Episode 353
Too Many Containers
January 25th, 2018
43 mins 8 secs
Tags
About this Episode
We introduce you to Kubernetes, what problems it solves, why everyone is talking about it, and where it came from. Also who shouldn’t be using Kubernetes, and the problems you can run into when scaling it.
Plus how you can store files in others DNS resolver cache, Project Zero finds a new BitTorrent client flaw, and more.
Episode Links
- DNSFS. Store your files in others DNS resolver caches — The DNSFS code is a relatively simple system, every file uploaded is split into 180 byte chunks, and those chunks are “set” inside caches by querying the DNSFS node via the public resolver for a TXT record. After a few seconds the data is removed from DNSFS memory and the data is no longer on the client computer.
- BPF - the forgotten bytecode — BPF is an absolutely marvelous and flexible way of filtering packets.
- dnsfs: Store your data in others DNS revolvers cache — Store your data in others DNS revolvers cache
- Unauthenticated LAN remote code execution in AsusWRT — However due to a number of coding errors, it is possible for an unauthenticated attacker in the LAN to achieve remote code execution in the router as the root user.
- AI is moving towards acceptance in cyber security, says Check Point — Artificial intelligence is well on its way to being a useful tool in the cyber security professional’s kit, but according to Check Point, there are still big challenges to overcome.
- Alphabet is launching a new CyberSecurity unit. — Alphabet, the parent company of Google, announced today that they will be launching Chronicle, a new business unit that will focus on Cyber Security, using their servers and infrastructure. The new organization hopes to focus on machine learning and artificial intelligence to assist in the fight against cybercrime moving forward.
- Google Project Zero claims new BitTorrent flaw could enable cyber crooks get into users' PCs — According to Project Zero, the client is vulnerable to a DNS re-binding attack that effectively tricks the PC into accepting requests via port 9091 from malicious websites that it would (and should) ordinarly ignore.
- CVE-2018-5702: Mitigate dns rebinding attacks against daemon by taviso · Pull Request #468
- Blizzard Fixes DNS Rebinding Flaw that Put All the Company's Users at Risk
- What is DNS rebinding, in layman's terms?
- An Introduction to Kubernetes — Kubernetes, at its basic level, is a system for managing containerized applications across a cluster of nodes. In many ways, Kubernetes was designed to address the disconnect between the way that modern, clustered infrastructure is designed, and some of the assumptions that most applications and services have about their environments.
- What is Kubernetes? — Kubernetes was originally developed and designed by engineers at Google. Google was one of the early contributors to Linux container technology and has talked publicly about how everything at Google runs in containers. (This is the technology behind Google’s cloud services.) Google generates more than 2 billion container deployments a week—all powered by an internal platform: Borg. Borg was the predecessor to Kubernetes and the lessons learned from developing Borg over the years became the primary influence behind much of the Kubernetes technology.
- Scaling Kubernetes to 2,500 Nodes — We’ve been running Kubernetes for deep learning research for over two years. While our largest-scale workloads manage bare cloud VMs directly, Kubernetes provides a fast iteration cycle, reasonable scalability, and a lack of boilerplate which makes it ideal for most of our experiments.
- Feedback: Talk more about Windows — I listened to your intro to change management and it seemed like it will be very Linux centric ("everything is she"). I'm future segments, please try to include windows desktop and server OS as well.
- Question: Starting with Ansible Quick — Are there any way to get started other than writing a playbook and trying it out with trial and error?
- Ansible Best Practises: A project structure that outlines some best practises of how to use ansible — A project structure that outlines some best practises of how to use ansible
- ansible-console: An Interactive REPL for Ansible — omething found out recently is that Ansible has an interactive REPL of sorts in ansible-console for doing some adhoc things on a collection of hosts.
- Introduction To Ad-Hoc Commands — Ansible Documentation — An ad-hoc command is something that you might type in to do something really quick, but don’t want to save for later.
- About the security content of macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan - Apple Support — This document describes the security content of macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan.