Skip to content

Instantly share code, notes, and snippets.

Michael Lihs michaellihs

Block or report user

Report or block michaellihs

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View remote-cheat-sheet.md

Remote Cheat Sheet

Infrastructure & Setup

  • Desk (height) & chair (comfort)
  • Internet access (cable) & backup (mobile phone)
  • Access to company infrastructure & tools (VPN / SaaS)
  • Comfortable headphones / headset
  • Make sure to have a separate room where you can close the door
@michaellihs
michaellihs / work-remote.md
Last active Mar 19, 2020
Remote Working Meetup
View work-remote.md

Meetup: Work Remotely

META: Ideas for moderation

  • collect topics upfront, cluster them and give people slots to present them during the meetup
  • try to get people from remote companies involved (e.g. GitLab), to share their experience
  • have a Mattermost chat in parallel where you cancollect topics before bringing them into the stream
@michaellihs
michaellihs / security-automation-ci.md
Last active Mar 6, 2020
Meetup: Automated Security Testing in Continuous Integration
View security-automation-ci.md

Meetup: Automated Security Testing in Continuous Integration

This is a short summary of our DevOps Stuttgart Meetup from March 5th about automated security testing in Continuous Integration. For the meetup we had Christian Kühn and Arnold Franke from Synyx with us as speakers.

Chris started the presentation with a question who is currently running security tests in their pipelines and I was surprised by the majority of hands being raised. Also it seems like nowadays more then half of the audience is running production workloads in containers.

For motivating the topic of security testing, we've been introduced to a recent security incident at Euquifax, where a huge amount of private data (i.e. social security numbers and credit card data) leaked, due to a

@michaellihs
michaellihs / patterns-antipatterns-cicd.md
Last active Apr 8, 2020
Patterns and Anti-Patterns for CI/CD
View patterns-antipatterns-cicd.md

Patterns and Anti-Patterns for CI/CD

The Developer Experience

  • The developer journey
    • visualize devs' emotions during their workflow
  • make sure to provide a good experience for your devs as well (not only for customers and users)

Working Models

View inspec-arm.md

What do I want to do

  • I want to run Inspec within a Linux container (as provided by learnchef/inspec_workstation)
  • my testing target is a ARM board running a Yocto Linux with .deb packages
  • the connection to the target is made via SSH

My control

# encoding: utf-8
View linux-cheat-sheet.md

Linux Cheat Sheet

Mounting additional Disks in Vagrant

fdisk /dev/sdc                   # create new partition with <n>, ... all defaults
ls -la /dev/sd*                  # check for new device name
sudo mkfs.ext4 /dev/sdc1         # format new partition with ext4
sudo mount /dev/sdc1 /mount/sdc  # mount partition
@michaellihs
michaellihs / main.go
Created Dec 16, 2019
Pacman in Golang
View main.go
package main
import (
"bufio"
"bytes"
"encoding/json"
"flag"
"fmt"
"github.com/danicat/simpleansi"
"log"
@michaellihs
michaellihs / audax-suisse-tipps-tricks.md
Last active Nov 24, 2019
Audax Suisse Tipps & Tricks
View audax-suisse-tipps-tricks.md

Audax Suisse Tipps & Tricks

Bike

Maschine

  • Übersetzung / Ritzel
    • 32er mit Kompaktkurbel - sicher ist sicher
View feedback-cheatsheet.md

Feedback Cheatsheet

Initiating 1:1s

Questions you can ask regarding giving feedback:

  • Are there any topics about which you want to receive feedback from me?
  • Is there something I can watch out for (and give you feedback upon later on)?
View security-cheatsheet.md

STRIDE

STRIDE is a method to categorize security threats:

  • Spoofing identity. Can someone spoof an identity and then abuse its authority? Spoofing identity allows attackers to do things they are not supposed to do.

  • Tampering with data. How hard is it for an attacker to modify the data they submit to your system? Can they break a trust boundary and modify the code which runs as part of your system?

  • Repudiation (Nichtanerkennung). How hard is it for users to deny performing an action? What evidence does the system collect to help you to prove otherwise? Non-repudiation refers to the ability of a system to ensure people are accountable for their actions.

You can’t perform that action at this time.