A curious story about S3 billing. So, AWS charges you for unauthorized access attempts to your buckets. Thus, it’s possible to create an attack to inflate someone’s AWS bill if you know the buckets’ names.
Honestly, I’m not sure what’s the moral of this story. Make your buckets private unless public access is strictly required. Do not use common names or if you have to, use prefixes or/and suffixes to distinguish buckets or randomize the names.
#aws #s3 #security
Honestly, I’m not sure what’s the moral of this story. Make your buckets private unless public access is strictly required. Do not use common names or if you have to, use prefixes or/and suffixes to distinguish buckets or randomize the names.
#aws #s3 #security
Medium
How an empty S3 bucket can make your AWS bill explode
Imagine you create an empty, private AWS S3 bucket in a region of your preference. What will your AWS bill be the next morning?
A couple of articles I stumbled upon when researching some things for work.
- You can use ARG in the FROM definition in a Dockerfile. I didn't know that it's possible. Back in a day I tried using ENV there and it didn't work, so I assumed it's non-configurable. Apparently, it is. You may argue if it's a good practice to alter the
- A workaround for Terraform's `default_tags` definition. This way you can "exclude" the
Again, these two articles have no relation whatsoever, just want to share them with you.
#aws #terraform #docker
- You can use ARG in the FROM definition in a Dockerfile. I didn't know that it's possible. Back in a day I tried using ENV there and it didn't work, so I assumed it's non-configurable. Apparently, it is. You may argue if it's a good practice to alter the
FROM
configuration this way, but I can clearly see use cases for that.- A workaround for Terraform's `default_tags` definition. This way you can "exclude" the
default_tags
for some resoures in Terraform. For example, if you're using the default
subnets, etc. that were imported in Terraform. You cannot change tags for those things in AWS, so you need to workaround that. Again, using default
s in AWS is probably not a good practice, but sometimes those things are in use for historical reasons, etc.Again, these two articles have no relation whatsoever, just want to share them with you.
#aws #terraform #docker
DEV Community
Terraform: Prevent default_tags on a specific resource
Prevent AWS default_tags from being applied to a specific resource
A friend of mine is raising funds for an FPV complex for his brother that works as an instructor in the Foreign Legion.
Monobank Jar:
https://send.monobank.ua/jar/2P9ANBRRp4
Card number: 5375411213105070
The goal is 125k UAH and we're almost there.
You can find more info about this fundraiser (in Ukrainian) via these links:
- https://www.instagram.com/reel/C6eCeExtr9B/?igsh=MXM2aHJ4NTc3ejB6eQ==
- https://www.facebook.com/share/v/BvQUapoc2j7jyr3E/?
Monobank Jar:
https://send.monobank.ua/jar/2P9ANBRRp4
Card number: 5375411213105070
The goal is 125k UAH and we're almost there.
You can find more info about this fundraiser (in Ukrainian) via these links:
- https://www.instagram.com/reel/C6eCeExtr9B/?igsh=MXM2aHJ4NTc3ejB6eQ==
- https://www.facebook.com/share/v/BvQUapoc2j7jyr3E/?
Go is super popular in platform engineering. Just recently I participated in a discussion about it on Reddit :D
And at last, HumbleBundle has a book collection dedicated to this language!
#go #programming #books
And at last, HumbleBundle has a book collection dedicated to this language!
#go #programming #books
Humble Bundle
Golang Programming by Packt
Add the powerful open source language Go to your programming repertoire with this bundle of 19 books! Your purchase helps Save the Children.
The biggest problem in software engineering is distractions.
This is what this article is about. So, I have distracted myself to read it and now I'm distracting you with this post.
Enjoy!
#culture
This is what this article is about. So, I have distracted myself to read it and now I'm distracting you with this post.
Enjoy!
#culture
Leading Developers
Distracting software engineers is much more harmful than you think
Why software engineers MUST have no-distractions time
This may not classify as a technical post per-se, but apparently you can run amplification attacks using Mastodon - a popular open-source decentralized social network.
The idea is very simple: when you post a link, it will try to fetch a preview. Since this is a decentralized platform, each federated node will try to fetch assets on its own.
And this issue just exists. Frankly, I don’t think the mitigation is any different from a generic DDoS protection. It’s just an interesting fact about federated social networks.
P.S. Now, I wonder if Blue Sky has this problem as well.
#security
The idea is very simple: when you post a link, it will try to fetch a preview. Since this is a decentralized platform, each federated node will try to fetch assets on its own.
And this issue just exists. Frankly, I don’t think the mitigation is any different from a generic DDoS protection. It’s just an interesting fact about federated social networks.
P.S. Now, I wonder if Blue Sky has this problem as well.
#security
It's FOSS News
Please Don’t Share Our Links on Mastodon: Here’s Why!
We need to talk about this problem. Should Mastodon step up?
A new issue of the CatOps digest is here, even though it's one week late:
https://newsletter.catops.dev/p/catops-digest-2024-05-12
#digest #newsletter
https://newsletter.catops.dev/p/catops-digest-2024-05-12
#digest #newsletter
newsletter.catops.dev
CatOps Digest 2024-05-12
What was on CatOps in the last few weeks…
Dzyga's Paw foundation raises money for anti-drone systems, which are crucially important for our defenders.
You can read more about this fundraiser here.
The goal is $30 000.
#donations #Ukraine
You can read more about this fundraiser here.
The goal is $30 000.
#donations #Ukraine
Some say that 2024 will finally be a year of serverlessless /s
So, here’s a comparison from Ahrefs of their costs of running physical data centers vs running in a cloud.
However, many these comparisons lack an important point. At least, Ahrefs acknowledges that:
Their solution? Hire all those people laid off from Big Tech!
My brother in Christ, system engineers are the last to be laid off…
P.S. It’s quite ironic to post this article from the AWS Summit :D
#aws #cloud
So, here’s a comparison from Ahrefs of their costs of running physical data centers vs running in a cloud.
However, many these comparisons lack an important point. At least, Ahrefs acknowledges that:
article doesn’t take into account other aspects that would make the comparison even more complicated. These include people skills, financial controls, cash flow, capacity planning depending on the load type, etc.
Their solution? Hire all those people laid off from Big Tech!
My brother in Christ, system engineers are the last to be laid off…
P.S. It’s quite ironic to post this article from the AWS Summit :D
#aws #cloud
Medium
How Ahrefs Saved US$400M in 3 Years by NOT Going to the Cloud
Clouds for IT infrastructure are so popular lately that moving into the cloud has become a trend. Infrastructure as a service (IaaS) cloud provides multiple advantages: flexibility, low time for…
We are all aware of questions like: "What happens when you type google.com in a browser?" or "What happens when you do kubectl apply?", but do you know What Happens on GitLab When You do git push?
nanmu42
What Happens on GitLab When You do git push?
Ever wondered how Git and GitLab operate under the hood? Grab your favorite IDE and join me on an exploratory journey into the mechanics of these tools!
There are discounts on Linux Foundation’s courses again.
So, if you want to get certified, it might be a good chance now!
#courses
So, if you want to get certified, it might be a good chance now!
#courses
Linux Foundation - Training
Linux Foundation Training - Further YOUR Education: Save up to 50% today!
If you've been waiting to get trained or certified in Linux, Kubernetes, Node.JS, Hyperledger or other open source projects, The Linux Foundation is discounting training courses, bundles, and certification exams up to 50% off thru May 21!
As you may have already heard, there's a new joint fundraiser by the Comeback Alive foundation and DOU.ua.
The goal is to raise 50M UAH for equipment for the 95th Assault Brigade. They also have a raffle for a car among those who has donated between 18th of May and 24th of August. So, I dunno, maybe you also need a car.
#donations #Ukraine
The goal is to raise 50M UAH for equipment for the 95th Assault Brigade. They also have a raffle for a car among those who has donated between 18th of May and 24th of August. So, I dunno, maybe you also need a car.
#donations #Ukraine
DOU
«Загін ІТ: Місія 50 мільйонів». Виграйте нове авто за донат «Повернись живим» і ДШВ
Такого ще не було. DOU і "Повернись живим" оголошують амбітний збір — 50 000 000 грн для 95-ї бригади ДШВ. А ще — розігруємо абсолютно нову Mazda CX-5 за ваші донати!
This channel was created exactly 7 years ago. So yeah, today is CatOps' bithday!
Fun fact: this channel had a different name when it was created, but was renamed to CatOps shortly after.
Another fact: y'all know that I usually post donation requests on Mondays, but again, we kinda have a special occasion today. There's a long-standing tradition to give presents on one's birthday. You can give CatOps a little birthday present by donating for FPV drones for Territorial Defense of Mykolaiv.
Each 20k UAH is a single drone, so let's see how many we can get! You can donate via this Monobank jar:
https://send.monobank.ua/jar/3u6w8ar23z
to this card directly: 5375 4112 1759 7652
#catops #birthday #donations #Ukraine
Fun fact: this channel had a different name when it was created, but was renamed to CatOps shortly after.
Another fact: y'all know that I usually post donation requests on Mondays, but again, we kinda have a special occasion today. There's a long-standing tradition to give presents on one's birthday. You can give CatOps a little birthday present by donating for FPV drones for Territorial Defense of Mykolaiv.
Each 20k UAH is a single drone, so let's see how many we can get! You can donate via this Monobank jar:
https://send.monobank.ua/jar/3u6w8ar23z
to this card directly: 5375 4112 1759 7652
#catops #birthday #donations #Ukraine
Another book bundle for y’all!
This time it specifically focuses on DevOps.
