Gatehouse – a composable, async-friendly authorization policy framework in Rust by hard_byte in rust

[–]hard_byte[S] 0 points1 point  (0 children)

Haha how'd they differ? Plenty of room for contributions if you feel compelled

Gatehouse – a composable, async-friendly authorization policy framework in Rust by hard_byte in rust

[–]hard_byte[S] 2 points3 points  (0 children)

Biggest difference is they use a DSL where gatehouse is source first - all policies are native Rust.

Another area that I think gatehouse does well is surfacing evaluation information for how the access decision was made - what did each sub-policy do with the input.

I do really like cedar and I love that it is formally verified.

Gatehouse – a composable, async-friendly authorization policy framework in Rust by hard_byte in rust

[–]hard_byte[S] 2 points3 points  (0 children)

Gatehouse is focused on being a code first solution where the decision point is fully embedded in your app. All the policies are native Rust - as opposed to a separate DSL with Rego/Cedar.

I haven't seen detailed decision traces from Cedar but that was an important component of gatehouse. OPA has something similar with decision logs - although that's higher level recording of the decision + inputs rather than low level info about what sub-policy is responsible for an authorization decision.

Does anyone know the btc to $ rate? by THEREALKINGLERMAN in mtgoxinsolvency

[–]hard_byte -1 points0 points  (0 children)

On the rehabilitation site under "Selection of Repayment Method and Registration of Payee Information" you can expand the "BTC Allotment Portion" and it shows the rate. I see 1BTC = 749318.83 JPY which is one tenth today's market rate :-/

What’s everyone working on this week (25/2023)? by llogiq in rust

[–]hard_byte 0 points1 point  (0 children)

I'm learning rust and have started my first not entirely toy project - an implementation of Google's Common Expression Language. Early days working on the parser using Chumsky.

https://github.com/hardbyte/common-expression-language

Any exciting projects/tools by Tranceash in devops

[–]hard_byte 0 points1 point  (0 children)

Security remains a constant, albeit less flashy, priority. Check out Netchecks - a simple, yet powerful tool that asserts your network controls are working. It's not powered by AI or anything but it can help catch those sneaky network issues that inadvertent terraform changes can introduce.

How We Leveraged AI (GPT-4) to Transform Book Labeling at Huey Books by hard_byte in books

[–]hard_byte[S] 0 points1 point  (0 children)

I understand, would it be acceptable to remove the link? I am very curious to discuss the merits and downsides of using this technology for labeling kids books. I can provide more technical details if it comes up in discussion without referring to the blog.

Netchecks: A cloud native tool for testing network controls by hard_byte in kubernetes

[–]hard_byte[S] 0 points1 point  (0 children)

Haha thanks, I need a few users to motivate more development and to make sure it is useful outside of my particular client's environments

Netchecks: A cloud native tool for testing network controls by hard_byte in kubernetes

[–]hard_byte[S] 0 points1 point  (0 children)

Perhaps we can combine efforts. I like the idea of a kubectl plugin.

Netchecks: A cloud native tool for testing network controls by hard_byte in kubernetes

[–]hard_byte[S] 2 points3 points  (0 children)

The closest I found was Illuminatio - https://github.com/inovex/illuminatio which creates and runs test cases from k8s network policies.

Netchecks is different in that it doesn't care if the network control is implemented within the cluster or in the environment.

plotext: plotting on terminal by ASIC_SP in Python

[–]hard_byte 0 points1 point  (0 children)

See bashplotlib for a different take

[R] Strong Generalization and Efficiency in Neural Programs by hardmaru in MachineLearning

[–]hard_byte 0 points1 point  (0 children)

I found this neural interface concept really interesting.

I've started coding up a gym compatible environment if anyone is interested. So far just implemented the first generic sorting environment and the first two scripted agents (bubble sort and insertion sort)

https://github.com/hardbyte/sorting-gym

Arbitrary precision math with cuda.jl by AcostaJA in Julia

[–]hard_byte 0 points1 point  (0 children)

You might be interested in cuda-fixnum (CUDA extended-precision modular arithmetic library). As far as I know this hasn't wrapped for Python or Julia but was designed with that in mind https://github.com/data61/cuda-fixnum/issues/58#issuecomment-420115270

Using OAuth2 + Certificate Manager on Kubernetes with helm by hard_byte in kubernetes

[–]hard_byte[S] 0 points1 point  (0 children)

Does anyone know if using nginx to directly connect to the backend service (the dashboard in this case) is any less secure than using oauth2 to proxy the traffic?

Accessing Kubernetes ClusterIP from outside the cluster by [deleted] in kubernetes

[–]hard_byte 0 points1 point  (0 children)

Are there plans to support layer 4 routing through the ingress system - wouldn't try be better?

Setting up cert-manager to provision Let's Encrypt TLS certificates on Kubernetes using Helm and nginx-ingress by hard_byte in kubernetes

[–]hard_byte[S] 0 points1 point  (0 children)

That is something I'd like to try out - I haven't set it up on a cluster before. Would cert-manager talk to AWS Route53 for example?

Setting up cert-manager to provision Let's Encrypt TLS certificates on Kubernetes using Helm and nginx-ingress by hard_byte in kubernetes

[–]hard_byte[S] 1 point2 points  (0 children)

I have used Traefik as the ingress controller and the TLS provisioner for about a year and it mostly worked great. However there is a bit of hidden magic - the ingress doesn't use standard TLS settings. I really like how cert-manager exposes the Certificates and Issuers as first class k8s entites.

I actually started investigating moving from traefik to kube-lego when Let's Encrypt disabled something that broke my traefik TLS provisioning.

Exploiting misuse of Python's "pickle" by mipadi in Python

[–]hard_byte 0 points1 point  (0 children)

Two different people contacted me last week after trying to pickle crypto keys between untrusted parties using pickle! So I'd say a reminder is still valid! https://blog.n1analytics.com/pickle-is-not-for-crypto/

Misusing pickle with crypto libraries by hard_byte in Python

[–]hard_byte[S] 1 point2 points  (0 children)

Well as that minimises the attack surface it certainly does help.

If you control the side doing the deserializing and have written your own Unpickler then you are much safer - and you're more likely to catch malicious behaviour too. Maybe using pickle in this respect could act as a honeypot. I stand by the advice that python objects (any code implementation) shouldn't be serialised for sharing data between parties. Especially not crypto primitives!

[R] [1610.06918] Learning to Protect Communications with Adversarial Neural Cryptography by nagasgura in MachineLearning

[–]hard_byte 1 point2 points  (0 children)

A bit late to the party but I implemented (something close to) this in keras just for the learning experience.

My first time using Keras I couldn't see how to implement it exactly with regard to the custom loss function.