VSHN.timer

VSHN.timer #223: An Exozodiacal Threat

8. Apr 2024

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about CVE-2024-3094, the unprecedented computer security scare of the decade that was discovered thanks to the curiosity and grit of a PostgreSQL engineer.

1. Andres Freund, a software engineer working for Microsoft on the PostgreSQL project (and who has now become an unsuspecting hero in computer-literati circles), reported the discovery of compromised tarballs in the xz repository on March 29th, 2024, a date which, paraphrasing Franklin D. Roosevelt, will live in infamy.

https://www.openwall.com/lists/oss-security/2024/03/29/4

2. Over a period of over two years, an attacker using the name „Jia Tan“ worked as a diligent, effective contributor to the xz compression library, eventually being granted commit access and maintainership. Using that access, they installed a very subtle, carefully hidden backdoor into liblzma. The attack appears to be the first serious (known) supply chain attack on widely used open source software. It marks a watershed moment in open source supply chain security, for better or worse. This timeline provides a complete history of the attack in chronological order.

https://research.swtch.com/xz-timeline

3. Who is „Jia Tan“? The thwarted XZ Utils supply chain attack was years in the making. Now, clues suggest nation-state hackers were behind the persona that inserted the malicious code. Andy Greenberg and Matt Burgess lead the investigation in this Wired article.

https://www.wired.com/story/jia-tan-xz-backdoor/

4. The timing of the attack was carefully selected; among the affected Linux distributions, two of them (and, needless to say, among the most popular!) had scheduled major releases later this month: Fedora 40 and Ubuntu 24.04 LTS. Both Red Hat and Canonical have issued corresponding notifications to their users, and it is strongly recommended to stop using the preview versions of both operating systems until further notice.

https://linuxiac.com/ubuntu-24-04-lts-beta-release-postponed-due-to-security-concerns/

5. The VSHN.timer project of the week is amlweems/xzbot, featuring an exploration of the xz backdoor including: a honeypot; an ed448 patch to use our own ED448 public key; the explanation of the backdoor format; and a backdoor demo.

https://github.com/amlweems/xzbot

Were you affected in any way by this backdoor? Are you assessing the risks brought by your platforms‘ software supply chains? Would you like to share some security tips and tricks with our readers? Get in touch with us, and see you next week for another edition of VSHN.timer.

As a personal note, I’d like to announce this will be the last VSHN.timer with my signature, and for that reason I wanted to thank you for your support, fidelity, and kind words during all these years. It was my privilege to keep you updated on all things Cloud Native and Kubernetes every week. All the best and see you around! 🙂

PS: check out our previous VSHN.timer editions about security: #8, #17, #22, #27, #32, #44, #54, #62, #76, #84, #93, #106, #117, #128, #142, #145, #164, #169, #182, and #203.

PS2: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS3: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

Adrian Kosmaczewski

Adrian Kosmaczewski ist bei VSHN für den Bereich Developer Relations zuständig. Er ist seit 1996 Software-Entwickler, Trainer und veröffentlichter Autor. Adrian hat einen Master in Informationstechnologie von der Universität Liverpool.

Kontaktiere uns

Unser Expertenteam steht für dich bereit. Im Notfall auch 24/7.

Kontakt
VSHN.timer

VSHN.timer #222: Videos from KubeCon + CloudNativeCon Europe 2024

25. Mrz 2024

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to highlight some outstanding recordings of talks presented last week at KubeCon + CloudNativeCon Europe 2024.

1. Artificial Intelligence: generative AI and LLMs get lots of attention lately, but many are still figuring out how to most effectively use them in Cloud Native platforms. This video explains how to deploy AI models on Kubernetes with tools such as the Kubernetes toolchain operator KAITO, to simplify training and inferencing for LLMs.

https://www.youtube.com/watch?v=r7qd0ZHt4uE

2. Maintenance: validating cluster add-on upgrades securely and confidently across a Kubernetes fleet of clusters poses a significant challenge for platform teams. This session demonstrates advanced techniques for both validating and deploying these upgrades, with a focus on securing infrastructure and streamlining operational workflows using ephemeral virtual clusters or „vClusters„.

https://www.youtube.com/watch?v=odnZTPltaQc

3. Security: this talk is an exploration into Yahoo’s year-long integration journey of Sigstore, enhancing Supply Chain Security through verifiable „certificates of origin“ for artifacts. Despite the challenges of scaling Sigstore in a high-traffic environment, the Paranoids (Yahoo’s information security organization) successfully secured around 60,000 daily builds, spanning 700 clusters and 100,000 pods.

https://www.youtube.com/watch?v=Tp-t_7ccW0Y

4. Storage: this talk is an introduction to Rook, an open source cloud-native storage operator for Kubernetes. The panel will discuss various scenarios to show how Rook configures Ceph to provide stable block, shared file system, and object storage for your production data. Rook was accepted as a graduated project by the Cloud Native Computing Foundation in October 2020.

