1 minute read

(I wrote this last week, and only now realised I didn’t sent it. In case you were wondering how Log4Shell scrabbled my brain last week.)

A shout out to everyone working over this weekend on mitigating the impact of Log4Shell, especially to the Log4J maintainers.

StackHawk sponsors Devops Weekly

Tune in on the 14th of December as StackHawk and Snyk show you how to leverage developer-friendly security tooling in your CI/CD pipeline. Register now:
https://sthwk.com/aws-live-hack

News

We have another internet-breaking vulnerability. Log4Shell is a full remote code execution vulnerability in the popular Log4J logging package for Java.
https://snyk.io/blog/log4j-rce-log4shell-vulnerability-cve-2021-4428/

Incidents happen to everyone. How well you learn from them though is a mark of a good team. This comprehensive guide should help you improve your processes around everything post incident.
https://www.jeli.io/howie-the-post-incident-guide

Running any service at scale invariably means considering the storage, compute and networking implications. A good post on scaling Kafka, taking into account how using cloud services changes things.
https://www.honeycomb.io/blog/scaling-kafka-observability-pipelines/

A nice walkthrough of setting up a monitoring stack with Prometheus, Grafana and Traefik using Docker Compose. Ideal for developers to learn more about monitoring.
https://medium.com/@evgeniyfirstov/application-monitoring-with-traefik-prometheus-grafana-and-docker-compose-for-beginners-2fe25d1b60a8

A wide-ranging interview, covering data architecture, team structure, no/low code and more.
https://www.opslevel.com/blog/opslevel-diederik-van-liere/

Lots of folks are experimenting with moving workloads to ARM. This post shows how to migrate a Docker-based application, using buildx to create multi-architecture images.
https://medium.com/@tomwillfixit/migrating-a-dockerized-gitlab-chat-bot-to-arm-in-an-afternoon-9324dc43480d

An introduction to a coming soon commercial services, but some interesting arguments in this post about why SQL might be a good user interface for managing cloud infrastructure.
https://blog.iasql.com/intro-iasql/

Apache is a mainstay of the web server world, and still widely used in lots of places. This post covers in detail how to read the various log files Apache generates, and how to interpret the results.
https://sematext.com/blog/apache-logs/

Tools

Soft Serve is an interesting project that provides a self-hosted Git server, with a nice built-in terminal user interface.
https://github.com/charmbracelet/soft-serve

Querying cloud resources is a problem lots of folks are playing with solutions for at the moment. Cloud Wanderer allows for exposing AWS data in AWS Neptune and querying using the Gremlin graph query language.
https://www.cloudwanderer.io/
https://github.com/CloudWanderer-io/CloudWanderer

Logpaste is a simple service you can run for those times when you want to easily share log file snippets or other text.
https://github.com/mtlynch/logpaste

Updated: