tobru.guru Newsletter #26
5 min read

tobru.guru Newsletter #26

A Cilium, Shaarli, InfluxDB and Crossplane release, some ramblings about mac OS privacy and an interesting Ubuntu security bug.

News

Software releases, news articles and other new stuff

Cilium 1.9: Maglev, Deny Policies, VM Support, OpenShift, Hubble mTLS, Bandwidth Manager, eBPF Node-Local Redirect, Datapath Optimizations, and more
#release, #kubernetes, #network, #cilium

We are excited to announce the Cilium 1.9 release. A total of 2816 commits have been contributed by a community of 251 developers, many of whom made their first contributions this cycle. Cilium 1.9 brings with it several brand new features.

Wow, Cilium sounds very cool. It's definitively on my list to explore and see if this could be the future default networking stack of our VSHN Managed Kubernetes offerings.

Release v0.12.1 · shaarli/Shaarli
#release, #shaarli

Without Shaarli, no tobru.guru newsletter.

Announcing InfluxDB IOx - The Future Core of InfluxDB Built with Rust and Arrow
#influxdb, #influxdbiox

In this post, I’m going to lay out a vision for the future of InfluxDB and introduce you to a new project that will form the basis of it: InfluxDB IOx (pronounced eye-ox, short for iron oxide). As the title of the post says, this new project is written in Rust (iron oxide, natch) with Apache Arrow as the core.

I was always a fan of InfluxDB and I'm using it for all my timeseries needs. This new project sounds absolutely promising and I'm looking forward to it. What I also like is their commitment to Open Source, that's not something others are doing in the same way. Cool!

Crossplane v0.14 adds final v1beta1 core APIs and enhanced platform configuration support going into v1.0 next month!
#crossplane, #release

Release v0.14.0 · crossplane/crossplane
#crossplane, #release

v0.14 is a hardening release with v1beta1 core APIs, enhanced error reporting, leader election, and multi-version XRD support – just ahead of the v1.0 release next month. More AWS cloud service primitives, customizable provider configurations, and several OAM enhancements round out this release!

It will not take too long until 1.0 is out. We started using Crossplane for developing the next-generation managed services on Kubernetes. More will come soon, looking forward to spread the word about it.


Articles

Interesting articles and blog posts

Jeffrey Paul: Your Computer Isn't Yours
#macos, #privacy

It’s here. It happened. Did you notice? I’m speaking, of course, of the world that Richard Stallman predicted in 1997. The one Cory Doctorow also warned us about.

See my surprised face? It get's harder and harder today to protect the privacy. It's good to have alternatives like Linux. I hope that these alternatives keep being developed and will stay!

The Warmest Start to a Cold Email | Jemma Issroff
#github, #email

I can’t claim expertise in how to successfully write a cold email. I have sent many more unanswered cold emails than answered ones. Looking at you, Michelle Obama!

Cool article!

5 new sudo features you need to know in 2020 | Opensource.com
#sudo, #news

From central session recording through chroot support to Python API, sudo 1.9 offers many new features.

Sudo is still being developed and new features are included. Of course it will take several years until this version will be available on all the enterprise distros.

I sold Baremetrics
#story

2020 has turned in to one of the most unusual years of my life, for both the obvious reasons but also for reasons I definitely wasn’t expecting at the start of the year. After 7 years of work building this little company, Baremetrics has a new home.

How cool is that?

3.x migration - Turris Documentation
#turris, #migration, #upgrade

Update from Turris OS 3.x to 5.0 or newer is big leap. There is more than three years of significant development in OpenWrt. At the same time with this Turris team also took liberty to clean and rewrite some of theirs software. This means changes. Be prepared that some packages and features you are used to have might no longer be there.

It's time to start preparing myself to upgrade my Turris Omnia at home. I already keep my fingers crossed that this will work, it's my door to the world aka Internet.

How to get root on Ubuntu 20.04 by pretending nobody’s /home - GitHub Security Lab
#security, #vulnerability, #bugs, #ubuntu

I am a fan of Ubuntu, so I would like to help make it as secure as possible. I have recently spent quite a bit of time looking for security vulnerabilities in Ubuntu’s system services, and it has mostly been an exercise in frustration. I have found (and reported) a few issues, but the majority have been low severity.

W00t? Such "simple" security flaws are really very rare today. Good article describing it.

A Simple Auth Proxy for EKS - DEV
#kubernetes, #aws, #eks, #authentication, #proxy

AWS EKS is a great option for a hosted Kubernetes cluster. It is in particular easy to use for demos and training sessions. However, EKS authentication is based off AWS IAM, which means users need an AWS account. Authenticating to EKS typically involves calling the aws eks get-token command in your .kube/config so as to retrieve an authentication token.

Standing on Our Own Two Feet - Let's Encrypt - Free SSL/TLS Certificates
#letsencrypt, #ca, #firefox

When a new Certificate Authority (CA) comes on the scene, it faces a conundrum: In order to be useful to people, it needs its root certificate to be trusted by a wide variety of operating systems (OSes) and browsers. However, it can take years for the OSes and browsers to accept the new root certificate, and even longer for people to upgrade their devices to the newer versions that include that change. The common solution: a new CA will often ask an existing, trusted CA for a cross-signature, to quickly get it into being trusted by lots of devices.

How to waste half a day by not reading RFC 1034 - Signal v. Noise
#dns, #wildcard, #mx, #mail

Here-in lies the problem. While you can have a wildcard record for branch-deploy.com, if an MX record (or other any record really) exists for a given subdomain and you try to visit your-branch.branch-deploy.com, that A/AAAA/CNAME resolution will not climb the tree to the wildcard.

It's always DNS, isn't it?

Migrating from macOS to Linux | akos.ma
#linux, #macos, #laptop

This is the story of how, after being a loyal macOS user for 15 years, I decided to start using Linux full-time. This article provides a detailed report of all the small decisions I took from late 2016 until late 2018, the moment in which I got my TUXEDO Computers laptop with Ubuntu 18.04 pre-installed.

Thanks for this write-up Adrian, perfect timing with the above article about macOS privacy.

Although Adrian writes that he doesn't want any recommendations, I have two things I'd like to mention:

  • I was using Enpass as my password manager for several years as well. But the application became so buggy over time, didn't even work on Android properly anymore and the company moved to the US. It always didn't feel so good to not use an Open Source software for keeping my passwords safe. Therefore I migrated to KeePassXC with the Python script enpass-to-keepass.py (with some modifications) and it works so much better! I can only recommend it.
  • For my file sharing needs I'm using Nextcloud which works perfect. I would never trust my files to a US company like Dropbox is.

Tools

Open Source tools newly discovered

raspbernetes/k8s-security-policies
#kubernetes, #policy, #rego, #opa

This repository provides a security policies library that is used for securing Kubernetes clusters configurations. The security policies are created based on CIS Kubernetes benchmark and rules defined in Kubesec.io. The policies are written in Rego, a high-level declarative language, its purpose-built for expressing policies over complex hierarchical data structures. For detailed information on Rego see the Policy Language documentation.

Bundesamt für Gesundheit BAG - Covid-19 Schweiz
#covid19, #bag, #dashboard

Informationen zur aktuellen Lage

Enjoying these posts? Subscribe for more