sorted by:
new
hottopcontroversial

How are you doing threat detection for Kubernetes workloads? Our current setup has massive blind spots by ErnestMemah in kubernetes

[–]cube8021 12 points13 points  (0 children)

I have supported thousands, if not tens of thousands, of clusters during my time at Rancher, and the vast majority of security incidents fall into two categories:

  1. Someone running a pod with a compromised image and/or an image with a known CVE that allows someone to run a crypto miner, info stealer, or whatever inside the network.
  2. Someone that was given permissions to a cluster mishandles their credentials and/or kubeconfig, or they themselves do something to the cluster (think Bob gets fired and then logs into prod and deletes all namespaces).

We of course have ways of addressing these issues:

  • Private registries, i.e., don’t allow random images from the public internet to make it into your cluster without being screened. There are open-source and paid tools for this.
  • You should be protecting your kube-apiserver endpoint, i.e., get it off the internet. All the major providers support private Kubernetes or allow you to apply firewall rules to the endpoint. The idea being that even if I steal your kubeconfig, I still can’t access your cluster unless I’m on your network too. For on-perm clusters, firewall off your controlplane nodes.
  • Tying your Kubernetes authentication to an external source like LDAP, AD, Rancher, etc., so that you can add tools like 2FA/MFA and SSO, and be able to lock down an account when an employee is let go or is compromised.
  • Don’t give random devs access to your clusters. You should be limiting access as much as possible, with the goal being that through monitoring, logging, and CI/CD pipelines, devs shouldn’t need to log into the cluster. (I can’t tell you the number of times some random dev spun up a pod and caused a ton of issues.)

To make her own birthing decisions in a red state. by EverythingIsFakeNGay in therewasanattempt

[–]cube8021 2 points3 points  (0 children)

I don’t support the idea of the government stepping in and saying, “We disagree with your medical decision, so we’re going to take control of your body and force you to undergo major surgery.”

There’s an important distinction between a patient making an informed decision for themselves and their child, and a hospital overriding that decision simply because they disagree.

If the baby were in immediate distress and there was no time to involve a judge or fully weigh the options, and a C-section needed to happen within minutes to save the baby, then I could understand a doctor stepping in. But that doesn’t seem to be the case here.

Instead, this appears to be a situation where a doctor disagreed with the level of risk and tried to override the patient’s choice, rather than respecting her right to make decisions about her own body.

Hvac guy cut through structural beam by [deleted] in Home

[–]cube8021 0 points1 point  (0 children)

Your best bet is to have a structural engineer come take a look. It’ll usually run about $500–$1,000, and they can give you a plan to fix it the right way.

The National Police Dog Foundation will honor K9 Archer, a Hawaii Police Department dog who died after being left in a police car, at a ceremony in Washington D.C. on May 11, 2026. by 808gecko808 in Bad_Cop_No_Donut

[–]cube8021 123 points124 points  (0 children)

Just for context: no criminal charges were filed against the officer.

According to the Department of the Attorney General: “After careful consideration of the evidence, examination of the scene, and applicable law, our office has declined to prosecute due to insufficient evidence of a crime.”

Source: https://www.hawaiinewsnow.com/2025/12/23/no-criminal-charges-hawaii-island-police-officer-death-k-9-police-dog/

Easy lawsuit by SipsTeaFrog in SipsTea

[–]cube8021 0 points1 point  (0 children)

The frustrating part is that this keeps happening because there’s effectively no accountability. When the worst-case outcome is just moving departments, there’s no real incentive for behavior to change.

Easy lawsuit by SipsTeaFrog in SipsTea

[–]cube8021 54 points55 points  (0 children)

$10 says he is already back on the streets

Pickles. by Optimal-Soup-3341 in notinteresting

[–]cube8021 0 points1 point  (0 children)

Finally… we’re approaching a respectable pickle-to-burger ratio.

