4: Container Security with rung

<p>メインセッションでは <a href="https://twitter.com/rung">@rung</a> さんをゲストに迎えて Container security について，ニュースセッションでは GitHub Copilot，USENIX ATC '21, Idempotency-Key HTTP header，Go memory models などについて話しました．</p> <p><audio controls preload="auto" src="https://traffic.libsyn.com/secure/e34fm/4.mp3"></audio></p> <h3>Shownotes</h3> <p>The followings are links which we talked in this episode.</p> <h4>📰 News</h4> <ul> <li><a href="https://www.usenix.org/conference/atc21/technical-sessions">USENIX ATC '21 Technical Sessions</a></li> <li><a href="https://twitter.com/copyconstruct/status/1409704676019216384">https://twitter.com/copyconstruct/status/1409704676019216384</a></li> <li><a href="https://www.usenix.org/conference/atc21/presentation/li-liqun">Fighting the Fog of War: Automated Incident Detection for Cloud Systems</a></li> <li><a href="https://copilot.github.com/">GitHub Copilot · Your AI pair programmer</a></li> <li><a href="https://bmk.sh/2020/05/29/GPT-3-A-Brief-Summary/index.html">Older Why GPT-3 Matters</a></li> <li><a href="https://maraoz.com/2020/07/18/openai-gpt3/">Manuel Araoz on how OpenAI's GPT-3 may be the biggest thing since bitcoin</a></li> <li><a href="https://medium.com/fair-bytes/how-biased-is-gpt-3-5b2b91f1177">How Biased is GPT-3?. Despite its impressive performance, the… | by Catherine Yeo | Fair Bytes</a></li> <li><a href="https://docs.github.com/en/github/copilot/about-github-copilot-telemetry">About GitHub Copilot telemetry</a></li> <li><a href="https://docs.github.com/en/github/copilot/research-recitation">Research recitation</a></li> <li><a href="https://thelig.ht/abandoning-github/">Abandoning GitHub</a></li> <li><a href="https://corecursive.com">CoRecursive Podcast - The Stories Behind The Code</a></li> <li><a href="https://corecursive.com/066-sqlite-with-richard-hipp/">The Untold Story of SQLite With Richard Hipp</a></li> <li><a href="https://corecursive.com/brian-kernighan-unix-bell-labs1/">The Birth of UNIX With Brian Kernighan</a></li> <li><a href="https://datatracker.ietf.org/doc/html/draft-ietf-httpapi-idempotency-key-header-00">draft-ietf-httpapi-idempotency-key-header-00</a></li> <li><a href="https://www.fastly.com/blog/quic-is-now-rfc-9000">QUIC is now RFC 9000</a></li> <li><a href="https://research.swtch.com/mm">research!rsc: Memory Models</a></li> <li><a href="http://nil.csail.mit.edu/6.824/2016/notes/gomem.pdf">Go's Memory Model</a></li> <li><a href="https://twitter.com/_rsc/status/1410007601996312577">https://twitter.com/_rsc/status/1410007601996312577</a></li> <li><a href="https://github.com/golang/go/issues/5045">doc: define how sync/atomic interacts with memory model #5045</a></li> <li><a href="https://research.swtch.com/hwmm">research!rsc: Hardware Memory Models (Memory Models, Part 1)</a></li> <li><a href="https://research.swtch.com/plmm">research!rsc: Programming Language Memory Models (Memory Models, Part 2)</a></li> <li><a href="https://netflixtechblog.com/how-netflix-uses-ebpf-flow-logs-at-scale-for-network-insight-e3ea997dca96">How Netflix uses eBPF flow logs at scale for network insight</a></li> <li><a href="http://www.brendangregg.com/blog/2021-07-03/how-to-add-bpf-observability.html">How To Add eBPF Observability To Your Product</a></li> <li><a href="https://e34.fm/2/">2: eBPF with yuuki</a></li> <li><a href="https://www.slideshare.net/AmazonWebServices/a-day-in-the-life-of-a-cloud-network-engineer-at-netflix-net303-reinvent-2017">A Day in the Life of a Cloud Network Engineer at Netflix - NET303</a></li> </ul> <h4>🚀 Main</h4> <ul> <li><a