Google wants new rules for ‘critical’ open source packages - These would make supply chain attacks more difficult and generally improve security throughout the ecosystem, but the rules are onerous on the package maintainers - The article notes that open source should be more secure, but that assumes that people are actually looking at the code, something that occurs to me now is that it also assumes the people looking at the code are the ‘good’ guys, but isn’t it much more likely that the people looking at the code in a lot of detail are mostly going to be the so called ‘bad’ guys, where’s the incentive for the ‘good’ guys to be thoroughly examining the code?www.zdnet.com #
2021/02/05 #
-
-
Cloud Native Series - The Cloud Native Landscape: The Orchestration and Management Layerthenewstack.io #
-
Cloud Native Series - The Cloud Native Landscape: The Application Definition and Development Layerthenewstack.io #
-
What WebRTC means for you - Two weeks ago IETF and W3C finally published the standards for WebRTC, a protocol that’s most well known use case is video conferencing, this article reviews what it is, why it’s important, and looks at other possible areas it could be usedblog.mozilla.org #
-
Docker donates Docker Distribution to the CNCF - “Distribution is the open source code that is the basis of the container registry that is part of Docker Hub, and also many other container registries. It is the reference implementation of a container registry and is extremely widely used, so it is a foundational part of the container ecosystem. This makes its new home in the CNCF highly appropriate”www.docker.com #
-
Welcome, Facebook and Twitter - Seriously - Substack co-founder Hamish McKenzie looks back at how he reacted to the announcement that Facebook and Twitter are getting into newsletters - I like that he’s writing publicly about it, still feels a bit awkward, especially finishing with the “we’re looking at you too” bit, but real life is awkward sometimes, I guess it’s genuine, as a Substack user my hope is that they announce some form of API soon, later today I’ll be preparing tomorrow’s newsletter, which will take several hours of copy paste, when with a bit of automation I could concentrate just on the writing part, anyhow I still like Substackblog.substack.com #
-
Software Engineering Podcast - Cilium: Programmable Linux Networking with Dan Wendlant and Thomas Graf - Super nerdy conversation about the cloud native security solution, covering the historical context, decoupling your security configuration from your infrastructure, new tools emerging that are based on standard network protocols such as HTTP, REST APIs, JSON, gRPC and Kafka; the eBPF low level programming language that makes it possible to safely and efficiently reprogram the behaviour of the kernel, ways of extracting visibility and some forms of control from the kernel, adding extra functionality like encryption and authentication transparently between services, latency benefits as compared to existing ‘side-car’ proxy solutions, implementation details of the eBPF security solution, relevant use cases and a future where visibility, debugging and security can be implemented using application level concepts, across on-prem, vm, serverless, clusters, regions, service providers and legacy systems - the “universal connectivity plane”softwareengineeringdaily.com #
-
The end of the Maher era at Wikipediawww.axios.com #