Last active
October 21, 2019 21:58
-
-
Save based2/57e0e7445a2c8e761947b140699d2a5c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Spec | |
https://www.archimatetool.com/ http://archi-contribs.github.io/ https://www.archimatetool.com/beta/ | |
http://plantuml.com/ | |
https://c4model.com/ https://fundingcircle.github.io/fc4-framework/ https://github.com/structurizr/java | |
https://jsonnet.org/ | |
https://varlink.org/Ideals | |
https://github.com/edn-format/edn | |
https://clojure.org/guides/spe | |
https://developers.google.com/protocol-buffers/ | |
https://thrift.apache.org/static/files/thrift-20070401.pdf | |
https://cbor.io/ MessagePack RFC 7049 Concise Binary Object Representation https://news.ycombinator.com/item?id=20603378 | |
https://news.ycombinator.com/item?id=20477212 The JSON Meta Application Protocol (JMAP) | |
https://github.com/corelight/community-id-spec ID Flow Hashing processing flow data from monitoring app | |
https://daffodil.apache.org/docs/dfdl/#_Toc398030797 Data Format Description Language (DFDL) | |
Format | |
Format/JSON | |
https://stedolan.github.io/jq/ | |
http://jmespath.org/ | |
Format/YAML | |
https://learnxinyminutes.com/docs/fr-fr/yaml-fr/ | |
Auth | |
Auth/SSH | |
https://www.redhat.com/sysadmin/passwordless-ssh | |
https://www.electricmonk.nl/docs/ssh_tips_tricks/ssh_tips_tricks.html | |
https://github.com/moul/awesome-ssh | |
https://github.com/vedetta-com/vedetta/blob/master/src/usr/local/share/doc/vedetta/OpenSSH_Principals.md | |
https://cryptsus.com/blog/how-to-secure-your-ssh-server-with-public-key-elliptic-curve-ed25519-crypto.html | |
https://blog.adminrezo.fr/2016/01/comment-choisir-sa-cle-ssh-rsa-dsa-ecdsa-ed25519/ https://ed25519.cr.yp.to/ | |
https://crypto.stackexchange.com/questions/58380/ecdsa-eddsa-and-ed25519-relationship-compatibility | |
https://ianix.com/pub/ed25519-deployment.html | |
https://www.redhat.com/sysadmin/ssh-tmux-screen-sharing | |
https://www.bleepingcomputer.com/news/security/openssh-to-keep-private-keys-encrypted-at-rest-in-ram/ | |
https://news.ycombinator.com/item?id=20241363 | |
https://www.baeldung.com/java-ssl-handshake-failures | |
https://daniel-lange.com/archives/152-Openssh-taking-minutes-to-become-available,-booting-takes-half-an-hour-...-because-your-server-waits-for-a-few-bytes-of-randomness.html | |
https://news.ycombinator.com/item?id=18775604 SSH Examples, Tips and Tunnels | |
https://superuser.com/questions/163167/when-sshing-how-can-i-set-an-environment-variable-on-the-server-that-changes-f | |
https://ssh-vault.com/about/ | |
https://github.com/sekey/sekey Use Touch ID / Secure Enclave for SSH Authentication https://en.wikipedia.org/wiki/S/KEY | |
Auth/Container | |
https://www.reddit.com/r/kubernetes/comments/cii01y/get_a_shell_to_a_kubernetes_node_without_ssh/ | |
https://github.com/aws/amazon-ssm-agent | |
https://mosh.org/ | |
Auth/Spec | |
https://gravitational.com/blog/how-saml-authentication-works/ | |
https://openid.net/connect/ | |
https://jwt.io/ | |
https://webauthn.guide/ | |
Vi | |
https://dn.ht/intermediate-vim/ | |
https://alvinalexander.com/linux/vi-vim-editor-color-scheme-colorscheme | |
Git | |
https://dzone.com/articles/git-branching-structural-strategy | |
https://victoria.dev/verbose/git-commit-practices-your-future-self-will-thank-you-for/ | |
https://bjurr.com/gitflow-and-when-you-should-use-it/ | |
https://increment.com/open-source/more-productive-git/ | |
https://github.blog/2019-06-07-highlights-from-git-2-22/ | |
https://gitexplorer.com/ | |
https://azaidman.github.io/publications/vanderveenMSR2015.pdf Automatically Prioritizing Pull Requests | |
https://news.ycombinator.com/item?id=20720111 Highlights from Git 2.23 | |
Git/Immutable | |
https://stackoverflow.com/questions/2085871/strategy-for-preventing-or-catching-git-history-rewrite | |
https://softwareengineering.stackexchange.com/questions/145315/does-git-have-a-safe-mode-to-prevent-rewriting-history | |
Git/Immutable/Bitbucket | |
https://bitbucket.org/blog/take-control-with-branch-restrictions | |
https://confluence.atlassian.com/bitbucketserver/using-branch-permissions-776639807.html | |
https://bit-booster.com/hook/docs/ | |
Git/Compress | |
https://stackoverflow.com/questions/24210144/how-to-compress-all-commit-history-into-one-commit | |
https://confluence.atlassian.com/bitbucket/reduce-repository-size-321848262.html | |
Git/Services | |
https://news.ycombinator.com/item?id=20372770 Hub: Use GitHub from the Command Line | |
https://man.sr.ht/dispatch.sr.ht/ | |
Linux | |
https://lobste.rs/s/rm09ws/tcpdump_little_book | |
http://ifeanyi.co/posts/linux-namespaces-part-1/ | |
https://news.ycombinator.com/item?id=20303418 Without a GUI: How to Live Entirely in a Terminal | |
http://joeferner.github.io/2015/07/15/linux-command-line-html-and-awk/ | |
https://www.debian.org/News/2019/20190706 Debian 10 "Buster" | |
https://opensource.com/article/19/7/what-posix-richard-stallman-explains | |
http://www.brendangregg.com/blog/2019-07-15/bpf-performance-tools-book.html | |
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/installation_guide/sn-automating-installation | |
https://wiki.debian.org/DebianInstaller/Preseed | |
https://www.tagsistant.net/ Tag-based filesystem for Linux | |
https://blog.magnum.graphics/meta/being-productive-with-your-tools/ | |
https://news.ycombinator.com/item?id=16972827 Linux RNG flaws | |
http://morningcoffee.io/killing-a-process-and-all-of-its-descendants.html | |
https://news.ycombinator.com/item?id=20612791 Syslog: Complete System Administrator Guide | |
https://www.fwupd.org/ Linux Vendor Firmware Service | |
Python | |
https://treyhunner.com/2019/05/python-builtins-worth-learning/ | |
https://pythonclock.org/ https://discourse.brew.sh/t/python-2-eol-2020/4647 | |
https://www.python-course.eu/lambda.php | |
https://devchecklists.com/ | |
https://news.ycombinator.com/item?id=19948642 “Python's batteries are leaking” | |
https://stripe.com/fr/blog/exploring-python-using-gdb | |
https://news.ycombinator.com/item?id=19985802 PEP 594 – Removing dead batteries from Python's standard library | |
https://www.pythontraininghq.com/2019/05/16-python-libraries-that-helped-a-healthcare-startup-grow/ | |
https://news.ycombinator.com/item?id=20095004 Concurrency in Python: CSP and Coroutines (yingw787.com) | |
https://news.ycombinator.com/item?id=20463170 What's Coming in Python 3.8 | |
https://giannitedesco.github.io/2019/06/16/a-gotcha-in-asyncio.html Python socket servers can drop received packets on exit | |
https://nrempel.com/how-to-publish-a-python-package-to-pypi/ | |
https://skerritt.blog/dynamic-programming/ | |
https://snyk.io/blog/python-security-best-practices-cheat-sheet/ | |
https://www.fullstackpython.com/monitoring.html | |
