TLDR DevOps 2024-10-07

The fastest way to run Dev Container locally (and in the cloud) (Sponsor)

No more 'works on my machine' issues or dev environment headaches. Gitpod Flex brings automated, standardized development environments to your laptop—and the cloud.

Describe your dev-environment-as-code and streamline development workflows with automations:

Try Gitpod Flex for free: self-host in your cloud in under 3 minutes, or run locally on Gitpod Desktop.

📱

News & Trends

Fresh crop of startups takes on infrastructure-as-code toil (2 minute read)

The shift from DevOps to platform engineering is driving the need for more efficient and visual IT automation methods as traditional infrastructure as code (IaC) struggles with scalability and complexity. New vendors like System Initiative propose innovative solutions, such as a visual interface that eliminates the reliance on IaC tools, that aim to streamline deployment processes and enhance productivity in cloud-native environments.

Mitmproxy 11: Full HTTP/3 Support (3 minute read)

Mitmproxy 11 introduces full HTTP/3 support and significant DNS enhancements, including extended query types and improved DNS-over-TCP support. Developed by Gaurav Jain for the Google Summer of Code, this version also adapts to privacy advancements like Encrypted Client Hello by stripping ECH keys to facilitate continued functionality.

🚀

GenAI Experiments: Monitoring and Debugging Kubernetes Cluster Health (6 minute read)

Intuit's platform engineers face challenges managing their 325+ Kubernetes clusters due to alert overload and the complexity of debugging. By integrating GenAI tools like k8sgpt and creating Cluster Golden Signals for better detection, debugging, and remediation, they are streamlining the on-call experience and improving issue resolution times.

How to get started with automatic password rotation on Google Cloud (2 minute read)

This is a guide from Google Cloud on automating password rotation using Secret Manager and Cloud Functions, which reduces the risks associated with manual processes. It outlines a reference architecture for automating password changes specifically for Cloud SQL that can be applied to other systems and secrets.

How to use Prometheus to efficiently detect anomalies at scale (7 minute read)

Grafana Labs has introduced an open-source PromQL-based anomaly detection framework designed to operate without external systems and perform efficiently at scale. It offers a solution for quick incident resolution by providing critical context through adaptable anomaly bands and accommodating for long-term patterns.

🧑‍💻

October is cybersecurity awareness month—there's no better time to brush up on your API security (Sponsor)

APIs are everywhere in modern software development. Are yours secure? Security Journey is offering free training programs for developers who work with APIs. Through a combination of video lessons and hands-on sandbox exercises, learners will gain the knowledge and skills needed to identify, exploit, and defend against API security vulnerabilities in real-world scenarios. Get free access

Hoarder (GitHub Repo)

Hoarder is a self-hostable app that allows data enthusiasts to bookmark links, take notes, and store images and PDFs. It features AI-powered tagging and full-text search capabilities.

Everest (GitHub Repo)

Percona Everest is an open-source, cloud-native database platform designed to help developers swiftly deploy code, efficiently scale deployments, and minimize database management burdens while enhancing control over data, configurations, and costs.

🎁

Miscellaneous

Threat Actors leverage Docker Swarm and Kubernetes to mine cryptocurrency at scale (3 minute read)

A new cryptojacking campaign is targeting the Docker Engine API, allowing lateral movement to Docker Swarm, Kubernetes, and SSH servers. The threat actor is using Docker Swarm's orchestration for command and control and hosting malicious images on Docker Hub. There are indications that they are also targeting GitHub Codespaces infrastructure.

Memory Leak Issues Are not always Memory Leak (3 minute read)

Faced with scaling issues due to Java's heap memory not being returned to the OS, developers switched to ShenandoahGC before ultimately upgrading to JDK 17, which allowed a return to G1 GC, improving both performance and memory management.

Exploiting Visual Studio via dump files - CVE-2024-30052 (12 minute read)

This blog post discusses the CVE-2024-30052 vulnerability in Visual Studio, which allows arbitrary code execution through specially crafted dump files, leading to severe security risks, and highlights the steps taken to report and mitigate the issue with Microsoft.

⚡

How to Build an Internal Developer Platform Like a Product (4 minute read)

Platform engineering requires a mindset shift to treat internal developer platforms as products, focusing on developer needs and experiences.

Confusing or misunderstood topics in systems programming: Part 0 (7 minute read)

This blog series explores complex topics in Linux systems programming for beginners and transitioning web developers.

Love TLDR? Tell your friends and get rewards!

Share your referral link below with friends to get free TLDR swag!

Want to advertise in TLDR? 📰

If your company is interested in reaching an audience of devops professionals and decision makers, you may want to advertise with us.

If you have any comments or feedback, just respond to this email!

Thanks for reading,
Kunal Desai & Martin Hauskrecht