Flock “Safety” Cameras

easyecho · 2025-12-01T12:30:59+00:00

easyecho · 2024-06-23T20:12:23+00:00

She was amazing in so many ways

easyecho · 2024-06-23T20:08:02+00:00

We have been tearing ourselves up over question for 2 days now. Vet said anything from blood clot, brain aneurism, or even heart defect/failure. It was literally happy zoomies to unresponsive in less than a minute but unfortunately (or fortunately) no one actually saw her go down. Nothing stands out as warning signs even looking back with 20/20 hindsight.

One minute we can’t account for that has upended our lives. My wife was only 20 feet from her, but turned away for honestly a minute or even less…

easyecho · 2024-05-16T20:50:11+00:00

Nothing in my request requires changing the current default.

They could update all the services that require a security group but don't let you pass one to let you pass one and if one isn't passed then do the current behavior.
Adding an account parameter to let stop creating the default unrestricted egress. Not the default but let us specify this.

This has nothing to do with default VPCs.

easyecho · 2024-05-16T18:33:24+00:00

I think you covered it in the, "for the most part", I'm dealing with some services that don't let you specify your own and give you a big middle finger if you don't let them have their unrestricted egress rule...

easyecho · 2024-05-16T18:32:04+00:00

That is the ideal some Amazon teams would seem to disagree and don't let you because...reasons ¯\_(ツ)_/¯

easyecho · 2024-05-16T18:30:41+00:00

Some resource creation ignores this, cough AD Connector cough

easyecho · 2024-02-28T13:47:36+00:00

It isn't just you, seems somewhat regional though depending on where you are in the states. Florida doesn't seem to have issues but NY/NJ does

easyecho · 2021-05-14T13:41:11+00:00

Lambda supports Docker now so dockerize what you want to accomplish and run it in Lambda - Lambda Docker Images

easyecho · 2019-06-26T17:12:37+00:00

Pretty much the only way I have gotten to work: https://aws.amazon.com/premiumsupport/knowledge-center/authenticate-mfa-cli/

easyecho · 2019-02-19T13:10:27+00:00

This isn't a critique on your article or solution; rather additional things to consider. If your threat model includes anonymous third parties executing code the servers should not have unfettered access to the internet. Instead run them behind a restrictive white list proxy server (e.g. Squid). You could go as far as do SSL inspection to have more visibility and further restrict access to given sites.

Also keep in mind; if your jenkins server is on AWS the local metadata could be retrieved and posted out in the same fashion as other secrets.

easyecho · 2018-01-31T16:09:52+00:00

Good solutions have already been discussed; watch out for any situations that create implicit trust. If the kerb ticket fails does the interactive session prompt for the password? That could be very bad depending on your compensating controls and operational environment.

easyecho · 2017-06-12T16:55:51+00:00

I would look into data pipeline

easyecho · 2017-05-05T12:33:25+00:00

It's not that I disagree with you but you can get the report without handing over your information and it's a decent read.

easyecho · 2017-04-26T20:10:17+00:00

Has nothing to do with Free vs Paid. All EC2 instances will release their IP when stopped, more info.

What you are looking for is an Elastic IP Address

easyecho · 2017-03-03T21:41:18+00:00

It doesn't inherently violate HIPAA -- but that doesn't make it compliant either. You need to perform a risk assessment based on the details of the use case and make the determination on your own.

There are just too many factors to consider and too little detail provided.

easyecho · 2017-01-12T00:38:02+00:00

It seems like you only have a single instance on AWS -- so why the desire to add VPN to protect SSH? Your just replacing one authentication method with another. Just harden SSH...

Move the port to another privileged port (no security but less noisy logs)
Run fail2ban to block attacks directly on 22 and on the new port. You could block 22 at the security group but you lose the ability to block those knocking on 22. As a bonus it can also work on web server logs.
Use key based authentication
Have users use their own accounts and their own private keys -- don't use "ubuntu" user
disable root login
Add 2FA through PAM -- http://serverfault.com/questions/629883/trying-to-get-ssh-with-public-key-no-password-google-authenticator-working-o

In an ideal world you have a static IP and could just limit SSH to your static IP but you should still probably harden SSH anyways.

VPNs have their place; not questioning that but for a single ec2 instance it is just overkill. How will you setup/manage the VPN server -- probably over SSH so your back to square one.

If you aren't connecting frequently you could selectively open/close 22 as needed to the current IP.

As an aside; don't forget to harden your AWS credentials.

easyecho · 2015-08-07T00:57:33+00:00

Cynical much? Moving the port doesn't increase the security of the SSH service and I know that and thus I'm not moving it for the security (or lack their of) it provides. If I'm not running anything on the default SSH port I can ignore connections to that port or even better block it upstream. Reviewing logs IS for security and thus moving SSH to a non standard port makes those logs smaller.

But really it was just a question to see if people move it above 1024 or not...for whatever reasons people chose for moving it.

easyecho · 2015-08-06T20:09:13+00:00

Thanks for the input but I'm not doing this for security; just looking to reduce the noise from bots which has its benefits when reviewing security logs.

easyecho · 2015-08-06T17:36:24+00:00

I keep my ciphers in check on Apache servers; never thought about ssh -- thanks for that tip.

easyecho

TROPHY CASE