https://www.youtube.com/watch?v=bL5Ay28KPOI

5. Culture: in today’s dynamic digital landscape, the reliability and resilience of complex systems are critical for delivering seamless user experiences. Chaos Engineering has emerged as a powerful discipline for proactively identifying and mitigating potential system weaknesses. This talk delves into the synergy between Chaos and Platform Engineering, presenting a paradigm shift in how organizations can enhance their platform engineering practices by leveraging chaos-first principles.

https://www.youtube.com/watch?v=WUXFKxgZRsk

BONUS 6. Playlist: would you like to keep watching KubeCon + CloudNativeCon Europe 2024 videos? Get your popcorn ready and click on the playlist link.

https://www.youtube.com/playlist?list=PLj6h78yzYM2N8nw1YcqqKveySH6_0VnI0

Did you attend KubeCon + CloudNativeCon last week? What was your favorite talk? Would you like to share some KubeCon + CloudNativeCon gossip with our audience? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: check out our previous VSHN.timer editions about conferences: #19, #20, #56, #57, #90, #91, #170, #179, #180, and #183.

PS2: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS3: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

Adrian Kosmaczewski

Adrian Kosmaczewski ist bei VSHN für den Bereich Developer Relations zuständig. Er ist seit 1996 Software-Entwickler, Trainer und veröffentlichter Autor. Adrian hat einen Master in Informationstechnologie von der Universität Liverpool.

Kontaktiere uns

Unser Expertenteam steht für dich bereit. Im Notfall auch 24/7.

Kontakt
VSHN.timer

VSHN.timer #221: A Turning Point for Microservices?

18. Mrz 2024

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about those architectural decisions that can make or break your Cloud Native service.

1. Long considered the de facto approach to application architecture for cloud native services, microservices is starting to be refactored by cloud giants such as Amazon and Google. Maybe we are doing microservices all wrong?

https://thenewstack.io/year-in-review-was-2023-a-turning-point-for-microservices/

2. SQLite is often misconceived as a „toy database“ because its default configuration is optimized for embedded use cases, meaning poor performances and the dreaded SQLITE_BUSY error. But what if Sylvain Kerkour convinced you that by tuning a few knobs, you can configure SQLite to reach ~8,300 writes/s and ~168,000 read/s concurrently, with 0 errors, on a ~€40/m commodity virtual server with 4 vCPUs?

https://kerkour.com/sqlite-for-servers

3. Every so often someone needs to create a more or less permanent internal identifier for their users‘ accounts. Then they look at how authentication systems like OIDC return email addresses and decide that they’ll use the email address as the account’s permanent internal identification. As the famous saying goes, now you have two problems.

https://utcc.utoronto.ca/~cks/space/blog/tech/EmailAddressesBadPermanentIDs

4. SIDN manages all internet names that end in .NL. Their job is to properly manage those 6 million domain names, and technically speaking, keeping the .NL names in the air is the core competency of the organization, and also determines its future. In short, if .NL is not capable of managing .NL, that is like a restaurant buying its meals from a delivery service.

https://berthub.eu/articles/posts/your-tech-my-tech/

5. The intent of the Cloud Native Maturity Model is to help you move from inception through to full adoption of cloud native technologies using the CNCF landscape to achieve the full benefits of running scalable applications in modern, dynamic environments in public and hybrid clouds.

https://maturitymodel.cncf.io/

Are you applying the Cloud Native Maturity Model on your architecture? Are you using emails as user account identifiers? Would you like to share some architectural tips and tricks with our readers? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: check out our previous VSHN.timer editions about architecture: #25, #34, #60, #79, #143, and #201.

PS2: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS3: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

Adrian Kosmaczewski

Adrian Kosmaczewski ist bei VSHN für den Bereich Developer Relations zuständig. Er ist seit 1996 Software-Entwickler, Trainer und veröffentlichter Autor. Adrian hat einen Master in Informationstechnologie von der Universität Liverpool.

Kontaktiere uns

Unser Expertenteam steht für dich bereit. Im Notfall auch 24/7.

Kontakt
VSHN.timer

VSHN.timer #220: Employment in Times of Crisis

11. Mrz 2024

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to point out specific cases of Cloud Native and DevOps workers trying to keep systems up and running while their companies are stumbling.

1. How do companies die? Very slowly, almost imperceptibly, and then all of a sudden. Take for example the case of Airplane: Benjamin Yolken worked there for nearly two years, but earlier this year, they announced the company was being acquired by Airtable and that it would be shut down. In this blog post, Benjamin explains what happened from his perspective as a former employee. Spoiler alert: it ain’t pretty.

https://yolken.net/blog/end-of-airplanedev

2. Some organizations mutate from engineering-friendly organizations into standard faceless corporations in the brink of an eye. Justin Garrison left Amazon recently, and he describes in detail the internal struggles felt by engineers inside the organization. He calls it a „Silent Sacking“, and it is as violent as it sounds.

https://justingarrison.com/blog/2023-12-30-amazons-silent-sacking/

3. Yorick Peterse, software developer from The Netherlands, worked at GitLab from 2015 to 2021, and recently wrote about his experience on his blog. There are a lot of interesting details about GitLab (the company) in there, from purely technical ones (architecture, Ruby on Rails) to organizational tidbits (product management, staffing) with broad applicability.

