While I’m working on some new material (also, I must admit that I didn’t read anything for last few days), I can share with you some cool IT Ukrainian communities.

Today I want to share a Telegram chat about Linux: @linuzua

Also, I have a small list of Awesome Ukrainian IT communities on GitHub. So, if you own or know cool chats, Slack or Discord communities, websites, etc., feel free to add that there! Or you can leave those in the comments (I’ll leave the comments open for this post).

P.S. This is not a paid post. If you do any cool media-projects or blogs about DevOps in Ukraine - let me know! I’ll happily share those.

P.P.S. Important information for the Finanzamt of Berlin: I don’t get money from my Telegram channel, blog, and newsletter. Please, don’t ask me about these things.

This a pure Friday material, but I totally forgot about this one yesterday.

So, a systemd security patch broke DNS on Azure VMs on the 30th of August.

Here’s the bug report.

This only affected Ubuntu 18.04 version, which is extremely popular, TBH.

Well, shit happens. Yet, the worrisome part of this story is that according to The Register:

> Azure is recommending that Ubuntu 18.04 users disable automatic security updates for the time being.

#azure #security #dns

So, on Friday I told you that I’m working on something new and now I’m ready to drop yet another teaser!

In nutshell, I’m going to write a series of articles on the basics of CLI applications in Go. A teaser or Part 0 of this series is already available in my blog!

There I talk about side projects and my motivation to write that tiny app as well as to start this series.

I will post new parts here as they appear. Also, you can subscribe to the CatOps newsletter to get bi-weekly digest of what has happened here.

#go #programming #blog #oc

I don’t work with the databases much lately. Moreover, I haven’t worked with MySQL/MariaDB for a long time. Thus, I am not 100% sure how useful is this tool, but I found it in the reliable source.

mariabak is a CLI for mysqlsump that eases certain operations. So, you don’t have to pass multiple mysqldump commands for certain jobs.

#toolz #databases #mysql

Now, Go ecosystem has a vulnerability checker in their toolset.

From the doc:

 new govulncheck command is a low-noise, reliable way for Go users to learn about known vulnerabilities that may affect their projects. Govulncheck analyzes your codebase and only surfaces vulnerabilities that actually affect you, based on which functions in your code are transitively calling vulnerable functions.

Just keep in mind that you have to have Go version >= 1.18.

#go #programming

Monitoring at scale with Victoria Metrics

https://tech.bedrockstreaming.com/2022/09/06/monitoring-at-scale-with-victoriametrics.html

#monitoring #victoriametrics #prometheus #kubernetes #k8s

Istio project has revealed their new architecture concept: an Ambient Mesh.

Basically, with this configuration they're moving away from sidecars in favor of a ztunnel (zero-trust tunnel) installed on the nodes and multiple waypoint proxies. You can find more details as well as the benefits of such architecture in the article.

This is not an all-in-one change, though. Istio still promises support for sidecar-based mesh, which means that two types of setup will co-exist with each other.

Also, keep in mind that the new Ambient Mesh is in the rapid development phase still. The article promises some early stable results in 2023.

These news came from our chat. If you have any interesting things to share, feel free to share those there!

#istio #kubernetes #networkin

​The Grug Brained Developer

A layman's guide to thinking like the self-aware smol brained.

#culture

Netflix’s article about the Data Mesh - their managed streaming pipeline solution.

The second issue of the CatOps Newsletter is now live on Substack!

#digest #newsletter

An amazing book collection on Humble Bundle this time!

For the next 20 days you can by books about Linux by No Starch Press, including famous “The Linux Programming Interface” and “How Linux Works. What Every Superuser Should Know”.

I’ve been relying a lot on the second one in early days of my career and this is still the book I recommend everyone, who wants to start using Linux systems.

As always, you can pay different amount of money to unlock different number of books, but obviously you have to pay the highest stake (€40) to get two books I mentioned.

#books

CatOps Voice chats on Thursdays aka “Говорилка CatOps” are back!

And I’d like to make this comeback a little bit special. Therefore, next Thursday, the 22nd of September, we are having a special edition of our voice chat with a recording.

We’ll speak with Oleks Maistrenko - a co-host of the famous DOU Podcast and a host of its chapter dedicated to the engineering management.

We will talk about engineering management, DevOps, and other stuff. You can also ask your question in Slido and, of course, you’re more than welcome to join us live on the 22nd of September at 20:00 (Kyiv time) in the CatOps Chat!