https://news.ycombinator.com/item?id=20095004 Concurrency in Python: CSP and Coroutines ( | |
https://www.bogotobogo.com/python/python_differences_Python2_vs_Python3_port.php | |
https://news.ycombinator.com/item?id=20461925 Graph Processing with Python and GraphBLAS | |
DevOps | |
https://philpep.org/blog/ | |
https://opensource.com/article/19/5/using-testinfra-ansible-verify-server-state | |
https://wiki.jenkins.io/display/JENKINS/Distributed+builds#Distributedbuilds-Transitionfrommaster-onlytomaster/agent | |
https://coolaj86.com/articles/vanilla-devops-git-credentials-cheatsheet/ | |
DevOps/Docker | |
https://docker-hy.github.io/ | |
https://itnext.io/sonarqube-running-tests-from-jenkins-pipeline-from-docker-7740702b6f42 | |
https://philpep.org/blog/integration-continue-avec-jenkins-et-docker | |
https://spin.atomicobject.com/2019/07/11/docker-volumes-explained/#.XSdT1RPBhrc.hackernews | |
https://codefresh.io/containers/docker-anti-patterns/ | |
DevOpsTalk | |
https://dzone.com/articles/devsecops-and-gdpr-can-devsecops-help-companies-co | |
# if curl http://localhost:8080 2>/dev/null | grep -iq jenkins; then echo "OK"; else echo "FAIL"; fi | |
InfraOps | |
https://crate.io/a/infrastructure-as-code-part-one/ | |
Ansible | |
https://ansible.github.io/workshops/decks/ansible-essentials.html#/43 | |
https://groups.google.com/forum/#!forum/ansible-announce | |
https://ansible-runner.readthedocs.io/en/latest/ | |
https://github.com/jdauphant/awesome-ansible | |
https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst | |
aws_codecommit - Manage repositories in AWS CodeCommit | |
aws_ses_rule_set - Manages SES inbound receipt rule sets | |
ec2_launch_template - Manage EC2 launch templates | |
ec2_transit_gateway - Create and delete AWS Transit Gateways. | |
k8s_auth - Authenticate to Kubernetes clusters which require an explicit login step | |
k8s_service - Manage Services on Kubernetes | |
openssh_keypair - Generate OpenSSH private and public keys. | |
openssl_certificate_info - Provide information of OpenSSL X.509 certificates | |
openssl_csr_info - Provide information of OpenSSL Certificate Signing Requests (CSR) | |
openssl_privatekey_info - Provide information for OpenSSL private keys | |
postgresql_idx - Create or drop indexes from a PostgreSQL database | |
postgresql_info - Gather information about PostgreSQL servers | |
postgresql_membership - Add or remove PostgreSQL roles from groups | |
postgresql_owner - Change an owner of PostgreSQL database object | |
postgresql_pg_hba - Add, remove or modifie a rule in a pg_hba file | |
postgresql_ping - Check remote PostgreSQL server availability | |
postgresql_query - Run PostgreSQL queries | |
postgresql_set - Change a PostgreSQL server configuration parameter | |
postgresql_slot - Add or remove slots from a PostgreSQL database | |
postgresql_table - Create, drop, or modify a PostgreSQL table | |
postgresql_tablespace - Add or remove PostgreSQL tablespaces from remote hosts | |
https://itnext.io/a-practical-kubernetes-operator-using-ansible-an-example-d3a9d3674d5b?sk=6ac5c9b844e12ab26270967f24df9a4a | |
https://github.com/fboender/ansible-cmdb | |
https://github.com/vstconsulting/polemarch | |
https://ara.recordsansible.org/ | |
https://github.com/KeyboardInterrupt/ansible_xlsx_inventory | |
https://jpmens.net/2019/06/21/i-care-about-ansible/ | |
https://boto3.amazonaws.com/v1/documentation/api/latest/guide/s3-example-creating-buckets.html | |
https://gist.github.com/naftulikay/14214831f6fa1b9b51a9ae8a00fe79e7 Export AWS CLI Profiles to Environment Variables | |
http://en.enisozgen.com/ansible-and-cloudformation-hybrid-solution/ | |
https://www.linuxschoolonline.com/use-ansible-to-build-and-manage-aws-ec2-instances/ | |
https://docs.ansible.com/ansible/latest/modules/cloudformation_module.html#examples | |
https://gryzli.info/2018/03/09/ansible-useful-hints/#Ansible_8211_Define_playbook_variable_on_command_line | |
https://gryzli.info/2017/12/21/ansible-debug-print-variables/ | |
https://cheat.readthedocs.io/en/latest/ansible/variables.html | |
https://stackoverflow.com/questions/54454259/add-ansible-variable-to-a-python-file | |
https://docs.ansible.com/ansible/2.5/scenario_guides/guide_aws.html | |
https://willthames.github.io/ansiblefest2018/#/anti-pattern-using-kubectl-in-playbooks | |
https://www.salsify.com/blog/engineering/our-journey-from-heroku-to-kubernetes | |
https://github.com/berttejeda/ansible-taskrunner#tldr Ansible-playbook wrapper with YAML-abstracted python click cli options | |
https://www.reddit.com/r/ansible/comments/cvsn2g/ansible_ldap_inventory_plugin/ https://github.com/joshinryz/ansible_ldap_inventory | |
Ansible/Environment | |
https://github.com/ansible/ansible-examples/blob/master/language_features/environment.yml | |
https://www.digitalocean.com/community/tutorials/how-to-manage-multistage-environments-with-ansible | |
Ansible/Sec | |
https://serverfault.com/questions/681832/how-can-i-stop-ansible-from-writing-passwords-to-the-logfiles | |
https://devops.stackexchange.com/questions/3282/where-to-put-ansible-vault-password | |
Ansible/BestPratices | |
https://blog.ippon.fr/2017/01/12/10-astuces-ansible/ | |
https://github.com/octplane/ansible_stdout_compact_logger | |
https://blog.ippon.tech/ansible-tips-and-tricks/ | |
https://medium.com/@abhijeet.kamble619/10-things-you-should-start-using-in-your-ansible-playbook-808daff76b65 | |
https://gist.github.com/douglasmiranda/f21a4481d372ae54fcf4a6ff32249949 | |
https://serverfault.com/questions/612796/using-more-advanced-filters-with-ansible-setup-module | |
# Ansible/Isuues | |
https://github.com/ansible/ansible/issues/40676 File module fails to create directory | |
https://github.com/ansible/ansible/issues/46971 Copy module creates destination file initially with umask of connection context rather than secure or specified mode | |
https://github.com/ansible/ansible/issues/24862 User module creates home directory for existing user with incorrect SELinux types and permissions. | |
Docker | |
https://dev.to/azure/improve-your-dockerfile-best-practices-5ll | |
https://news.ycombinator.com/item?id=20381388 Intro Guide to Dockerfile Best Practices | |
https://news.ycombinator.com/item?id=19934316 The Future of Docker Containers (lwn.net) | |
https://news.ycombinator.com/item?id=20031730 Simple Dockerfile examples are often broken by default | |
https://github.com/linuxkit/linuxkit Toolkit for building secure, portable and lean operating systems for containers | |
https://mobyproject.org/projects/ | |
https://github.com/moby/buildkit Toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner | |
https://micromind.me/en/posts/from-docker-container-to-bootable-linux-disk-image/ | |
https://engineering.docker.com/2019/06/docker-hearts-wsl-2/ Windows | |