https://yorickpeterse.com/articles/what-it-was-like-working-for-gitlab/

4. Anton Zhiyanov claims he’s stupid, but we don’t believe him. We actually think he’s smart enough to make simple systems, with stable programming languages and libraries, and applying well-known architectures. Anton: even if you think you won’t impress a Google engineer, don’t worry: not only we’re impressed, we also follow your steps.

https://antonz.org/stupid/

5. We know it’s hard, and we want you to take a step back and breathe. Look at the dot in this page and breathe for just one minute, to improve your mental focus before your next task.

https://oneminutefocus.com/

How are you feeling lately? Do you feel threatened by your employer or its specific market conditions? Would you like to share some stories with our readers? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: check out our previous VSHN.timer editions about PeopleOps: #7, #13, #15, #26, #35, #41, #52, #63, #85, #92, #116, #131, #154, #175, and #210.

PS2: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS3: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

Adrian Kosmaczewski

Adrian Kosmaczewski ist bei VSHN für den Bereich Developer Relations zuständig. Er ist seit 1996 Software-Entwickler, Trainer und veröffentlichter Autor. Adrian hat einen Master in Informationstechnologie von der Universität Liverpool.

Kontaktiere uns

Unser Expertenteam steht für dich bereit. Im Notfall auch 24/7.

Kontakt
VSHN.timer

VSHN.timer #219: PostgreSQL Updates

4. Mrz 2024

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about what’s going on in the world of the industry’s preferred database engine: PostgreSQL.

By the way, did you know that VSHN AppCat, now also available on APPUiO Managed clusters, enables your team to deploy PostgreSQL deployments with just ten lines of YAML?

1. Jonathan Katz, an active member of the PostgreSQL community, recently took a look at the current state and evolution of the project from different perspectives: availability, performance, and developer features, and concludes that „PostgreSQL is in a good place. It remains popular, and its reputation for reliability, robustness, and performance remain sound.“

https://jkatz05.com/post/postgres/postgresql-2024/

2. ZITADEL Cloud recently made a notable shift in its database choice by moving from CockroachDB to PostgreSQL. This operational change was influenced by several factors explained in this blog post, ranging from data residency to improved latency and efficiency.

https://zitadel.com/blog/move-to-postgresql

3. We recently learned about a high-risk vulnerability in PostgreSQL allows attackers to inject arbitrary SQL commands. This is known as CVE-2024-0985 and allows unprivileged users to foist SQL code, which is then executed with as superusers during a refresh command. (Article in German.)

https://www.heise.de/news/PostgreSQL-laesst-sich-beliebiges-SQL-unterjubeln-9625343.html

4. Which one would you choose: PostgreSQL or MySQL? This webinar dives into the differences between these two database engines, and what those differences mean from a performance, operability, and community engagement perspective. (Requires free registration.)

https://www.brighttalk.com/webcast/6793/591340

5. The VSHN.timer project of the week is Omnigres, enabling PostgreSQL as a developer-first application platform: deploy a single database instance, and host your entire application, scaling as needed.

https://github.com/omnigres/omnigres

BONUS: 6. If you write Cloud Native apps with JavaScript or TypeScript, you will surely love Postgres.js: its developers claim it is the fastest full-featured PostgreSQL client for Node.js, Deno, Bun, and CloudFlare.

https://github.com/porsager/postgres

How many instances of PostgreSQL are you running in production? Are you considering other options such as MySQL or CockroachDB? Would you like to share some PostgreSQL tips and tricks with our readers? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: check out our previous VSHN.timer editions about databases and storage: #111, #115, #138, #155, #158, and #199.

PS2: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS3: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

Adrian Kosmaczewski

Adrian Kosmaczewski ist bei VSHN für den Bereich Developer Relations zuständig. Er ist seit 1996 Software-Entwickler, Trainer und veröffentlichter Autor. Adrian hat einen Master in Informationstechnologie von der Universität Liverpool.

Kontaktiere uns

Unser Expertenteam steht für dich bereit. Im Notfall auch 24/7.

Kontakt
VSHN.timer

VSHN.timer #218: Should you Rust or should you Go?

26. Feb 2024

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week, darling, we’ve got to let you know, if you should Rust or you should Go.

1. Let’s start with a clash. Sylvain Kerkour, author of the successful Black Hat Rust book, argues that if you Go, there will be trouble, and if you Rust, it will be double. We know that this indecision is bugging you.

https://kerkour.com/should-i-rust-or-should-i-go

2. The Rust team announced the availability of Rust 1.76.0 earlier this month. This release is relatively minor, with ABI compatibility updates for function pointers, a new mechanism to get descriptive names from type references, and some stabilized APIs. It’s always tease, tease, tease.

https://blog.rust-lang.org/2024/02/08/Rust-1.76.0.html

3. Zed is a high-performance, multiplayer code editor from the creators of Atom and Tree-sitter. It’s fast (really fast, thanks to GPU rendering!), open source… and it’s written in Rust. For the moment, only available for macOS, because one day it’s fine, and next it’s black.

https://zed.dev/

4. UV is an extremely fast Python package installer and resolver, and (guess what) it’s written in Rust. Designed as a drop-in replacement for pip and pip-compile, and 10 to 100 times faster! It’s been tested with the top 10,000 PyPI packages, because otherwise, you’ll be here till the end of time.

https://github.com/astral-sh/uv

5. rustic is a backup tool that provides fast, encrypted, deduplicated backups. It reads and writes to standards restic repositories, and can be used as a restic replacement in most cases. And it’s written in Rust! If you don’t want backups, well, we’re not happy when you’re on your knees.

https://rustic.cli.rs/

Do you Rust or do you Go? Exactly whom are we supposed to be? Would you like to share some Rust tips and tricks with our readers, or do you want us off your back? So come on and let us know, and see you next week for another edition of VSHN.timer.

