I write about Kubernetes, AWS and Linux internals, and ship small, sharp tools for the work in between.
Two fresh Linux kernel LPEs - Copy Fail and Dirty Frag - both turn an unprivileged pod into root on the node. The defense is a stack of boring controls you can turn on today.
httputil.ReverseProxy is 200 lines from production-grade. We add retries, circuit breaking and request tracing in one sitting.