https://news.ycombinator.com/item?id=20182141 Slim – Build and run tiny VMs from Dockerfiles | |
https://lobste.rs/s/m1vijy/how_write_great_container_images | |
https://github.com/hadolint/hadolint Docker linter | |
https://iximiuz.com/en/posts/linux-pty-what-powers-docker-attach-functionality/ | |
https://pythonspeed.com/articles/root-capabilities-docker-security/ | |
Docker/Tools | |
https://news.ycombinator.com/item?id=20315973 Lazydocker: a terminal GUI for Docker | |
https://alpinelinux.org/posts/Alpine-3.10.0-released.html | |
https://github.com/mozilla-services/Dockerflow Cloud Services Dockerflow specification | |
Specification for automated building, testing and publishing of docker web application images that comply to a common set of behaviours | |
Docker/Sec | |
https://github.com/moby/moby/blob/master/docs/rootless.md | |
https://news.ycombinator.com/item?id=20542915 Docker 19.03: Rootless Mode (Experimental) | |
https://github.com/docker/docker-bench-security | |
https://pythonspeed.com/articles/root-capabilities-docker-security/ | |
https://people.kernel.org/brauner/runtimes-and-the-curse-of-the-privileged-container | |
https://vulnerablecontainers.org/ | |
PostgreSQL | |
https://news.ycombinator.com/item?id=19949240 Jsonpath – a query language for JSON in Postgres [pdf] (msu.su) | |
https://pgdash.io/blog/postgres-indexes.html | |
https://news.ycombinator.com/item?id=19817531 Common mistakes in PostgreSQL | |
https://pgdash.io/blog/postgres-features.html | |
https://news.ycombinator.com/item?id=19991230 PostgreSQL 12 Beta 1 Released - rebuild indexes concurrently | |
https://www.depesz.com/tag/pg12/ | |
https://news.ycombinator.com/item?id=19987535 Visualizing PostgreSQL Vacuum Progress | |
https://bytefish.de/blog/postgresql_interpolation/ | |
https://www.citusdata.com/blog/2019/07/17/postgres-tips-for-average-and-power-user/ | |
https://github.com/lob/pg_insights | |
Jenkins | |
https://jenkins.io/changelog-stable/ | |
https://github.com/miztiik/DevOps-Demos/blob/master/setup-jenkins-slave/README.MD | |
http://yallalabs.com/devops/how-to-add-linux-slave-node-agent-node-jenkins/ | |
https://wiki.jenkins.io/display/JENKINS/Distributed+builds | |
https://github.com/mlabouardy/nexususerconference-infrastructure | |
https://read.acloud.guru/deploy-a-jenkins-cluster-on-aws-35dcf66a1eca | |
https://dzone.com/articles/how-to-deploy-a-jenkins-cluster-on-aws-as-part-of | |
https://github.com/cloudbees/security-advisory/tree/master/advisory | |
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2019/may/story-of-a-hundred-vulnerable-jenkins-plugins/ | |
https://stackoverflow.com/questions/45025231/jenkins-rest-api-to-get-job-and-job-console-log | |
https://itisatechiesworld.wordpress.com/jenkins-related-articles/jenkins-configuration/jenkins-passing-a-parameter-from-one-job-to-another/ | |
https://support.cloudbees.com/hc/en-us/articles/226408088-Trigger-jobs-across-masters | |
https://github.com/roel0/jenkins-util-scripts | |
https://groups.google.com/forum/?nomobile=true#!forum/jenkinsci-dev | |
https://www.redhat.com/en/blog/integrating-ansible-jenkins-cicd-process | |
https://jenkins.io/blog/2019/05/09/templating-engine/ | |
https://wiki.jenkins.io/display/JENKINS/CSRF+Protection | |
https://www.youtube.com/watch?v=utztUGvZ_EA | |
https://medium.com/@Lenkovits/jenkins-pipelines-and-their-dirty-secrets-1-9e535cd603f4 | |
https://bjurr.com/continuous-integration-with-bitbucket-server-and-jenkins/ | |
https://github.com/sahilsk/awesome-jenkins | |
https://www.reddit.com/r/jenkinsci/ | |
https://github.com/roel0/jenkins-util-scripts | |
https://github.com/awslabs/aws-codepipeline-plugin-for-jenkins | |
https://github.com/awslabs/aws-codedeploy-plugin | |
https://github.com/yogeshlonkar/awesome-jenkins-utils/wiki | |
https://itnext.io/sonarqube-running-tests-from-jenkins-pipeline-from-docker-7740702b6f42 | |
Jenkins/Infra | |
https://github.com/jenkinsci/docker/#preinstalling-plugins Official dockers | |
https://github.com/jenkins-infra/jenkins-infra | |
https://github.com/jenkinsci/systemd-slave-installer-module | |
https://github.com/jenkinsci/slave-installer-module | |
https://github.com/jenkinsci/instance-identity-module | |
https://github.com/geerlingguy/ansible-role-jenkins | |
https://github.com/jenkinsci/timemachine-plugin | |
https://medium.com/@saaduddin26/configure-jenkins-with-ansible-54717131776 | |
https://medium.com/appgambit/configure-jenkins-with-ansible-7bfaa387fb1c | |
Jenkins/Infra/AWS | |
https://github.com/jenkinsci/configuration-as-code-secret-ssm-plugin | |
Jenkins/Plugins | |
https://avavhhetri.com/2018/12/02/managing-jenkins-plugins/ | |
https://jenkins.io/blog/2019/05/09/templating-engine/ | |
https://www.youtube.com/watch?v=lkR0MrwG1NM GSoC 2019. Role Strategy and Folder Auth Plugin Demo (Jul 19, 2019) | |
Jenkins/Plugins/Messaging | |
https://wiki.jenkins.io/display/JENKINS/MQ+Notifier+Plugin | |
https://plugins.jenkins.io/mq-notifier | |
https://github.com/jenkinsci/mq-notifier-plugin | |
https://github.com/jenkinsci/pubsub-light-plugin | |
https://github.com/jenkinsci/sse-gateway-plugin https://stackoverflow.com/questions/20324657/eventsource-sse-server-sent-svents-security | |
https://github.com/jenkinsci/build-failure-analyzer-plugin - Scans build logs and other files in the workspace for recognised patterns of known causes to build failures | |
https://github.com/jenkinsci/publish-over-ssh-plugin - Send artifacts to an SSH server (using SFTP) and/or execute commands over SSH. | |
https://github.com/jenkinsci/build-name-setter-plugin | |
https://github.com/jenkinsci/plugin-compat-tester | |
Jenkins/Plugins/Filter | |
https://github.com/jenkinsci/results-cache-plugin - Avoid the execution of the same job with the same parameters more than once | |
Jenkins/Plugins/Pipeline | |
https://github.com/jenkinsci/pipeline-model-definition-plugin/wiki/Running-multiple-steps | |
https://medium.com/@Lenkovits/jenkins-pipelines-and-their-dirty-secrets-1-9e535cd603f4 | |
Jenkins/REST | |
https://support.cloudbees.com/hc/en-us/articles/217911388-Best-Practice-For-Using-Jenkins-REST-API | |
Jenkins/Sec | |
https://wiki.jenkins.io/display/JENKINS/Jenkins+Best+Practices | |
https://wiki.jenkins.io/display/JENKINS/JENKINS-28298 | |
https://issues.jenkins-ci.org/browse/JENKINS-24767 | |
https://issues.jenkins-ci.org/browse/JENKINS-37858 | |
https://support.cloudbees.com/hc/en-us/articles/203802500-Injecting-Secrets-into-Jenkins-Build-Jobs | |
https://www.cyberark.com/threat-research-blog/configuring-and-securing-credentials-in-jenkins/ | |
https://plugins.jenkins.io/mask-passwords https://wiki.jenkins.io/display/JENKINS/Mask+Passwords+Plugin /!\ | |
https://issues.jenkins-ci.org/browse/JENKINS-43814 Password parameters should be hidden in pipeline logs by default | |
https://jenkinsci.github.io/job-dsl-plugin/#plugin/mask-passwords | |
