Security

Techstack n - 1 is dead!

TL;DR TechStack n-1 is dead. It ended with the rise of the clouds and software release cycles going down to weeks due to containerized CIs.

Against ‘it’s stable and mature so let it run’

Beeing OpenSource-based, Ubuntu already had the concept of point releases every 6 months when the Docker and K8s hit the world and gave automated CIs a big boost in making system containers. Some years after Docker itself switched to a 3-month release cycle. So did the Linux Kernel with 2-3 months. Firefox 4-weeks.

Infojunk November 2018

This is a collection of interesting links and resources I came across in November 2018, covering topics such as security, Linux, AWS, and development.

Hacking / MITM-API-Testing

• MITMProxy
• Man in the middle attacks

Linux

• GNOME3: Shell Mousewheel to zoom into your desktop in your presentations.
• Preload Linux applications
• Setup custom wayland resolution - xrandr will not work anymore!

Windows

• Dokan UserSpace Filesystem for Windows with FUSE support is not used.

Python

• Vibora Web Framework
• Python3 Patterns Idioms

KataCode

• KataCode Playground with fully functional real browser shells for learning without barriers (using Containers?).
• GoTTY
  How about gotty -w docker run -it --rm anapsix/nyancat:alpine?

Spectre/Meltdown

• (IMPORTANT) Phoronix: Performance impact on upcoming Linux 4.20 mitigation with STIBP Overhead well it’s “fixed” now for the final release.
• Kernel Boot Option: disable Spectre, KPTI spectre_v2=[off,netpoline,amd] nospectre_v2 spectre_v2=off nopti
• Windows 10: Windows Defender Exploit Protection
• Windows 10: Customize Meltdown/Spectre protection

Project

• Airtable

Security

• CTExposer

Tools

• Beautiful AI - AI powered presentations
• BrowserBox
• Web Page Replay

AWS

• The Open Guide to Amazon Web Services
• AWLess
• AWS EC2 Virtualization 2017: Introducing Nitro
• CloudMapper - map AWS infrastructure
• cloud-nuke: how we reduced our AWS bill by ~85%
• Firecracker

Development

• DevHints.io
• Build and deploy docker images to Kubernetes using git push
• What’s in your backlog
• You can’t debug systems with dashboards
• New Brave is now 22% faster

Other

• Cancelled 2011 DOOM 4 Cinematic Trailer
• GapMinder: Standards of Living Throughout the World

Infojunk October 2018

This is a collection of interesting links and resources I came across in October 2018, covering a wide range of topics including browser extensions, collaborative coding, Linux, AWS, and more.

Browser Extensions

• I don’t care about cookies
• Imagus or HoverZoom+ to enlarge images on mouse over (don’t use HoverZoom since it’s a data hog).
• Amazon Infinite Scroll

Collaborative Coding

Focusing on IDEs. Web-based solutions are mostly ignored.

• Floobits - IntelliJ, SublimeText, Atom, vscode-plugin in the works
• CodeStream - the new and fancy one
• tmate - terminal sharing over tmux
• Visual Studio Live Share - Visual Studio Code
• AWS Cloud9 - coding for the cloud
• ScreenHero - h264 video streaming and now bought by Slack.io, lacking Linux support

Linux

• Use Chromium to have Hardware Acceleration in your YouTube Videos - don’t forget to install the h264ify browser extension to force h264 (Chrome chooses VP9 by default which is currently not accelerated).
• Touchpad Gestures for Gnome
• There are no GTK3 themes! Remove theming support?

NodeJS

• node-packer binary compiler

DevOps

• Next Generation Shell

AI/MachineLearning

• Google AI Blog

AWS

JmesPath is not as powerful as jq, but Amazon AWS probably chose it since it might be faster and the query-selectors are a bit more sophisticated (?).

Git: Encrypt Credentials Within a Repository

This article explores the concept of encrypting credentials within a Git repository. It demonstrates a method using git smudge/clean filters but ultimately advises against it, advocating for the use of config servers instead.

Especially in the microservices era, you should use a config server and never store your credentials in a repository!

You should not use git smudge/clean filters for encryption. Why? Here’s an example!

Let’s create an example repository

% TMP=$(mktemp -d)
% cd $TMP
% git init
% echo 'Hello world!' > credentials

Add .gitattributes

/credentials filter=crypto

Add .git/config

[filter "crypto"]
smudge = openssl enc -aes-256-cbc -salt
clean = openssl enc -aes-256-cbc -salt
require

Note: require indicates that these commands need to exit with code 0, otherwise it could happen that these files are added without any encryption. You can test this by using smudge = gpg -d -q –batch –no-tty -r <SIGNATURE> and clean = gpg -ea -q –batch -no-tty -r <SIGNATURE> filters.

IP in VPN vs. LAN: Alias IP Address by iptables

Scenario: Using a Consistent IP Address

When you’re at work, you are on the LAN and use an IP address like 192.168.x.x. When you work from home, you connect via VPN to the same database (DB), and your IP address changes to 10.x.x.x. You want to avoid changing configuration files for your application every time you switch environments.

This problem can be easily worked around using iptables to create an IP address alias.