Who we are

Volunteers (hangs around EngineersMY slack) https://engineers.my/

Join us!

Monthly meetup announced on meetup.com
Get in touch via meetup.com
or
Slack us to volunteer / speak / sponsor

Other meetups

DevKami curated meetups: https://devkami.com/meetups/

KL meetups by Azuan (@alienxp03): http://malaysia.herokuapp.com/#upcoming

House rules

• Minimal bikeshedding
• Participate!
• Respect opinions — agree to disagree!
• Thank the organizers & sponsors!

Buzz Corner

Docker - Unauthorized access to Docker Hub database

If you got an email you should:
- Change your password on https://hub.docker.com
- Check https://github.com/settings/security
- Reconnect oauth for Automated Builds
- Roll over effected passwords and API keys stored in private repos / containers

Quick take:
- Password hashes
- Github tokens
- Bitbucket tokens
- Your Automated Builds might need new tokens

Salesfarce: Cloud giant in multi-hour meltdown after database blunder grants users access to all data

Azure global outage

Our DNS update mangled domain records, says Microsoft.

Azure, Microsoft 365, Dynamics, Power BI, DevOps, all down for nearly two hours.

GCalendar down

Few hours

Sites depending on Calendar API down. Coz google won't go down right?

MS announces Windows Terminal and WSL 2, coming June

Also check out PowerToys!

HiveMQ Goes Open Source, Brings MQTT and Kafka Together

GitHub gets a package registry

New Intel security flaw affects CPUs as far back as 2008

VMware to Acquire Bitnami

NASA hacked: unauthorized Raspberry Pi in network

Security Landscape of the Docker Ecosystem and Best Practices

• Snyk found that security vulnerabilities in RedHat Enterprise Linux, Ubuntu and Debian grew four fold in 2018.
• Most vulnerabilities come from libraries you don’t explicitly use. In most ecosystems, 75% or more of your dependencies are indirect, implicitly pulled in by the libraries you use and Snyk found that 78% of overall vulnerabilities tracked are from indirect dependencies.

Tinder’s move to Kubernetes

Develop Hundreds of k8s Services at Scale with Airbnb

k14s

Kubernetes Tools that follow Unix philosophy to be simple, modular, and extensible
Your k8s project name ideas:

• k1s
• k2s
• k4s
• ...

Again: k8s failure stories

S3 Batch Operations

… The transfer cost from S3->Glacier is absolutely insane ($0.05 per 1,000 objects).
I managed to generate $11k worth of charges doing a "small" test of 218M files and a lifecycle policy. Only use glacier for large individual files. — HN

Dot in S3 bucket name — Don't!

DevOps and Cloud InfoQ Trends Report - February 2019

• Kubernetes has effectively cornered the market for container orchestration, and is arguably becoming the cloud-agnostic compute abstraction. The next hot topics in this space appear to be service meshes and developer experience/workflow tooling.
• Chaos Engineering has moved into the early adoption phase.
• Although a potentially overloaded buzzword, we are tracking AIOps within the innovator space, and more specifically the potential value offered by ML for operational insight and alerting.

5 Common Misconceptions About Serverless in 2019

• Serverless is a new frontier (infographic)
• Serverless==Functions (Still have to think about API Gateways, DBs, etc)
• Serverless is a security nightmare!
• Serverless is super cheap
• Serverless is super expensive (for AWS, use CloudWatch)

Terraform AWS backend for remote state files with S3 and DynamoDB

Terraform state files are normally generated locally where you run the scripts. This is fine for small scale deployments and testing. A problem arises when you involve multiple people, teams and even business units.

A remote state file will always contain the latest state deployed to your account and environment, stored within S3. Including DynamoDB brings tracking functionality so that concurrent use of the state file will be blocked or “locked”.

Shopify: Benchmarking Istio & Linkerd CPU

Cloud Solutions Architecture Patterns

16 blogs and newsletters for DevOps practitioners

7 open source tools for rugged DevOps

• Gauntlt: BDD security tool
• HashiCorp Vault: Secrets management
• OWASP Dependency Check
• Retire.js: Insecure JS libs
• ChaoSlingr: Chaos engineering
• Chef's InSpec: Secure configuration & compliance validation

• OpenControl and Compliance Masonry: Compliance as code

              documentation_complete: false
              name: AWS Implementation
              schema_version: 3.0.0
              references:
              - name: SC Policy
               path: https://github.com/opencontrol/freedonia-aws-compliance/wiki/Security-Controls
               type: URL
              satisfies:
              - control_key: AU-2
               standard_key: NIST-800-53
               covered_by: []
               implementation_status: none
               narrative:
                - text: |
                      AU-2 - Audit Events
                      All AWS events are sent to AWS CloudWatch.
                      This is implemented with our Terraform build using the
                  `aws_cloudtrail` resource (https://www.terraform.io/docs/providers/aws/r/cloudtrail.html)
            

IoT & WebThings

Chaos Engineering: Chaos Testing Your HTTP Micro-Services