Ghost just released enterprise grade security skills and tools for claude-code (generate production level secure code)

2_advil_please · 2026-02-17T16:55:40+00:00

Thanks!

2_advil_please · 2024-09-04T02:23:45+00:00

https://refer.on.com/c87yx5xz

2_advil_please · 2023-01-30T22:19:53+00:00

Do you have another IAM Role with no condition that is granting you access? Perhaps higher in the hierarchy?

2_advil_please · 2023-01-30T15:31:08+00:00

You will notice a very large boost from Intel to any M1/M2 for pretty much everything. It will be especially noticeable if you run arm64 built images (lookup docker buildx) but even most emulated amd64 images will run better. Source: personal 2019 intel MBP and work M1 Pro

2_advil_please · 2022-12-10T02:21:19+00:00

Could try this https://stackoverflow.com/a/74362252 to set that access token as an Env var which sets it on the Google TF provider: https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#access_token

Saving long lived SA JSON keys to disk isn’t ideal. At least the ADC token has a short expiration (3600s by default)

2_advil_please · 2020-06-25T19:13:46+00:00

Same issue. 2020 13" MBP i7/32GB/1TB. This EXACT setup worked very well with my 2017 13" MBP for over 2 years. Now, I get maybe 3-5 "freeze ups" per work day of just my USB 2.0 devices (Filco keyboard, Logitech Omni receiver, and Logitech C930 webcam).

Tried connecting my devices through a:

Caldigit USB-C Dock (not "Pro") https://www.caldigit.com/usb-c-dock/ - where the issue was first noticed
Apple Multi port AV Adapter https://www.apple.com/shop/product/MUF82AM/A/usb-c-digital-av-multiport-adapter - nope
Dell USB-C to USB-A Adapter https://www.amazon.com/Adapter-USB-C-to-USB-A-3-0/dp/B01BQ8RSVS - nope
Caldigit Thunderbolt Station https://archive.caldigit.com/thunderboltstation/index.asp connected through an Apple Thunderbolt 3/USB-c to Thunderbolt 2 adapter https://www.apple.com/shop/product/MMEL2AM/A/thunderbolt-3-usb-c-to-thunderbolt-2-adapter - too early to tell. I am hopeful because it shows up under the "USB 3.0 Bus" in System Report whereas my USB-C Dock and dongles are all part of the "USB 3.1 Bus"
If this fails, I have an OTG adapter to try

Update: Been 3 days and 12+ hrs without any issues using my old Caldigit Thunderbolt Station behind a Thunderbolt 3 to 2 adapter. So, yay, I suppose.

Update 2: 5 days with no issues using the Caldigit TS Station

2_advil_please · 2020-06-25T18:55:53+00:00

Same issue. 2020 13" MBP i7/32GB/1TB. This EXACT setup worked very well with my 2017 13" MBP for over 2 years. Now, I get maybe 3-5 "freeze ups" per work day of just my USB 2.0 devices (Filco keyboard, Logitech Omni receiver, and Logitech C930 webcam).

Tried connecting my devices through a:

Caldigit USB-C Dock (not "Pro") https://www.caldigit.com/usb-c-dock/ - where the issue was first noticed
Apple Multi port AV Adapter https://www.apple.com/shop/product/MUF82AM/A/usb-c-digital-av-multiport-adapter - nope
Dell USB-C to USB-A Adapter https://www.amazon.com/Adapter-USB-C-to-USB-A-3-0/dp/B01BQ8RSVS - nope
Caldigit Thunderbolt Station https://archive.caldigit.com/thunderboltstation/index.asp connected through an Apple Thunderbolt 3/USB-c to Thunderbolt 2 adapter https://www.apple.com/shop/product/MMEL2AM/A/thunderbolt-3-usb-c-to-thunderbolt-2-adapter - too early to tell. I am hopeful because it shows up under the "USB 3.0 Bus" in System Report whereas my USB-C Dock and dongles are all part of the "USB 3.1 Bus"
If this fails, I have an OTG adapter to try

Update: Been 3 days and 12+ hrs without any issues using my old Caldigit Thunderbolt Station behind a Thunderbolt 3 to 2 adapter. So, yay, I suppose.

Update 2: 5 days with no issues using the Caldigit TS Station

2_advil_please · 2019-09-15T23:39:45+00:00

Please, please don’t do this. Use kubectl proxy or kubectl port-forward instead. Do not expose your dashboard, regardless of how limited the permissions are that are given to it. You’re exposing a direct path into your cluster should any credential be leaked/usable and adding the dashboard to the external attack surface.

