Plus the biggest stories out of Kubecon, and serverless gets serious.

Links:

• Everything that was announced at KubeCon
• CNCF to Host etcd — The Cloud Native Computing Foundation Technical Oversight Committee voted to accept etcd as an incubation-level hosted project.
• Introduction to Knative — Knative is a framework from the folks at Google and Pivotal focused on “serverless” style event driven functions.
• IBM Embraces Knative to Drive Serverless Standardization — Knative is not the first open-source functions-as-a-service effort that IBM has backed. Back in 2016, IBM announced the OpenWhisk effort, which is now run as an open-source project at the Apache Software Found.
• How Google Is Improving Kubernetes Container Security — "We go beyond what's in open source and put additional restrictions in place to secure users"
• Demystifying Kubernetes CVE-2018-1002105 — With a specially crafted request, users that are authorized to establish a connection through the Kubernetes API server to a backend server can then send arbitrary requests over the same connection directly to that backend, authenticated with the Kubernetes API server’s TLS credentials used to establish the backend connection.
• The silent CVE in the heart of Kubernetes apiserver
• Crossplane: An Open Source Multicloud Control Plane
• security.christmas — This year we will prepare you for the Christmas celebration, by giving you small presents of knowledge every day, which will teach you about the world of security.
• Introducing the Helm Hub — This hub provides a means for you to find charts hosted in many distributed repositories hosted by numerous people and organizations.

Plus some good news for OpenBGP and the wider internet community, and a handy tool for inspecting docker images.

Links:

• Firecracker – Lightweight Virtualization for Serverless Computing — Firecracker is an open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant containers and functions-based services.
• Firecracker — Firecracker is an open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant containers and functions-based services.
• Firecracker Design Docs
• Firecracker Roadmap
• QEMU — QEMU is a generic and open source machine emulator and virtualizer.
• Qemu : Security vulnerabilities
• VENOM Vulnerability — VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host.
• s2n — s2n is a C99 implementation of the TLS/SSL protocols that is designed to be simple, small, fast, and with security as a priority.
• OpenBGPD - Adding Diversity to the Route Server Landscape — Thanks to the RIPE NCC Community Project Fund we were able to revive the OpenBGPD daemon and bring more diversity to the Route Server landscape.
• OpenBGPD — OpenBGPD is a FREE implementation of the Border Gateway Protocol, Version 4. It allows ordinary machines to be used as routers exchanging routes with other systems speaking the BGP protocol.
• LSI Questions from Anton
• ServeTheHome
• Sennheiser Headset Software Could Allow Man-in-the-Middle SSL Attacks — When users have been installing Sennheiser's HeadSetup software, little did they know that the software was also installing a root certificate into the Trusted Root CA Certificate store.  To make matters worse, the software was also installing an encrypted version of the certificate's private key that was not as secure as the developers may have thought.
• evilginx2: Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
• dive: A tool for exploring each layer in a docker image