PS: check out our previous VSHN.timer editions about programming: #18, #30, #33, #47, #50, #60, #77, #88, #101, #103, #122, #137, #160, #174, and #198.

PS2: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS3: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

Adrian Kosmaczewski

Adrian Kosmaczewski ist bei VSHN für den Bereich Developer Relations zuständig. Er ist seit 1996 Software-Entwickler, Trainer und veröffentlichter Autor. Adrian hat einen Master in Informationstechnologie von der Universität Liverpool.

Kontaktiere uns

Unser Expertenteam steht für dich bereit. Im Notfall auch 24/7.

Kontakt
VSHN.timer

VSHN.timer #217: Getting More out of your GitOps Platform

19. Feb 2024

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about the latest news in the world of GitLab, GitHub, Gitea, Forgejo, and anything else remotely related to Git.

1. Our founder Tobias Brunner has written a post about the new Gitea Actions on his blog, with useful information about setting up runners, configuring instances, and in particular, how to build container images with it. Check it out!

https://tobru.ch/gitea-actions-container-builds/

2. Last month, GitLab released new versions of its flagship software, addressing critical security updates. Have you upgraded your instances yet?

https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/

3. Yorick Peterse, a software developer from the Netherlands, wrote an interesting account of his time at GitLab, structured into two main sections: an overview of his time at GitLab, and a collection of things he learned as a result of this experience.

https://yorickpeterse.com/articles/what-it-was-like-working-for-gitlab/

4. GitHub uses MySQL to store vast amounts of relational data. This is the story of how the GitHub team seamlessly upgraded their production fleet to MySQL 8.0.

https://github.blog/2023-12-07-upgrading-github-com-to-mysql-8-0/

5. The GitHub team is hard at work making it ready for IPv6, which has caused performance degradations recently. But they’re not ready yet, at least at the time of this writing.

https://isgithubipv6.live/

Are you eagerly waiting for IPv6 support in GitHub? Are you already using Gitea or Forgejo in production? Would you like to share some Git tips and tricks with our readers? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: check out our previous VSHN.timer editions about Git, GitOps, GitHub, GitLab, and Gitea: #10, #48, #68, #83, #98, #119, #139, #150, #173, and #196.

PS2: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

Adrian Kosmaczewski

Adrian Kosmaczewski ist bei VSHN für den Bereich Developer Relations zuständig. Er ist seit 1996 Software-Entwickler, Trainer und veröffentlichter Autor. Adrian hat einen Master in Informationstechnologie von der Universität Liverpool.

Kontaktiere uns

Unser Expertenteam steht für dich bereit. Im Notfall auch 24/7.

Kontakt
VSHN.timer

VSHN.timer #216: New Products on the Radar

5. Feb 2024

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about some useful new tools we’ve been spotting and discovering lately.

1. Despite what Microsoft would make us believe, Visual Studio Code is not the only game in town. Zed is a high-performance, multiplayer code editor from the creators of Atom and Tree-sitter. It’s also open source!

https://zed.dev/

2. DevDocs combines multiple API documentations (frameworks, programming languages, DevOps tools…) in a fast, organized, and searchable interface. Think Zeal or Dash, but on the web.

https://devdocs.io/

3. More tooling for better documentation: Penrose is a platform that enables people to create beautiful diagrams just by typing notation in plain text. Although at VSHN we’re big fans of Kroki for that.

https://penrose.cs.cmu.edu/

4. How do you document your database schemas? dbdocs creates web-based database documentation using DSL code, and dbdiagram helps you draw ER diagrams by just writing code.

https://dbdocs.io/

5. Domain Digger and dns.toys have proven extremely helpful in diagnosing those pesky DNS configuration errors that plague our lives.

https://www.dns.toys/

6. BONUS: Quickemu quickly creates and runs highly optimised desktop virtual machines for Linux, macOS and Windows… with just two commands!

https://github.com/quickemu-project/quickemu

How do you document your code and infrastructure? Do you apply the mantra of „Documentation as Code“? Would you like to share some other noteworthy products with our audience? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: check out our previous VSHN.timer editions about products: #114, #134, #167, and #192.

PS2: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS3: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

Adrian Kosmaczewski

Adrian Kosmaczewski ist bei VSHN für den Bereich Developer Relations zuständig. Er ist seit 1996 Software-Entwickler, Trainer und veröffentlichter Autor. Adrian hat einen Master in Informationstechnologie von der Universität Liverpool.

Kontaktiere uns

Unser Expertenteam steht für dich bereit. Im Notfall auch 24/7.