One of the books there - “How Linux Works” was a book I used to learn Linux back in a day. I have been always recommending it and I cannot recommend it more.
So yeah, that’s a good bundle. I would buy it just for that one book. However, there are some other great books as well.
#books
This time it specifically focuses on DevOps.
One of the books there - “How Linux Works” was a book I used to learn Linux back in a day. I have been always recommending it and I cannot recommend it more.
So yeah, that’s a good bundle. I would buy it just for that one book. However, there are some other great books as well.
#books
Humble Bundle
Humble Tech Book Bundle: Networking, Sysadmin, and DevOps by No Starch
IT pros, this book bundle will get you up to speed with DevOps, teach you Linux tips and tricks, and demystify containerization. Your purchase helps charity!
An old but great article about load balancing by Matt Klein - the creator of Envoy Proxy.
"Load balancing" is the term we often throw around, so it's always a good thing to take a glance on how does it work.
Another old article is a comparison of the circuit breaking functionality between Envoy (and inherently Istio) and Netflix Hystrix, which is a dedicated circuit breaker library.
#networking
"Load balancing" is the term we often throw around, so it's always a good thing to take a glance on how does it work.
Another old article is a comparison of the circuit breaking functionality between Envoy (and inherently Istio) and Netflix Hystrix, which is a dedicated circuit breaker library.
#networking
Medium
Introduction to modern network load balancing and proxying
It was brought to my attention recently that there is a dearth of introductory educational material available about modern network load…
Yet another DevOps books bundle by Packt.
I’m not familiar with many of these books, so I cannot vouch for any of them, but this bundle is also cheaper compared to those from O’Reilly.
#books
I’m not familiar with many of these books, so I cannot vouch for any of them, but this bundle is also cheaper compared to those from O’Reilly.
#books
Humble Bundle
Humble Tech Book Bundle: CI/CD Mastery for Cloud Infrastructure by Packt
This CI/CD book bundle will skyrocket your career with cloud-critical skills! Master Docker, cloud architecture, & more! Your purchase helps First Book.
As you may know, I'm a part of the DevOps Days Ukraine organizers committee, and I'm proud to finally present you this year conference!
This year, the focus of the conference is security.
We'll discuss context-based security, cloud hacking scenarios, information security in the cloud, defense against cyberattacks and the complexities of cyber warfare, vulnerability management implementation with AWS services, OWASP Top Web Application Security Risks, and more.
Just to name a few speakers: Nazar Tymoshyk — CERT-UA State Communications Engineer, Anastasiia Voitova — Head of Security Engineering at Cossack Labs, Brian Tarbox — Principal Solutions Architect at Caylent, Rotem Refael — Director of Engineering and open-source ARMO, and many more!
Check out the agenda & register for free 👉 https://www.devopsdays.com.ua
When? June 4-5
Where? Online
And of course, there are going to be open space discussions after each day of the conference!
See you there!
This year, the focus of the conference is security.
We'll discuss context-based security, cloud hacking scenarios, information security in the cloud, defense against cyberattacks and the complexities of cyber warfare, vulnerability management implementation with AWS services, OWASP Top Web Application Security Risks, and more.
Just to name a few speakers: Nazar Tymoshyk — CERT-UA State Communications Engineer, Anastasiia Voitova — Head of Security Engineering at Cossack Labs, Brian Tarbox — Principal Solutions Architect at Caylent, Rotem Refael — Director of Engineering and open-source ARMO, and many more!
Check out the agenda & register for free 👉 https://www.devopsdays.com.ua
When? June 4-5
Where? Online
And of course, there are going to be open space discussions after each day of the conference!
See you there!
DevOpsDays -
DevOpsDays: Let’s Talk Security - DevOpsDays
Let's Talk Security conference by DevOpsDays Ukraine community. We'll discuss context-based security, cloud hacking scenarios, cyberattacks and the complexities of cyber warfare, vulnerability management implementation with AWS and more. Participation is…
A month ago I had a talk about Renovate after 1 year of its use (in Ukrainian)
Recording - https://youtu.be/zePUpFGWbFM
Slides - https://tinyurl.com/gen-renovate
#slides
Recording - https://youtu.be/zePUpFGWbFM
Slides - https://tinyurl.com/gen-renovate
#slides
YouTube
Genesis DevOps Community | Renovate: рік використання. Що накручено згори і чому
A nice read about ArgoCD.
What I especially liked about it is that it goes beyond your typical “hello world” examples and also touches topics like multi cluster deploys, app-of-apps pattern, and encryption.
#argocd #cicd
What I especially liked about it is that it goes beyond your typical “hello world” examples and also touches topics like multi cluster deploys, app-of-apps pattern, and encryption.
#argocd #cicd
a-cup-of.coffee
ArgoCD from A to Y
In this article, I provide you with a first definition of what GitOps is and how to implement it with ArgoCD in a Kubernetes environment.