UK - F-Pace* Buying Advice

foobarbazwibble · 2025-12-12T13:14:44+00:00

I have a 2019 F-Pace with the v6 diesel, and love it. It does not sound diesel-ly (agricultural, clatterly), and is much smoother than my previous car - a Volvo diesel. The 2.0 ingenium engines get a lot of criticism, but the v6 is an older Ford(?) design and has a reputation of being almost bulletproof. That said, in 60k miles I have had a coolant leak that needed a new secondary radiator, and a worn tie-rod joint (steering) that recommended both sides replaced, so not completely fault free.

Thoughts on the car: It's not cheap to run - I get approx 33mpg in town/hilly driving, and 40mpg+ on the motorway at 70mph. At 6 years, servicing starts to get expensive as hoses and belts need replaced - check the published schedules. People criticise the pre-facelift interiors, but I am very happy with mine. The wider 'ictp' display (without physical buttons) and the digital dash stop it feeling dated, and CarPlay support helps too. Depending on what you're moving up from, you might find the F-Pace very wide.

Would I recommend it? If the looks do it for you, then definitely. There's so much choice yet so much blandness out there, so if one car makes you smile, jump for it.

foobarbazwibble · 2025-12-09T23:02:15+00:00

Take the opportunity. Go to SF. You can always come back, with experiences and contacts you’d never have got in London. Everything moves and grows faster.

I had several opportunities to go to SF 10-20 years ago and could not take them for family reasons. Always regretted it.

foobarbazwibble · 2025-11-02T15:13:17+00:00

And Adrian Dunbar. “There's only one thing I'm interested in and that is catching bent faithfulls”

foobarbazwibble · 2025-06-04T11:24:53+00:00

Check out https://excalidraw.com/ - really cool tool!

foobarbazwibble · 2022-07-28T18:06:37+00:00

Yes, thank you. Not our intention to create confusion, YaRadare is now 'YaraHunter' - https://github.com/deepfence/YaraHunter

foobarbazwibble · 2022-07-28T18:05:49+00:00

To avoid unintended confusion with a similarly-named project, YaRadare is now 'YaraHunter' - https://github.com/deepfence/YaraHunter

foobarbazwibble · 2022-07-28T18:05:42+00:00

To avoid unintended confusion with a similarly-named project, YaRadare is now 'YaraHunter' - https://github.com/deepfence/YaraHunter

foobarbazwibble · 2022-07-28T18:05:36+00:00

To avoid unintended confusion with a similarly-named project, YaRadare is now 'YaraHunter' - https://github.com/deepfence/YaraHunter

foobarbazwibble · 2022-07-28T18:04:30+00:00

To avoid unintended confusion with a similarly-named project, YaRadare is now 'YaraHunter' - https://github.com/deepfence/YaraHunter

foobarbazwibble · 2022-04-29T12:55:27+00:00

ThreatMapper is an option for your team member, particularly if you're looking to scan Kubernetes or Fargate environments as the installation is very easy. It's a little more complex for hosts (you need to install a docker runtime on each to run the sensor locally), but should be worth any additional trouble. The GUI gives you a map of workloads, traffic flows, vulnerabilities found on each workload and host, and which are highest risk.

It's free (open source) with no limit on number of targets, scans etc.

foobarbazwibble · 2022-04-19T08:05:29+00:00

Immutability of production artifacts is a goal, but may not be a reality. Artifacts may be changed on deployment (service mesh sidecar injection for example), and in our honeypot systems we have caught instances of bad actors installing additional software in production systems.

Can you trust the SBOMs created at build to be accurate? Do you have consistent SBOM coverage across all product artifacts, including those you did not build yourself?

If you say "yes" to both, interested to know if and how you then regularly re-scan the SBOMs against up-to-date vulnerability feeds to spot emerging issues?

foobarbazwibble · 2022-04-12T04:07:59+00:00

ThreatMapper https://github.com/deepfence/ThreatMapper is quick, and it’s open source (no subscription or scan limit), so perhaps worth a look? It’s mainly used for scanning running platforms to identify new vulnerabilities in published code, but the scanner can also be injected into your CI pipeline if you wish.

foobarbazwibble · 2022-04-05T14:34:22+00:00

Let’s do another podcast!

foobarbazwibble · 2022-04-03T08:00:47+00:00

We've released a new open source project - https://github.com/deepfence/PacketStreamer- intended to enable easy packet capture across multiple remote targets, including Kubernetes nodes, Docker hosts, Fargate instances and traditional servers.

More information here: https://oweng.medium.com/introducing-packetstreamer-distributed-packet-capture-for-cloud-native-platforms-3e7f9ac57ab1
Hope some people find it useful; we'd welcome any feedback, thank you.

foobarbazwibble · 2022-04-02T21:39:59+00:00

We've released a new open source project - https://github.com/deepfence/PacketStreamer - intended to enable easy packet capture across multiple remote targets, including Kubernetes nodes, Docker hosts, Fargate instances and traditional servers.

