Reading List

Taking up the time to write up some things I've noted recently in #Kubernetes #Security explorations. This time it's the kube-proxy API. Some potentially…

💡𝗖𝘂𝗿𝗶𝗼𝘂𝘀 𝗮𝗯𝗼𝘂𝘁 𝘄𝗵𝗮𝘁 𝗵𝗮𝗽𝗽𝗲𝗻𝘀 𝘁𝗼 𝘆𝗼𝘂𝗿 #Graviton-𝗰𝗼𝗺𝗽𝗮𝘁𝗶𝗯𝗹𝗲 𝘄𝗼𝗿𝗸𝗹𝗼𝗮𝗱𝘀 𝘄𝗵𝗲𝗻 𝗮 𝗻𝗲𝘄 𝗴𝗲𝗻𝗲𝗿𝗮𝘁𝗶𝗼𝗻…

I freaking love @duckdb. I have CloudFront logs in S3, in their custom log format. DuckDB can auth to AWS using existing credentials and read files from S3 using a glob. The read_csv() function can even parse these gzipped log files and create a table with proper data types for each column without me having to do anything else.

A blog about making culture. Since 1999.

Attached: 1 video netbeep - An annoying little Chrome extension that beeps on each network request. Plays different sounds for different request types. Get an audio summary of your websites performance. Makes you appreciate simple, clean sites and ad blockers : https://github.com/combatwombat/netbeep Feedback welcome. The sound sometimes stops on slower machines. #webdev

You may wish to increase the open file limit as Rancher Desktop's default ulimit setting for pods may be too low, depending on your use case. This guide provides steps for increasing the open file limit using provisioning scripts alongside Rancher Desktop's internal processes.

I already had the impression OpenAI trained ChatGPT with Stack Overflow, curious to see how this improves the LLM or if it's just for preemptively mitigating…

Attached: 1 image I put Breakout (aka Brick Breaker) inside Google Calendar! It lets you decline any meetings you shatter. blog info + chrome extension link in thread!

It would be interesting to collect a trace of which processes write which files during a build, and then collect traces of all Debian package builds. The hacked xz build would be anomalous in that an object was written by an unusual program (xz, as opposed to gcc or clang), and also in that a few object files were overwritten or removed and recreated during the build. If that was a standard check, attackers would work around it, but it would be an interesting check today to look for more.

The evolution of software development over the past decade has been very frustrating. Little of it seems to makes sense, even to those of us who are right in the middle of it.

The ubiquitous messaging tool is used to run many a software engineering team, but are you using it right?

What is kexec? kexec is short for kernel execute. At a high level, it is analogous with the syscall exec. kexec replaces the memory of the currently loaded kernel image and begins executing the newly loaded kernel image. tl;dr it enables users to run new kernels without needing to do a full power cycle of a system. What is the value of kexec? Enables a "boot once" flow for testing a potentially problematic kernel.

The Tsugaru Railway runs through a remote and snowy part of Aomori Prefecture in northern Japan. As well as being a vital mode of transport for locals, especially in winter, the train has a potbelly stove and views of magical wintry landscapes that attract visitors from afar. Among the passengers are a high school student poised to move to Tokyo, and a man who returned here to his hometown after several decades away. For three days in midwinter, we hopped aboard the rustic train and asked the passengers what this railway means to them.

See at a glance whether your subway line is up and running with our new dashboard.

A list of egress costs for major cloud providers.

NVR with realtime local object detection for IP cameras

This article is for Linux Administrators who are trying to demystify eBPF.

eBPF program creation in practice – PID concealment (Part 1) This article is a tutorial on how to create an eBPF program using a tracepoint. If you’re not familiar with eBPF, you can refer to our introduction to eBPF, or to the official documentation What is a tracepoint? How do I create one with eBPF? […]

This week, we use tail calls and create our first application using hello-ebpf as a library.

eBPF is a set of tools that lets us inject programs into the Linux kernel at runtime, attaching them to events in the Kernel and user space, and doing interesting things with those events. Now we can extend the kernel without rebuilding, and as the programs are run through a

My first "public" rust project: A program to pipe audio from stdin to Discord (via a bot) https://github.com/ckcr4lyf/stdinman Discussions: https://discu.eu/q/https://github.com/ckcr4lyf/stdinman #programming #rustlang

You are probably busy studying for you exam right now, so I will try to be brief. In the following I...

SRE (Site Reliability Engineer) as coined by Google in 2003, came into prominence in 2016 with the release of “The SRE Book”. It defines a particular job in an engineering org. This job is mostly focused on of course, reliability, but also performance, observability/monitoring, code deployment, capacity planning, and many other adjacent activities. Some people say SRE is Google’s “version of DevOps” (aka a “DevOps implementation”). This is a little tricky to talk about, because DevOps, started as a rallying cry for shortening deployment times and adding more automation in the SDLC, has turned into a role itself.

Two attacks in an AWS environment that led to crypto mining and data exfiltration.

23 stories · Stories to help you understand Observability and OpenTelemetry