https://www.reddit.com/r/jenkinsci/comments/clvfxw/curfew_jenkins_plugin_to_add_timedays_restriction/ | |
Jenkins/Sec/vuln | |
https://jenkins.io/security/advisories/ | |
https://github.com/adamyordan/cve-2019-1003000-jenkins-rce-poc | |
SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative) CVE-2018-1000861 and CVE-2019-1003000 | |
Jenkins/JDK11 | |
https://jenkins.io/doc/administration/requirements/upgrade-java-guidelines/ | |
Jenkins/Evergreen | |
https://jenkins.io/projects/evergreen/ | |
https://github.com/jenkinsci/jep/tree/master/jep/302 | |
Jenkins/X | |
https://dzone.com/articles/all-you-need-to-know-about-jenkins-x | |
https://jenkins-x.io/getting-started/multi-cluster/ | |
https://www.loggly.com/blog/intro-to-jenkins-x-ci-cd-for-kubernetes/ | |
https://trunkbaseddevelopment.com/continuous-integration/ | |
Jenkins/Groovy | |
https://gist.github.com/Faheetah/e11bd0315c34ed32e681616e41279ef4 | |
K8S | |
https://news.ycombinator.com/item?id=20228066 Kubernetes 1.15: Extensibility and Continuous Improvement | |
https://github.com/jenkinsci/kubernetes-plugin | |
https://gravitational.com/blog/announcing_wormhole/ | |
https://itnext.io/microk8s-on-windows-the-canonical-way-ed15fd4e5476 | |
https://www.reddit.com/r/kubernetes/comments/bxkvfc/im_tim_hockin_a_toplevel_kubernetes_maintainer_ama/ | |
https://www.reddit.com/r/devops/comments/by7prt/an_immersive_commandline_interface_to_help_you/ | |
https://github.com/metal3-io/metal3-docs | |
https://news.ycombinator.com/item?id=19704507 Kustomize – Templating in Kubernetes | |
https://news.ycombinator.com/item?id=20163500 Kubernetes Failure Stories | |
https://news.ycombinator.com/item?id=20296637 You don't need Kubernetes on your laptop | |
https://www.mirantis.com/ Kubernetes On-Premises | |
https://blog.digitalocean.com/digitalocean-releases-k8s-as-a-service/ | |
https://www.okd.io/ OPenShift Red Hat K8S | |
https://rook.io/ Cloud-Native Storage | |
https://discover.curve.app/a/mind-of-a-problem-solver | |
https://banzaicloud.com/blog/k8s-objectmatcher/ Matching desired states | |
https://github.com/ibuildthecloud/k3v POC Virtual Kubernetes | |
https://itnext.io/get-a-shell-to-a-kubernetes-node-9b720a15a4fe | |
https://zwischenzugs.com/2019/07/27/goodbye-docker-purging-is-such-sweet-sorrow/ | |
https://news.ycombinator.com/item?id=20503061 Dockerless, part 3: Moving development environment to containers with Podman | |
https://blog.getambassador.io/part-3-incremental-app-migration-from-vms-to-kubernetes-ambassador-and-consul-aacf87eea3e8 | |
https://medium.com/@cloudark/kubernetes-and-the-future-of-as-code-systems-b1b2de312742 | |
https://github.com/alexellis/k3sup light-weight utility to get from zero to KUBECONFIG with k3s on any local or remote VM | |
https://www.reddit.com/r/devops/comments/cncwqi/kubernetes_daemonset_pattern_101/ | |
https://www.mikeleitz.com/blog/2019/7/20/kubernetes-basics-nodes-pods-and-service | |
https://coreos.com/operators/ | |
K8S/Investigations | |
https://www.oreilly.com/ideas/kubernetes-recipes-maintenance-and-troubleshooting | |
https://blog.bejarano.io/kubernetes-etcd-and-disk-throughput.html | |
https://dzone.com/articles/monitoring-kubernetes-in-production-how-to-guide-p | |
https://www.oreilly.com/ideas/kubernetes-recipes-maintenance-and-troubleshooting | |
https://kinvolk.io/blog/2019/05/performance-benchmark-analysis-of-istio-and-linkerd/ | |
https://news.ycombinator.com/item?id=20721286 VMware Octant web-based platform to better understand Kubernetes clusters | |
https://news.ycombinator.com/item?id=20635846 Octant: A tool to help devs understand what's going on in a Kubernetes cluster | |
K8S/Test | |
https://github.com/kubernetes-sigs/kind | |
K8S/Net | |
https://news.ycombinator.com/item?id=21268192 | |
K8S/Sec | |
https://blog.aquasec.com/kubernetes-rbac | |
https://github.com/cyberark/KubiScan | |
https://www.linkedin.com/pulse/kubernetes-security-benchmark-exploits-kelly-griffin/ | |
https://medium.com/asl19-developers/practices-for-organizing-staging-level-kubernetes-applications-with-namespaces-59351ed0d1d3 | |
https://itnext.io/securing-the-configuration-of-kubernetes-cluster-components-c9004a1a32b3 | |
https://www.cyberark.com/blog/securing-docker-with-secrets-and-dynamic-traffic-authorization/ | |
https://news.ycombinator.com/item?id=20655017 Kubernetes Security Assessment [pdf] | |
https://snyk.io/blog/kubernetes-open-sourced-their-security-audit-what-can-we-learn/ | |
https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/august/tools-and-methods-for-auditing-kubernetes-rbac-policies/ | |
https://www.bleepingcomputer.com/news/security/severe-flaws-in-kubernetes-expose-all-servers-to-dos-attacks/ | |
K8S/Sec/Blue | |
https://resources.whitesourcesoftware.com/blog-whitesource/kubernetes-pod-security-policy | |
K8S/Sec/Red | |
https://blog.aquasec.com/kubernetes-security-pod-escape-log-mounts | |
https://blog.aquasec.com/dns-spoofing-kubernetes-clusters | |
K8S/Sec/TLS | |
https://medium.com/asl19-developers/use-lets-encrypt-cert-manager-and-external-dns-to-publish-your-kubernetes-apps-to-your-website-ff31e4e3badf | |
K8S/Backup | |
https://news.ycombinator.com/item?id=20769362 K8up – Kubernetes Backup Operator Based on Restic | |
K8S/CI-CD | |
https://www.reddit.com/r/ansible/comments/cedmnm/webinar_building_kubernetes_operators_in_an/ | |
https://github.com/tektoncd/pipeline https://jenkins.io/projects/jenkins-x/ | |
https://argoproj.github.io/argo-cd/ | |
https://razee.io/ delivery IBM | |
https://kabanero.io/ IBM | |
K8S/Multi-tenancy | |
https://kubernetes.io/blog/2018/05/17/gardener/ SAP mngnt | |
https://news.ycombinator.com/item?id=20433251 Virtual Kubernetes | |
Grafana | |
https://news.ycombinator.com/item?id=20003907 | |
https://grafana.com/loki#about | |
https://eliteinformatiker.de/2019/07/03/monitoring-stock-prices-with-prometheus-and-molescrape | |
Terraform | |
https://github.com/hashicorp/terraform/releases/tag/v0.12.0 | |
https://www.hashicorp.com/blog/terraform-0-1-2-preview | |
https://github.com/dtan4/terraforming Export existing AWS resources to Terraform style (tf, tfstate) | |
https://github.com/GoogleCloudPlatform/terraformer - Reverse to terra | |
Container | |
https://l0rd.github.io/containerspatterns/#1 | |
https://medium.com/dm03514-tech-blog/devops-containers-velocity-through-reduced-coordination-532f0ac000e5 | |
Cloud | |
https://www.theregister.co.uk/2019/07/16/amazon_aims_to_create_eventdriven_ecosystem_with_eventbridge/ | |
https://lethain.com//head-in-the-clouds/ | |
https://medium.com/hashicorp-engineering/essential-patterns-of-vault-part-2-b4d34976f1dc | |
https://krebsonsecurity.com/2019/07/capital-one-data-theft-impacts-106m-people/ | |
https://blog.developer.atlassian.com/why-atlassian-uses-an-internal-paas-to-regulate-aws-access/ | |
