DevOps / SRE - Top Links Last Week

Week 50 - Issue #57

Log4Shell Log4j vulnerability (CVE-2021-44228) – cheat-sheet reference guide

CISA orders federal agencies to patch Log4Shell by December 24th. Vulnerability affects Java servers and clients that log anything using the log4j framework. Java 8+: upgrade to 2.16.0 or 2.12.2.0. Java 7: Upgrade to 2.12.0. If JMS Appender required, use Log4j 2.2. Users advised not to enable JNDI in Log4J 2.10 or greater. Removal of JndiManager will cause the J.ndiContextSelector and JMSAppender to no longer function.

The Light and Dark Side of the API Economy

The 'API Economy' is a popular term for VC's and tech media, however Developers seem ironically out of the loop despite their central importance to the whole story. It is both a great opportunity for builders and a threat to people who cannot stay "Above the API" The most important implication of the API Economy is how it empowers developers to build full fledged products faster. In economics terms what we're really talking about here is turning fixed costs to variable costs which makes sense for a startup getting off the ground.

Power Loss Siren: Making Meta resilient to power loss events

Power Loss Siren (PLS) is a rack level, low latency, distributed power loss detection and alert system. It leverages existing in-rack batteries to notify services about impending power loss without requiring additional hardware. With PLS support, services can failover proactively, rather than reactively after servers go down. PLS has two major components: PLS Relay (detection) and PLS Handler (mitigation) Both daemons need to be simple to maintain, resource efficient and highly reliable in detecting power loss events.

A brief history of code search at GitHub

GitHub hosts over 200 million repositories, with over 61 million repositories created in the past year. Many standard techniques (like stemming and tokenization) are at odds with the kind of searches we want to support for source code. We need to be able to match substrings, not just whole “words” Specialized queries can require wildcards or even regular expressions. We want p95 query times to be (well) under a second, or queries scoped to a set of repositories or organizations, should be much faster than that. We would like our index to reflect the updated state of a repository within a few minutes of a push event.

The Grace Period for the Docker Subscription Service Agreement Ends Soon – Here’s What You Need to Know

Docker announced updated product subscription tiers — Docker Personal, Docker Pro, Docker Team and Docker Business. Docker Personal replaces Docker Free and it remains free for personal use, education, non-commercial open source projects, and small businesses. Docker Business is our newest subscription offering that enables commercial use of Docker Desktop, and includes additional enterprise-grade management and security features like Image Access Management, vulnerability scanning, SAML SSO, and more. The grace period for those who need to switch to a paid subscription under the new terms ends soon on January 31, 2022.

26 links this week. AI assisted and Human edited. Unlock the rest below.