Cloud Icon

Cloud

53 Stories
All Topics

The Changelog The Changelog #383

From open core to open source

Frank Karlitschek joined us to talk about Nextcloud - a self-hosted free & open source community-driven productivity platform that’s safe home for all your data. We talk about how Nextcloud was forked from ownCloud, successful ways to run community-driven open source projects, open core vs open source, aligned incentives, and the challenges Nextcloud is facing to increase adoption and grow.

YouTube Icon YouTube

Let's set up a free, personal VPN in the cloud with Algo VPN

Following up on our awesome episode of The Changelog with Algo creator Dan Guido, I thought I’d kick the tires on this Ansible-based, self-hosted VPN solution to see what it’s like to actually set it up and configure my phone to use it. This is my first video of this kind. I’d love to know what you think! How can I do this better? Do you want moar like this? Keep my day job? What?!

Python github.com

Diagrams as Python code

Diagrams lets you draw the cloud system architecture in Python code. It was born for prototyping a new system architecture design without any design tools. You can also describe or visualize the existing system architecture as well. Diagrams currently supports four major providers: AWS, Azure, GCP and Kubernetes.

I’ve never found a diagramming tool I’ve enjoyed using. The idea of just writing some code and letting a tool do the drawing might be just what the doctor ordered. Start with the quick start.

Diagrams as Python code

Asad Faizi cloudplex.io

The hidden costs of Kubernetes and Cloud Native

Kubernetes has won and the cloud is a moving target. But, one thing that often gets lost in the mix with all the Cloud Native talk is the productivity costs associated with keeping up.

In the US alone, over 70% of enterprises have adopted or are currently adopting cloud-native architecture, causing a surge in developers who are trying to learn the stack.

It’s called the “cutting edge” for a reason…

Staying on the cutting edge…one critical area of productivity loss is keeping up with all the changing technologies.

Cloud-native architecture is still being developed and learning the latest technologies is a moving target. While at the same time, most computer science and software engineering programs don’t delve into the heart of these technologies. At best, graduates will have limited experience working with a handful of these cloud technologies…

Depending on your perspective or seat at the table, these hidden costs could be a good thing.

The Changelog The Changelog #377

Meet Algo, your personal VPN in the cloud

The commercial VPN industry is a minefield to navigate and many open source solutions are a pain to use or ill-suited for the task. Algo VPN, on the other hand, is a self-hosted personal VPN designed for ease of deployment and security. It uses the securest industry standards, builds on rock-solid solutions like WireGuard and Ansible, and runs on an ever-growing list of cloud hosting providers.

On this episode Dan Guido –CEO of security firm Trail of Bits and Algo’s creator– joins Jerod to discuss the project in depth.

Go Time Go Time #113

Go at Cloudflare

Jaana, Jon, and Mat are joined by John Graham-Cumming, the CTO of Cloudflare, to discuss Go at Cloudflare along with John’s unique involvement in Gordon Brown’s apology to Alan Turing. How did Cloudflare get started with Go? What problems do they use Go for and when to they turn to other languages? And how exactly did John’s petition for an apology to Turing get so popular?

The Changelog The Changelog #374

Gerhard goes to KubeCon (part 1)

Changelog’s resident infrastructure expert Gerhard Lazu is on location at KubeCon 2019. This is part one of a two-part series from the world’s largest open source conference. In this episode you’ll hear from event co-chair Bryan Liles, Priyanka Sharma and Natasha Woods from GitLab, and Alexis Richardson from Weaveworks.

Stay tuned for part two’s deep dives in to Prometheus, Grafana, and Crossplane.

Culture blog.acolyer.org

Local-first software: you own your data, in spite of the cloud

Watch out! If you start reading this paper you could be lost for hours following all the interesting links and ideas, and end up even more dissatisfied than you already are with the state of software today. You might also be inspired to help work towards a better future. I’m all in :).

I co-sign that sentiment. When the author says “this paper” they are referring to this paper which they are about to summarize. If you haven’t considered local-first software before, you should know that there are seven key properties to it, which are described in detail in the paper and in brief in the summary.

Cloud blog.trailofbits.com

Algo – your personal VPN in the cloud

The linked article is an excellent introduction to Algo, which is effectively a set of Ansible scripts that set up a Wireguard and IPSEC VPN for you.

Algo automatically deploys an on-demand VPN service in the cloud that is not shared with other users, relies on only modern protocols and ciphers, and includes only the minimal software you need. And it’s free.

For anyone who is privacy conscious, travels for work frequently, or can’t afford a dedicated IT department, this one’s for you.

Algo’s list of features (and anti-features) is compelling and most VPN services are terrible. 👀

Ballerina blog.ballerina.io

Ballerina goes 1.0

You may have initially heard of Ballerina on episode #313 of The Changelog. Well, the “first cloud native programming language” has finally reached its milestone 1.0 release!

After more than 3 years of hard work by an incredible team, I am thrilled to announce the general availability of Ballerina 1.0!

Congrats to Paul and the team for powering through and shipping something they can be proud of! Check the announcement post for all the details of what “1.0” means for Ballerina.

Cloudflare Icon Cloudflare

CloudFlare files its S-1 to the SEC as it prepares to IPO

Today, our network spans 193 cities in over 90 countries and interconnects with over 8,000 networks globally, including major ISPs, public cloud providers, SaaS services, and enterprises. We estimate that we operate within 100 milliseconds of 98% of the Internet-connected population in the developed world, and 93% of the Internet-connected population globally (for context, the blink of an eye is 300-400 milliseconds). We intend to continue expanding our network to better serve our customers globally and enable new types of applications, while relentlessly driving down our unit costs.

