Again: There is no attack surface as good as NO attack surface

Here is another reminder about why simple base images are more secure.  The new word for smaller, simpler, more secure base images is "quiet" because they flag fewer false positives in security scanners, are easier to maintain, and typically contain fewer security flaws.

In software & information security, as in software design, simplicity is paramount.  Whenever I read criticisms of microkernels or minimal docker images that do not separate kernel from user space with enough security layers or "security issues" in tiny distros that don't do enough to assure UID 0 separation from unprivileged UIDs, I shake my head.  If your docker container has a remote execution exploit such that bad actors can use all of its resources to access and launch further attacks, none of these "security vulnerabilities" matters.  Even the workhorse 106KB small 300+ commands BusyBox that I personally use frequently can be secured.  In real estate your top three priorities are "Location, location, location." In software design and in software security, the top three priorities are: "Simplify, simplify, simplify."

Better Outline of New Hire Documentation for Developers

Wow!  This "Reverse Onboarding" (as my buddy called it) list of 20 questions a developer should ask when she joins a new team is a fantastic outline for new-hire onboarding and a great, prioritized checklist for getting settled into a new team. 

Take Back the Sky by Greg Bear

This conclusion to the trilogy is not bad but not great.  None of the main characters, even those with super-powers, has any agency or power over their situations in the entire story. The space opera in the outer solar system is interesting and fun; the characters are great but they are all powerless. 3/5 Stars.

Firewalkers by Adrian Tchaikovsky

The author writes well and is very imaginative.  I enjoyed all of the other books I have read by him. This one is not good.  I did not like any of the characters or care about their situations.  The awe-and-wonder space opera at the very end was good but the rest of the story is bad, 1/5 Stars.

Flux vs Argo && Flux with Helm

Here is a short, useful comparison of the strengths, weaknesses, and capabilities of the Flux family of gitops tools versus the Argo family.  Although it appears to me that Argo is currently a little better, flux is catching up quickly and has a few other advantages.

And here is an interesting, in-depth video of using flux with helm.

kubernetes configuration drift minimization oppa gitops style

Over the past four decades, large-scale infrastructure consistency management people have continually re-discovered the inevitable entropy of "drift," wherein your pristine, uniform system configurations somehow get out-of-sync with reality.  Dozens of patterns, tools, and approaches have been tried and almost all are (still) running in large data centers to combat these misconfigurations. And, of course, new tools are emerging and older tools are adding more drift minimization features (e.g. salt) as they evolve.

Madhura Maskasky (co-founder of Platform9) has proposed an interesting approach using gitops and a role-based access control (RBAC) templating system to minimize kubernetes cluster drift.  Because kubernetes cycles pods continuously, and configuration deployment is exclusively from git, a significant amount of drift is reduced for "free," without adding another tool.

Drift minimization oppa gitops style.

Quis Custodiet Ipsos Custodes?

Here is an interesting take on detecting issues in the monitoring service and alerting the on-call person. Miedwar explained that their original method was simple and good enough: An AWS Lambda function periodically triggers and sends an HTTP health request to Grafana via proxy. When the health check fails, it triggers an incident in PagerDuty.  Elegant, independent, simple, pretty good. Why change?  It cannot see past failures between polling intervals. Their proxy is a single point of failure (SPOF).  Their new "trigger unless the system claims it is healthy" design resolves both problems and is just as simple.

For the Latin impaired, the title means "Who watches the watchmen?"

Camille Fournier explique 20 mesures d'un supérieure développeur de logiciels

Another great blog post from my buddy about measurements for differentiating  characteristics of a  senior software engineer.  The title of this entry is in french because the author's name is Camille Fournier.

another take on client retry logic

When clients have no visibility into global state (all clients' latencies & failure rates), there are simple heuristics we use for retry logic.  Marc Brooker introduces another approach (circuit breakers) that can be useful for certain statistical distributions of low client failure rates, especially under high server load.

Should we meet?

I saw this 20-second decision making tool (and flowchart) on my friend's blog and had to share.  Do we need a meeting?