Kontakt
Event Tech

Watch the Recording of „How to Keep Container Operations Steady and Cost-Effective in 2024“

1. Feb 2024

Yesterday took place the „How to Keep Container Operations Steady and Cost-Effective in 2024“ event on LinkedIn Live, and for those who couldn’t attend live, you can watch the recording here.

In a rapidly evolving tech landscape, staying ahead of the curve is crucial. This event that will equip you with the knowledge and tools needed to navigate container operations effectively while keeping costs in check.

In this session, we’ll explore best practices, industry insights, and practical tips to ensure your containerized applications run smoothly without breaking the bank.

We will cover:

  • Current Trends: Discover the latest trends shaping container operations in 2024.
  • Operational Stability: Learn strategies to keep your containerized applications running seamlessly.
  • Cost-Effective Practices: Explore tips to optimize costs without compromising performance.
  • Industry Insights: Gain valuable insights from real-world experiences and success stories.

Schedule:

17:30 – 17:35 – Welcome and Opening Remarks
17:35 – 17:50 – Navigating the Container Landscape: 2024 Trends & Insights
17:50 – 17:55 – VSHN’s Impact: A Spotlight on Our Market Presence
17:55 – 18:10 – Guide to Ensuring Steady Operations in Containerized Environments
18:10 – 18:25 – Optimizing Costs without Compromising Performance: A Practical Guide
18:25 – 18:30 -Taking Action: Implementing Best Practices for Container Operations
18:30 -> Q&A

Don’t miss out on this opportunity to set a solid foundation for your containerized applications in 2024.

Adrian Kosmaczewski

Adrian Kosmaczewski ist bei VSHN für den Bereich Developer Relations zuständig. Er ist seit 1996 Software-Entwickler, Trainer und veröffentlichter Autor. Adrian hat einen Master in Informationstechnologie von der Universität Liverpool.

Kontaktiere uns

Unser Expertenteam steht für dich bereit. Im Notfall auch 24/7.

Kontakt
VSHN.timer

VSHN.timer #215: The Rise of OpenTofu and Crossplane

29. Jan 2024

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about how OpenTofu and Crossplane are redefining the landscape of Infrastructure as Code.

1. After four months of work since its official announcement, the first stable version of OpenTofu was released a few days ago and is ready for production! In case you had not heard about it, OpenTofu is a community-driven, open-source, drop-in replacement fork of Terraform, and a Linux Foundation project.

https://opentofu.org/blog/opentofu-is-going-ga/

2. On the other side spectrum, Crossplane is steadily imposing itself as the definitive Cloud Native solution for IaC. In VSHN we’re proud to be an active member of the Crossplane community, and our CTO and Founder Tobias Brunner even spoke at the last Control Plane Day. We’ve been using Crossplane in production for a while now, for example in our AppCat product.

https://www.crossplane.io/community

3. Did you know that Crossplane recently celebrated 5 years? And did you know that in that time, the project got 85 releases, and more than 8300 stargazers, 1800 contributors, 86000 contributions, and 10300 Slack members? Here’s our best wishes to this project and its community!

https://blog.crossplane.io/crossplane-at-5-years-past-present-and-future-of-building-control-planes/

4. Upbound recently announced a practical application of Crossplane’s capabilities through a new reference implementation for Cloud Native Operational Excellence (CNOE). This example demonstrates how Crossplane serves as a valuable starting point for organizations navigating the complexities of cloud-native development.

https://blog.upbound.io/upbound-announces-new-crossplane-reference-implementation-for-cnoe

5. We recently talked about Kubernetes 1.29 in VSHN.timer, and in this blog post, the Crossplane team highlights a few key important updates for the Crossplane community, like the CRD Validation Expression Language, the validating admission policy, and more.

https://blog.crossplane.io/kubernetes-highlights-for-the-crossplane-community-k8s-1-29/

Have you migrated to OpenTofu or are you still using Terraform? Are you using Crossplane in production? Would you like to share some OpenTofu or Crossplane tips and tricks with our readers? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: check out our previous VSHN.timer editions about Terraform, OpenTofu, and Crossplane: #65, #82, #127, and #189.

PS2: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS3: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

Adrian Kosmaczewski

Adrian Kosmaczewski ist bei VSHN für den Bereich Developer Relations zuständig. Er ist seit 1996 Software-Entwickler, Trainer und veröffentlichter Autor. Adrian hat einen Master in Informationstechnologie von der Universität Liverpool.

Kontaktiere uns

Unser Expertenteam steht für dich bereit. Im Notfall auch 24/7.

Kontakt
VSHN.timer

VSHN.timer #214: Switch to Firefox

22. Jan 2024

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about the love we owe to Firefox and all the products and projects in the Open Source world.

But before that: you are invited to a free online event next week on LinkedIn, where we’ll explore best practices, industry insights, and practical tips to ensure your containerized applications run smoothly without breaking the bank.

