InfoQ Technology Adoption Survey 2022: Win 1 of 5 QCon Plus Tickets ($599 Value) Take the 3-minute Survey
Facilitating the Spread of Knowledge and Innovation in Professional Software Development
Jordan Bragg discusses using entry-points, breadth-first scanning, and operation tagging to demystify the domain, see where to dive deeper, and uncover what technical debt may exist.
Even when designing a Minimum Viable Architecture (MVA), developers must consider resource location, especially when mobile apps are part of a distributed system. Distributing the data and processing can introduce new challenges if location is not part of the decision making criteria.
In a web-based service, a slowdown in request processing can eventually make your service unavailable. Chances are, not all requests need to be processed right away. Some of them just need an acknowledgement of receipt. Have you ever asked yourself: “Would I benefit from asynchronous processing of requests? If so, how would I make such a change in a live, large-scale mission critical system?”
Jessica Kerr considers that we should be looking at the software as part of the team, and observability in the software becomes an asset to organizing teams.
At QCon Plus November 2021, Nora Jones, CEO and founder of Jeli, talked about how to build production readiness reviews (PRR) with emphasis on context and psychological safety. Her talk focused on the particulars of a PRR process that relates to incidents.
Understand the emerging software trends you should pay attention to. Attend in-person on Oct 24-28, 2022.
Make the right decisions by uncovering how senior software developers at early adopter companies are adopting emerging trends. Register Now.
Adopt the right emerging trends to solve your complex engineering challenges. Register Now.
Your monthly guide to all the topics, technologies and techniques that every professional needs to know about. Subscribe for free.
InfoQ Homepage News Open-Source Threat Detection Tool Falco Adds Support for Google gVisor
The latest version of Falco introduces support for gVisor, Google's application kernel providing an additional isolation layer between applications and the host OS. Using Falco 0.32.1 users can monitor security events from gVisor to detect threats and audit containers.
Previous to version 0.32.1, Falco could not be used with gVisor sandboxes due to gVisor intercepting user space runtime events before they reach the underlying OS. This prevented Falco from monitoring runtime system calls, through either a kernel module or an eBPF probe.
To overcome this limitation, Google and Sysdig engineers worked together to leverage the stream of information that gVisor collects through its own system call monitoring and integrate it with Falco's rule based engine.
As you can see in the image above, the integration between Falco and gVisor takes place through Unix domain sockets (UDS) connecting to the Sentry. The Sentry is gVisor's component responsible for abstracting the system call layer and managing all syscalls in the app. Using UDS, Falco is able to communicate with the Sentry in a similar fashion to what it does with any other driver it supports. To make this possible, the Sentry has acquired a new behaviour in gVisor 20220704.0: after dispatching a syscall, it will additionally send a message to Falco through a socket using protocol buffers. At this point, it is business as usual for Falco to unpack the message and process it through its rule-based event processing queue.
To enable the new behaviour in gVisor, you will need to download a specific configuration file available at https://falco.org/blog/intro-gvisor-falco/assets/config.json. You will then need to install it at the appropriate location for the container engine you are using along with gVisor. For example, if you are using Docker, you will need to specify the gVisor configuration file in /etc/docker/daemon.json as described in Falco docs. Additionally, you will need to pass that configuration file to Falco itself using the --gvisor-config command line flag.
In their first integration, Falco and gVisor enable monitoring many syscalls, but not all of them. Anyway, the team has ensured that all events used in the default rulesets are supported and that the associated information stream can be kept consistent with the analysis and rule processing done by Falco.
You can install Falco 0.32.1 and gVisor runsc tool 20220704.0 from their respective download pages.
Becoming an editor for InfoQ was one of the best decisions of my career. It has challenged me and helped me grow in so many ways. We'd love to have more people join our team.
Clumio is a secure backup as a service that provides comprehensive data protection against ransomware attacks and account compromises in AWS. Start Free Trial.
A round-up of last week’s content on InfoQ sent out every Tuesday. Join a community of over 250,000 senior developers. View an example
You need to Register an InfoQ account or Login or login to post comments. But there's so much more behind being registered.
Get the most out of the InfoQ experience.
Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p
Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p
Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p
A round-up of last week’s content on InfoQ sent out every Tuesday. Join a community of over 250,000 senior developers. View an example
Real-world technical talks. No product pitches. Practical ideas to inspire you and your team. QCon San Francisco - Oct 24-28, In-person. QCon San Francisco brings together the world's most innovative senior software engineers across multiple domains to share their real-world implementation of emerging trends and practices. Uncover emerging software trends and practices to solve your complex engineering challenges, without the product pitches.Save your spot now
InfoQ.com and all content copyright © 2006-2022 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with. Privacy Notice, Terms And Conditions, Cookie Policy