TL;DR Observability refers to three different things: logs, metrics, and traces. The problem with logs is that you have to know what to search for before you know what the problem is! The problem with metrics is they are aggregated by time and you cannot break them down by high-cardinality dimensions (like user id for example). Logs, metrics, traces, and events they each prematurely optimize one thing and comprise another thing based on a premise upfront....

TL;DR The Open Container Initiative (OCI) is launched in June 2015 by Docker, CoreOS, and other leaders in the container industry. The OCI currently contains two specifications: runtime-spec and image-spec RunC RunC is the runtime for running containers according to the OCI specification (implements OCI runtime-spec). Runc leverages technologies available in Linux Kernel (cgroups and namespaces) to create and run containers. containerd containerd is a daemon and it manages the complete lifecycle of a container on the host operating system....

TL;DR The majority (70%) of CVE and vulnerabilities fixed at Microsft are caused by memory corruption bugs in C/C++ code. There are many tools for preventing, detecting, and fixing memory bugs. Developers tend to miss these tools because they are not the first-class citizen of the programming language and their learning curve are high. Developers should worry more about features and less about tooling and security. A memory-safe programming language removes the burden from developers and puts it on language designers....

TL;DR A study shows there is a cybersecurity attack every 39 seconds. In a typical SSH protocol: the server trusts the client if the client’s public key is listed as authorized, and the client trusts the server’s public key on first use (TOFU). The trust on first use (TOFU) approach delegates the trust to the clients and leave them vulnerable to man-in-the-middle attacks. One solution to fix this is using SSH certificates and SSH certificate authorities (CA)....

TL;DR GitOps is an operation model for cloud-native applications running on Kubernetes (created by Weaveworks). To the most part, it is infrastructure-as-code with continuous integration and continuous delivery. The idea is having Git as the source of truth for all operations. A single Git repository describes the entire desired state of the system. Operational changes are made through pull requests. Changes can be peer-reviewed, versioned, released, rolled back, audited, etc. Diff tools detect any divergence and sync tools enable convergence....