Month: July 2018
Static Application Security Testing (SAST) and Nodejs (with Gitlab CI)
SAST. Its a thing. Take the test to see if you need it 🙂 OK, not that SAST, the one that relates to security silly. So I’ve been using clair from coreos. Its pretty awesome, but, to my chagrin, it does not cover python / node / go / ruby / …, the majority of the…
Kubernetes and private registries and names: your registry credentials everywhere
Its 2018 so you have at least a few private container registries lurking about. And you are using Kubernetes to orchestrate your Highly Available Home Assistant (which you never make an acronym of since people would laugh at you) as well as other experiments. You’ve read the book on namespaces and are all in on…
One line remote shell on the sly
You’ve got a web site. You’re very proud of it, it sells the finest products. Security is superb, you’ve made the container be read-only (so you know nothing can get on there). There’s only 1 port open (443) which goes to node.js. How could anybody get in? Well lets say that your node.js app uses…
The most obvious things are the hardest to spot: RF interference and the bluetooth keyboard
So I’m a bit embarrassed how long this took me to clue in. I have a spiffy bluetooth keyboard. Its great, its got a touchpoint on it, great key travel. Its basically the same keyboard I had on much much loved x300 years ago. But, funny thing, in the evenings it would behave badly. The…
I can’t A4rd to not read the fine print on this scam
So recently I applied for an EU trademark (no its not on ‘angry orange diaper baby’). While the machinations of government weed their way along on this I just sort of wait and twiddle my thumbs, periodically they may ask for more detail. So I get home from work tonight and there is a letter.…