Cloud/Vault | |
https://hackernoon.com/aws-secrets-manager-vs-hashicorp-vault-vs-aws-parameter-store-bcbf60b0c0d1 | |
https://dzone.com/articles/cyberark-conjur-open-source-is-now-available-on-aw | |
https://github.com/wso2/carbon-secvault | |
https://square.github.io/keywhiz/ | |
https://docs.oracle.com/middleware/1213/idm/app-security/kssadm.htm#JISEC9921 | |
https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/6.1/html/security_guide/create_a_java_keystore_to_store_sensitive_strings | |
https://www.oracle.com/database/technologies/security/key-vault.html | |
https://jenkins-x.io/commands/jx_get_vault-config/ | |
https://jenkins-x.io/commands/jx_create_vault/ | |
http://nicolas.corrarello.com/general/vault/security/ci/2017/04/23/Reading-Vault-Secrets-in-your-Jenkins-pipeline.html | |
https://developers.google.com/vault/quickstart/java | |
https://academiccommons.columbia.edu/doi/10.7916/D8GM8F2W The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption | |
https://github.com/coreos/vault-operator Run and manage Vault on Kubernetes simply and securely (beta, hashicorp) | |
Cloud/Sec | |
https://www.usenix.org/system/files/conference/hotcloud18/hotcloud18-paper-mosayyebzadeh.pdf A Secure Cloud with Minimal Provider Trust | |
https://www.usenix.org/system/files/sec19-wang-zhe.pdf SafeHidden: An Efficient and Secure Information Hiding Technique Using Re-randomization | |
AWS | |
https://twitter.com/dvassallo/status/1154516910265884672 | |
https://news.ycombinator.com/item?id=20545561 | |
"This is how I use the good parts of @awscloud, while filtering out all the distracting hype. | |
My background: I’ve been using AWS for 11 years — since before there was a console. | |
I also worked inside AWS for 8 years (Nov 2010 - Feb 2019). | |
My experience is in web- sites/apps/services. From tiny personal projects to commercial apps running on 8,000 servers. If what you do is AI, ML, ETL, HPC, DBs, blockchain, or anything significantly different from web apps, what I’m writing here might not be relevant. | |
### Step 1: Forget that all these things exist: Microservices, Lambda, API Gateway, Containers, Kubernetes, Docker. | |
Anything whose main value proposition is about | |
“ability to scale” will likely trade off your | |
“ability to be agile & survive”. That’s rarely a good trade off. | |
Start with a t3.nano EC2 instance, and do all your testing & staging on it. It only costs $3.80/mo. | |
Then before you launch, use something bigger for prod, maybe an m5.large (2 vCPU & 8 GB mem). | |
It’s $70/mo and can easily serve 1 million page views per day. | |
1 million views is a lot. For example, getting on the front page of @newsycombinator will get you ~15-20K views. | |
That’s just 2% of the capacity of an m5.large. | |
It might be tempting to use Lambda & API Gateway to save $70/mo, | |
but then you’re going to have to write your software to fit a new immature abstraction and deal with all sorts of limits and constraints. | |
Basic stuff such as using a cache, debugging, or collecting telemetry/analytics data becomes significantly harder | |
when you don’t have access to the server. But probably the biggest disadvantage is that it makes local development much harder. | |
And that’s the last thing you need. I can’t emphasize enough how important it is that you can easily start your entire application on your laptop, with one click. | |
With Lambda & API Gateway you’re going to be constantly battling your dev environment. Not worth it, IMO. | |
CloudFormation: Use it. But too much of it can also be a problem. | |
First of all, there are some things that CFN can’t do. But more importantly, some things are best left out of CFN because it can do more harm than good. | |
The rule of 👍: If something is likely to be static, it’s a good candidate for CFN. | |
iEx: VPCs, load balancers, build & deploy pipelines, IAM roles, etc. | |
If something is likely to be modified over time, then using CFN will likely be a big headache. Ex: Autoscaling settings. | |
I like having a separate shell script to create things that CFN shouldn’t know about. | |
And for things that are hard/impossible to script, I just do them manually. | |
Ex: Route 53 zones, ACM cert creation/validation, CloudTrail config, domain registration. | |
The test for whether your infra-as-code setup is good enough is whether you feel confident | |
that you can tear down your stack & bring it up again in a few minutes without any mistakes. | |
Spending an unbounded amount of time in pursuit of scripting everything is dumb. | |
Load balancers: You should probably use one even if you only have 1 instance. | |
For $16/mo you get automatic TLS cert management, and that alone makes it worth it IMO. | |
You just set it up once & forget about it. An ALB is probably what you’ll need, but NLB is good too. | |
Autoscaling: You won’t need it to spin instances up & down based on utilization. | |
Unless your profit margins are as thin as Amazon’s, what you need instead is abundant capacity headroom. | |
Permanently. Then you can sleep well at night — unlike Amazon’s oncall engineers 🤣 | |
But Autoscaling is still useful. Think of it as a tool to help you spin up or replace instances according to a template. | |
If you have a bad host, you can just terminate it and AS will replace it with an identical one (hopefully healthy) in a couple of minutes. | |
VPCs, Subnets, & Security Groups: These may look daunting, but they’re not that hard to grasp. | |
You have no option but to use them, so it’s worth spending a day or two learning all there is about them. | |
Learn through the console, but at the end set them up with CFN. | |
Route 53: Use it. It integrates nicely with the load balancers, and it does everything you need from a DNS service. | |
iI create hosted zones manually, but I set up A records via cfn. I also use Route 53 for .com domain registration. | |
CodeBuild/Deploy/Pipeline: This suite has a lot of rough edges and setup can be frustrating. | |
But once you do set it up, the final result is simple and with few moving parts. | |
Don’t bother with CodeCommit though. Stick with GitHub. | |
https://github.com/dvassallo/github-to-ec2-pipeline | |
S3: At 2.3 cents per GB/mo, don’t bother looking elsewhere for file storage. | |
You can expect downloads of 90 MB/s per object and about a 50 ms first-byte latency. | |
Use the default standard storage class unless you really know what you’re doing. | |
Database: Today, DynamoDB is an option you should consider. If you can live without “joins”, | |
DDB is probably your best option for a database. With per-request pricing it’s both cheap and a truly zero burden solution. | |
Remember to turn on point-in-time backups. | |
But if you want the query flexibility of SQL, I’d stick with RDS.Aurora is fascinating tech, and I’m really optimistic about it’s future, but it hasn’t passed the test of time yet. You’ll end up facing a ton of poorly documented issues with little community support. | |
CloudFront: I’d usually start without CloudFront. It’s one less thing to configure and worry about. But it’s something worth considering eventually, even just for the DDoS protection, if not for performance. | |
SQS: You likely won’t need it, and if you needed a message queue I’d consider something in-process first. But if you do have a good use case for it, SQS is solid, reliable, and reasonably straightforward to use. | |
Conclusion: I like to seperate interesting new tech from tech that has survived the test of time. EC2, S3, RDS, DDB, ELB, EBS, SQS definitely have. If you’re considering alternatives, there should be a strong compelling reason for losing all the benefits accrued over time. | |
on Lamdba | |
No file system access beyond tmp, no stateful web sockets (have to persist state in DDB, requiring 1 read and 1 write per message — plus handling new complex failure modes), the 15 min timeout (mostly related to the previous one), hard to send telemetry data async, ... [cont] | |
the 250MB bundle limit (requires convoluted workarounds), no sticky sessions (calls from same user going to same proc). That's just off the top of my head, and just things related to what I'm doing. | |
Don't be fooled by Lambda's claims of capacity management. You still need to monitor your invoc & conc rate, & request limit ⬆️ when you get close. A single small-ish EC2 instance can give you more capacity than Lambda's default capacity, and IMO EC2 capacity is easier to monitor. | |
As for CVEs, I just run “yum update --security” in a cron once a week. If you do that, your patching will be more frequent and robust that Lambda's (wink!) | |
Question: what about changing an EC2 instance type based on a schedule. 2xlarge for 6 hours in the morning, micro the rest of the day? | |
I think that would be more trouble than it's worth. If the app can run on multiple servers, I'd rather use small instances, and just bring up a few more based on a schedule. But in general, for production, I prefer not scaling down at all. | |
I don’t build AMIs on every build. In fact, nowadays, I just use the latest Amazon Linux AMI and set up the necessary stuff on instance boot using a UserData script. Example: htthttps://github.com/encrypted-dev/proof-of-concept/blob/af60b014ef38a2b4f2ca54b80ef114bbb29bdd92/deploy/cfn/stage.yml#L29 | |
https://github.com/donnemartin/awesome-aws | |
https://github.com/achiku/jungle AWS operations from terminal simpler and more intuitive - Python MIT | |
https://github.com/spulec/moto test boto | |
http://docs.getmoto.org/en/latest/docs/getting_started.html | |
https://cloudonaut.io/my-mental-model-of-aws/ | |
https://ramblingsofasoftwaredevelopermanager.wordpress.com/2019/05/18/a-lighter-way-to-deploy-to-aws-ecs/ | |
https://medium.com/clog/tcp-ip-over-amazon-cloudwatch-logs-c1cf08f2296c | |
https://techmovers.salemove.com/infrastructure/2018/11/01/Productionproofing+EKS.html | |
https://github.com/cognitect-labs/aws-api | |
https://github.com/cloud-custodian/cloud-custodian Rules engine for managing public cloud accounts and resources ASL2 | |
https://github.com/mozilla/awsbox PaaS on AWS - MPL | |
https://aws.amazon.com/en/blogs/architecture/ | |
https://www.awsgeek.com/ | |
https://github.com/open-guides/og-aws | |
https://itnext.io/the-definitive-guide-to-running-ec2-spot-instances-as-kubernetes-worker-nodes-68ef2095e767 | |
AWS/EC2 | |
https://news.ycombinator.com/item?id=20300858 EC2 Instance Connect (IAM) | |
https://aws.amazon.com/fr/premiumsupport/knowledge-center/account-transfer-ec2-instance/ | |
https://github.com/jszwedko/ec2-metadatafs/ AWS EC2 metadata as files | |
https://stackoverflow.com/questions/17173972/how-do-you-add-swap-to-an-ec2-instance | |
https://serverfault.com/questions/218750/why-dont-ec2-ubuntu-images-have-swap | |
AWS/EBS | |
https://redlock.io/blog/advisory-aws-rds-ebs-public-access Check your Snapshot (backup) exposure | |
https://us-east-1.console.aws.amazon.com/ec2/v2/home?region=us-east-1#Snapshots:visibility=public;ownerAlias=self;sort=desc:startTime | |
https://console.aws.amazon.com/ec2/v2/home#Snapshots:visibility=public;ownerAlias=self;sort=desc:startTime | |
https://aws.amazon.com/en/about-aws/whats-new/2017/06/aws-trusted-advisor-now-checks-for-public-snapshots-of-amazon-elastic-block-store-ebs-and-amazon-relational-database-service-rds-data/ | |
https://www.theregister.co.uk/2019/01/17/aws_amazon_backup/ | |
https://github.com/eth0izzle/bucket-stream | |
AWS/CloudFormation | |
https://docs.ansible.com/ansible/latest/modules/cloudformation_module.html | |
https://www.trek10.com/blog/cloudformation-yaml-and-why-its-awesome/ | |
https://www.trek10.com/blog/cloudformation-nested-stacks-primer/ | |
https://github.com/aws/aws-cdk/issues/461 What is aws-cdk going to bring to the table over existing solutions like Terraform? | |
https://www.reddit.com/r/aws/comments/cblkgx/new_semantic_declarative_infrastructureascode/ https://github.com/waterbear-cloud/aim | |
https://github.com/cloudtools/troposphere | |
https://github.com/cloudtools/stacker | |
https://github.com/awsdocs/amazon-mq-developer-guide/blob/master/doc_source/amazon-mq-working-java-example.md | |
https://github.com/JoseRolles/interactive-aws-cloudformation-docs | |
AWS/CloudFormation/CDK -> SM-IAM | |
https://github.com/sam-goodwin/punchcard Type-safe AWS infrastructure | |
AWS/S3 Files | |
aws s3 sync s3://from s3://to | |
https://aws.amazon.com/fr/blogs/aws/amazon-s3-update-sigv2-deprecation-period-extended-modified/ | |
https://news.ycombinator.com/item?id=20193066 S3 OSS impl. | |
--- | |
###> https://labs.detectify.com/2017/07/13/a-deep-dive-into-aws-s3-access-controls-taking-full-control-over-your-assets/ | |
A deep dive into AWS S3 access controls – taking full control over your assets July 13, 2017 | |
TL;DR: Setting up access control of AWS S3 consists of multiple levels, each with its own unique risk of misconfiguration. We will go through the specifics of each level and identify the dangerous cases where weak ACLs can create vulnerable configurations impacting the owner of the S3-bucket and/or through third party assets used by a lot of companies. We also show how to do it properly and how to monitor for these sorts of issues. | |
... | |
Introduction | |
Recently, a few blog posts have mentioned scenarios where the misconfiguration of a S3 bucket may _expose sensitive data_ <https://rhinosecuritylabs.com/penetration-testing/penetration-testing-aws-storage/> as well as explaining that the -S3 access control lists (ACL) are quite different to the regular user permission setup in AWS which is called Identify Access Management (IAM)- <https://cloudonaut.io/aws-security-primer/#Authorization>. | |
