Week 51 - Issue #58
AWS re:Post is an AWS-managed Q&A service offering crowd-sourced, expert-reviewed answers to your technical questions about AWS that replaces the original AWS Forums. Community members can earn reputation points to build up their community expert status by providing accepted answers and reviewing answers from other users. All active users from the previous AWS Forums have been migrated onto the new service. Questions from AWS Premium Support customers that do not receive a response from the community are passed on to AWS Support engineers.
Amazon Web Services' US-EAST-1 region suffers second power outage in a fortnight. Network issues are hampering efforts at full recovery of services. Cloud economist Corey Quinn rates the outage's impact on the world economy. The outage is the second in two weeks, with US-WEST-1 going missing for 30 minutes on December 15th and eight hours in September 2021. Customers are advised not to rely on a single Availability Zone, so multiple regions can't take out the whole of the region.
The increasing complexity in technology stacks constantly introduces unexpected behavior which can be abused to achieve novel cache poisoning attacks. In this paper I will present the techniques I used to report over 70 cache poisoning vulnerabilities to various Bug Bounty programs. I was able to use the same technique on a multitude of other targets, including GitLab, GitHub and Cloudflare. I also used the technique to poison static files like those of Ruby and Rackware applications deployed alongside the middleware on Rackware. This was awarded $7500, making it my highest paid cache poisoning report.
GitLive is a team view showing all work in progress for each collaborator from your Git repository. CodeSee Maps is a tool for developers to visually map their codebase. DeepSource is a static code analyzer that can help you with automating the code reviews and save your team a lot of time. Appsmith is an open-source framework to build internal tools for teams that build internal apps that are hosted inside their own infrastructure and firewall. The tool is mainly targeted at developers, but it’s of great value for anyone who interacts with the team.
Elastic Stack is moving towards integrations via Elastic Agents which now includes a Docker Integration which can fetch metrics from Docker containers. Metricbeat and Filebeats are still very much needed as they offer more flexibility. To see the logs generated by the containers themselves, we need to install Filebeat to look directly into the container in a specific path. These log files are stored on the host where the docker engine is running and can be found under the following path /var/lib/docker/containers/container-id/ container-id.-log.
Code reviews offer multiple benefits that help improve your code and your team. These benefits include: helping reduce bugs and logic errors, providing an opportunity for training and spreading knowledge across areas and teams. The author explains why code reviews are so critical for software developers and companies that don’t have a QA (Quality Assurance) team. He says the most he’s ever learned about writing good code has come from code reviews.