This author explores two primary collaboration styles in software development: individual stewardship and shared stewardship. It delves into the characteristics, strengths, and weaknesses of each approach, providing insights into their application in various work environments
https://rethinkingsoftware.substack.com/p/programmer-collaboration-styles
https://rethinkingsoftware.substack.com/p/programmer-collaboration-styles
Substack
Programmer Collaboration Styles
In software development, two collaboration styles have proven to be most effective.
👍4
This article details Cloudflare's successful migration of billions of DNS records from their main database cluster to a new dedicated DNS database. The migration involved moving 1.7 billion records from the primary DNS table and 4.3 billion records from an archive table, while ensuring zero data loss and minimal downtime
https://blog.cloudflare.com/migrating-billions-of-records-moving-our-active-dns-database-while-in-use/
https://blog.cloudflare.com/migrating-billions-of-records-moving-our-active-dns-database-while-in-use/
The Cloudflare Blog
Migrating billions of records: moving our active DNS database while it’s in use
According to a survey done by W3Techs, as of October 2024, Cloudflare is used as an authoritative DNS provider by 14.5% of all websites
👍3
Ohayou(おはよう), HTTP load generator, inspired by rakyll/hey with tui animation.
https://github.com/hatoo/oha
https://github.com/hatoo/oha
GitHub
GitHub - hatoo/oha: Ohayou(おはよう), HTTP load generator, inspired by rakyll/hey with tui animation.
Ohayou(おはよう), HTTP load generator, inspired by rakyll/hey with tui animation. - hatoo/oha
👏4👍1
Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
https://github.com/sshuttle/sshuttle
https://github.com/sshuttle/sshuttle
GitHub
GitHub - sshuttle/sshuttle: Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin.…
Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling. - sshuttle/sshuttle
👍3
This author explores how Otterize simplifies workload IAM integration in Kubernetes on Azure. It demonstrates how developers can manage IAM changes directly from within the cluster, using Otterize's open-source solution to automate managed identity and policy creation
https://itnext.io/kubernetes-automate-workload-iam-on-azure-with-otterize-860faa221eac
https://itnext.io/kubernetes-automate-workload-iam-on-azure-with-otterize-860faa221eac
Medium
Kubernetes — Automate workload IAM on Azure with Otterize
Simplifying Network and Workload IAM Integration in Kubernetes with Otterize
👍3
This article explores the key areas of responsibility for engineering managers, providing insights into their multifaceted role within an organization. It likely delves into topics such as team leadership, project management, technical guidance, and strategic planning, offering valuable perspectives for both aspiring and current engineering managers.
https://levelup.gitconnected.com/the-engineering-managers-areas-of-responsibility-e25fe6c6fbb7
https://levelup.gitconnected.com/the-engineering-managers-areas-of-responsibility-e25fe6c6fbb7
Medium
The Engineering Manager’s Areas of Responsibility
What exactly do they have to do?
👍6
This blogpost presents a comprehensive benchmark of Kubernetes Container Network Interfaces (CNIs) over a 40Gbit/s network, conducted in early 2024. The study evaluates seven CNIs with 21 different configurations, focusing on performance, efficiency, and resource consumption.
https://itnext.io/benchmark-results-of-kubernetes-network-plugins-cni-over-40gbit-s-network-2024-156f085a5e4e
https://itnext.io/benchmark-results-of-kubernetes-network-plugins-cni-over-40gbit-s-network-2024-156f085a5e4e
Medium
Benchmark results of Kubernetes network plugins (CNI) over 40Gbit/s network [2024]
This article is a new run of my previous benchmark (2020, 2019 and 2018), now running Kubernetes 1.26 and Ubuntu 22.04 with CNI version…
👍2
This article explores how observability, particularly tracing, serves as a powerful tool for debugging and optimizing software systems at incident.io. It delves into the concept of traces and spans, explaining how they provide detailed insights into application performance and behavior, enabling developers to quickly identify and resolve issues
https://incident.io/blog/observability-as-a-superpower
https://incident.io/blog/observability-as-a-superpower
incident.io
Observability as a superpower | Blog
At incident.io, tracing is our secret weapon for catching bugs before customers do. This blog unpacks how traces and spans are built, showcasing their role in debugging and performance tuning. From span creation to integrating traces with logs and error reports…
This article explores Docker Multi-Stage Builds as a powerful technique for creating smaller and more secure container images.
https://labs.iximiuz.com/tutorials/docker-multi-stage-builds
https://labs.iximiuz.com/tutorials/docker-multi-stage-builds
iximiuz Labs
How to Build Smaller Container Images: Docker Multi-Stage Builds | iximiuz Labs
Learn how to build smaller, more secure Docker container images using Multi-Stage Builds. This guide explains common sources of image bloat, best practices for slimming down production images, and practical examples for Node.js, Go, Rust, and other application…
👍4
This article provides a comprehensive guide on setting up a WireGuard VPN server on AWS using Terraform. It likely covers the step-by-step process of deploying a secure and scalable VPN solution, leveraging AWS infrastructure and Terraform's infrastructure-as-code capabilities.
https://vladkens.cc/aws-wireguard-vpn-terraform/
https://vladkens.cc/aws-wireguard-vpn-terraform/
vladkens.cc
Setting up WireGuard VPN at AWS with Terraform
All resources in AWS work inside private VPC. Sometimes you may need to access these resources from local computer (e.g. to interact with database). Some resour…
👍6
The article focuses on the importance of handling termination signals gracefully in applications deployed in orchestrated environments like Kubernetes. Graceful shutdowns are crucial to prevent data loss and system instability that can occur with abrupt terminations, ensuring that applications can exit cleanly and maintain consistency even when they are stopped or scaled down.
https://packagemain.tech/p/graceful-shutdowns-k8s-go
https://packagemain.tech/p/graceful-shutdowns-k8s-go
packagemain.tech
Terminating elegantly: a guide to graceful shutdowns
Let's dive into the world of graceful shutdowns, specifically for Go applications running on Kubernetes.
