The Cloud Natives - January 2024

Happy New Year, Cloud Natives! ?? Welcome to the first edition of 2024, where we're kicking off the year with exciting news, updates, and events in the cloud computing world.

?

In This Edition:

1. Tofu just got a whole lot tastier (stable terraform fork)
2. The latest SSHocker: Terrapin (and how to fix it)
3. Announcing Our Next Live Demo on YouTube

1. A New Chapter in Open Source Terraform

OpenTofu, a community-driven open source fork of Terraform, has recently?announced its first stable release , marking a significant milestone in the world of cloud infrastructure management. This Linux Foundation project is now production-ready and positioned as a drop-in replacement for Terraform.

?

Key Highlights of OpenTofu:

• Testing Feature:?OpenTofu 1.6.0 introduces a testing feature that allows users to test their configurations and module authors to test their modules, significantly enhancing stability.
• Updated S3 State Backend:?The S3 state backend now includes new authentication methods while maintaining compatibility with S3-compatible object storage.
• New Provider and Module Registry:?OpenTofu has launched a new registry, akin to Homebrew, based entirely on a git repository and hosted on CloudFlare R2 for high availability.

Community-Driven Innovations:

• OpenTofu's journey has been shaped by its active community, with nearly 60 contributors playing a pivotal role in its development.
• Notable contributions include an RFC for client-side state encryption, a long-requested feature, which has been accepted and is slated for inclusion in OpenTofu 1.7.
• The project has also benefited from sponsorships and support from various companies, including Cloudflare and BuildKite.

Future Roadmap:

• OpenTofu aims to?maintain compatibility with Terraform where feasible, avoiding major DSL or provider protocol changes.
• Upcoming features include?client-side state encryption?for enhanced security in regulated environments and?support for user-provided keys?and key management services.
• The team is exploring parameterizable backends, providers, and modules, responding to community requests.

With its first stable release, OpenTofu is ready for broader adoption, inviting users to install and start migrating their Terraform configurations. This development represents a significant step in open-source collaboration, offering an alternative and potentially more flexible tool for cloud infrastructure management.

?

2. The Terrapin SSH Vulnerability Lingers in 2024

As we venture into 2024, there's a security matter that needs our collective attention.?The Terrapin attack vulnerability ?(CVE-2023-48795) in the Secure Shell (SSH) protocol, despite being identified weeks ago, continues to pose a?significant threat with millions of SSH servers still vulnerable.

?

Why This Matters:

• Despite its moderate risk classification, the Terrapin vulnerability's?widespread impact?across various SSH products and ciphers remains a significant concern.
• The attack allows for the?downgrading of secure signature algorithms?and?disabling of security measures?against keystroke timing attacks in OpenSSH, potentially leading to manin-the-middle (MitM) attacks.

Here's what to do:

• It's crucial for organizations to promptly?assess their SSH risk posture?and?identify any servers still vulnerable?to the Terrapin attack.
• SSH Communication Security offers?tools and services, including the SSH Risk Assessment Service,?to help identify and upgrade vulnerable servers.
• Additional resources like?SSHerlock?Discovery & Audit Self-service tool and?Universal SSH Key Manager?can aid in enhancing SSH security.

As we embrace the new year's possibilities, let's also prioritize the security and integrity of our digital infrastructure.

?

3.?Join us live on YouTube

Mark your calendars:?January 17th, 14:00 - 15:00 CET???

Join Stephan Hofmann for a Live Demo of meshStack ?and discover how our cloud foundation platform revolutionizes your cloud management. ??

This is your chance to see our Cloud Foundation Platform in action, get insights from our expert, and engage in real-time Q&A. Whether you're a seasoned cloud professional or just starting your cloud journey, this live demo is the perfect opportunity to learn, explore, and get inspired.

?

As we embark on a new year, we're more committed than ever to bringing you the latest and greatest in cloud technology. Stay tuned for more updates, and don't forget to join us for our live demo on YouTube. Your feedback and suggestions are always welcome, so let us know what you think of this edition and what you'd like to see in future issues.

Here's to a cloud-powered 2024! ??

?

Join the?Cloud Foundation Slack community ?to be part of the discussion.