Security Is Hard, and Even the Experts Don't Agree With Each Other

Prodfiler is a new tool that provides fleet-wide full-system continuous profiling. It is in some ways the second act of its co-creator Thomas Dullien, who is an internationally-renowned reverse engineer and vulnerability researcher under the name Halvar Flake. Thomas joins us to discuss his career, what you should profile in a distributed system, and why you can't sell something with a negative cost.

Do you have something cool to share? Some questions? Let us know:

• web: kubernetespodcast.com
• mail: kubernetespodcast@google.com
• twitter: @kubernetespod

• Container blocakges
• Container houses

• Crossplane moves to incubation in CNCF:
  • CNCF coverage
  • Crossplane coverage
  • Episode 141, with Daniel Mangum
• Backup for GKE
• Google Cloud Next session catalog is live
  • Register here
• Kubernetes multi-cluster panel on October 6
• GKE updates: publishing with Private Service Connect, CSI driver for Filestore GA, SSL policies & HTTPS redirects for multi-cluster Ingress
• Azurescape: attack on Azure Container Instances by Unit 42 at Palo Alto Networks
• CVE-2021-25741 for subpath mount symlink attack (High)
• CVE-2020-8561 for webhook response logging (Medium)
• NCC Group weighs in on NSA guidance
• Snyk raises $530m
  • Episode 140, with Kamil Potrec
• Sqlcommenter merges with OpenTelemetry
• Kubermatic 2.18 and KubeOne 1.3
  • Episode 109, with Sebastian Scheele
• Tanzu Kubernetes Grid 1.4
• 5 years of Envoy OSS
  • Episode 33, with Matt Klein

• Thomas Dullien/Halvar Flake
• Mathematik, with a K
• Stages of life vs. maths ability required, by Pearls of Raw Nerdism
• Vicky the Viking TV show
• Assembly Language Masterclass
• GEOS copy protection by Michael Stiel
• Time travel debugging
• "German hacker denied entrance into US for Black Hat training"
• Zynamics acquired by Google
  • BinDiff
  • BinNavi
• Project Zero
• "For whom?", asked R Morris Sr.
• optimyze.cloud's original business model
• Introducing Prodfiler
• Profiling
• The Datacenter As A Computer: An Introduction to the Design of Warehouse-Scale Machines
• Google-Wide Profiling: A Continuous Profiling Infrastructure for Data Centers
  • Dapper, a Large-Scale Distributed Systems Tracing Infrastructure and Jaeger
• The mystery of Kubelet eating CPU and IOPS
• Fortran Web Framework: it's not irrelevant, really!
• Halvar Flake on Twitter