Tomorrow (Tues 27, 2018) we’re going to have the next meetup to talk Continuous Integration. Got a burning desire to rant about the flakiness of an infinite number of shell scripts bundled into a container and shipped to a remote agent…
Don's Blog Technology run (almost) amuck
Tag: continuous
CI’s Gone Wild: Totally Tenacious Test Tuning
So one of the upstream projects I am working on has added some new tests. Should be a good thing, right? Suddenly, out of nowhere, we start getting ‘terminated 137’ on CI stages. The obscure unix math is… substract 128…
Laughably Loquacious Logging
So you are pretty proud of yourself. You have a full micro-services running in Kubernetes with a service mesh (courtesy of Istio). You have configured your liveness probes to once per second. You are using an EFK stack (Elasticsearch /…
The agony and the ecstasy of the read-only
So earlier today I counselled to run your container filesystem read-only. Its higher security (something can’t weasel in as easily) You want to be able to dynamically dispose and restart containers somewhere else, how can you do this if they…
Have you set your security context recently?
You’d be shocked at how few people copy these few lines into their YAML in Kubernetes. Highly recommend you do this. Why? Well, lets walk through them. runAsNonRoot: self explanatory. Why would you want root permission inside this container? What…
login | 
(RSS)|Create Account|Update email pref
In the lower right you might see a red bell / push notification indicator, click it to enable push notifications (or link below this box).
See the previous archives
(RSS)|Create Account|Update email pref In the lower right you might see a red bell / push notification indicator, click it to enable push notifications (or link below this box).
See the previous archives
- db on The LED bulb project: an autopsy on some failuresfree to good home. two $25 LED corn cob lights. Lightly used. Some bugs. May have missing led(s). Know a
- Jayme Snyder on The LED bulb project: an autopsy on some failuresI've fixed a number of dead LED back-lit TV's found on Kijiji and through friends. I guess it's so much
- db on Gitlab via the API: prepare a repo with automatic deploy keys and protected branches/tagsi don't really understand what you are asking? the `protect` means that it can't be read.
- faizal on Gitlab via the API: prepare a repo with automatic deploy keys and protected branches/tagscan you let me know how to protect a tag and allow it only for a group instead of maintainer.
- db on You want to see something really random? Infinite entropy returnsI like the garage-built look!
db on The LED bulb project: an autopsy on some failuresfree to good home. two $25 LED corn cob lights. Lightly used. Some bugs. May have missing led(s). Know a
Jayme Snyder on The LED bulb project: an autopsy on some failuresI've fixed a number of dead LED back-lit TV's found on Kijiji and through friends. I guess it's so much
faizal on Gitlab via the API: prepare a repo with automatic deploy keys and protected branches/tagscan you let me know how to protect a tag and allow it only for a group instead of maintainer.
- Security of the upstream code, and, the importance of the egress firewall
- Static Application Security Testing (SAST) and Nodejs (with Gitlab CI)
- Suffering sisyphean security solutions: make your chrome part of the solution
- Safely secure secrets: a sops plugin for kustomize
- They got in via the logging! remote exploits and DDoS using the security logs
- Increasing the usefulness of your Kubernetes Ingress logging
- When your security tools cost more than the thing they protect
- Protect your API key (and your credit rating)
- The supply chain security risk in action: ESLint
- Have you set your security context recently?
Top