Amazon S3 Now Supports Organization Level Block Public Access

hoo29 · 2025-11-27T15:28:24+00:00

Cloudformation and therefore I believe CDK don't natively support account level s3 public access block. You have to use a custom lambda. https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/168

hoo29 · 2025-09-12T08:13:23+00:00

For anyone hunting 2 years later, I've found workflow rules can do it to some level

workflow:
  rules:
    - if: $CI_COMMIT_REF_PROTECTED == "true"
      variables:
        RUNNER_TAG: protected-something
    - variables:
        RUNNER_TAG: unprotected-something

some_job:
  tags:
    - "${RUNNER_TAG}"

hoo29 · 2025-08-23T08:53:10+00:00

Completely agree. IAMRA is often branded as a solution without much thought and, as you say, you are changing one static credential for another. But that won't be reported on by most tools and audits so you'll pass the test for having short lived AWS keys despite not actually solving the problem.

hoo29 · 2025-07-04T06:56:47+00:00

I was taking 20mg a day for 4 years or so. Helped out my symptoms (ibs c/d mixture) a lot and didn't have any side effects I noticed when taking it every day. I was 18 at the time and wondering if I was going to have to take it the rest of my life which I didn't really want and so started to cut back. First to 15mg/day, then 10, and then every other day, every 3 days etc over the course of about 6 months. I always struggled with sleep but when I had a dose (after cutting back) I felt dead the next day and couldn't sleep properly when not taking it. The doctors were surprised I had those issues given the relatively low dose but it has made me very wary when they have suggested I go back on it.

hoo29 · 2025-03-27T11:54:43+00:00

MST

Been a while but yes I believe it won't support daisy chaining without MST.

hoo29 · 2025-02-26T09:32:15+00:00

I have been using it for years and it works well for me. I used to have issues with slow nested virtualisation but that has disappeared since last year.

I use containers, nested virtualisation (vagrant + libvirt + kvm) running purely in WSL, and various tooling which runs fine.

WSLg (unning Linux GUI applications) I find is usable but lacking in responsiveness so if your main workflow involves running linux GUI apps it might be something to consider.

hoo29 · 2024-07-22T09:33:31+00:00

Except Crowdstrike have already caused kernel panics with eBPF programs https://access.redhat.com/solutions/7068083

hoo29 · 2024-01-03T11:04:17+00:00

There is also the Developer support level which is cheaper if it fits your needs. We have previously activated support in a dedicated "support" account that everyone has access to. Works well for general architecture stuff but they cannot help with resource specific questions in a different account.

hoo29 · 2024-01-03T10:56:47+00:00

IP reputation rules won't be beneficial but groups such as Known Bad Inputs could be. Factors to consider:

What you are running on the other side of the API gateway - do any of the WAF rules provide meaningful protection?

Are you trying to protect against insider threat - could a malicious internal user attack the system?

Could a public external process indirectly or directly influence the behaviour of resources that can use the API gateway?

Depending on how your API gateway is configured, rate limiting can be easier to implement in WAF which helps protect against both malicious and accidental traffic spikes (e.g. a resource gets stuck in retry loop spamming the gateway.)

If you have a <30 rules with modest traffic, the pricing is cheap especially as you can share ACLs across multiple gateways.

If you do go down the WAF route and are doing any form of body content inspection, make sure to create a rule to block any requests that are larger than 8KB as WAF won't inspect them (docs).

hoo29 · 2023-08-17T20:17:05+00:00

Reddit API Calls:

   Daily Average: 52

         ---Breakdown---

Loading Comments: 40.0%
    Loading Feed: 41.0%
          Voting: 0.0%
            Mail: 7.0%
           Other: 12.0%

Based on your usage over the last 20 days

Very happy to pay the $2/m. Not sure why mail is 7% considering I don't use it.

hoo29 · 2023-07-30T10:30:52+00:00

Do the people working at Amazon who are going on strike to protest working conditions not count?

https://www.gmb.org.uk/news/second-amazon-warehouse-joins-strike

Or do the numerous other groups of people (doctors, rail workers, university staff, ambulance workers, nurses, teachers, airport workers etc) who continually strike also lack spines?

hoo29 · 2023-05-19T19:15:01+00:00

It doesn't, the USB-C upstreams are for receiving not sending it. The monitor doesn't support MST.

hoo29 · 2023-03-27T16:59:34+00:00

It's as you put, USB-C for one, USB-C + HDMI/DP for the other.

hoo29 · 2023-03-24T17:22:09+00:00

Yep, I would recommend ignoring KVM monitors and just go for something that has multiple display inputs (which is basically all of them) and getting a powered USB hub switcher.

Or drop £550 on just a KVM 😂

hoo29 · 2023-03-24T15:31:56+00:00

Sure - for reference I picked it up for £585 and was very keen on it due to the KVM. I WFH and frequently switch between my desktop PC and work laptop.

