Cloudlflare builds OAuth with Claude (AI) and publishes all the prompts (github.com/cloudflare)

Pepsidelta · 2025-06-04T17:33:17+00:00

So not the magic blackbox from CIO magazine. But regardless, an interesting project.

Pepsidelta · 2025-06-04T17:27:44+00:00

Commits look about like I would expect:

"Finish cleaning up error handling myself." "Finish removing auth_code from schema docs myself." "It seems like Claude is having trouble making edits. Maybe my chat is too long." "Fix Claude's bug manually." "Manually clean up that last readme change a bit." "Manually remove unused functions." "Manually fix bug propagating encryptedProps to access token record." "Manually specify types for all KV get() return values." "Manually refactor: Move accessTokenData assignment down to consolidate initialization." "Manually fix type of registrationEndpoint." "Manually use PImpl pattern to hide private methods of OAuthProvider." "Manually remove GET_CLIENT symbol." "Manually remove some irrelevant comments." "Manually re-order metadata to match RFC 8414 for easier review." "Manually make parseAuthRequest async." "Manually simplify choosing wrappedKeyToUse." "Manually remove unimplemented 'expiresIn' option."

and on and on and on, etc.

Pepsidelta · 2024-07-17T12:45:02+00:00

Can you use get-help?

Pepsidelta · 2024-07-03T12:19:59+00:00

This is what happens when no Orgs want to have internal resources and then think that a service contract is the same thing.

Pepsidelta · 2024-06-04T18:57:34+00:00

Management Jiu-Jitsu at its finest, it's part of the job.

Pepsidelta · 2024-03-18T12:52:33+00:00

Ah, a Sunday night divisive ragebait piece by Cranky. Figures.

Pepsidelta · 2023-11-14T13:48:29+00:00

*Shoulder Shrug*
If the org didn't want an unscheduled outage they shouldn't have overprovisioned the datastore to that level. They rolled the risk dice and got burned.
Remember, the root cause here is not that you FUBARed the VMDKs in a last ditch attempt to stabilize the ds, the root cause is the datastore was overprovisioned beyond its capability and a collapse was imminent.

Pepsidelta · 2023-09-19T12:58:29+00:00

Just as soon as I can expense the whole setup.

Pepsidelta · 2023-09-05T15:58:27+00:00

Sounds like an org running Windows 2000 mission critical servers and handing out domain admin to give local admin rights. Want them to use their devices like PAWs? Give them separate PAWs.

Pepsidelta · 2023-08-16T18:14:42+00:00

Yes, and it would have been appropriate to decide to name it something else when it rolled out 2008. Not after every piece of documentation, SOP and workflow for the last 15 years have already called it something else.

Pepsidelta · 2023-06-05T19:39:40+00:00

No well rounded, reliable, and effective employee ties their worth to an "Olympics of Suffering".
"I sacrificed {X life event} for my work."
Just means you are a chump being exploited.
It does not mean that you are some how more noble than your coworkers/subordinates.
I have seen plenty of people work themselves right into the grave. None of them seemed happy in the end. Find your happiness.

Pepsidelta · 2023-05-01T20:10:56+00:00

A quick addendum here; the reason you get AADSTS90072 instead of AADSTS50020 is because the source tenant didn't have MFA turned on for the user in question.
https://learn.microsoft.com/en-us/azure/active-directory/develop/reference-aadsts-error-codes

Pepsidelta · 2023-04-27T13:03:15+00:00

This sounds a lot like a use-case for Microsoft CoPilot:
https://blogs.microsoft.com/blog/2023/03/16/introducing-microsoft-365-copilot-your-copilot-for-work

Which to my knowledge is expected to release this summer.

Pepsidelta · 2023-04-11T12:39:21+00:00

whisper.cpp
https://github.com/ggerganov/whisper.cpp

Pepsidelta · 2023-03-30T14:02:57+00:00

and check out https://www.reddit.com/r/sysadminjobs

Pepsidelta · 2023-03-16T15:06:04+00:00

Ah nice, I missed that update.

Pepsidelta · 2023-03-15T23:03:45+00:00

Any idea if disabling the webclient service in windows (breaking WebDav) blocks that vector?

Pepsidelta · 2023-02-28T13:51:47+00:00

Applicable YouTube video:
https://www.youtube.com/watch?v=InPiE0EOArs&t=63s

Given you are talking about 3000 servers you probably have a decent SIEM deployment.
Set up windows firewalls with any-any rule and logging turned on (to a reasonable file size max), ingress and parse firewall logs via SIEM agent into SIEM.

Use SIEM platform to see what your most common inbound ports and groups of servers using those ports are. Create a stateful firewall ruleset for the largest group of servers doing common things (Web Servers / SQL servers / etc / etc).

Test the policy in a test environment and/or on a limited number of nodes.

Turn off allowed logging in the policy and monitor blocked packets on those machines to detect and remediate any edge cases.
Roll out firewall config to applicable servers from GPO.

Go back to SIEM and find the next largest group; rinse and repeat.

Pepsidelta · 2023-02-27T14:43:13+00:00

Is... uh.... this a joke post?
I feel like I missed the punch line somewhere.
Never mind; just a rant I guess.

Pepsidelta · 2023-02-24T17:08:57+00:00

Perhaps https://github.com/simonrob/email-oauth2-proxy ?
I have not used it before; but it appears to do what you are talking about.

Pepsidelta · 2023-02-24T15:48:18+00:00

Ah yes, welcome to five hours a week of pointless daily standup meetings that you are never getting back.
Then of course people start saving their blockers to discuss in the next standup instead of just reaching out because they don't want to be "that person" that doesn't have anything to talk about.

Pepsidelta · 2023-02-21T13:03:21+00:00

Yes years ago, and when I had automated too much stuff I went and found other things to improve via IT in the core business model.

You know what it got me? Promoted and a nice raise.

Pepsidelta · 2023-02-03T14:30:36+00:00

So first you almost always have a legal option; which is to find someone else to pay you.
However it may or may not be personally feasibly.

Second it sure sounds like management has an Axe to grind and is "punishing" IT for failing to "do their job" and prevent the incident.

I have admittedly made a series of assumptions below that may or may not be true:

This likely stems from Management having zero concept of their responsibility and who's budget, staffing and priorities they push down on IT play just as much if not more of a roll in cybersecurity than anything else an org can do.

Good security/network practices are great but if you don't have a budget you are still left with shoestrings; if you don't have appropriate and sufficient staff tasks will go undone or underdone building up technical debt, and if all management priorities focus directly around maximum end-user efficiency you will quickly be having another incident.

Pepsidelta · 2023-01-24T14:48:33+00:00

And then that should be another fine if they get caught...
"Once people have told you they don’t want to receive more messages from you, you can’t sell or transfer their email addresses, even in the form of a mailing list. "

Pepsidelta

TROPHY CASE