1. Firefox deserves more love. We agree with Roy Tanck when he says that if there’s one tech New Year’s resolution to uphold, it’s switching to the only remaining ethical web browser, Firefox. Not only because our poor preferred browser is on the brink of extinction, but also because it’s actually excellent.

https://roytanck.com/2023/12/23/in-2024-please-switch-to-firefox/

2. What moments marked 2023 in the world of technology? Bram Molenaar passed away; companies are leaving the cloud behind; Log 4j and OpenWrt both celebrated their 20th anniversary; it’s been 30 years since Windows NT; and a lot more happened in the Open Source world.

https://linuxiac.com/2023s-moments-that-marked-the-open-source-world/

3. Bruce Perens, one of the founders of the Open Source movement, is ready for what comes next: the Post-Open Source movement. He says there are several pressing problems that the open source community needs to address.

https://news.slashdot.org/story/23/12/27/2126224/what-comes-after-open-source-bruce-perens-is-working-on-it

4. On December 29th, a package titled everything was published to the JavaScript & TypeScript NPM registry… designed to install all other public packages in the registry. Apparently, a prank went wrong. Oops.

https://www.scmagazine.com/news/npm-registry-prank-leaves-developers-unable-to-unpublish-packages

5. FrankenPHP is a modern application server for PHP built on top of our beloved Caddy web server. It gives superpowers to your PHP apps thanks to its stunning features: worker mode, real-time capabilities, automatic HTTPS, HTTP/2, and HTTP/3 support… It even has the ability to embed the source code and assets of PHP applications in a static, self-contained binary.

https://frankenphp.dev/

Are you more of a Firefox or a Chrome kind of person? Did you find the NPM prank funny? Would you like to share some Open Source experiences with our audience? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: check out our previous VSHN.timer editions about Open Source: #152, #170, #191, and #194.

PS2: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS3: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

Adrian Kosmaczewski

Adrian Kosmaczewski ist bei VSHN für den Bereich Developer Relations zuständig. Er ist seit 1996 Software-Entwickler, Trainer und veröffentlichter Autor. Adrian hat einen Master in Informationstechnologie von der Universität Liverpool.

Kontaktiere uns

Unser Expertenteam steht für dich bereit. Im Notfall auch 24/7.

Kontakt
VSHN.timer

VSHN.timer #213: The Latest and Greatest DevOps Tools

15. Jan 2024

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about some noteworthy DevOps tools we’ve recently come across.

1. Are you a BorgBackup user? Then check BorgWarehouse out: it’s a fast and modern WebUI for a BorgBackup’s central repository server.

https://borgwarehouse.com/

2. PipeCD is a GitOps style continuous delivery platform that provides consistent deployment and operations experience for any application.

https://pipecd.dev/

3. 🧐 Monokle streamlines the process of creating, analyzing, and deploying Kubernetes configurations by providing a unified visual tool for authoring YAML manifests, validating policies, and managing live clusters.

https://monokle.io/

4. Great news! After four months of work, the first stable release of OpenTofu, a community-driven open source fork of Terraform, has just been released.

https://opentofu.org/blog/opentofu-is-going-ga/

5. This Dockerfile is a fullstack server that includes a backend, a database and a UI, all in a single file starting with a shebang. Let me repeat: a Dockerfile with a shebang. What? Yup, what you just heard.

https://gist.github.com/adtac/595b5823ef73b329167b815757bbce9f

Do you shebang your Dockerfiles? Do you back your YAML up? Would you like to share any DevOps tips and tricks with our audience? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: check out our previous VSHN.timer editions about DevOps: #5, #13, #29, #31, #42, #110, #133, #153, #165, and #188.

PS2: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS3: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

Adrian Kosmaczewski

Adrian Kosmaczewski ist bei VSHN für den Bereich Developer Relations zuständig. Er ist seit 1996 Software-Entwickler, Trainer und veröffentlichter Autor. Adrian hat einen Master in Informationstechnologie von der Universität Liverpool.

Kontaktiere uns

Unser Expertenteam steht für dich bereit. Im Notfall auch 24/7.

Kontakt
VSHN.timer

VSHN.timer #212: Running a Business in 2024

8. Jan 2024

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about the many intricacies and possible successful outcomes of running a business.

1. Taylor Malmsheimer, Head of Strategy at Section (online learning service founded by Prof. Scott Galloway) recently compiled the 10 most important lessons they learned during a rocky 2023. First and foremost: quality of thought is what matters. Second: resist the temptation to say „this is how we do things.“

https://www.sectionschool.com/blog/10-lessons-from-running-a-startup-in-2023

2. Natalie Jacot, Owner & CEO of OHNI, shared on LinkedIn 10 things she learned running her company: First: the market is not oversaturated, but your supply is either poor or the demand is too small. Second: there is no such thing as too high a price, just too little value.

https://www.linkedin.com/posts/natalie-jacot-ohni_was-ich-die-letzten-4-jahre-als-ceo-gelernt-activity-7148027343855394816-IO3S/

3. Gergely Orosz has reported about a change in Section 174 of the US tax law that is apparently making bootstrapped software businesses completely unsustainable. His article also tells an interesting fact about Swiss-based companies, probably explaining the leadership of Switzerland in innovation.

https://blog.pragmaticengineer.com/section-174/

4. Right before Christmas we learned about our friends at Isovalent being acquired by Cisco! This is a great achievement, and we couldn’t be prouder to be early and enthusiastic adopters of their Cilium technology.

https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2023/m12/cisco-to-acquire-isovalent-to-define-the-future-of-multicloud-networking-and-security.html

5. Steph Ango, CEO of Obsidian, thinks that optimism is hard because it must be constantly reaffirmed. In the face of a hostile, cynical world, it takes effort to show that positivity has merit.

https://stephango.com/optimism

Are you optimist about 2024? What do you think is the key element that makes Switzerland so innovative? Would you like to share some business insight with our readers? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: check out our previous VSHN.timer editions about business: #15, #26, #35, #41, #70, #112, #141, #159, #176, and #181.

