2021-08-01 4 min read WelcomeLet’s build some stuff. Today on AWS(EKS). Today with popular solutions and almost without coding(in YAML). Today focus on speed and simplicity. Additionally no CI/CD.ComponentsI will keep it simple.Terraformaws clidockerhelmcurldig, kubectl, emacsBuilding infrastructureSetupFirst steps. I need to build some infrastructure. As almost everyone use Terraform for building and managing resources I decided to use it too. Based on Terrafrom EKS module I’ve created a sample manifest. Also, I decided to add ECR and configure output in a specific way.# I'd like to have control plane endpoint output "cluster_endpoint" { description = "Endpoint for EKS control plane." value = module.eks.cluster_endpoint } # get kubectl config based on cluster_name output "cluster_name" { description = "Name of created cluster" value = local.cluster_name } # upload to ECR with dynamic name output "ecr_url" { description = "URL of ECR registry" value = aws_ecr_repository.ecr.repository_url } # also region could be dynamic output "region" { description = "AWS region." value = var.region } Variables.tf and main.tf weren’t very interesting, so it will be pushed to the repo.Commands flow# get modules terraform init # take a look at plan, if it's correct go-ahead terraform plan | less # this step will take some time to finish. (9:33.03 total) # if correct enter yes or terraform apply -auto-approve terraform apply Kubectl and ECRIs anybody there?After successful cluster creation, we could want to check if the cluster is running. First I need to update my kubeconfig for the purpose of cluster authentication. For this event, I will AWS CLI and kubectl.# variables are based on Terraform outputs aws eks update-kubeconfig \ --region $(terraform output -raw region) \ --name $(terraform output -raw cluster_name) Docker loginNow I need to login into ECR and push some images.aws ecr get-login-password \ --region $(terraform output -raw region) \ | docker login --username AWS \ --password-stdin $(terraform output -raw ecr_url | cut -d'/' -f1) Then I can push an awesome Nginx image to ECR.docker tag nginx:latest $(terraform output -raw ecr_url):1.0.0 docker push $(terraform output -raw ecr_url):1.0.0 HelmingAfter all this preparation we can finally deploy an app. For this process I decided to use helm. It’s a standard, very popular, and flexible solution. Again Helm Chart is attached to the repository. There is no hack or magic - just boring templates.Command flow# dry run helm template -f --dry-run # for example # helm template example-app -f example-app.yaml --dry-run ./example-app # install chart helm install -f --namespace # for example # helm install example-app -f example-app.yaml --namespace example ./example-app # upgrade app helm upgrade --set.image= # for example # helm upgrade example-app ./example-app --set=image.tag=2.0.0 DNSNow all I need is a DNS record change. Ah, I forgot about LoadBalancer. For this article, I’m using LoadBalancer. After adding a service ELB provides an AWS endpoint for our application. My primary domain 3sky.dev is delegated to CloudFlare,

IBM cloud has experienced a significant Severity One outage – the rating Big Blue uses to denote the most serious incidents that make resources in its cloud unavailable to customers. The impact was indeed severe: IBM stated that users might not be able to access its catalogue of cloudy services or provision affected services. Speaking of which, there were 23 – among them Cloud Object Storage, Block Storage Snapshots for VPC, Load Balancers and virtual private networks. In other words, some basic building blocks of enterprise IT that clouds are supposed to be able to scale as and when you – or your infrastructure-as-code – need more resource. Emails sent to IBM customers and the company's incident customer portal offered differing timelines for the incident. Emails state 16:41 UTC on August 2nd as the moment IBM started investigating the issue, but the portal's first listed action is ongoing probes as of 20:56. The timelines converge at 21:24 when mitigation commenced, before resolution at 00:54 on August third. IBM's cloud endured a similar outage on Sunday, and some of the services that could not be provisioned over the weekend were also down today. Big Blue's Cloud Console was among the weekend casualties. IBM Cloud’s biggest region hit by five-hour Severity One brownout IBM Cloud resets ‘Days Since Last Major Incident’ clock to zero – after just five days Big Blue services enjoy a lie-in: IBM cloud gets the Monday blues and its customers won't have been happy either IBM also had an outage on July 22nd when users were unable to log on to its cloud, and experienced similar outages on April third, April 26th, and May 31st. The company told The Register the July outage was due to the temporary demise of Akamai Edge DNS. In June 2020, IBM's cloud went down so hard even its self-hosted status page was unavailable. The Register asked IBM if