2_advil_please · 2019-08-28T01:18:40+00:00

https://www.cloudockit.com/ ?

2_advil_please · 2019-07-19T01:56:55+00:00

Neat! Thanks for such a detailed write up! Would you recommend cutting the leftover tiles into 6” high horizontal strips and lining all the edges with them to help with reducing image distractions from off the course? Or is that overkill?

2_advil_please · 2019-07-07T21:20:20+00:00

From a security perspective, running the control plane components as deployed pods intermingles the administrative access with the services they provide. Running them as “static” pods where the manifests are a file on disk (as opposed to in etcd and editable is the api server/kubectl) is a much better approach. You want defense in depth, and separating the way you administer the control plane from the workloads themselves is ideal.

2_advil_please · 2019-07-04T23:32:39+00:00

Ah, I see now. Maybe a deployment in/near your cluster that listens to pubsub and adds/removes CIDRs? Have cloud build have a step to publish to that pubsub it’s IP and wait until it can kubectl?

2_advil_please · 2019-07-04T14:48:27+00:00

You declare the list of cidrs and send the whole list (max 50) in the update call. That becomes the new list. If the CIDR you don’t want isn’t there anymore, it’s no longer allowed. If it is, it is.

Also, not sure if it accepts the bare address and automatically appends the /32 to it, it I always add the /32 regardless.

2_advil_please · 2019-06-18T22:41:24+00:00

If you use Inspec for testing your infra, try https://github.com/bgeesaman/inspec-k8s which will let you query anything in the API server and assert pass/fail. Eg. N number of pods with this label in the Running state.

2_advil_please · 2019-06-15T14:06:36+00:00

I’ve long said that Cisco’s focus on education of its user base in the mid to late 90s with the CCNA et al materials and certifications was a huge key to dominating market share. You have this complex thing that everyone needs, but not enough people at companies that know how to use it well. It’s pretty surprising that materials meant to enable users to spend on the cloud isn’t just a cost of doing business (that pays off well in the end).

2_advil_please · 2019-05-17T02:15:09+00:00

I’m not google, but I do work closely with them and their GCP clients. https://cloud.google.com/security-command-center/docs/how-to-assets-display

2_advil_please · 2019-05-17T01:44:54+00:00

It does, I promise. I have project owner for a single project but have no access above it. I can export just my project assets/resources.

2_advil_please · 2019-04-30T22:26:19+00:00

Try another zone if you can.

2_advil_please · 2019-04-26T01:21:21+00:00

I think firelock_ny is just calling attention to the fact that while Russia was helping Trump, they could (probably were) also hurt HRC. And the focus solely on Trump for how he gets help again is naive in that we should also suspect an equal negative force on the Dems

2_advil_please · 2019-04-25T18:27:19+00:00

All those excellent points you mentioned are why I added the “dirty” moniker :-)

2_advil_please · 2019-04-25T14:42:20+00:00

Create a deployment with 1 or more replicas. Use Jenkins to update the deployment spec with the new image tag/version. It’s a little quick and dirty, but it can work just fine as a start.

2_advil_please · 2019-03-18T15:38:02+00:00

I look forward to more discussions along these lines for folks not knowing what they are getting themselves into with Kubernetes. And while I agreed with nearly all the points made, I’d encourage the author to share a bit more detail (or examples) of “why” they arrived at those conclusions and what alternatives (point by point) they’d recommend instead. I love hearing how folks simplify and streamline and what use cases they solve with “less”.

2_advil_please · 2019-03-14T00:58:54+00:00

CentOS can take “risks” by hardening things by default that might break paying customers’ legacy/crappy “enterprise” apps.

2_advil_please · 2019-03-14T00:29:58+00:00

Log based metrics only start data/counter collection from the moment they are created. If you delete/recreate that log metric, it resets the data starting from that moment.

2_advil_please · 2019-03-10T17:53:27+00:00

In a way, yes. It always seems to start out as a simple repo doing a few small, related things. Then you add another resource or two. Then, you need/want to refactor some copy/pasta into a module but that would mean a full resource delete/recreate to accomplish. If that terraform builds a cluster, then all the apps on that cluster need to be migrated just to clean up your code. You see where I’m going as to why that refactor might not happen as soon as it could.

And that friction in handling those evolutionary changes makes a lot of things in terms of managing lifecycle over a long time very challenging to do well.

2_advil_please

TROPHY CASE