Tomorrow (Tues 27, 2018) we’re going to have the next meetup to talk Continuous Integration. Got a burning desire to rant about the flakiness of an infinite number of shell scripts bundled into a container and shipped to a remote agent …
Don's Blog Technology run (almost) amuck
Tag: continuous
CI’s Gone Wild: Totally Tenacious Test Tuning
So one of the upstream projects I am working on has added some new tests. Should be a good thing, right? Suddenly, out of nowhere, we start getting ‘terminated 137’ on CI stages. The obscure unix math is… substract 128 …
Laughably Loquacious Logging
So you are pretty proud of yourself. You have a full micro-services running in Kubernetes with a service mesh (courtesy of Istio). You have configured your liveness probes to once per second. You are using an EFK stack (Elasticsearch / …
The agony and the ecstasy of the read-only
So earlier today I counselled to run your container filesystem read-only. Its higher security (something can’t weasel in as easily) You want to be able to dynamically dispose and restart containers somewhere else, how can you do this if they …
Have you set your security context recently?
You’d be shocked at how few people copy these few lines into their YAML in Kubernetes. Highly recommend you do this. Why? Well, lets walk through them. runAsNonRoot: self explanatory. Why would you want root permission inside this container? What …
login | 
(RSS)|Create Account|Update email pref
In the lower right you might see a red bell / push notification indicator, click it to enable push notifications (or link below this box).
See the previous archives
(RSS)|Create Account|Update email pref In the lower right you might see a red bell / push notification indicator, click it to enable push notifications (or link below this box).
See the previous archives
- db on Canadian banks still don’t have 2FA. Who are the real criminals here?Do you care? sure. Unless you re broke :) CIDC is good for 100K if your bank goes bankrupt. If
- Jayme Snyder on Canadian banks still don’t have 2FA. Who are the real criminals here?Do I care with CIDC and current Canadian banking laws? Also TD's passwords are not case sensitive which means they
- Simon Rostron on I yaml’d my network: netplan and the new world orderFreeBSD/BSDs in general have terrific documentation, with the added benefit of the forum post from 5 years ago usually providing
- Jayme Snyder on I yaml’d my network: netplan and the new world orderI've always been a BSD/Solaris/HP-UX at heart for this exact reason... though a fresh egocentric BSD developer doesn't see the
- Chris on e-bikes and UPS: no, not reallyI'd advise you not to approach any embassies, security checkpoints, etc, on that.
db on Canadian banks still don’t have 2FA. Who are the real criminals here?Do you care? sure. Unless you re broke :) CIDC is good for 100K if your bank goes bankrupt. If
Jayme Snyder on Canadian banks still don’t have 2FA. Who are the real criminals here?Do I care with CIDC and current Canadian banking laws? Also TD's passwords are not case sensitive which means they
Simon Rostron on I yaml’d my network: netplan and the new world orderFreeBSD/BSDs in general have terrific documentation, with the added benefit of the forum post from 5 years ago usually providing
Chris on e-bikes and UPS: no, not reallyI'd advise you not to approach any embassies, security checkpoints, etc, on that. 
- Team Agilicus gets new office, Okterbest-adjacent
- Kustomizing Kustomize: Releasing Our Tools
- Declarative GitFlow: restrict kustomize to master branch
- Defense in Depth: Securing your new Kubernetes cluster from the challenges that lurk within
- Cloud Security Blasphemy: Secrets in git
- Keep your certificates young and fresh
- We are all-in on the TLS: the HSTS preload
- Git ransomware: beware the misdirection
- Covert Exfiltration, Cloud Native
- Moving into a new (cloud) neighbourhood? Check its reputation!