However, we decided to approach this from a different angle. By identifying a number of different misconfigurations we discovered that we could suddenly control, monitor and break high end websites due to weak configurations of the bucket and object ACLs. | |
simplified: https://blog.detectify.com/2017/07/13/aws-s3-misconfiguration-explained-fix/ | |
https://cloudonaut.io/aws-security-primer/ | |
----- | |
https://rhinosecuritylabs.com/aws/s3-ransomware-part-2-prevention-and-defense/ | |
https://www.reddit.com/r/netsec/comments/c5tfzx/slurp_an_s3_bucket_enumerator_has_been_rewritten/ | |
https://news.ycombinator.com/item?id=20463494 Investigating Multi-Account IAM Issues in S3 and CloudFront | |
AWS/Amazon_MQ | |
https://noise.getoto.net/2018/05/28/measuring-the-throughput-for-amazon-mq-using-the-jms-benchmark/ | |
https://help.talend.com/reader/tKQ4CwrpRy4u0~0aG8NIEg/jxxo_JUDuhqpNljsaPxZTw | |
AWS/CodeX | |
https://dev.to/trek10inc/ci-cd-aws-and-serverless-5-tips-i-learned-the-hard-way-223p | |
https://aws.amazon.com/fr/blogs/devops/implementing-gitflow-using-aws-codepipeline-aws-codecommit-aws-codebuild-and-aws-codedeploy/ | |
AWS/Inventory | |
https://github.com/pinterest/soundwave Searchable EC2 Inventory store | |
https://github.com/lebinh/aq Query AWS resources with SQL, Python, MIT, latest commit Aug 15, 2016 -- | |
https://stackoverflow.com/questions/39808593/python-how-to-parse-json-from-results-from-aws-response | |
https://github.com/nccgroup/aws-inventory | |
https://github.com/Netflix/asgard/wiki | |
https://github.com/lyft/cartography` | |
https://news.ycombinator.com/item?id=20434045 Cloud Maker – Rapidly create cloud architecture diagrams | |
https://github.com/duo-labs/cloudmapper | |
AWS/EKS | |
https://aws.amazon.com/fr/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/ | |
https://dzone.com/articles/eks-vs-ecs-orchestrating-containers-on-aws?fromrel=true | |
https://dzone.com/articles/container-wars-kubernetes-vs-docker-swarm-vs-amazo-1?fromrel=true | |
AWS/Costs | |
https://awstcocalculator.com/ | |
https://docs.aws.amazon.com/cli/latest/reference/budgets/index.html | |
https://github.com/aws-samples/aws-cost-explorer-report | |
https://web.stanford.edu/class/cs349d/docs/theimer.pdf The Challenges of Operating a Computing Cloud and Charging for its Use | |
AWS/Sec | |
https://salerno-rafael.blogspot.com/2019/07/what-should-we-know-about-aws-security_27.html | |
https://rhinosecuritylabs.com/aws/aws-phished-persistent-cookies/ | |
https://news.ycombinator.com/item?id=10454626 Securing AWS Credentials on Engineer's Machines | |
https://www.trendmicro.it/media/wp/best-practices-security-and-compliance-with-amazon-web-services-whitepaper-en.pdf | |
https://stormwindstudios.com/4-aws-vulnerabilities/ | |
https://github.com/stefansundin/ec2-metadata-filter | |
metadata service is used to provide temporary security credentials to the IAM role associated with an EC2 instance | |
https://ahmet.im/blog/comparison-of-instance-metadata-services/ | |
AWS/Sec/Services | |
AWS/Sec/Services/AWS Security Hub | |
https://press.aboutamazon.com/news-releases/news-release-details/aws-announces-general-availability-aws-security-hub | |
https://www.theregister.co.uk/2019/06/25/aws_security_hub_launch/ SIEMs integration | |
AWS/Sec/Test | |
https://bogacz.io/post/2019-07-31-vpc-lambdas-for-system-tests/ | |
AWS/Sec/Red | |
https://medium.com/@gonfva/metadata-abuse-in-aws-d264274f5764 | |
AWS/Architect | |
https://sumit-ghosh.com/articles/aws-solutions-architect-associate-preparation/ | |
https://github.com/SkullTech/aws-solutions-architect-associate-notes | |
https://aws.amazon.com/fr/blogs/opensource/announcing-partiql-one-query-language-for-all-your-data/ https://partiql.org/ | |
https://www.allthingsdistributed.com/2018/03/ten-years-of-aws-compartimentalization.html | |
https://news.ycombinator.com/item?id=20875489 Amazon AWS had a power failure, their backup generators failed | |
https://news.ycombinator.com/item?id=20846677 AWS EC2/RDS Outage in us-east-1 | |
AWS/SQS | |
https://news.ycombinator.com/item?id=20019874 | |
Azure | |
https://medium.com/capgemini-dynamics-365-team/adventures-in-infrastructure-as-code-lessons-learnt-using-azure-arm-templates-4cf76fec6879 | |
https://medium.com/@brentrobinson5/containerised-ci-cd-pipelines-with-azure-devops-74064c679f20 | |
https://techcrunch.com/2019/06/05/microsoft-and-oracle-link-up-their-clouds/ | |
Tests | |
https://testinfra.readthedocs.io/en/latest/ | |
https://stamp-project.github.io/camp/ Takes as input a sample testing configuration and generates automatically a number of diverse configurations | |
API | |
https://dzone.com/articles/keys-to-api-management | |
https://aip.dev/ Google API Improvement Proposals | |
API/Proxy | |
https://blog.thea.codes/building-a-stateless-api-proxy/ | |
Sec | |
https://cheatsheetseries.owasp.org/ https://news.ycombinator.com/item?id=20602647 | |
https://chromium.googlesource.com/chromium/src/+/master/docs/security/rule-of-2.md | |
https://github.com/meitar/awesome-cybersecurity-blueteam | |
https://news.ycombinator.com/item?id=20603595 The OpenBSD Ada Library | |
https://getgophish.com/ | |
http://www.openvas.org/ | |
https://wazuh.com/ | |
https://suricata-ids.org/ | |
https://github.com/evilsocket/opensnitch | |
https://portswigger.net/blog/when-security-features-collide | |
https://cube.dev/blog/open-source-etl/ | |
https://news.ycombinator.com/item?id=19971924 Technical Debt (martinfowler.com) | |
https://lethain.com//how-to-invest-technical-infrastructure/ | |
https://www.imaginarycloud.com/blog/what-is-service-design/ | |
https://medium.com/dm03514-tech-blog/sre-knowledge-graphs-increased-context-in-human-involved-incident-response-ir-301fd831070c | |
https://medium.com/mycrypto/what-to-do-when-sim-swapping-happens-to-you-1367f296ef4d | |
https://www.reddit.com/r/netsec/comments/bwrjrx/vimneovim_arbitrary_code_execution_via_modelines/ | |
https://www.cs.cmu.edu/~avrim/Randalgs11/lectures/lect0420.pdf A brief tour of differential privacy | |
https://news.ycombinator.com/item?id=20596149 | |
Sec/Net | |
https://github.com/landhb/DrawBridge Layer 4 Single Packet Authentication Linux kernel module | |
http://www.brendangregg.com/ebpf.html | |
https://2018.pass-the-salt.org/files/talks/07-traffic-filtering-at-scale.pdf | |
DevOps | |
https://www.linkedin.com/pulse/devops-mental-models-ron-vincent/ | |
https://xebialabs.com/devops-diagram-generator/?tooling%5B%5D=96903594 | |
https://acko.net/blog/apis-are-about-policy/ | |
https://github.com/STAMP-project/stamp-ci/blob/master/stamp-jenkins-cookbooks/README.md | |
