scottlowe.orgScott's Weblog - Scott's Weblog - The weblog of an IT pro focusing on cloud computing, Kubernetes, L

Original, technical content centered around cloud computing, Kubernetes, Linux, and networking Home About Site Archives Post Categories Content Tags © 2005-2021. All rights reserved. Scott's Weblog The weblog of an IT pro focusing on cloud computing, Kubernetes, Linux, containers, and networking Technology Short Take 140 7 May 2021 Welcome to Technology Short Take #140! It’s hard to believe it’s already the start of May 2021—my how time flies! In this Technology Short Take, I’ve gathered some links for you covering topics like Azure and AWS networking, moving from macOS to Linux (and back again), and more. Let’s jump right into the content! Networking Ivan Pepelnjak takes a look at why you might want to use Azure Route Server , followed by pulling back the covers on how Azure Route Server works . Maegan Jong and Dominik Tornow have a blog series that, in their words, “aims to advance the understanding of Kubernetes and its underlying concepts.” Specifically, this post talks about Kubernetes networking . Michael Kashin combines networking and programming in this post on getting started with eBPF and Go . This post on isolated networks on AWS takes a pretty comprehensive look at what’s required to build isolated AWS networks, including a look at potential data exfiltration paths. Servers/Hardware Ben Wilcock shares his experience with an Intel NUC 11 . VentureBeat discusses Armv9 , a new architectural update for Arm-based CPUs. Security Peyton Smith and Mitchell Moser share seven common Microsoft Active Directory misconfigurations that adversaries tend to abuse. Paulos Yibelo describes exploiting macOS with a text file . The folks at Netskope have a pair of blog posts on GCP OAuth token hijacking in Google Cloud ( part 1 , part 2 ). These are older posts, from August 2020, and I honestly don’t know if the vulnerability still exists (or if it has been patched). If you’re a Google Cloud user, this may be worth a closer examination to make sure your accounts are safe. Most of this was beyond my comprehension, but I found the tale fascinating to read nevertheless. Cloud Computing/Cloud Management Stefan Büringer talks about optimizing Open Policy Agent (OPA)-based Kubernetes authorization . Note that this is a slightly older post (about 2 years old), so some of it may no longer apply to the latest versions of OPA and Gatekeeper. This post by “xssfox” takes an interesting (to me) look at a security hole created through the use of an automated code pipeline deploying to a production website. I’ve noted several pundits/experts who have noted the transformational nature of AWS Lambda, and the impact it is having/will have on AWS and its offerings. The introduction of S3 Object Lambda is just the latest example, it seems. Chris Evans examines the pricing of virtual instances compared to managed servie offerings as he ponders how hyper-scalers like AWS, Azure, and Google will go about/are going about optimizing service density (i.e., maximizing revenue per hardware instance). It’s an interesting observation, for sure (at least, it’s interesting to me). Marco Lancini discusses security logging in AWS environments . Pulumi recently released version 3; get more details on the latest release in this blog post . Operating Systems/Applications Justin Garrison shares some thoughts on whiteboarding software (and hardware). Here is a reminder why time synchronization remains important. Carlos Fenollosa has a series of articles describing his attempt to move to Linux from macOS, and why he came back. Part 3 of the series, found here , describes some of the challenges with desktop Linux and why, in his words, “the grass is not greener on the other side.” Paddy Kelly shows how to filter JSON data in Ansible using json_query . Ivan Pepelnjak’s mention of Network to Code’s Schema Enforcer tool sent me down the rabbit hole of JSON Schema and validation. Don’t be surprised if you see a blog post on this topic pop up soon. If you’re new to vim , this post may be helpful. Programming Peter Bourgon speaks out against using build tags for integration tests . Storage Cormac Hogan discusses the VCP-to-vSphere CSI migration process (switching from the older in-tree cloud provider to the newer vSphere CSI driver). Virtualization William Lam outlines some enhancements for USB NIC-only installations that appeared in ESXi 7.0 Update 2. Career/Soft Skills There is no recipe for success. Well said. Former teammate Eric Shanks shares some details on his home audio/visual setup . That’s all for now! I hope that I have shared something useful with you. If you have feedback, or if you just want to say hi, feel free to hit me on Twitter , or find me on one of the various Slack communities I frequent. Have a great weekend! Making Firefox on Linux use Private Browsing by Default 13 Apr 2021 While there are a couple different methods to make Firefox use private browsing by default (see this page for a couple methods), these methods essentially force private browsing and disable the ability to use “regular” (non-private) browsing. In this post, I’ll describe what I consider to be a better way of achieving this, at least on Linux. It’s possible this method will also work on Windows, but I haven’t tested it. If anyone gets a chance to test it and let me know, I’ll update this post and credit you accordingly. Just hit me on Twitter and let me know what you’ve found in your testing. I’ve also only tested this on Fedora , but it should be the same or very similar for any distribution that uses GNOME. GNOME uses the idea of “desktop files” (typically found in /usr/share/applications or ~/.local/share/applications ) to enable the launching of applications via the Activities screen or other mechanisms. (For more information on desktop files, see here .) These desktop files specify where the executable is found, what command-line parameters to use, what icon to use, what name the application should go by, etc. Desktop files also allow application developers or users to define additional actions, such as opening a new window. Firefox’s desktop file is (at least on Fedora) found at /usr/share/applications/firefox.desktop . In that file, the Exec line in the [Desktop Entry] section instructs how to launch Firefox. Farther down, several actions are defined, one of which is opening a new private window. Each of these actions also has an Exec line. Looking at the Exec line for opening a private window versus the Exec line for opening a new window, you’ll note that Firefox uses a --private-window parameter to control this behavior. The trick here is to add --private-window to the Exec line in the [Desktop Entry] section of the desktop file, so that it looks like the Exec line in the section for opening a new private window. When you do this, launching Firefox will still open a “regular” browser window, but clicking on a link in any other application—e-mail, editor, terminal, whatever—will automatically open a new private browsing window. If a private browsing window is already open, it will open a new tab in that window. So, to summarize: Change the /usr/share/applications/firefox.desktop file to add --private-window to the command specified on the Exec line of the [Desktop Entry] section. Firefox will still open a regular browser window when it is launched. Links outside of Firefox will open a new private browsing window (or a new tab in an existing private browsing window). The advantage of this approach versus some of the others is that you still have access to regular browser windows if/when they are needed. This configuration doesn’t force private browsing all the time; rather, it just makes private browsing the default when opening links outside of Firefox. To me, that’s a much more user-friendly experience than forcing private browsing for all sites. One caveat to this approach is that your changes to the Firefox desktop file get overwritten any time dnf update installs an update for Firefox. I’m sure ther...