PS2: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS3: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

Adrian Kosmaczewski

Adrian Kosmaczewski ist bei VSHN für den Bereich Developer Relations zuständig. Er ist seit 1996 Software-Entwickler, Trainer und veröffentlichter Autor. Adrian hat einen Master in Informationstechnologie von der Universität Liverpool.

Kontaktiere uns

Unser Expertenteam steht für dich bereit. Im Notfall auch 24/7.

Kontakt
Allgemein

DevOps in Switzerland Survey 2024

3. Jan 2024

VSHN and Zühlke are thrilled to present together the DevOps in Switzerland Survey 2024!

Just like in previous years, we would like to know about the current state of DevOps in Switzerland. Our goal with this study is to investigate how you and your company understand DevOps and whether you already work according to DevOps principles. We would like to learn the current state of DevOps, the reasons for and against it, and where its development is headed. We will compare the results with the ones from previous years to draw conclusions and identify some key trends.

Survey

The survey is open until March 28th, 2024, and may be shared, forwarded, and retweeted with your peers. It will only take about 5 minutes of your time.

Take part in the DevOps in Switzerland 2024 survey here.

Why should you take part?

Seven years after VSHN’s first check on DevOps in Switzerland, it is time to take a closer look at its current state and adoption in 2024.

VSHN and Zühlke will prepare an (anonymized) report, „DevOps in Switzerland 2024„, in which we compare this year’s results with those of previous years to derive trends and better understand the development of DevOps. You will be asked for your email address at the end of the survey if you want to receive a copy.

And just like last year, we will have a prize draw! If you enter your details at the end, you’ll automatically enter a prize draw for one (1) Digitec / Galaxus voucher of 200 CHF or one (1) APPUiO Cloud voucher worth 200 CHF! We will contact the two winners privately and separately on Friday, March 29th, 2024. The terms and conditions are available.

Help us determine the current state of DevOps in Switzerland! Please take part in our study and tell us about your experience with DevOps and what role DevOps plays in your business.

We are already very excited to learn about results and trends. Thank you in advance for your participation!

Adrian Kosmaczewski

Adrian Kosmaczewski ist bei VSHN für den Bereich Developer Relations zuständig. Er ist seit 1996 Software-Entwickler, Trainer und veröffentlichter Autor. Adrian hat einen Master in Informationstechnologie von der Universität Liverpool.

Kontaktiere uns

Unser Expertenteam steht für dich bereit. Im Notfall auch 24/7.

Kontakt
Event

How to Keep Container Operations Steady and Cost-Effective in 2024

19. Dez 2023

In a rapidly evolving tech landscape, staying ahead of the curve is crucial. Join us for an event that will equip you with the knowledge and tools needed to navigate container operations effectively while keeping costs in check.

In this session, we’ll explore best practices, industry insights, and practical tips to ensure your containerized applications run smoothly without breaking the bank.

We will cover:

  • Current Trends: Discover the latest trends shaping container operations in 2024.
  • Operational Stability: Learn strategies to keep your containerized applications running seamlessly.
  • Cost-Effective Practices: Explore tips to optimize costs without compromising performance.
  • Industry Insights: Gain valuable insights from real-world experiences and success stories.

The event will also include a beer tasting, and an apéro. So don’t miss out on this opportunity to set a solid foundation for your containerized applications in 2024. Get your spot today!

Date: January 31st, 2024
Time: Talks 17:30-18:30 CET / Apéro 18:30-20:00 CET
Location: VSHN Tower, Neugasse 6, 8005 Zürich
Registration: click here to register!

Adrian Kosmaczewski

Adrian Kosmaczewski ist bei VSHN für den Bereich Developer Relations zuständig. Er ist seit 1996 Software-Entwickler, Trainer und veröffentlichter Autor. Adrian hat einen Master in Informationstechnologie von der Universität Liverpool.

Kontaktiere uns

Unser Expertenteam steht für dich bereit. Im Notfall auch 24/7.

Kontakt
VSHN.timer

VSHN.timer #211: Kubernetes v1.29 is Here!

18. Dez 2023

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about the latest release of Kubernetes and more news about our preferred container orchestrator ever.

