391: Firecracker Fundamentals
Listen now
Description
We break down Firecracker Amazon’s new open source kvm powered, virtual machine monitor, and explore what makes it different from the options on the market now. Plus some good news for OpenBGP and the wider internet community, and a handy tool for inspecting docker images. Links: Firecracker – Lightweight Virtualization for Serverless Computing — Firecracker is an open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant containers and functions-based services.Firecracker — Firecracker is an open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant containers and functions-based services.Firecracker Design DocsFirecracker RoadmapQEMU — QEMU is a generic and open source machine emulator and virtualizer.Qemu : Security vulnerabilitiesVENOM Vulnerability — VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host.s2n — s2n is a C99 implementation of the TLS/SSL protocols that is designed to be simple, small, fast, and with security as a priority.OpenBGPD - Adding Diversity to the Route Server Landscape — Thanks to the RIPE NCC Community Project Fund we were able to revive the OpenBGPD daemon and bring more diversity to the Route Server landscape.OpenBGPD — OpenBGPD is a FREE implementation of the Border Gateway Protocol, Version 4. It allows ordinary machines to be used as routers exchanging routes with other systems speaking the BGP protocol.LSI Questions from AntonServeTheHomeSennheiser Headset Software Could Allow Man-in-the-Middle SSL Attacks — When users have been installing Sennheiser's HeadSetup software, little did they know that the software was also installing a root certificate into the Trusted Root CA Certificate store.  To make matters worse, the software was also installing an encrypted version of the certificate's private key that was not as secure as the developers may have thought. evilginx2: Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authenticationdive: A tool for exploring each layer in a docker image
More Episodes
It's a storage showdown as Jim and Wes bust some performance myths about RAID and ZFS. Plus our favorite features from Fedora 32, and why Wes loves DNF. Links: What's new in Fedora 32 Workstation Fedora 32 ChangeSet Linux distro review: Fedora Workstation 32 TechSNAP 428: RAID Reality Check ZFS...
Published 05/29/20
Jim and Wes take the latest release of the Caddy web server for a spin, investigate Intel's Comet Lake desktop CPUs, and explore the fight over 5G between the US Military and the FCC. Links: Caddy offers TLS, HTTPS, and more in one dependency-free Go Web server Caddy 2 Caddy v2 Improvements...
Published 05/15/20
We dive deep into the world of RAID, and discuss how to choose the right topology to optimize performance and resilience. Plus Cloudflare steps up its campaign to secure BGP, and why you might want to trade in cron for systemd timers. Links: AMD Claims World’s Fastest Per-Core Performance with...
Published 05/01/20