👍4
The incredible HULL - Helm Uniform Layer Library - is a Helm library chart to improve Helm chart based workflows
https://github.com/vidispine/hull
https://github.com/vidispine/hull
GitHub
GitHub - vidispine/hull: The incredible HULL - Helm Uniform Layer Library - is a Helm library chart to improve Helm chart based…
The incredible HULL - Helm Uniform Layer Library - is a Helm library chart to improve Helm chart based workflows. - GitHub - vidispine/hull: The incredible HULL - Helm Uniform Layer Library - is a...
🔥4
Forwarded from Golang notes
A PostgreSQL database explorer TUI (Terminal User Interface) application written in Go.
https://github.com/ddoemonn/go-dot-dot
https://github.com/ddoemonn/go-dot-dot
GitHub
GitHub - ddoemonn/go-dot-dot: A PostgreSQL database explorer TUI (Terminal User Interface) application written in Go.
A PostgreSQL database explorer TUI (Terminal User Interface) application written in Go. - ddoemonn/go-dot-dot
👍3🔥2
🔥 Critical vulnarabliiity in ingress-nginx controlller
9.8/10🔥 https://github.com/advisories/GHSA-mgvx-rpfc-9mpv
If you're running Kubernetes with the ingress-nginx controller and are affected by the vulnerability described in GHSA-mgvx-rpfc-9mpv (CVE-2025-1974), you face several serious security risks:
Critical Security Risks
This vulnerability, published on March 25, 2025, is part of a set of critical flaws collectively named "IngressNightmare" with a CVSS score of 9.8[6]. The specific issues include:
- Unauthenticated Remote Code Execution (RCE): An attacker with access to the pod network can execute arbitrary code in the context of the ingress-nginx controller without authentication[1][2].
- Cluster-wide Secret Exposure: The vulnerability allows attackers to access and steal all secrets accessible to the controller. In default installations, the controller can access all secrets across all namespaces in the cluster[1][3].
- Complete Cluster Takeover: Due to the elevated privileges of the admission controller, successful exploitation could lead to full compromise of your Kubernetes environment[3][6].
- Public Exposure Risk: Over 6,500 clusters with publicly accessible admission controllers are at immediate risk, including those operated by Fortune 500 companies[8].
How the Vulnerability Works
The attack targets the admission controller component of the ingress-nginx controller:
1. The vulnerability allows attackers to inject arbitrary NGINX configuration remotely by sending a malicious ingress object directly to the admission controller[3].
2. When the controller processes this malicious object during validation, it causes the NGINX validator to execute malicious code[6][8].
3. The admission controller's elevated privileges and network accessibility create a critical escalation path, allowing an attacker to access sensitive resources across the entire cluster[3].
Required Action
To mitigate this issue, you should:
- Update immediately to one of the patched versions: 1.12.1, 1.11.5, or 1.10.7[6].
- Ensure your admission webhook endpoint is not exposed externally[6].
- Limit access to the admission controller to only the Kubernetes API Server[6].
- Temporarily disable the admission controller component if it's not needed[6].
This vulnerability affects approximately 43% of cloud environments, making it a widespread and serious threat to Kubernetes deployments[6].
9.8/10
If you're running Kubernetes with the ingress-nginx controller and are affected by the vulnerability described in GHSA-mgvx-rpfc-9mpv (CVE-2025-1974), you face several serious security risks:
Critical Security Risks
This vulnerability, published on March 25, 2025, is part of a set of critical flaws collectively named "IngressNightmare" with a CVSS score of 9.8[6]. The specific issues include:
- Unauthenticated Remote Code Execution (RCE): An attacker with access to the pod network can execute arbitrary code in the context of the ingress-nginx controller without authentication[1][2].
- Cluster-wide Secret Exposure: The vulnerability allows attackers to access and steal all secrets accessible to the controller. In default installations, the controller can access all secrets across all namespaces in the cluster[1][3].
- Complete Cluster Takeover: Due to the elevated privileges of the admission controller, successful exploitation could lead to full compromise of your Kubernetes environment[3][6].
- Public Exposure Risk: Over 6,500 clusters with publicly accessible admission controllers are at immediate risk, including those operated by Fortune 500 companies[8].
How the Vulnerability Works
The attack targets the admission controller component of the ingress-nginx controller:
1. The vulnerability allows attackers to inject arbitrary NGINX configuration remotely by sending a malicious ingress object directly to the admission controller[3].
2. When the controller processes this malicious object during validation, it causes the NGINX validator to execute malicious code[6][8].
3. The admission controller's elevated privileges and network accessibility create a critical escalation path, allowing an attacker to access sensitive resources across the entire cluster[3].
Required Action
To mitigate this issue, you should:
- Update immediately to one of the patched versions: 1.12.1, 1.11.5, or 1.10.7[6].
- Ensure your admission webhook endpoint is not exposed externally[6].
- Limit access to the admission controller to only the Kubernetes API Server[6].
- Temporarily disable the admission controller component if it's not needed[6].
This vulnerability affects approximately 43% of cloud environments, making it a widespread and serious threat to Kubernetes deployments[6].
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
CVE-2025-1974 - GitHub Advisory Database
ingress-nginx admission controller RCE escalation
😱7👍5🔥4