1. Kubernetes v1.29, codenamed „Mandala“ (The Universe) is the last release of 2023 and consists of 49 enhancements! This release is inspired by the beautiful art form that is Mandala—a symbol of the universe in its perfection, reflecting the community’s interconnectedness.

https://kubernetes.io/blog/2023/12/13/kubernetes-v1-29-release/

2. If you’ve been working with Kubernetes, you’re likely familiar with the Ingress API, which has been the go-to solution for managing external access to services. ingress2gateway is a tool that can help you migrate from Ingress to Gateway API, recently graduated to GA.

https://kubernetes.io/blog/2023/10/25/introducing-ingress2gateway/

3. Tiffany Jernigan and Jérôme Petazzoni share in this Cloud Native Rejekts 2023 presentation 7 tricks (well, actually 19!) to improve your productivity and reduce your frustration with Kubernetes, ranging from running a local cluster, grepping JSON from kubectl, to connecting to services in other namespaces.

https://docs.google.com/presentation/d/1USQxt8ZaSSAZm6sKxXSjVAK6nPremThsavVOPOTZZXw/mobilepresent#slide=id.g22db6ec59cb_0_5

4. In the rapidly evolving field of container orchestration, Kubernetes reigns supreme. This post by Christian Haller from our friends at Puzzle explores Kubermatic, a potential alternative to other Kubernetes distributions.

https://www.puzzle.ch/de/blog/articles/2023/12/14/evaluating-kubermatic-as-a-kubernetes-distribution

5. Still a work in progress, kube-bind is a prototype project that aims to provide better support for service providers and consumers that reside in distinct Kubernetes clusters.

https://github.com/kube-bind/kube-bind

BONUS: There are still some Super Early Bird tickets for the Kubernetes Community Days Zürich 2024 available! Get yours now with a fantastic discount. Be quick!

https://tickets.kcdzurich.ch/

Are you migrating your clusters to Kubernetes v1.29 soon? What’s your preferred new feature? Would you like to share some Kubernetes tips and tricks with our readers? Get in touch with us, and see you next year for the first edition of VSHN.timer of 2024.

PS: check out our previous VSHN.timer editions about Kubernetes: #4, #8, #11, #14, #16, #19, #23, #37, #46, #49, #59, #64, #74, #82, #97, #99, #102, #109, #118, #126, #142, #146, #163, and #187.

PS2: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS3: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

Adrian Kosmaczewski

Adrian Kosmaczewski ist bei VSHN für den Bereich Developer Relations zuständig. Er ist seit 1996 Software-Entwickler, Trainer und veröffentlichter Autor. Adrian hat einen Master in Informationstechnologie von der Universität Liverpool.

Kontaktiere uns

Unser Expertenteam steht für dich bereit. Im Notfall auch 24/7.

Kontakt
VSHN.timer

VSHN.timer #210: The Return-to-Office Conundrum

11. Dez 2023

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about how businesses are trying to lure their employees back to the office.

1. An experiment in Return-to-Office (RTO) policies has ended. Expensify is shutting down its bar after six months of operation. The company’s focus will now switch to its „next bold RTO experiment“ involving food carts, live entertainment, and a beer concession. Party time!

https://sfist.com/2023/10/27/downtown-tech-office-shuts-down-its-free-cocktail-bar-for-employees-ceo-says-the-office-is-dead/

2. Benji Weber thinks that forcing RTO on teams with cultures that benefit from remote work will cause more harm than good, particularly for those people with long commutes, or working in noisy and cramped offices. Instead, managers should help teams craft their best environment. Do you agree?

https://benjiweber.co.uk/blog/2023/11/12/tragedy-of-return-to-hostile-offices/

3. Some organizations are so dysfunctional and dystopic that an employee can save them half a million dollars in about five minutes… just by clicking about five buttons. This is the story about why this happened and why it’s a disgrace that it was even possible.

https://ludic.mataroa.blog/blog/i-accidentally-saved-half-a-million-dollars/

4. According to the Hans Böckler Foundation, 75% of employees who switched to working from home during the pandemic want to keep that benefit. Home office and mobile work challenging for companies. How can they strike a balance between employee satisfaction and collaboration? (Article in German)

https://versus-online-magazine.com/de/artikel/teufelskreis-homeoffice/

5. During the past month, many wrote about their experience working for Google. What is it like? Here are the tales by one of the Socratic founders, by Dan Angell, and by Hixie who left after 18 years. Spoiler alert: Google is a complex corporation, and not all that glitters is gold.

https://danangell.com/blog/posts/i-skipped-to-the-ending/

Are you working in a WFH-friendly organization? How often do you go back to the office? Would you like to share your RTO tips and tricks with our readers? Get in touch with us, and see you next week for another edition of VSHN.timer.

PS: check out our previous VSHN.timer editions about PeopleOps: #7, #13, #15, #26, #35, #41, #52, #63, #85, #92, #116, #131, #154, and #175.

PS2: do you prefer reading VSHN.timer in your favorite RSS reader? Subscribe to this feed.

PS3: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

Adrian Kosmaczewski

Adrian Kosmaczewski ist bei VSHN für den Bereich Developer Relations zuständig. Er ist seit 1996 Software-Entwickler, Trainer und veröffentlichter Autor. Adrian hat einen Master in Informationstechnologie von der Universität Liverpool.

Kontaktiere uns

Unser Expertenteam steht für dich bereit. Im Notfall auch 24/7.

Kontakt