it is working to ensure its cloud will not fall victim to single points of failure — be they at Akamai, in-house or elsewhere. The company did not reply to our queries. The upshot is that IBM has twice in two days been unable to present its cloud catalogue to users or ensure they can provision all services. Yes, the same IBM that has bet its business on hybrid clouds. IBM is not alone in having big problems, though. Google Cloud has also experienced outages in recent days. The company's Component Access Gateway produced errors for nearly two days, and last week users suffered through three days and ten hours of trouble during which it was not reliable to provision the persistent SSDs in four US-based regions. That meant users could not create new resources in Google Compute Engine, Google Kubernetes Engine, Cloud Composer, Cloud SQL, Cloud Dataproc, and Apigee X. Again, that's so not the "what you need, as soon as you need it" experience promised by elastic public clouds. ®

A mysterious, one-letter npm package named "-" sitting on the registry since 2020 has received over 700,000 downloads. What's more? The package contains no functional code, so what makes it score so many downloads? Inside the npm package "-" An npm package called "-" has scored almost 720,000 downloads since its publication on the npm registry, since early 2020. There's only one version of the package: 0.0.1 and it contains three files: tar tvf 0.0.1/--0.0.1.tgz package/dist/index.js package/package.json package/README.md Inside these files—mainly the manifest (package.json) and index.js, there is nothing phenomenally interesting, just skeleton code. The manifest does pull in a bunch of development dependencies (devDependencies) and invokes some commands on the "ts-node" component, but that's about it. It's practically dead code, for now: The index.js file and the manifest file (package.json) of "-" (BleepingComputer) "-" is used by over 50 packages It gets even better. The practically useless package "-" serves as a dependency for over 50 npm packages, without a clear explanation: npm package "-" is used by 56 packages (npmjs.org) But most of these dependencies have no more than a few dozen weekly downloads. So, how is it that "-" has scored almost 720,000 downloads? It is plausible the package gets pulled in when someone is running npm commands from terminal, and makes typographical errors. For example, to install an npm package called "somepackage," you'd have to run: npm i somepackage What if you were specifying a few flags, but made a mistake. For example: npm i - someFlag somepackage The space between the "-" and someFlag may cause npm to pull in "-" as the package with that name does exist. It's therefore plausible that the package's thousandfold download counts are a result of developers making typos. And similarly, when adding dependencies to package.json via command-line, it isn't too hard too see how a "-" could slip in by error. In a test, BleepingComputer, ran the following command, with the intention of downloading "somepackage" and "axsharma" from npm. But notice the intentional typo, an extra "-" before the "--save" flag: npm install somepackage axsharma - --save Unsurprisingly, both the resulting file package-lock.json and the node_modules/ folder contained the "-" package, explaining how it could slip into your dependencies in the real world: Generated node_modules folder and package-lock.json file contain "-" package (BleepingComputer) BleepingComputer reached out to the package's author Dmitry Parzhitsky with some questions, like, why was this package created. But, we haven't heard back. The package's creation itself could be accidental or caused by a test script that finished prematurely. Both the README.md file included within the package and the package's npm page indicate "-" was generated by a script: README file for "-" (BleepingComputer) Suffice to say, while there is nothing right now in "-" that indicates it is malicious, we don't know what the next version of "-" could look like, should it be released. Other examples of single-letter packages, or those resembling np

For years I’ve looked forward to seeing each new unofficial hardware badge that comes out of the #Badgelife powerhouse known as AND!XOR. A mix of new and interesting components, alternate-reality game, and memes, you never know what they’re going to throw down. A bubble pack landed on my desk on Thursday with the newest offering, the AND!XOR electronic badge built for DEF CON 29, happening this weekend as a hybrid in-person and online conference. While each previous year upped the ante on complexity and manufacturing magic tricks, it’s no surprise considering the uncertainty of both the global pandemic and global chip shortage that they took a different tack. What we have here is a badge hacking puzzle that challenges you to just figure out how to put the thing together! The Hardware Unpacking the badge it is clear that this is a solder kit. In addition to the main PCB and four daughter PCBs, there’s a small zipper bag of components in tape, along with two coin cells, a battery holder, and a beautiful color lanyard. You’ve got to put all of this stuff inside of a package to ship it, so the meme factory decided to roll out a pack of “Damonitos”, a play on Doritos-brand corn chips and the badge collective’s recently adopted hashtag-mascot, Matt Damon. I haven’t asked why and neither should you. The thing is, there’s nothing programmable here; through and through this is a hardware badge. I’ll dive into the assembly details later on, but this looks like surface mount resistors, capacitors, and transistors, and one through-hole trimpot. It’s a clever way to sidestep the problem of reliably sourcing microcontrollers in any kind of volume in 2021. The boards themselves are obviously the “After Dark” treatment of OSH Park (and sure enough, their logo is on the back of the board). The iconic treatment uses black substrate (the board itself), clear solder mask to let the copper traces show through, ENIG plating for golden pads, and white solder mask. The Assembly Puzzle I think AND!XOR is hands-down the best at documenting their badges, but within a limit of the puzzles they design into them. In this case, most people would reach for the schematic and begin putting paste on the board for assembly. But head over to their project page and you’ll find no such resources available. What you will find is encouragement to break the glyph cipher used as component reference next to each footprint on the back of the board. There are sixteen icons used in the key, which strikes me as nice number for hex-values, but I’m just spitballing. I have not yet had time to start work on this challenge, but it’s all I want to do right now. Not great for the outlook on getting my actual work done, thaaaaaanks AND!XOR. Three-legged footprints are easy enough to figure out, but two different tape strips of transistors have me thinking that you’ll need to establish PNP versus NPN. Even if you get that sorted out, and crack the code on resistor values, there’s also a routing puzzle afoot. The daughter PCBs themselves are an interesting part of the challenge. The front of each has two face

Arik Kershenbaum, a zoologist and animal communications researcher at the University of Cambridge, thinks that the evolutionary forces that shape life on Earth will produce many similar features in extraterrestrial life.The laws of physics and biomechanics constrain the ways that animals can conceivably evolve mobility on this planet. “And so we can expect these constraints to be operating everywhere in the universe,” Kershenbaum said.You’re arguing that wherever organisms confront similar environmental challenges, they may come up with similar adaptive solutions. And you expect to see this throughout the universe? Consider flight, since that’s the most famous example of convergence. If you live on a planet with an atmosphere, or even with an ocean or some other fluid, if you want to get from one place to another through that fluid, there’s only a handful of ways to do it. You can jump. You can float, if you’re lighter than the medium that you’re in. The only other way is aerodynamically, with a wing, to generate lift. Those are the mechanics of moving through a fluid medium. On Earth, flight evolved four different times in four different groups: in birds and bats and pterosaurs and insects. The fact that they all use wings isn’t because they evolved on Earth; it’s because it was advantageous to fly, and wings are just about the only way to fly. And so we can expect these constraints to be operating everywhere in the universe. How far can that insight take us, though? As you said, organisms anywhere that need to fly are likely to evolve wings. But the wings of bumblebees, bluebirds and bats are very different. Yes, bat wings and bee wings are different, but only in detail, not in principle. Both consist of a membrane supported by rigid structures. Both generate lift by creating airflow over that membrane. In fact, the main difference between bee wings and bat wings is not in their structure, it’s in the way they use them. The small size of insects means that they cannot simply flap their wings like bats and expect to fly. They need to buzz, generating lift both on the forward stroke of their wings and on the backward stroke — something that neither birds nor bats do. So rather than the diversity of implementations on our planet confounding our comparisons, we can actually be more confident about our predictions, because we can see how tightly constrained these solutions really are. Yes, birds, bats and bees have different wings, but they’ve all achieved the same end result — an aerodynamic wing — despite the hugely different physical constraints acting on them. Coincidences of evolutionary (and even cosmic) history will always affect the details of animal shape and appearance. We have four limbs only because it was a four-finned fish that crawled out of the sea almost 400 million years ago. We could easily have had six limbs, or even eight, if evolutionary history had played out differently. So there will never really be close similarity between us and our equivalent species on an alien planet. But some things are just so tightly constrained that there aren’t really many alternative ways to do things. Stephen J

The concept of a new media ecosystem that's non-profit, publicly funded and tech-infused is drawing interest in policy circles as a way to shift the power dynamics in today's information wars.Why it matters: Revamping the structure and role of public media could be part of the solution to shoring up local media, decentralizing the distribution of quality news, and constraining Big Tech platforms' amplification of harmful or false information.Flashback: Congress in 1967 authorized federal operating money to broadcast stations through a new agency, the Corporation for Public Broadcasting, and what is now PBS launched down-the-middle national news programming and successful kids shows like "Mr. Rogers' Neighborhood" and "Sesame Street." NPR was born in 1971. Despite dust-ups over political interference of national programming and funding, hundreds of local community broadcast stations primarily received grants directly to choose which national programs to support. Driving the news: A new policy paper from the German Marshall Fund proposes a full revamp of the CPB to fund not just broadcast stations, but a wide range of digital platforms and potential content producers including independent journalists, local governments, nonprofits and educational institutions. The idea is to increase the diversity of local civic information, leaning on anchor institutions like libraries and colleges that communities trust. Beyond content, the plan calls for open protocol standards and APIs to let consumers mix and match the content they want from a wide variety of sources, rather than being at the mercy of Facebook, Twitter or YouTube algorithms. Data would be another crucial component. In order to operate, entities in the ecosystem would have to commit to basic data ethics and rules about how personal information is used. "It's about power. We don't want government to tell the platforms what to do, but we don't want the platforms to have the power to deplatform" and decide which voices get heard, said Ellen Goodman, co-author of the report, a professor at Rutgers Law School, and founder and director of the Rutgers Institute for Information Policy & Law."No one thinks the most efficient way to do things was to have a gazillion broadcast stations, but it was to decentralize power. So what would that look like on the internet?"Reality check: Allowing people to "tune" their own content preference dials could exacerbate filter bubbles.Still, the authors say the involvement of local trusted institutions in the creation and amplification of civic information — from public health updates to local election news — could improve people's overall media diet and exposure "so it's not just a battle of government vs. platform," Goodman said. The big picture: More broadly, new models of non-profit media are gaining traction.The Local Journalism Sustainability Act takes a different approach to the government grant model. The bill would, for example, give a tax credit to people who donate to nonprofit newsrooms, or to small businesses who buy advertising at a nonprofit outlet. What they're saying: "There absolutely has to be a much bigger role for nonprofit media, with publ

Happiness Engineer As a Happiness Engineer, you love helping people. Transforming publishing on the web is no small task. Our goal is to build relationships based on trust, resulting in happy, passionate, loyal customers and colleagues. We do this by listening to our customers’ needs and guiding them to the fullest use of the products we offer. We are looking for people with the right mix of compassion, writing skills, and technical knowledge to get the job done. Are you interested in learning more about how our team works? Check out what Happiness Engineers have to say about their work. In general, a typical day involves: Being an active member of a global team that provides 24/7 support via live chat, tickets, one-on-one screen share sessions, and forums.  