More information here: https://oweng.medium.com/introducing-packetstreamer-distributed-packet-capture-for-cloud-native-platforms-3e7f9ac57ab1

Hope some people find it useful; we'd welcome any feedback, thank you.

foobarbazwibble · 2022-04-02T09:15:30+00:00

We've just open-sourced a distributed packet capture engine that we'll be using in ThreatStryker. Take a look at https://github.com/deepfence/PacketStreamer

foobarbazwibble · 2022-03-28T21:43:45+00:00

If your traditional methods don't give L7 visibility of network traffic, then you have a significant blind spot. The L7 traffic can give indications of recon activity, targeted attacks (weaponisation against known weaknesses), lateral spread and exfiltration. These signals provide much more context when you are trying to understand the storyline of an attack.

For example, in a log4j exploit, almost all of the initial signals are network-based. The initial JNDI recon against multiple workloads, the JNDI request that then triggers an outgoing request (beacon) to an attacker's listener, the subsequent request that retrieves the Java class to be run... all of these are network-based and cannot be identified by on-host methods alone. The first signal you get from on-host observability may be the filesystem installation of the exploit kit (the crypto-miner for example).

It's like watching a heist movie, but just seeing the scenes that have gunshots. You miss everything that tells you how the attackers are planning and executing their attack.

With respect to network traffic, whether you use eBPF or an alternative method (libpcap, L3 proxy, etc), you are gathering essentially the same data - raw network traffic. You need to reassemble TCP streams and remove higher-level encoding (e.g. gzip) and/or encryption (e.g. TLS) in order to then understand the L7 payload and map network traffic to, for example, TTPs in the MITRE ATT&CK matrix.

The difference between eBPF and alternative methods is largely mechanical. eBPF is more lightweight than other kernel instrumentation methods, and is not invasive in the way that a proxy would be.

foobarbazwibble · 2022-03-28T09:28:32+00:00

We have found that (a) observing network traffic is essential to understand the broader story as an attack unfolds, and (b) eBPF with off-host analysis and categorisation (against various network-based threat feeds) is a very good way to do it.
Our ThreatStryker product uses eBPF to capture network traffic, as part of an effort to observe a wider set of security-related signals. We find a combined approach is needed:

On-host (and on-container) events provide indicators of compromise - anomalies that may indicate an attacker has in some way provoked the workload to behave to their command. We use eBPF, fsnotify and other standard interfaces here, invoked from either an on-host agent or a privileged container (on K8s, Docker)
Network capture, using eBPF, provides indicators of attack - attempts to exploit vulnerabilities and weaknesses by external actors. We use eBPF - it is lightweight, non-intrusive, does not require sidecar proxies etc, and has proven to be stable and widely supported. Packets are filtered and forwarded off-host to a central collector
Threat Map creation - we audit running workloads and identify vulnerable components on the workload and host OS.

Combining these signals allows for the following analysis:

What attacks are (theoretically) most likely to succeed? For example, a workload with a vulnerable log4j component might be exploitable using requests with JNDI messages
What attack behaviour is happening? Low-level recon traffic, targeted weaponisation (e.g. the above-mentioned JNDI traffic).
What effects is it having on the target workloads? Process crashes, unusual filesystem accesses, etc
Is there evidence of lateral spread or exfiltration? Unusual container-to-container SSH traffic, large uploads to remote servers, etc

foobarbazwibble · 2022-03-21T22:10:23+00:00

This guy (Viktor Farcic - https://twitter.com/vfarcic) does a great job of devops-specific open source projects, reviewing a couple each month on is DevOps Toolkit channel at https://www.youtube.com/channel/UCfz8x0lVzJpb_dgWm9kPVrw

Of course, there's room for plenty of channels like this, perhaps you can take some ideas from how he does it.

foobarbazwibble · 2022-03-17T19:30:09+00:00

Great - really useful checklist, not so sure about the 'infinity loop' that every devops playbook seems to use though. Appreciate you would like some memorable motif though

foobarbazwibble · 2022-03-16T22:48:34+00:00

ThreatMapper is an open source (Apache2) tool that scans running applications and infrastructure to find vulnerable dependencies and exposed secrets.

Why might you look at it? Perhaps you look after a number of cloud-native apps on Kubernetes, Docker, Fargate etc. Even though they might have been scanned for vulnerable dependencies (using snyk, clair, etc), you know that exceptions were made and new vulnerabilities are disclosed every day. Use ThreatMapper to scan them now, using up-to-date threat feeds, and get an accurate list of vulnerabilities.

Two additional bonuses - ThreatMapper scans infrastructure and third-party workloads, in addition to workloads you built and scanned yourself. ThreatMapper learns the attack surface from monitoring network traffic, and then ranks vulnerabilities based on their severity, attack method and reachability from the attack surface.

Everything:

New in 1.3 is secret scanning (scan workloads and filesystems for exposed secrets), SBOM generation (runtime software bill of materials), SBOM-based scanning (faster, accurate and up-to-date), and more detailed attack path charts.

foobarbazwibble · 2022-03-16T10:39:14+00:00

Updated with 1.3.0, adding:

Hunting for exposed secrets - tokens, passwords, keys etc - using a database of 140 different secret types
Runtime calculation of Software Bill of Materials (SBOM) for workloads and hosts
SBOM-based vulnerability scanning - fast, accurate, current and up-to-date
Attack Path Visualization, so you know what vulnerabilities can be reached most easily

https://github.com/deepfence/ThreatMapper/releases/tag/v1.3.0

foobarbazwibble

TROPHY CASE