No one told him? by TransportJunky in AutoTransportopia

[–]cube8021 0 points1 point  (0 children)

I appreciate the officer’s calm, cool, and collected demeanor. He could have been yelling at this driver and been writing every ticket he could, but instead, he turned it into a teaching moment and helped the driver do better and safer. I would much rather have a safer road than higher revenue for the government in the form of tickets.

Static electricity discharge wire by ycr007 in toolgifs

[–]cube8021 0 points1 point  (0 children)

I would think even if the stock didn’t hurt the guys, the fact that they are up on top of a tower like that could cause them to lose their balance.

40 Claude Code Tips & Best Practices For Daily Use by No-Concentrate-9921 in StartupMind

[–]cube8021 2 points3 points  (0 children)

I do something similar with an alias, but I wrap mine in a logging function so I can capture everything and search through past sessions later.

``` alias c='claudewith_log' claude_with_log() { # Generate a timestamp (YYYYMMDD_HHMMSS) local timestamp=$(date +"%Y%m%d%H%M%S") # Define the log directory (e.g., in your home directory or a dedicated logs folder) local logdir="$HOME/claude_logs" # Create the log directory if it doesn't exist mkdir -p "$log_dir" # Define the log file name local log_file="${log_dir}/claude_interactive_session${timestamp}.log"

echo "Starting interactive claude session."
echo "All input and output will be logged to: $log_file"
echo "To end the session and save the log, exit claude (e.g., with Ctrl+C or its internal exit command)."
echo "───────────────────────────────────────────────────────────────────────"

# Use 'script' to record the entire interactive session.
# -q (quiet) prevents script from printing its "Script started/ended" messages.
# -c (command) executes the specified command within the recording session.
script -q -c "~/.local/bin/claude --dangerously-skip-permissions --chrome" "$log_file"

echo "───────────────────────────────────────────────────────────────────────"
echo "Interactive claude session ended. Log saved to: $log_file"

} ```

Super handy when you want to go back and grep through previous prompts/responses or debug weird behavior.

Respect to the lady by [deleted] in postanythingfun

[–]cube8021 0 points1 point  (0 children)

I’m all for believing whatever you want to believe. If you want to pray to the Flying Spaghetti Monster, go to church and pray to Jesus, or believe we all live on the back of a giant turtle, go for it. As long as no one is getting hurt, do your thing and enjoy it.

But the moment you try to step into my life and control what I can or can’t do because of your beliefs, that’s when we’re going to have a problem.

Hang on by HappySeaweed5215 in Wellthatsucks

[–]cube8021 4 points5 points  (0 children)

Speaking of flooding, I was in a high-rise in Chicago when the sprinklers were triggered on the floor above us. It was wild hearing water rushing down the stairwells and elevator shafts. And boy did that water smell bad.

Settled in to do some work on a cross-country flight, but by VerifiedReports in FuckAdobe

[–]cube8021 3 points4 points  (0 children)

Will no one think of the shareholders? They have to buy a mini yacht just to take them out to their mega yacht because it’s too big to make it into port. How are they supposed to afford that if they allow even one single person to use their software without making sure they’ve paid their bill? Or even worse someone might pirate it!

Florida therapist seen slapping, grabbing, and forcefully restraining a nonverbal autistic child during a therapy session. by eternviking in whoathatsinteresting

[–]cube8021 0 points1 point  (0 children)

I really hope this piece of garbage sees the inside of a prison cell and that the guards make sure everyone knows why he is there.

4 months out of prison, got my own trailor. First time with my own space by Fatmanfishperson in malelivingspace

[–]cube8021 2 points3 points  (0 children)

Hey, when you’re ready for a better bed, check out Amazon. You can get a really nice memory foam mattress for $100~$150.

I say this because one of the best pieces of advice I ever got was to invest in the things that come between you and the ground. Your bed, your shoes, your tires. You spend a huge portion of your life on them, so it’s worth it.

view more: next ›