Category: all
Spam sushi in a vending machine? People feeding trash pandas at underpasses? Must be in California!
So I’m here at Google Next this week. Cloud cloud cloud, security security security, that sort of thing. Question 1. Would you buy this ‘spam musibi‘ from this vending machine? Or you’d rather have that tasty-looking turkey? Or that delicious looking hot dog? Keep in mind there is no microwave around, so that cold vended…
Got Intel? Got security hole
Well this is awkward. That Intel Management Engine (AMT) that you can’t disable. That one that runs even when your machine is turned off. The one that runs with highest privilege, no oversight, outside your operating system. The same one that everyone wonders, just what is in there. Turns out, from the security audit, some…
Static Application Security Testing (SAST) and Nodejs (with Gitlab CI)
SAST. Its a thing. Take the test to see if you need it 🙂 OK, not that SAST, the one that relates to security silly. So I’ve been using clair from coreos. Its pretty awesome, but, to my chagrin, it does not cover python / node / go / ruby / …, the majority of the…
Kubernetes and private registries and names: your registry credentials everywhere
Its 2018 so you have at least a few private container registries lurking about. And you are using Kubernetes to orchestrate your Highly Available Home Assistant (which you never make an acronym of since people would laugh at you) as well as other experiments. You’ve read the book on namespaces and are all in on…
One line remote shell on the sly
You’ve got a web site. You’re very proud of it, it sells the finest products. Security is superb, you’ve made the container be read-only (so you know nothing can get on there). There’s only 1 port open (443) which goes to node.js. How could anybody get in? Well lets say that your node.js app uses…