There’s a lot of interesting tidbits in this filing. I love this lead-in to the industry analysis section:

The Internet was not built for what it has become.

The New Stack Icon The New Stack

Capital One's cloud misconfiguration woes have been an industry-wide fear

Developers and IT decision-makers should not be surprised by the recent Capital One data breach: Misconfigurations have long been the top cloud security concern. A new StackRox survey of IT decision-makers supports this finding as 60% of respondents are more worried about misconfigurations or exposures, as compared to attacks and generic vulnerabilities.

We’re not 💯 on what exactly happened, but the evidence is pointing toward a misconfigured firewall.

Jake Jarvis jarv.is

How to automatically backup a Linux VPS to another cloud service provider

Cloud lock-in isn’t an issue until it is — “any amount of backups are just more eggs in the same basket if everything is under one account.”

Most of the popular one-click server providers (including DigitalOcean, as well as Linode, Vultr, and OVH) provide their own backup offerings for an additional monthly cost (usually proportional to your plan). But as Nicolas learned the hard way, any amount of backups are just more eggs in the same basket if everything is under one account with one credit card on one provider.

Luckily, crafting a DIY automated backup system using a second redundant storage provider isn’t as daunting (nor as expensive) as it might sound. The following steps are how I backup my various VPSes to a totally separate cloud in the sky.

Jake Jarvis writes on his personal blog how to backup various VPS’s to a totally separate cloud provider.

Go github.com

Get unlimited Google Drive storage by splitting binary files into base64

A clever hack that is now being investigated by Google’s internal forums. How it works:

  1. Google Docs take up 0 bytes of quota in your Google Drive
  2. Split up binary files into Google Docs, with base64 encoded text
  3. Encoded file is always larger than the original. Base64 encodes binary data to a ratio of about 4:3.
  4. A single doc can store ~1 million characters. This is around 710KB of base64 encoded data.

Ev Kontsevoy gravitational.com

Rolling your own servers with Kubernetes (goodbye AWS)

Why Kubernetes? Should you roll your own servers? Should you go off the cloud?

If you’ve listened to The Changelog #344 — where we cover the details of Changelog.com’s 2019 infrastructure with special guest Gerhard Lazu — then you’ll know the answer to these questions. But if not, as you might assume, I recommend listening to that episode and reading this post from Ev, in that order.

In this three-part blog series, we’ll try to address some of the fears and uncertainties faced by organizations who had successfully started their projects on public clouds, like AWS, but for one reason or another found themselves needing to replicate their cloud environment from scratch, starting with an empty rack in their own enterprise server room or a colocation facility.

Uber Engineering Icon Uber Engineering

Cadence is Uber's new orchestration engine

Its focus is on executing async long-running business logic.

Business logic is modeled as workflows and activities. Workflows are the implementation of coordination logic. Its sole purpose is to orchestrate activity executions. Activities are the implementation of a particular task in the business logic. The workflow and activity implementation are hosted and executed in worker processes. These workers long-poll the Cadence server for tasks, execute the tasks by invoking either a workflow or activity implementation, and return the results of the task back to the Cadence server. Furthermore, the workers can be implemented as completely stateless services which in turn allows for unlimited horizontal scaling.

Go blog.containo.us

Back to Traefik 2.0 - gigawatts of routing power

There’s a major new version of Traefik in the works:

For several months, the maintainer team has been working on a deep refactoring of the codebase to provide the firm foundations for the next iteration of Traefik, and we are ready to share this vision with you.

Today, we’re announcing Traefik 2.0 alpha, the edge router built with the future in mind.

The new core is here, help us finalize Traefik with the features you want!

Back to Traefik 2.0 - gigawatts of routing power

Docker Blog Icon Docker Blog

Containerd graduated within the CNCF

Today containerd graduated within the CNCF to join the ranks of Kubernetes, Prometheus, Envoy, and CoreDNS as a “graduated” project in the CNCF. From Michael Crosby on the Docker blog:

We are happy to announce that as of today, containerd, an industry-standard runtime for building container solutions, graduates within the CNCF.

From Docker’s initial announcement that it was spinning out its core runtime to its donation to the CNCF in March 2017, the containerd project has experienced significant growth and progress over the last two years. The primary goal of Docker’s donation was to foster further innovation in the container ecosystem by providing a core container runtime that could be leveraged by container system vendors and orchestration projects such as Kubernetes, Swarm, etc.

Kubernetes k3s.io

K3s — Lightweight Kubernetes

K3s is a fully compliant production-grade Kubernetes distribution with the following changes:

  • Legacy, alpha, non-default features are removed. Many of these features are not available in most Kubernetes clusters already.
  • Removed in-tree plugins (cloud providers and storage plugins) which can be replaced with out-of-tree add-ons.
  • Added sqlite3 as the default storage mechanism. etcd3 is still available, but not the default.
  • Wrapped in a simple launcher that handles a lot of the complexity of TLS and options.

Rancher is also doing an online meet-up and demo of K3s on March 13, 2019.

Gianluca gianarb.it

Extend Kubernetes via a shared informer

This post from Gianluca Arbezzano contains both theory and code with a complete working application to understand how to build your own shared informer to extend Kubernetes beyond applying YAML via kubectl.

Kubernetes increases in popularity every day but I don’t think we use all its power just applying YAML via kubectl. Kubernetes is a framework and as every framework, it exposes powerful interfaces and API usable to extend its capability with our needs. Shared Informers are what I see as the easy way to enjoy k8s as an extendible tool to programmatically build and ship containers.

0:00 / 0:00