Console 41

PCP, Red Star, and Endgame

Console Referral Program

Be entered to win an Amazon gift card when your friend opens their first Console email!


Sponsorships

MontyCloud

MontyCloud DAY2 helps AWS customers automate their CloudOps. Cloud architects and IT Managers from fortune 500 ISV to a fortune 500 luxury goods retailer use DAY2 to manage their AWS operations across multiple accounts and regions. DAY2 helps you:

  1. Deploy & Provision: Set up highly compliant, secure, operations-ready AWS Cloud accounts and regions in just a few clicks.

  2. Secure & Govern with Bots: Gain continuous visibility as well as compliance and security assessments. Enforce preventive guardrails across your organization.

  3. Automate CloudOps: Seamlessly integrate with your existing workflows, enable routine cloud operations and self-service tasks in clicks instead of code.

You can get started with MontyCloud DAY2 for FREE!. Connect your AWS account to instantly discover all your resources, organize them into their applications context and get an instant assessment of your security and compliance posture.

Get started today!


cloudquery

Cloudquery transforms your cloud infrastructure into a SQL or Graph database for easy monitoring, governance, and security.

language: Go, stars: 1164, watchers: 37, forks: 57, issues: 8

last commit: February 13, 2021, first commit: November 18, 2020

https://twitter.com/yevgenypats

redstar-tools

redstar-tools includes several binaries from and tools for the North Korean Red Star OS.

language: Shell, stars: 192, watchers: 18, forks: 24, issues: 4

last commit: September 14, 2016, first commit: November 27, 2015

https://twitter.com/_takeshix

endgame

endgame is an AWS pentesting tool that lets you use one-liner commands to backdoor an AWS account’s resources with a rogue AWS account — or share the resources with the entire internet. This is a fork of the original repo, which was taken down by Salesforce.

language: Python, stars: 89, watchers: 2, forks: 116, issues: 0

last commit: February 16, 2021, first commit: February 07, 2021

https://twitter.com/kmcquade3

pcp

pcp is a command line peer-to-peer data transfer tool based on libp2p.

language: Go, stars: 416, watchers: 11, forks: 7, issues: 2

last commit: February 20, 2021, first commit: January 18, 2021

https://dtrautwein.eu


An Interview With Yevgeny of Cloudquery

Hey Yevgeny! let’s start with your background, where have you worked in the past, where are you from and what languages or frameworks do you like? 

I’m based at Tel-Aviv. I’ve been a software engineer and an entrepreneur with a focus on devtools and cyber-security for more than 10 years.  I’m a Gopher :) 

What’s your most controversial programming opinion?

An idea in programming is never controversial as long as you can clearly explain it :)

What is one app on your phone that you can’t live without that you think others should know about?

I guess it’s a mix - messaging (signal, telegram, whatsapp, slack) and email.

If you could dictate that everyone in the world should read one book, what would it be?

Too many good books in different areas. I love to read books that have some relation to my day-to-day work/life. If I’m building a startup I might read more business books, if I’m on a long vacation I might read adventure books, etc…

If you’re looking for a business/startup related book I’d suggest “The Lean Startup” by Eric Ries.

What resources do you use to stay up to date on software engineering?

There is no particular place but I usually work on engineering related projects (right now it is cloudquery, for example) and I just google and research relevant stuff while working.

How do you separate good project ideas from bad ones?

Usually by the traction it gets once you release it. If people use it, then it’s a good idea if not then not so much - but, it also depends on what the purpose of the project was.

Why was cloudquery started? 

Cloudquery started as an open-source framework for security, compliance and visibility of cloud infrastructure and SaaS applications. Think about osquery, but for the cloud: agentless and written in Go (no C/C++) . The cloud infrastructure security market is flooded with expensive enterprise products but actually very few high-quality open-source products/frameworks.

What are some examples of expensive enterprise products currently in the space?

Classic stuff from Palo-Alto Network, Checkpoint, and also bunch of startups. 

What is your typical approach to debugging issues filed in the cloudquery repo? 

Pretty standard - run locally and try to reproduce.

What is the release process like for cloudquery?

KISS (keep-it-simple-stupid). Using Goreleaser.

How is cloudquery eventually intended to be monetized?

We plan to have a SaaS version with various tiers. Think terraform <-> terraform cloud. 

How do you balance your work on open-source with your day job and other responsibilities?

Luckily my day job and my work on the open-source project is the same :)

What is the best way for a new developer to contribute to cloudquery?

  • Just by running/trying cloudquery and reporting any bugs or missing features you will do a great service to the project.

  • To sum-up in this order: 1) bug reports 2) feature requests 3) code-contribution

If you plan to continue developing cloudquery, where do you see the project heading next?

I see the project evolving and getting more coverage for different cloud-providers and resources. Essentially becoming the go-to open-source framework for cloud infrastructure security, compliance, and visibility. 

Where do you see software development in-general heading next?

Less run-time (virtual-machine) languages (Python/Java) and more languages like Go/Rust. 

Why do you think that is?  The inefficiencies of a virtual machine?

I think because it made sense in the past but today with power of Go there is no need to install on a host a whole virtual-machine/runtime only to be able to run a program. This makes writing, shipping, and running software, stable, quick, and efficient.

Do you think containerization has something to do with why it doesn't make sense anymore, or is it something else?

Containerisation definitely makes sense but when you run things locally as a developer there is nothing more convenient than one single binary. Also performance is a big thing as well - you can still containerize Go applications but you will get probably much better performance then JVM/Python/etc... I don't say Python/Java don’t have their place - for example in data-science, scripting Python is a great fit. But for backend/production or local applications Go is becoming a go-to language.

Where do you see open-source heading next?

I see open-source becoming king in the cloud-security infrastructure market. 

Do you have any suggestions for someone trying to make their first contribution to an open-source project?

Look at previous PRs and see what is accepted and what is not as it varies vastly between projects.


Like what you saw here? Why not share it?

Share

Or, better yet, share Console!

Share Console

Also, don’t forget to subscribe to get a list of new open-source projects curated by an Amazon software engineer directly in your email every week.