https://news.ycombinator.com/item?id=20668168 What I Do as a DevOps Consultant | |
DevSecOps | |
https://developer.okta.com/blog/2019/07/18/container-security-a-developer-guide | |
https://snyk.io/blog/cheat-sheet-10-bitbucket-security-best-practices/ | |
https://tryexceptpass.org/article/continuous-builds-parsing-specs/ | |
https://www.owasp.org/index.php/OWASP_Dependency_Check | |
https://codefresh.io/containers/docker-anti-patterns/ | |
https://gitian.org/ | |
https://github.com/mitre/caldera | |
https://anteater.github.io/ | |
https://www.youtube.com/watch?v=I2iShmUTEl8 Bitcoin Build System Security | Carl Dong | Breaking Bitcoin 2019 Amsterdam | |
http://www.rfc-editor.org/rfc/rfc8601.txt Header Field for Indicating Message Authentication Status | |
http://www.rfc-editor.org/rfc/rfc6238.txt TOTP | |
https://d1.awsstatic.com/whitepapers/compliance/AWS_Security_at_Scale_Governance_in_AWS_Whitepaper.pdf | |
https://github.com/toniblyx/my-arsenal-of-aws-security-tools | |
https://csrc.nist.gov/publications/detail/white-paper/2019/06/11/mitigating-risk-of-software-vulnerabilities-with-ssdf/draft | |
https://resources.infosecinstitute.com/security-best-practices-for-git-users/ | |
https://help.github.com/en/articles/configuring-automated-security-fixes | |
https://www.reddit.com/r/sysadmin/comments/bzuorb/cve20199150/ RDP https://kb.cert.org/vuls/id/576688/ | |
https://www.theregister.co.uk/2019/06/13/yubi_key_bug/ | |
https://github.com/Kira-cxy/qemu-vm-escape | |
https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f SKS Keyserver Network Under Attackal | |
https://armis.com/urgent11/ | |
https://www.reddit.com/r/netsec/comments/c6nbrx/mozilla_server_side_tls_configuration_guide_v50/ | |
https://en.slideshare.net/Hadoop_Summit/best-practices-and-lessons-learnt-from-running-apache-nifi-at-renault | |
https://news.ycombinator.com/item?id=20423388 A problem worse than Zoom? | |
https://www.reddit.com/r/netsec/comments/cc7mo1/because_lolbins_wasnt_enough_we_now_have/ | |
https://github.com/0xInfection/Awesome-WAF | |
DevSecOps/ApiManagment | |
https://blog.gfi.es/working-with-wso2-api-manager-in-the-cloud/ | |
https://dzone.com/articles/understanding-wso2-api-manager-deployment-patterns | |
https://docs.wso2.com/display/CLUSTER44x/Clustering+API+Manager+in+Amazon+Web+Services | |
https://en.slideshare.net/wso2.org/wso2con-eu-2018-implementing-a-zero-downtime-wso2-api-manager-with-an-api-community-to-match | |
https://smartbear.com/blog/collaborate/how-does-amazon-api-gateway-affect-api-management/ | |
https://github.com/wso2/aws-apim | |
https://aws.amazon.com/en/api-gateway/api-management/ | |
http://blog.smile.fr/Wso2-api-manager | |
https://www.ibm.com/cloud/garage/architectures/apiArchitecture | |
https://medium.com/@nimelrian/no-way-to-prevent-this-says-only-development-community-where-this-regularly-happens-8ef59e6836de | |
ServiceMesh | |
https://news.ycombinator.com/item?id=20876754 Maesh, a Lightweight and Simpler Service Mesh | |
https://arcentry.com/blog/api-gateway-vs-service-mesh-vs-message-queue/ | |
https://kuma.io/docs/0.1.0/#why-kuma | |
https://blog.christianposta.com/challenges-of-adopting-service-mesh-in-enterprise-organizations/ | |
Stream | |
https://factorio.com/blog/post/fff-302 The multiplayer megapacket | |
https://hackernoon.com/understanding-kafka-with-factorio-74e8fc9bf181 | |
Web | |
https://github.com/joelakuhn/htq A grep-like tool for extracting elements from html using CSS Selectors | |
https://lookyloo.circl.lu/tree/0c323a51-073e-4202-b3ba-8005b2ce9dd9 https://github.com/CIRCL/lookyloo Web interface allowing to scrape a website and then displays a tree of domains calling each other | |
https://zubialevich.blogspot.com/2018/08/caching-strategies.html | |
SociaLMedia | |
https://www.miscmag.com/misc-n104-references-de-larticle-methodologie-dosint-orientee-reseaux-sociaux/ | |
X Wiki | |
https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Installation/InstallationWAR/InstallationPostgreSQL/ | |
https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Security | |
https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/10.11.8/ | |
Vizu | |
https://github.com/Netflix/vizceral | |
https://news.ycombinator.com/item?id=20182090 Luna – A WYSIWYG language for data processing | |
https://machinations.io/ browser-based platform to design, balance and simulate game systems | |
TimeDB | |
http://sigusr2.net/combining-time-series.html | |
https://square.github.io/cubism/ | |
https://github.com/sbelak/tide | |
https://christian.bock.ml/posts/significant_shapelets/ | |
Future | |
https://www.manrs.org/ bgp net | |
https://www.zdnet.com/article/how-to-enable-dns-over-https-doh-in-firefox/ | |
https://medium.com/@dm03514/valuestream-devops-metrics-observing-delivery-across-multiple-systems-7ae76a6e8deb | |
https://github.com/mlabouardy/komiser Cloud Environment Inspector | |
https://www.archimatetool.com/blog/2016/11/03/archops-a-new-paradigm-for-ea-toolsets/ | |
https://www.oreilly.com/ideas/site-reliability-engineering-sre-a-simple-overview | |
https://12factor.net/ | |
https://edgedb.com/blog/we-can-do-better-than-sql/ | |
https://blog.acolyer.org/2019/07/03/one-sql-to-rule-them-all/ | |
https://news.ycombinator.com/item?id=20362951 The CUE Data Constraint Language | |
https://news.ycombinator.com/item?id=20362248 Clojure and Deps.edn: A basic guide | |
https://www.spinellis.gr/sw/dgsh/#intro dgsh — directed graph shell | |
https://blog.grandstack.io/inferring-graphql-type-definitions-from-an-existing-neo4j-database-dadca2138b25 | |
http://duplicity.nongnu.org/ Encrypted bandwidth-efficient backup using the rsync algorithm | |
https://svelte.dev/ Cybernetically enhanced web apps https://martinfowler.com/articles/micro-frontends.html | |
https://herbertograca.com/2019/06/05/reflecting-architecture-and-domain-in-code/ | |
https://blog.graphqleditor.com/the-state-of-graphql-by-reddit/ | |
https://lobste.rs/s/bdydyw/risc_v_formal_spec_public_review | |
https://news.ycombinator.com/item?id=20304720 Qwant Maps: open-source and privacy-preserving map | |
https://www.orukayak.com/ Folding kayak | |
https://www.anandtech.com/show/14526/usb-if-usb4-coming-in-late-2020 | |
https://github.com/motherboardgithub/bxaq | |
https://www.theguardian.com/world/2019/jul/05/how-britain-can-help-you-get-away-with-stealing-millions-a-five-step-guide | |
https://www.mendeley.com/campaign/climate-change | |
https://public-interest-tech.com/ | |
https://www.osam.com/Commentary/value-is-dead-long-live-value | |
https://www.blender.org/download/releases/2-80/ | |
Future/Microservices | |
https://medium.com/@kgr_de/making-the-right-technology-decisions-84ebbf65fc7e | |
Future/Web | |
https://itnext.io/the-anatomy-of-web-components-d6afedb81b37 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment