The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,641 other followers

Archive for the ‘Infrastructure’ Category

Update NOW! CVE-2018-1002105, with root access. ​Kubernetes’ first major security hole discovered | ZDNet

Posted by jpluimers on 2018/12/04

From [WayBack] ​Kubernetes’ first major security hole discovered | ZDNet in reverse order:

Fortunately, there is a fix, but some of you aren’t going to like it. You must upgrade Kubernetes. Now. Specifically, there are patched version of Kubernetes [WayBackv1.10.11,  [WayBack] v1.11.5, [WayBackv1.12.3, and [WayBackv1.13.0-rc.1.

[WayBack] Red Hat said, “The privilege escalation flaw makes it possible for any user to gain full administrator privileges on any compute node being run in a Kubernetes pod. [WayBackThis is a big deal. Not only can this actor steal sensitive data or inject malicious code, but they can also bring down production applications and services from within an organization’s firewall.”

And the bug, [WayBackCVE-2018-1002105, aka the Kubernetes privilege escalation flaw, is a doozy. It’s a [WayBackCVSS 9.8 critical security hole.

Via [WayBack] ​Kubernetes’ first major security hole discovered | ZDNet – Ondrej Kelle – Google+

–jeroen

Posted in Cloud, Containers, Docker, Infrastructure, Kubernetes (k8n), Power User, Security | Leave a Comment »

In operations, code is not your friend. Make things simple, make them boring …

Posted by jpluimers on 2018/11/21

Painful lesson learned a while ago: In operations, code is not your friend. Make things simple, make them boring and make them obvious, and keep an eye on the configuration complexity cloc… – Kristian Köhntopp – Google+

Read the rest of this entry »

Posted in Cloud, Development, DevOps, Infrastructure, Software Development | Leave a Comment »

You are not Google (use UNPHAT) – The Isoblog.

Posted by jpluimers on 2018/11/02

and you are not Amazon or LinkedIn either.

Next time you find yourself Googling some cool new technology to (re)build your architecture around, I urge you to stop and follow UNPHAT instead:

  • Understand problem
  • eNumerate candidate solutions
  • Papers of candidates
  • Historical context of candidates
  • Advantages/disadvantages
  • Think!

More elaborate abstract: [WayBackYou are not Google (use UNPHAT) – The Isoblog.

Original article: [WayBackYou Are Not Google – Bradfield.

Video: Computer Science 186, 001 – Spring 2015 Introduction to Database Systems – Joseph Hellerstein Creative Commons 3.0: Attribution-NonCommercial-NoDerivs, Free Download & Streaming : Internet Archive

–jeroen

Posted in Infrastructure, LifeHacker, Power User | Leave a Comment »

The Ridiculous Bandwidth Costs of Amazon, Google and Microsoft Cloud Computing – Arador

Posted by jpluimers on 2018/10/26

In this article I compare the costs of network bandwidth transferred out of Amazon EC2, Google Cloud Platform, Microsoft Azure and Amazon Lightsail.

Bandwidth costs are one of the most ridiculously expensive components of cloud computing, and there are some serious inconsistencies in the industry, especially with Amazon.

[…]

If you move a significant amount of data you should think twice before moving to the cloud, these bandwidth prices are truly ridiculous and there’s no way they can be justified when compared to colocation facilities.

Source: [Archive.isThe Ridiculous Bandwidth Costs of Amazon, Google and Microsoft Cloud Computing – Arador

–jeroen

Posted in Amazon.com/.de/.fr/.uk/..., Cloud, Containers, Infrastructure, Power User | Leave a Comment »

GitHub – yandex/gixy: Nginx configuration static analyzer

Posted by jpluimers on 2018/10/26

[WayBack] GitHub – yandex/gixy: Nginx configuration static analyzer

Gixy is a tool to analyze Nginx configuration. The main goal of Gixy is to prevent security misconfiguration and automate flaw detection.

Right now Gixy can find:

You can find things that Gixy is learning to detect at Issues labeled with “new plugin”

This helps you prevent an nginx configuration issue that can server too many static content by using ../ in the web request which got a lot of attention last week, but was in fact already found during 2016 HCTF by Aklis, and presented by Orange Tsai (twitter/github/blog) various times in 2018, including [WayBack] hack.lu 2018.

.

Related:

–jeroen

Read the rest of this entry »

Posted in *nix, DevOps, nginx, Power User, Security | Leave a Comment »

 
%d bloggers like this: