Radio Cloud Native - Week of July 27, 2022
Every Wednesday, Nick Chase and Eric Gregory from Mirantis go over the week’s cloud native and industry news.
This week they discussed:
And much more on the podcast, including the new Carbon language and language trends in malware
You can download the podcast from Apple Podcasts, Spotify, or wherever you get your podcasts. If you'd like to tune into the next show live, follow Mirantis on LinkedIn to receive our announcement of the next broadcast.
Mirantis acquires amazee.io
Eric: Yesterday our CEO Adrian Ionel announced that Mirantis is acquiring amazee.io, the application delivery hub for Kubernetes. Amazee are the team behind the open source Lagoon project, and if you haven’t checked it out already, you should really do yourself a favor and open a new tab immediately.
Lagoon sets out to solve the universal problem of developers building apps for Kubernetes – you’re building your containerized apps and services locally, and now you have to get them across the yawning abyss between the real world and Kubernetes to run the exact same way in production on your cluster. Put simply, it’s designed to let developers be developers and focus on code rather than wrenching their work into YAML manifests, using PersistentVolumeClaims to request storage, and all of that. They can just…deploy.
Quoting from our press release:
“It seems very wrong that today most developers must first go through the pain of learning Kubernetes before they can even deploy a single line of code into Kubernetes. We have taken away that pain,” said Michael Schmid, chief technology officer, amazee.io. “The trick behind Lagoon is that it runs in Kubernetes and works with popular tools like Helm, Prometheus, Grafana, and many others while it does not require any knowledge of Kubernetes for developers.”
We’ve been talking a lot about our ZeroOps approach and philosophy lately. ZeroOps means an organization doesn’t have to worry about their infrastructure, and in our vision, doesn’t even have to worry about how to deploy to that infrastructure—they can just focus on doing the cool things that bring them value. amazee and Lagoon are a big new piece of that puzzle, and we’re all thrilled to welcome the amazee team onboard.
Start fast (it has the edge in mind).
Being a great and complete tool (bundler, transpiler, package manager).
The big argument here is speed. For server-side rendering of React, Bun claims to handle almost 49,000 HTTP requests per second on Linux AMD64, compared to around 16,000 for both Node and Deno.
Bun achieves these kinds of results with a runtime written largely from scratch in Zig. And the speed carries over to the package manager, which vastly outperforms NPM, all while being compatible with most of the Node ecosystem. And all of that is pretty much necessary, since we’re in a place where a big site just can’t use NPM and React in production without some janky hacks, because they are soooooo slooooooow.
The really interesting thing here is the emphasis on edge. Not only does Bun start fast, but it has a super-fast implementation of SQLite3 built right in. We’ve got standard Web APIs like fetch and WebSocket built right in and ready to go. It’s early days, but Bun feels like a natural citizen of the cloud native world, and I’m excited to spend more time with it.
Security insights from a 2022 cyber threat report
Eric: Security firm SonicWall released its threat intelligence report for the first half of the year and noted several significant trends. According to the report, cybercrime volume has reduced in past hotspots like the U.S. and U.K. while rising in Europe and Asia, and that is suggestive of one important theme in this report: environment and overall context is everything when looking at security trends.
For one big example, according to the report, incidents of ransomware were down 23% worldwide year-to-date against last year — but up 63% in Europe. Similarly, overall, malware attacks were up 11% over the same period…but when you drill down to IoT-specific incidents, you find that IoT malware attacks spiked 77%. Hey, malware is moving to the edge, too – and why not, with all those tasty poorly secured or straight up manufacturer-abandoned devices out there. This huge boost in IoT malware, along with a healthy 30% rise in cryptojacking attacks, are the primary malefactors behind the overall rise in malware. Following past trends, education was the most commonly targeted industry, followed by government and finance. Presumably the logic there is that education has a soft underbelly, while government and finance are higher risk but higher reward targets.
Finally, the report gives us an update on Log4j exploits. With a little over 60 million exploit attempts in December of 2021, Log4Shell was already the most exploited vulnerability of that year. Month by month, the SonicWall report shows those exploits on the rise, with over 85 million attempts in June. Quoting from the report:
“Based on current data, we may not see attack volumes fall, or even peak, any time soon. According to Dark Reading, more than 40% of the Log4j packages downloaded from early February to early March — months after fixed versions of the software became available — were still vulnerable versions. Worse, many instances have remained vulnerable because organizations are simply unaware of them, and sometimes even dependency analysts can’t find them.”
Check out the podcast for more of this week's stories.