~See~ hear you there!

#говорилка

Uber apparently has been hacked.

There are not many details in the mainstream tech press, as well as there’s no official write up yet, only a tweet about the incident.

However, here’s an interesting Twitter thread about the scope of the attack (the scope is huge!).

If you rather prefer a web page view, here’s the same thread via Unroll app.

The key takeaways from that thread:
- Rely on MFA protected from phishing such as hardware keys
- Pay as much attention to your internal network as to the public facing interfaces

#security

IAM Policy Validator for Terraform can validate your IAM policies written in Terraform against best practices.

It uses AWS IAM Access Analyzer, therefore you need to grant it respective permissions to access this service. On the good side, unlike isolated tools, you don’t have to rely on the tool’s developers to update the validation policies. Everything comes from AWS itself.

#aws #terraform

Yet another small collection of tutorials. Hopefully, you will be able to find something useful for you there!

- 90DaysOfDevOps - a tutorial with a little bit of everything.
- 100daysofdevops - a collection of Medium articles on AWS things.
- 100DaysOfCloudIdeas - a list of challenges to get yourself familar with the cloud. Has challenges for AWS, Azure, and GCP.
- AWS Skill Builder - an official collection of AWS tutorials, some of which are free.
- AWS Ramp-Up Guides - official AWS guides.
- Fast-Kubernetes - a list of labs to get yourself familiar with Kubernetes (I’ve already posted it before).

#tutorials #guides #learn

Just a friendly that this Thursday we are having a voice chat with Oleks Maistrenko - a co-host of the DOU Podcast and the host of the new podcast “Going Beyond Development” about engineering management.

We will talk about engineering management, devops, and other stuff. Join us live this Thursday at 20:00 (Kyiv time).

Link to the voice chat (currently inactive): https://news.1rj.ru/str/catops_chat?videochat

Also, you can ask your question via this form in SliDo.

See you there!

P.S. I had an idea of raising some funds for Ukrainian Army during our chat, but then realized that we can do that without an intermediate person. So, I would appreciate your donations to any foundation or charity of your choice. From my side, I can recommend some people, who are not that famous, but whom I know in person and therefore trust them:

- Pavlo and Naya are collecting funds for drones and radios. You can find their contacts here (Pavlo’s) or here (Nastia’s)

- UA Responders - a foundation that is specialized on tactical medicine. My wife helps them with some media topics and my schoolmate takes care of the logistics there. This foundation also has an account in Poland, so may be easier to transfer money for those abroad.

And remember: there is no such thing as too small donation!

Not so long since the previous book bundle and now we have a “Cloud Infrastructure & Operations” bundle by O’Reilly.

This bundle contains books on Kubernetes, distributed apps, tracing, database reliability in the cloud and so on. One of the book in this bundle is the one, I’m reading at the moment actually - “Implementing Service Level Objectives” 😄 It’s an Ok book. Definitely not a mustread, but good to check if you’re working on SLOs at the moment.

#books

Beware that there’s an issue with DNS in Kubernetes 1.25.0 (therefore k3s has it as well) and Alpine (musl).

So, first of all: it’s always DNS. Secondly, it seems like Kubernetes 1.25.1 has a fix for this. So, you may want to jump straight to that version and skip 1.25.0 all together.

Frankly, you probably always should jump to the first patch version if you want to play safe.

Another thing is that this is not the first time when musl specifically is affected. So again, if you want to play safe, it’s probably better to use “slim”, “distroless”, or “scratch” images.

#kubernetes #dns

Sup!

In less than an hour we are having a voice chat, where we are going to talk a bit about the engineering management and it’s relations with the DevOps methodology.

Here’s the participant’s link: https://news.1rj.ru/str/catops_chat?videochat

See you there!

P.S. I’ll drop one more message here, once we start.

A new issue of the CatOps Newsletter is now live on Substack!

#newsletter

DoorDash has written a nice article about them leveraging policies-as-code for Terraform with Atlantis. They are using OPA with Conftest for that.

For me the interesting part was the idea to keep the policies in an S3 bucket for Atlantis. It looks a bit over complicated (why not store them just in Git?), but I don’t have much experience with Atlantis, so I dunno.

Also, there’s this passage that can make a grownup man cry:

> The core-infra team engineers soon became full-time code reviewers for all the changes that were needed to keep the platform from breaking.

#terraform #atlantis #opa