Welcome to Sleepless Links! From time to time I’ll share a curated set of links to blogs, news stories, product information, etc. that have caught my attention. I find that it’s useful to provide the links with a small amount of context so that you, the reader, don’t have to blindly click the link without knowing why I found it interesting.
Below is the curated list for the week ending March 6th, 2022:
The power consumption of data centers is well-known, but I had less familiarity with some of the other ecological concerns covered in The Staggering Ecological Impacts of Computation and the Cloud at MIT Press.
A long read, but Yanis Varoufakis on Crypto & the Left, and Techno-Feudalism covers a lot of important ground. Well worth the time investment. Excellent insights from someone who has been on the inside of both a national economy (former Finance Minister of Greece) and the gaming/virtual world (Economist-in-Residence at Valve). The discussion of Bitcoin as a (not) viable currency boiled down: “In short, just like gold, Bitcoin is eminently… abandonable (once it has done enormous damage).”
It shouldn’t be surprising that Application modernization makes a dent in the technology universe. A very obvious result in my experience has been a tremendous improvement in observability and monitoring. Compared to even just a few years ago our app teams have far more insight into what’s happening within their stacks than they ever have.
Personally, I find this premise a bit absurd. Amazon’s Devoted Cloud Customers Face A Decision After Outages: Leave, Stay Or Diversify? The choice here is not ternary, and the consideration is also not single-source cloud provider vs. multi-cloud. Shining the light on the importance of good systems architecture.
Lots of things to take away from 10 real-world stories of how we’ve compromised CI/CD pipelines. Our CI/CD pipelines are critical enterprise functions and they should be treated and protected as such. The majority of these 10 examples result in credential/secrets exposure.
These two posts by Marc Brooker provide some good thinking aroud the topics of application Circuit Breakers and Retries: Will circuit breakers solve my problems? and Fixing retries with token buckets and circuit breakers. A key unstated point to take away is the hard problem of knowing where your circuit breakers should be located, especially in systems that are distributed and/or sharded.
I’d never advocate for condensing your entire work and home life into a 747sqft space, but What I Learned by Moving My Office Home shows that it can be done if you really put your mind to it.
I love the notion of The Intention put forth in this post by Cate Huston. Key insight: “…we over-estimate what we can do in a day, and under-estimate what we can do in a year.”
Pets and Cattle redux by Chris Evans in Kubernetes Clusters – Pets or Cattle? I’m going to stand firm on an assertion that you must be able to recreate your environment from scratch through automation, period. Equivocation on this will create gaps and inability to recover in the event of disruption.
Great backgrounder on the challenges faced by Russian aggressors in Ukraine in Feeding the Bear: A Closer Look at Russian Army Logistics and the Fait Accompli. As they say, “Amateurs talk about tactics, but professionals study logistics.” (usually attributed to Gen. Robert H. Barrow, USMC)
None of the statistics from this are terribly surprising: Salt Security State of API Security Report Reveals API Attacks Increased 681% in the Last 12 Months. One thing it does highlight well in my opinion is that API security (and security for any service exposed publicly to be honest) can’t be just and InfoSec responsibility or just a Dev/DevOps responsibility. Collaboration is critical.
It’s sponsored content, but nevertheless a good Zero Trust overview by Armon Dadgar of Hashicorp: What business leaders need to know — and do — about zero-trust security.
That’s it for this week - happy reading!
Comments