NEW! Dynamic Resource Balancer in Mirantis OpenStack for Kubernetes 24.2   |   Learn More


Radio Cloud Native - Week of July 27, 2022

Eric Gregory - July 27, 2022

Every Wednesday, Nick Chase and Eric Gregory from Mirantis go over the week’s cloud native and industry news.

This week they discussed:

You can download the podcast from Apple PodcastsSpotify, or wherever you get your podcasts. If you'd like to tune into the next show live, follow Mirantis on LinkedIn to receive our announcement of the next broadcast.

Mirantis acquires

Eric: Yesterday our CEO Adrian Ionel announced that Mirantis is acquiring, the application delivery hub for Kubernetes. Amazee are the team behind the open source Lagoon project, and if you haven’t checked it out already, you should really do yourself a favor and open a new tab immediately. 

Lagoon sets out to solve the universal problem of developers building apps for Kubernetes – you’re building your containerized apps and services locally, and now you have to get them across the yawning abyss between the real world and Kubernetes to run the exact same way in production on your cluster. Put simply, it’s designed to let developers be developers and focus on code rather than wrenching their work into YAML manifests, using PersistentVolumeClaims to request storage, and all of that. They can just…deploy.

Quoting from our press release:

“Lagoon has been a big daily time saver for the team by allowing us to develop and test many different branches simultaneously by providing us with a quick and easy way to spin up and tear down individual test environments,” said Corné de Leeuw, director, development at Smartsheet. “The ability to create these environments with very little effort, directly from branches in our repository, has reduced operations efforts and allows our developers and QA (quality assurance) engineers to work side-by-side on any number of different features without negative impact to one another.”
“It seems very wrong that today most developers must first go through the pain of learning Kubernetes before they can even deploy a single line of code into Kubernetes. We have taken away that pain,” said Michael Schmid, chief technology officer, “The trick behind Lagoon is that it runs in Kubernetes and works with popular tools like Helm, Prometheus, Grafana, and many others while it does not require any knowledge of Kubernetes for developers.”

We’ve been talking a lot about our ZeroOps approach and philosophy lately. ZeroOps means an organization doesn’t have to worry about their infrastructure, and in our vision, doesn’t even have to worry about how to deploy to that infrastructure—they can just focus on doing the cool things that bring them value. amazee and Lagoon are a big new piece of that puzzle, and we’re all thrilled to welcome the amazee team onboard.

New JavaScript runtime Bun eyes the edge

Eric: For our next story…well, I suppose churn in language world is sort of a theme today. The last couple weeks have seen some talk about Bun, an early-stage JavaScript runtime developed by Jared Sumner. In the project’s own words:

Bun is a modern JavaScript runtime like Node or Deno. It was built from scratch to focus on three main things:

  • Start fast (it has the edge in mind).

  • New levels of performance (extending JavaScriptCore, the engine).

  • Being a great and complete tool (bundler, transpiler, package manager).

So, you might ask, why do we need another JavaScript runtime? Node is used all over the place, and Deno is Node creator Ryan Dahl taking a second at-bat to fix some of Node’s rough edges. Not to mention the zillion other runtimes you could use. 

The big argument here is speed. For server-side rendering of React, Bun claims to handle almost 49,000 HTTP requests per second on Linux AMD64, compared to around 16,000 for both Node and Deno.

Bun achieves these kinds of results with a runtime written largely from scratch in Zig. And the speed carries over to the package manager, which vastly outperforms NPM, all while being compatible with most of the Node ecosystem. And all of that is pretty much necessary, since we’re in a place where a big site just can’t use NPM and React in production without some janky hacks, because they are soooooo slooooooow. 

The really interesting thing here is the emphasis on edge. Not only does Bun start fast, but it has a super-fast implementation of SQLite3 built right in. We’ve got standard Web APIs like fetch and WebSocket built right in and ready to go. It’s early days, but Bun feels like a natural citizen of the cloud native world, and I’m excited to spend more time with it.

Security insights from a 2022 cyber threat report

Eric: Security firm SonicWall released its threat intelligence report for the first half of the year and noted several significant trends. According to the report, cybercrime volume has reduced in past hotspots like the U.S. and U.K. while rising in Europe and Asia, and that is suggestive of one important theme in this report: environment and overall context is everything when looking at security trends. 

For one big example, according to the report, incidents of ransomware were down 23% worldwide year-to-date against last year — but up 63% in Europe. Similarly, overall, malware attacks were up 11% over the same period…but when you drill down to IoT-specific incidents, you find that IoT malware attacks spiked 77%. Hey, malware is moving to the edge, too – and why not, with all those tasty poorly secured or straight up manufacturer-abandoned devices out there. This huge boost in IoT malware, along with a healthy 30% rise in cryptojacking attacks, are the primary malefactors behind the overall rise in malware. Following past trends, education was the most commonly targeted industry, followed by government and finance. Presumably the logic there is that education has a soft underbelly, while government and finance are higher risk but higher reward targets. 

Finally, the report gives us an update on Log4j exploits. With a little over 60 million exploit attempts in December of 2021, Log4Shell was already the most exploited vulnerability of that year. Month by month, the SonicWall report shows those exploits on the rise, with over 85 million attempts in June. Quoting from the report:

“Based on current data, we may not see attack volumes fall, or even peak, any time soon. According to Dark Reading, more than 40% of the Log4j packages downloaded from early February to early March — months after fixed versions of the software became available — were still vulnerable versions. Worse, many instances have remained vulnerable because organizations are simply unaware of them, and sometimes even dependency analysts can’t find them.”

Check out the podcast for more of this week's stories.

Choose your cloud native journey.

Whatever your role, we’re here to help with open source tools and world-class support.



Cloud Native & Coffee

Subscribe to our bi-weekly newsletter for exclusive interviews, expert commentary, and thought leadership on topics shaping the cloud native world.