Always use UTC on your servers, as [WayBack] Yeller – The Worst Server Setup Mistake You Can Make: Setting the timezone to anything other than UTC.
Many many reasons. For me the number 1 is sanity.
–jeroen
Archive for the ‘Infrastructure’ Category
Yeller – The Worst Server Setup Mistake You Can Make
Posted by jpluimers on 2019/07/05
Posted in Infrastructure, Power User | Leave a Comment »
Friday Deploys, and other harmful BOFH memes – The Isoblog.
Posted by jpluimers on 2019/06/05
The answer to the meme on the right:
If you are having problems deploying on a Friday, you will have them at any time of the week. Your processes are broken.
Source: [WayBack] Friday Deploys, and other harmful BOFH memes – The Isoblog.
via: [WayBack] Friday Deploys and other harmful BOFH memes – they need to die in a fire… – Kristian Köhntopp – Google+
Kristian argues that people finding the meme funny should get fired.
I still find it funny. Both in a way that I’m surprised so many BOFH are still there, as well as being happy that on many occasions I’ve helped making this a thing of the past or at least make organisations aware of the deployment risks and how to cope with them.
Do I need to change? Definitely: life is all about learning new things every day and change because of that.
Do I need go get out of a job or a new job? Likely at some point because life is all about change. Hopefully I’ve learned enough by then to find another gig where – in addition to applying my tech skills – I can spread awareness and knowledge. And learn new things. Did I tell about life is all about learning?
Related: [WayBack] by michielrook.nl:
https://speakerdeck.com/mrook/i-deploy-on-fridays-and-maybe-you-should-too
Via: [WayBack] @michieltcs: I deploy on Fridays (and maybe you should too): https://speakerdeck.com/mrook/i-deploy-on-
–jeroen
Share this:
Posted in Development, DevOps, Power User | 1 Comment »
How much is Google Cloud Latency between Regions?
Posted by jpluimers on 2019/01/11
Interesting post which links to an on-line overview of the current latencies:
- [WayBack] How much is Google Cloud Latency between Regions?
- [Archive.is] Results for downlink, latency and dns tests from your connection to Google Cloud Platform Google Cloud Platform Network Test | CloudHarmony
Does anybody know about similar information about other big cloud providers like Amazon and Azure?
–jeroen
Share this:
Posted in Cloud, GCP Google Cloud Platform, Infrastructure, Internet, Power User, SpeedTest | Leave a Comment »
DBA Blog 2.0: Installing Zabbix into Azure using a MySQL PaaS
Posted by jpluimers on 2019/01/04
Interesting: [WayBack] DBA Blog 2.0: Installing Zabbix into Azure using a MySQL PaaS
–jeroen
Share this:
Posted in *nix, Azure Cloud, Cloud, Cloud Development, Development, Infrastructure, Monitoring, Power User, Software Development, Windows Azure, Zabbix | Leave a Comment »
Start-up or Pokémon? Big-data or Pokémon?
Posted by jpluimers on 2018/12/17
Remember the introduction of Pokémon during summer 2016? Despite usage being far less by now ([WayBack] 80 Amazing Pokemon Go Statistics and Facts) you might still recollect the odd names the Pokémon Go characters in the Pokédex had: [WayBack] List of Pokémon – Wikipedia.
Back then I had the vague sense that some names reminded me of species, and others of companies. Both appeared to be true, for instance [WayBack] Seel looks awfully familiar to Seal. Domo has many meanings (including a Dutch dairy desert). Oh, and [WayBack] Gloom has quite a few meanings so I’m OK with being confused.
So I was amused bumping into these a while back: Pokémon names versus those of names of start-up and big-data companies:
- [WayBack: Startup or Pokémon]
- Newest[WayBack] Is it Pokemon or Big Data ?
Is it a Pokemon or a BigData tech?
- New [WayBack] Is it Pokémon or #bigdata technology? (it uses some direct Japanese -> English translations of Pokémon so it’s extra hard).
You is able to tell which nonsense word is Pokémon character and which is the latest craze in #bigdata technology? You just might qualify as #bigdata expert. Much success!
- Old [Archive.is] Is it Pokémon or #bigdata technology?
You is able to tell which nonsense word is Pokémon character and which is the latest craze in #bigdata technology? You just might qualify as #bigdata expert. Much success!
The quizes also have very funny descriptions of what the companies behind the names stand (stood?) for, like “Hadoop is distributed system for counting words”.
Via many, including:
- [WayBack] I failed at 7 questions: Is it Pokémon or #bigdata technology?…. – Fabian S. Biehn – Google+
- [WayBack Image] [WayBack] Big Data Borat @BigDataBorat Follow More Result of Pokémon or #bigdata survey in
- [WayBack] HN Search powered by Algolia: startup or pokemon
- [WayBack] Is it Pokémon or big data technology? | Hacker News
- [WayBack] Take the Test: Big Data or Pokémon? – The New Stack
Maybe I should turn the GitHub repository in to a Google Assistant Trivia questionaire using a Google Sheet.
–jeroen
Share this:
Posted in Cloud, Fun, Infrastructure, Power User | Leave a Comment »
Update NOW! CVE-2018-1002105, with root access. Kubernetes’ first major security hole discovered | ZDNet
Posted by jpluimers on 2018/12/04
From [WayBack] Kubernetes’ first major security hole discovered | ZDNet in reverse order:
Fortunately, there is a fix, but some of you aren’t going to like it. You must upgrade Kubernetes. Now. Specifically, there are patched version of Kubernetes [WayBack] v1.10.11, [WayBack] v1.11.5, [WayBack] v1.12.3, and [WayBack] v1.13.0-rc.1.
…
[WayBack] Red Hat said, “The privilege escalation flaw makes it possible for any user to gain full administrator privileges on any compute node being run in a Kubernetes pod. [WayBack] This is a big deal. Not only can this actor steal sensitive data or inject malicious code, but they can also bring down production applications and services from within an organization’s firewall.”
…
And the bug, [WayBack] CVE-2018-1002105, aka the Kubernetes privilege escalation flaw, is a doozy. It’s a [WayBack] CVSS 9.8 critical security hole.
Via [WayBack] Kubernetes’ first major security hole discovered | ZDNet – Ondrej Kelle – Google+
–jeroen
Share this:
Posted in Cloud, Containers, Docker, Infrastructure, Kubernetes (k8n), Power User, Security | Leave a Comment »
In operations, code is not your friend. Make things simple, make them boring …
Posted by jpluimers on 2018/11/21
Painful lesson learned a while ago: In operations, code is not your friend. Make things simple, make them boring and make them obvious, and keep an eye on the configuration complexity cloc… – Kristian Köhntopp – Google+
Share this:
Posted in Cloud, Development, DevOps, Infrastructure, Software Development | Leave a Comment »
You are not Google (use UNPHAT) – The Isoblog.
Posted by jpluimers on 2018/11/02
and you are not Amazon or LinkedIn either.
Next time you find yourself Googling some cool new technology to (re)build your architecture around, I urge you to stop and follow UNPHAT instead:
- Understand problem
- eNumerate candidate solutions
- Papers of candidates
- Historical context of candidates
- Advantages/disadvantages
- Think!
More elaborate abstract: [WayBack] You are not Google (use UNPHAT) – The Isoblog.
Original article: [WayBack] You Are Not Google – Bradfield.
–jeroen
Share this:
Posted in Infrastructure, LifeHacker, Power User | Leave a Comment »
The Ridiculous Bandwidth Costs of Amazon, Google and Microsoft Cloud Computing – Arador
Posted by jpluimers on 2018/10/26
In this article I compare the costs of network bandwidth transferred out of Amazon EC2, Google Cloud Platform, Microsoft Azure and Amazon Lightsail.
Bandwidth costs are one of the most ridiculously expensive components of cloud computing, and there are some serious inconsistencies in the industry, especially with Amazon.
[…]
If you move a significant amount of data you should think twice before moving to the cloud, these bandwidth prices are truly ridiculous and there’s no way they can be justified when compared to colocation facilities.
Source: [Archive.is] The Ridiculous Bandwidth Costs of Amazon, Google and Microsoft Cloud Computing – Arador
–jeroen
Share this:
Posted in Amazon.com/.de/.fr/.uk/..., Cloud, Containers, Infrastructure, Power User | Leave a Comment »
GitHub – yandex/gixy: Nginx configuration static analyzer
Posted by jpluimers on 2018/10/26
[WayBack] GitHub – yandex/gixy: Nginx configuration static analyzer
Gixy is a tool to analyze Nginx configuration. The main goal of Gixy is to prevent security misconfiguration and automate flaw detection.
…
Right now Gixy can find:
- [ssrf] Server Side Request Forgery
- [http_splitting] HTTP Splitting
- [origins] Problems with referrer/origin validation
- [add_header_redefinition] Redefining of response headers by “add_header” directive
- [host_spoofing] Request’s Host header forgery
- [valid_referers] none in valid_referers
- [add_header_multiline] Multiline response headers
- [alias_traversal] Path traversal via misconfigured alias
You can find things that Gixy is learning to detect at Issues labeled with “new plugin”
This helps you prevent an nginx configuration issue that can server too many static content by using ../ in the web request which got a lot of attention last week, but was in fact already found during 2016 HCTF by Aklis, and presented by Orange Tsai (twitter/github/blog) various times in 2018, including [WayBack] hack.lu 2018.
.
Related:
- [WayBack] htctf 你没走过的套路 – Th1s’s Bl0g which has a very good Google Translate
- Earlier presentation by Orange Tsai at blackhat 2018 USA: [WayBack] us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf
- [WayBack] x0rz en Twitter: “Nginx off-by-slash vulnerability, cool trick presented by @orange_8361 at #hacklu… “
- [WayBack] Orange Tsai on Twitter: “Be careful the Nginx configuration, or use https://github.com/yandex/gixy to scan your configuration!… “
- [WayBack] Orange: This is 🍊 speaking
- [WayBack] Talks – hack.lu 2018
- hack.lu 2018 videos are being uploaded at https://www.youtube.com/channel/UCI6B0zYvK-7FdM0Vgh3v3Tg/videos
- [WaBack] Hier ein Hackerterrorcybercyber gegen nginx. twitter… – Kristian Köhntopp – Google+
–jeroen
Share this:
Posted in *nix, DevOps, nginx, Power User, Security | Leave a Comment »
The Wiert Corner - irregular stream of stuff 