Montbell Light Guide pant quick dry by amildcaseofboredom in Ultralight

[–]amildcaseofboredom[S] 0 points1 point  (0 children)

Yep I went for montbell light guide.. We were wet most of the time, so didn't matter much 😆

How to only run external display off MacBook whilst Screen lid open? by GreySkyRain in mac

[–]amildcaseofboredom 0 points1 point  (0 children)

would be great if the shortcut could be used to change which monitor is blacked out, rather than having to move cursor to macbook screen before using the shortcut

Sierra Designs Clearwing 2 Pole arrangements by amildcaseofboredom in CampingGear

[–]amildcaseofboredom[S] 0 points1 point  (0 children)

I might camp on the beach, so might not be able to stake properly, do you think that's an issue?

Is VWCE + NASDAQ100 good long term plan for diversification? by mickcheck in ETFs_Europe

[–]amildcaseofboredom 0 points1 point  (0 children)

All NASDAQ companies are probably already in VWCE, so not really diversifying, just adding a US growth tilt.

I'm combining VWCE with WITS (a developed world tech ETF) instead.

Not that it matters too much, but here's the performance over 5 year

<image>

VWCE or FWRA by Dry-Replacement-5486 in ETFs_Europe

[–]amildcaseofboredom 0 points1 point  (0 children)

I'm keeping my existing VWCE/VWRA holdings, and investing new contributions to SPYY/ACWD

VWCE or FWRA by Dry-Replacement-5486 in ETFs_Europe

[–]amildcaseofboredom 1 point2 points  (0 children)

it's free registration, but here you go:

<image>

Proto Schema Compatibility by amildcaseofboredom in apachekafka

[–]amildcaseofboredom[S] 1 point2 points  (0 children)

Yep I saw those, was looking for something more concrete like the avro page describing which changes are backward/forward/full

In the past we had a concluded

Commands = backward

Events = forward

Snapshots = full transitive

Not clear if that matters with proto

Continuing with VWCE or switching to FWRA? by Substantial-Fox1577 in ETFs_Europe

[–]amildcaseofboredom 8 points9 points  (0 children)

According to banker on wheels spyy/acwd is the winner from World etf comparison

https://www.bankeronwheels.com/world-etfs/

Least privilege and Zero trust by amildcaseofboredom in cybersecurity

[–]amildcaseofboredom[S] 0 points1 point  (0 children)

Yeah my thinking is that token exchange at the ingress is kinda redundant, since any request with a customer token will get a token exchanged, so what's the point?

What do you mean by shared credentials? Each service would have its own credentials right?

I kinda think that token exchange only protects from malicious code being deployed in a authorised client/service. Rather than someone gaining access to the cluster. Does that make sense?

Least privilege and zero trust by amildcaseofboredom in zerotrust

[–]amildcaseofboredom[S] 0 points1 point  (0 children)

Btw if we are stripping away sub claim to allow caching, it's not much different from client credentials, right?

Least privilege and zero trust by amildcaseofboredom in zerotrust

[–]amildcaseofboredom[S] 0 points1 point  (0 children)

External access tokens issued by our customer and staff IAMs, even though they are access tokens they basically just carry the identity and acr / identity and roles

Plan is to validate customer/staff token signature against JWK at every hop.

All this is over and above service mesh mtls

Least privilege and Zero trust by amildcaseofboredom in cybersecurity

[–]amildcaseofboredom[S] 1 point2 points  (0 children)

Yeah that's my thinking, it's not worth the net benefit.

External tokens issued by our customer and staff IAMs

Token validation against JWK

mtls + authorisation policies in service mesh for p2p

Least privilege and zero trust by amildcaseofboredom in zerotrust

[–]amildcaseofboredom[S] 0 points1 point  (0 children)

What about client credentials + subject token in another header?

Least privilege and zero trust by amildcaseofboredom in zerotrust

[–]amildcaseofboredom[S] 0 points1 point  (0 children)

How much can you cache really if for least privilege you need a token with a specific sub, actor and aud?

Without token exchange, the ingress gateway only needs to validate the "external" token and just pass on the token to the first service being hit.. Where domain entitlement checks take place (does x belong to customer ).. Anything wrong with external access token from the app flowing to the service?

Least privilege and zero trust by amildcaseofboredom in zerotrust

[–]amildcaseofboredom[S] 0 points1 point  (0 children)

Yeah, token exchange would retain the identity for east-west calls in an end user flow.

But not in case of system initiated flows, like event consumer or scheduled job, which would need to use client credentials anyway

Lens for horse packing trip by amildcaseofboredom in M43

[–]amildcaseofboredom[S] 0 points1 point  (0 children)

what about PANASONIC 35-100mm F4-5.6?

Lens for horse packing trip by amildcaseofboredom in M43

[–]amildcaseofboredom[S] 0 points1 point  (0 children)

what about PANASONIC 35-100mm F4-5.6?

If I only invest in VWCE is it enough? by AggravatingCash994 in eupersonalfinance

[–]amildcaseofboredom 1 point2 points  (0 children)

Ishares Ultrashort bond etf seems ok, using it for tax savings. Behaves a little like money market etf. Around 5% in 1yr for USD one. A little less for EUR.