johnfosborneiii

Container Images

Kubernetes

Verify single image

$ cosign verify registry.k8s.io/kube-apiserver-amd64:v1.25.2

Get and Verify All Kubernetes Images

$ version=v1.25.0
curl -Ls https://sbom.k8s.io/v1.25.0/release \

gmurdocca

Circumventing Deep Packet Inspection with Socat and rot13

I have a Linux virtual machine inside a customer's private network. For security, this VM is reachable only via VPN + Citrix + Windows + a Windows SSH client (eg PuTTY). I am tasked to ensure this Citrix design is secure, and users can not access their Linux VM's or other resources on the internal private network in any way outside of using Citrix.

The VM can access the internet. This task should be easy. The VM's internet gateway allows it to connect anywhere on the internet to TCP ports 80, 443, and 8090 only. Connecting to an internet bastion box on one of these ports works and I can send and receive clear text data using netcat. I plan to use good old SSH, listening on tcp/8090 on the bastion, with a reverse port forward configured to expose sshd on the VM to the public, to show their Citrix gateway can be circumvented.

Rejected by Deep Packet Inspection

I hit an immediate snag. The moment I try to establish an SSH or SSL connection over o

graemerocher

@Grab(group='com.github.groovy-wslite', module='groovy-wslite', version='1.1.0')
@Grab(group='joda-time', module='joda-time', version='2.7')
import wslite.rest.*
import org.joda.time.*
import org.joda.time.format.*
import groovy.xml.*
import groovy.json.*
import static java.lang.System.*
import groovy.transform.*

night-before-opsmas.txt

'Twas the night before Christmas, when all through the racks
Not a server was alerting, not even Compaqs.
The backups were written to tapes with care
In hopes that later the data would be there.

The machines were nestled all snug in their sleds
Whilst visions of vengeance danced in their heads;
And oncall in his three-wolf and I in my rack.
Had just settled down for some syn and some ack.

rxaviers

People

:bowtie:	😄 :smile:	😆 :laughing:
😊 :blush:	😃 :smiley:	☺️ :relaxed:
😏 :smirk:	😍 :heart_eyes:	😘 :kissing_heart:
😚 :kissing_closed_eyes:	😳 :flushed:	😌 :relieved:
😆 :satisfied:	😁 :grin:	😉 :wink:
😜 :stuck_out_tongue_winking_eye:	😝 :stuck_out_tongue_closed_eyes:	😀 :grinning:
😗 :kissing:	😙 :kissing_smiling_eyes:	😛 :stuck_out_tongue:

chitchcock

Stevey's Google Platforms Rant

I was at Amazon for about six and a half years, and now I've been at Google for that long. One thing that struck me immediately about the two companies -- an impression that has been reinforced almost daily -- is that Amazon does everything wrong, and Google does everything right. Sure, it's a sweeping generalization, but a surprisingly accurate one. It's pretty crazy. There are probably a hundred or even two hundred different ways you can compare the two companies, and Google is superior in all but three of them, if I recall correctly. I actually did a spreadsheet at one point but Legal wouldn't let me show it to anyone, even though recruiting loved it.

I mean, just to give you a very brief taste: Amazon's recruiting process is fundamentally flawed by having teams hire for themselves, so their hiring bar is incredibly inconsistent across teams, despite various efforts they've made to level it out. And their operations are a mess; they don't real