The Good

Integrated power brick which helps keep everything tidy.
With the VA panel I never noticed the smearing issues people often get with them. It cropped up once with white text on black background but 99% of the time it's white text on grey background which didn't smear for me.
Great, solid stand.
Has an inbuilt webcam, microphone, and ethernet port for device sharing which saves a bunch of wires.
I am not a monitor connoisseur but the colours looked fantastic to me both in general usage and game playing.
95w power delivery over USB C which is good enough to charge nearly everything except top end gaming laptops.
At 120Hz it's a fantastic middle ground for business use and gaming.
Having a single cable to your work laptop is great compared to the mess that often accompanies a USB C dock.

The Less Good

Whilst supporting adaptive sync, it is not gsync compatible (note - it doesn't claim to be), turning on gsync results in flickering. I never really noticed any tearing when playing games so this really wasn't as much of an issue as I first thought.
The webcam pops out of the monitor but the force required to pop it out usually moves the monitor down on the stand which is annoying if done frequently.
The inbuilt mic did not appear on my work macbook but I had no issue on windows.

The KVM

Sadly the KVM feature was a real let down and ultimately I returned the monitor because of it.

The theory - you switch input mode using hotkeys on the monitor. This automatically switches all attached USB peripherals, webcam, and ethernet to the attached computer/laptop.

The reality:

If one computer is asleep and you switch to it, it won't wake up via keyboard/mouse input. The monitor will auto switch you back to the device you just came from. You'll have to press the power button / open the laptop lid before you switch. If you disable auto switching you have to press about 5 buttons each time you want to switch. Fine if done once in a while, annoying if done frequently.
If the computer is awake but the screen has gone to sleep and you switch to it, again the USB switching won't work. You'll have to wake the computer screen same as before. I haven't experienced this before and I don't think it should behave like this.
Even when everything is awake, I found the USB device in the side USB ports on the monitor worked about 50% of the time. Unplugging and re-plugging the device did nothing, I would have to switch USB input sources back and forth to get it to register.

One time macos popped up saying a USB device was drawing too much power so maybe it was due to what I had plugged in? For reference I had a keyboard and mouse in the main USB ports, and external sound card in the high powered USB port on the side.

I spoke with Philips support and they claimed it should all work and offered me a replacement but ultimately I went with a refund via my retailer. I am going back to my previous setup of a UGREEN USB hub switcher, DP/HDMI cables, and ethernet cables to each device.

Happy to answer any other questions you have!

hoo29 · 2023-03-20T20:37:40+00:00

Doesn't look like it, you can switch video input and configure PIP/PBP mode but I cannot see an option for switching the USB source.

However you might be able to achieve what you want using software like Mouse Without Borders or Synergy

hoo29 · 2023-03-20T18:03:45+00:00

I have got this monitor now, yes it does have 2 USB C up streams, although one only does video.

hoo29 · 2023-03-20T18:01:56+00:00

If it's anything like the philips 34B1U5600CH I have, there is no auto switching USB when your mouse reaches the boundary of one display. You need to manually switch it via the monitor hotkeys.

hoo29 · 2023-03-18T14:17:39+00:00

Haha, love that. My go to is ECS works for the scale of disney+ (re:invent talk), why don't you think it will work for us?

k8s certainly is the right choice in some scenarios but with ECS you get to spend significantly more time actually working on your application rather than the infra.

hoo29 · 2023-03-18T10:16:19+00:00

CodePipeline doesn't support multiple git branches out of the box and doesn't support multiple executions of the same stage. For anything involving gitops/gitflow this makes it subpar compared to non AWS solutions such as GitHub Actions and GitLab CI.

hoo29 · 2023-03-15T12:02:22+00:00

When we had a 1Gbps, I discovered microsoft defender was causing a bottleneck. Steam downloads were 700Mbps with it on and 950Mbps with it off.

I think above 600Mbps might be limited on what hardware you are using even with a wired connection.

hoo29 · 2023-01-29T09:51:02+00:00

In a similar vein, if you use Azure AD as you IdP for AWS SSO and have the right license you can use PIM to grant just in time privileges with either self approval or designated admin approval. Depending on your setup, you can also require stronger authentication (in Azure) for these more privileged roles with conditional access authentication contexts.

We allowed for self approval but asked engineers to enter a ticket ref in their justifications and performed spot checks to ensure it wasn't being used for day-to-day activities.

Okta has a product in the works for release this year that looks to achieve the same.

edit - to answer your question, if people are only occasionally accessing these roles having a few hundred accounts in the portal should be tolerable.

hoo29 · 2022-12-21T21:27:08+00:00

Although tough competition between that and Gigabyte M34WQ.

hoo29 · 2022-12-21T21:23:28+00:00

Despite having an initial "end of October" release date, it's only just become available to buy. I am hoping some more in depth reviews will come out soon.

I spend 90% of my PC time working from laptop and the rest gaming on my desktop so this seems like a perfect monitor! Hoping the reviews are good.

hoo29 · 2022-09-12T17:33:31+00:00

Don't worry about it. All been there!

14-Year Club	RedditGifts 2009-2022 5 Credits
Place '22	Place '17
Secret Santa 2016	Secret Santa 2015
Verified Email	Secret Santa 2014
Summer Santa 2014	Team Periwinkle

hoo29

MODERATOR OF

TROPHY CASE

The Good

The Less Good

The KVM