DEVOPS WEEKLY ISSUE #652 - 25th June 2023
Monitoring. AI developer tools and AI mode vulnerabilities. DNS (always DNS). And an interesting survey focused on SRE to read and participate in.
StackHawk sponsors Devops Weekly
[June 27] Securing GitOps Pipelines: Open Source, Vendors, and Getting Things Done. StackHawk champion James Berthoty is speaking at DevSecCon24 to discuss security in pipeline, open source vs. vendor tools, fixing security findings, and measuring success.
https://sthwk.com/Securing-GitOps-Pipelines
News
An interesting report based on a survey of SRE practitioners, correlating several behaviours to elite behaviours. The new survey is open for next year’s survey.
https://www.catchpoint.com/asset/2023-sre-report
https://www.catchpoint.com/sre-survey
Monitoring is invariably harder than it looks for any non-trivial systems. This post looks at the problems with logs, metrics and tracing tools.
https://matduggan.com/were-all-doing-metrics-wrong/
AVID is an AI Vulnerability Database, looking at failures in models. The start of a taxonomy of failure modes, and a database of specific failures. Likely to be an important area of research.
https://avidml.org/
Continuing this long-running series, this post explores naked domains. Some interesting
stats, including that almost three quarters of all domains are IPv4 only.
https://www.netmeister.org/blog/naked-domains.html
Tools
Rift is a language server and IDE extension that exposes interfaces for code transformations and code understanding, aiming to integrate with open source AI models to provide a base for AI-assisted software development.
https://github.com/morph-labs/rift
M3s is a tool for running a Kubernetes cluster under Apache Mesos/ClusterD.
https://github.com/m3scluster/m3s
https://m3scluster.github.io/m3s/
DevPod is an open source tool for managing repeatable development environments. It works locally, as well as on top of Kubernetes or a cloud environment.
https://devpod.sh/