Helping people use Automattic’s products, including WordPress.com, WooCommerce, Jetpack, Tumblr, and more. Troubleshooting, investigating, and creating detailed bug reports. Building a community of support by sharing knowledge and helping team members around the world. Being a Happiness Engineer requires: Mid to high proficiency with WordPress, HTML, and CSS. Experience providing technical support to customers, particularly via live chat, tickets, telephone, or forums. Excellent written and communication skills, with a knack for taking technical language and making it understandable for the general public. A passion for solving challenging problems and proposing elegant solutions. Solid ability to identify and accurately document technical issues. An intense intellectual curiosity and an eagerness to share knowledge with others. Patience, grace, and a sense of humor. Happiness Engineers must be fluent and eloquent in written English. If you know additional languages, please be sure to tell us. An ideal candidate: Has created three or more WordPress websites. Has experience installing and configuring WordPress plugins and themes. Is adept at troubleshooting technical issues. Has experience creating bug reports. Has experience providing technical support to customers via telephone, tickets, live chat, or forums. HOW TO APPLY Write a cover letter to let us know what you can contribute to the team. Proofread! Make sure you spell and capitalize WordPress and Automattic correctly. Please upload your cover letter and resume as PDFs.Also, in your cover letter, you must respond to one of the following prompts: Tell us about a recent experience you had with technical support. What went well? What would you do differently (if anything)? Tell us three interesting facts you'd share over a meal at the Grand Meetup. Tell us about a recent technical problem you encountered and how you resolved it. Note: Applications that are not complete or that fail to follow directions in this job ad will not be considered. About Automattic We are the people behind WordPress.com, WooCommerce, Jetpack, Tumblr, Simplenote, Longreads, Day One, and more. We believe in making the web a better place. We’re a distributed company with more than 1400 Automatticians in 80+ countries speaking 90+ different languages. We democratize publishing and commerce so anyone with a story can tell it, and anyone wit

Who, Me? Welcome to another edition of Who, Me? where this week a typo manages to send a hub of rampant capitalism into meltdown. Our story takes us back a few decades and concerns an adventurous time in network support. "Mort" – for that is not his name – was working for a well-known stock exchange, the network of which was running on Cisco gear. The cards, he recalled, cost $50k each and the whole shebang could probably be replaced by a single unit nowadays. But back then this was top-end stuff – nothing but the best would do for the nation's traders. There was, however, a problem. Packets were being lost, resulting in delayed or lost trades. "When I think of traits that traders possess in abundance, tolerance is not one of them," Mort told us. "Neither is patience, so as you can imagine the pressure on the network team to resolve the issue was intense." Those Ferraris weren't going to service themselves, and one lost packet could mean a world of difference in the quality of Champagne purchased at bonus time. The support team struggled in vain to recreate the problem in the lab, and with pressure mounting, Mort decided the only way to get to the bottom of matters was to plug into the network and diagnose the problem live. "Anyone who's ever worked on Cisco IOS (Internetwork Operating System, they beat Apple to the acronym by well over a decade) knows that debugging is a minefield as some commands can cause serious impact to the system," he said. It's true. A glance at an example of Cisco's documentation shows it festooned with warnings designed to deter all but the most determined and (ideally) competent of users. Debug output spewed over the console could make typing a command difficult, and the wrong debug command could easily take down a router. That said, it was also pretty straightforward. The syntax was debug followed by whatever was needed. The output could then be captured, and the command backed out by prefixing it with un. "More often," explained Morty, "you'd just use 'undebug all' to turn it all off." Somebody is destined for somewhere hot, and definitely not Coventry How to keep your enterprise up to date by deploying the very latest malware Ah, I see you found my PowerShell script called 'SiteReview' – that does not mean what you think it means One good deed leads to a storm in an Exchange Server The opposite command was the most dangerous of all: "You never, ever ran debug all unless you wanted to demonstrate how quickly you could take out your network." Cisco had yet to add any "Are you sure?"-type prompts, doubtless assuming the operators of its hardware knew what they were doing. Instead, "if you typed it in it would salute, shout 'sir yes sir!' and then obediently jump off a cliff, similar to 'rm -rf /' on a *nix box." You can probably see where this is going. Our hero was careful – very careful – and had taken great pains in his planning. However, after a very limited set of packet captures, he was having problems getting the data and grew concerned that he might adversely affect the network. So he issued undebug all. All hell broke loose. Text whizzed