href="https://note.com/rung/n/nba330d22992a">自宅で美味しい紅茶を飲む｜rung | Hiroki Suezawa｜note</a></li> <li><a href="https://www.suezawa.net/">https://www.suezawa.net/</a></li> <li><a href="https://deeeet.com/writing/2015/02/17/docker-bad-points/">Dockerの諸問題とRocket登場の経緯</a></li> <li><a href="https://access.redhat.com/blogs/766093/posts/1976463">Container Security: Isolation Heaven or Dependency Hell</a></li> <li><a href="https://titanous.com/posts/docker-insecurity">Docker Image Insecurity</a></li> <li><a href="https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b">nsenter: clone /proc/self/exe to avoid exposing host binary to container</a></li> <li><a href="https://speakerdeck.com/rung/kubernetes-security-for-microservices">Kubernetes Security for Microservices</a></li> <li><a href="https://github.com/GoogleContainerTools/distroless">Distroless</a></li> <li><a href="https://blog.aquasec.com/container-vulnerability-dzmlt-dynamic-container-analysis">Threat Alert: An Attack Against a Docker API Leads To Hidden Cryptominers</a></li> <li><a href="https://attack.mitre.org">MITRE ATT&#x26;CK®</a></li> <li><a href="https://docs.microsoft.com/en-us/archive/msdn-magazine/2006/november/">Threat Modeling Uncover Security Design Flaws Using The STRIDE Approach</a></li> <li><a href="https://attack.mitre.org/matrices/enterprise/containers/">Containers Matrix | MITRE ATT&#x26;CK®</a></li> <li><a href="https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/">Threat matrix for Kubernetes</a></li> <li><a href="https://sysdig.com/blog/mitre-attck-framework-for-container-runtime-security-with-sysdig-falco/">MITRE ATT&#x26;CK framework for container runtime security with Falco</a></li> <li><a href="https://gvisor.dev/blog/2019/11/18/gvisor-security-basics-part-1/">gVisor Security Basics - Part 1</a></li> <li><a href="https://aws.amazon.com/blogs/aws/firecracker-lightweight-virtualization-for-serverless-computing/">Firecracker – Lightweight Virtualization for Serverless Computing</a></li> <li><a href="https://www.amazon.co.jp/dp/4822298426/">コンピュータの構成と設計</a>』</li> <li><a href="https://www.amazon.co.jp/dp/4873115140">Hacking：美しき策謀</a></li> <li><a href="https://learning.oreilly.com/library/view/practical-malware-analysis/9781593272906/">Practical Malware Analysis</a></li> <li><a href="https://www.amazon.co.jp/dp/4797361190">体系的に学ぶ 安全なWebアプリケーションの作り方</a></li> <li><a href="https://www.lambdanote.com/products/tls">プロフェッショナルSSL/TLS</a></li> <li><a href="https://www.amazon.co.jp/dp/4822283100">セキュリティはなぜ破られたのか</a></li> <li><a href="https://learning.oreilly.com/library/view/threat-modeling-designing/9781118810057/">Threat Modeling: Design For Security</a></li> <li><a href="https://learning.oreilly.com/library/view/cissp-study-guide/9780128024379/">CISSP Study Guide</a></li> <li><a href="https://sre.google/books/building-secure-reliable-systems/">Building Secure and Reliable Systems</a></li> <li><a href="https://learning.oreilly.com/library/view/container-security/9781492056690/">Container Security</a></li> <li><a href="https://github.com/kubernetes/community/tree/master/sig-security/security-audit-2019/findings">Kubernetes Third Party Security Audit(2019) findings</a></li> <li><a href="https://cloud.google.com/beyondcorp/">Beyond Corp</a></li> <li><a href="https://www.cncf.io/certification/cks/">Certified Kubernetes Security Specialist (CKS)</a></li> <li><a href="https://google.github.io/kctf/">kCTF | kCTF is a Kubernetes-based infrastructure for CTF competitions</a></li> <li><a href="https://www.youtube.com/watch?v=0YpJhrz6L0A">Open Policy Agent Rego Knowledge Sharing Meetup</a></li> </ul>