Tomorrow (Tues 27, 2018) we’re going to have the next meetup to talk Continuous Integration. Got a burning desire to rant about the flakiness of an infinite number of shell scripts bundled into a container and shipped to a remote agent…
Don's Blog Technology run (almost) amuck
Tag: continuous
CI’s Gone Wild: Totally Tenacious Test Tuning
So one of the upstream projects I am working on has added some new tests. Should be a good thing, right? Suddenly, out of nowhere, we start getting ‘terminated 137’ on CI stages. The obscure unix math is… substract 128…
Laughably Loquacious Logging
So you are pretty proud of yourself. You have a full micro-services running in Kubernetes with a service mesh (courtesy of Istio). You have configured your liveness probes to once per second. You are using an EFK stack (Elasticsearch /…
The agony and the ecstasy of the read-only
So earlier today I counselled to run your container filesystem read-only. Its higher security (something can’t weasel in as easily) You want to be able to dynamically dispose and restart containers somewhere else, how can you do this if they…
Have you set your security context recently?
You’d be shocked at how few people copy these few lines into their YAML in Kubernetes. Highly recommend you do this. Why? Well, lets walk through them. runAsNonRoot: self explanatory. Why would you want root permission inside this container? What…
login | 
(RSS)|Create Account|Update email pref
In the lower right you might see a red bell / push notification indicator, click it to enable push notifications (or link below this box).
See the previous archives
(RSS)|Create Account|Update email pref In the lower right you might see a red bell / push notification indicator, click it to enable push notifications (or link below this box).
See the previous archives
- Jayme Snyder on Opening the hiring taps: first legit job ad is up!Congrats Don on this great milestone!
- Mustafa on Speedtest & BBR, consistencyHi Don, Need your help to improve our Speedtest server. Kindly get in touch.
- db on The LED bulb project: an autopsy on some failuresfree to good home. two $25 LED corn cob lights. Lightly used. Some bugs. May have missing led(s). Know a
- Jayme Snyder on The LED bulb project: an autopsy on some failuresI've fixed a number of dead LED back-lit TV's found on Kijiji and through friends. I guess it's so much
- db on Gitlab via the API: prepare a repo with automatic deploy keys and protected branches/tagsi don't really understand what you are asking? the `protect` means that it can't be read.
Jayme Snyder on Opening the hiring taps: first legit job ad is up!Congrats Don on this great milestone! 
Mustafa on Speedtest & BBR, consistencyHi Don, Need your help to improve our Speedtest server. Kindly get in touch. 
db on The LED bulb project: an autopsy on some failuresfree to good home. two $25 LED corn cob lights. Lightly used. Some bugs. May have missing led(s). Know a
- Defense in Depth: Securing your new Kubernetes cluster from the challenges that lurk within
- Cloud Security Blasphemy: Secrets in git
- Keep your certificates young and fresh
- We are all-in on the TLS: the HSTS preload
- Git ransomware: beware the misdirection
- Covert Exfiltration, Cloud Native
- Moving into a new (cloud) neighbourhood? Check its reputation!
- Docker Hub Hack: Secure Your Supply Chain
- That’s the kind of password an idiot uses on luggage: cloud security
- The naked cloud: elasticsearch is stretch but doesn’t cover security
Top