This newsletter is a great resource to keep up on the latest in cloud native networking, observability, and security.
Big thanks to Bill Mulligan, who leads community @ Isovalent working on Cilium and eBPF. It’s been ace to find some great people doing great eBPFeBPF (extended Berkeley Packet Filter) is a Linux kernel tec… work — all thanks to Bill’s efforts at building a community.
The SJULTRA team have pulled out some key parts of the newsletter that piqued our interested, but there’s more in the newsletter!
ALSO check out Bill’s LinkedIn Newsletter – eCHO News.
Table of Contents
There's an eBPF Summit!
I wouldn’t have known about the eBPFeBPF (extended Berkeley Packet Filter) is a Linux kernel tec… summit if it wasn’t for Bill’s community work and this newsletter. THANKS BILL!
It’s September 11 in London and kicks off late afternoon.
I'm also looking forward to two talks about some of the work that will be coming out of the eBPF Foundation shortly including an eBPF threat model and an audit of the verifier. Both of these projects are important for giving companies confidence when they are deploying eBPF (or eBPF based tools) into production. After all, who doesn't love a "free" third party audit to put on their CTO's desk? The schedule for Cilium + eBPF Day is coming out tomorrow too and I've got to put finishing touches on it so let’s 🐝 -gin.
eBPF for anything: Turing complete?
This was fun read, but it reminds me of something serious: eBPFeBPF (extended Berkeley Packet Filter) is a Linux kernel tec… has many applications… including Game of Life!
I love articles that are fun but also share unique perspectives, it’s how we make progress, right?
Another open-source alternative is already available on the Linux operating system, but it’s up to Microsoft to make it available for Windows, said Alexei Starovoitov, a Meta Platforms engineer and a creator of the technology.
Called the Extended Berkeley Packet Filter, or eBPF, the decade-old technology pioneered by Starovoitov and others could have helped prevent CrowdStrike’s global outage, its proponents and cyber vendors say. EBPF puts programs in a walled-off environment in the kernel, preventing a bad or malicious update from reaching it and crashing a computer.
CrowdStrike agrees. It’s a “super revolutionary technology,” the company’s president, Michael Sentonas, said. “If something happens where you have a crash, you don’t take out the entire kernel.”
While headlines rolled out on the impact of the outage, Brendan Gregg, an eBPF pioneer and fellow at Intel, said he and other leaders of the open-source technology were talking: “We’re like, ‘We have worked on the solution to this for so many years.’”
More and more organizations and technologies are using eBPF for security. eBPF (extended Berkeley Packet Filter) is the new standard to program Linux kernel capabilities in a safe and efficient manner without requiring to change kernel source code or loading kernel modules. It has enabled a new generation of high performance tooling to be developed covering networking, security, and observability use cases.eBPF is a core and increasingly ubiquitous technology for networking, observability, and security. eBPF has been evolving in Linux kernels for a decade, it has matured as *the* way to secure workloads running on both Linux and also Windows– and it’s the increasing use cases and scope that is revolutionizing security across the cloud and the internet. When security and development pros use eBPF for security, they are doing so to answer these questions:
What happens after a project or product has been delivered?
How do we create an secure environment of continual improvement?
How do we make sure that our secure deployment or application stays secure?
How to we identify vulnerabilities and spot potential anomalies?
Video: eBPF in 120 seconds
Impossible….?
Summary
These are just a few bits – check out the newsletter for much more.
Also, here’s the list of people that Bill included in the thank you for contributing to the eCHO newsletter: