanks for visiting!