I believe the current attempt at mitigation for this is ASPA[0]. It still has a long way to go, but there are some big names behind it. [0]: https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-asp...
This website is at least 25 years old. It uses one of the pre-canned templates from FrontPage 2000. Cut 'em a little slack. :-) This was obviously someone's research project, and some of the papers have example code in…
Too bad they don't take security so seriously themselves. https://pagedout.institute/?page=/etc/passwd ;-)
Zero interest rate policy, which makes borrowing lots of money almost free, which makes it easy to hire lots of people using said borrowed money.
No. When you finance a car the lender gets a lien on the title. The title is still in your name. Usually one of the stipulations the lender places in their contract is that they hold the title for you in what is…
This is cool. I like the frontend aspect. Looks really handy for a lot of apps where integration with other services is a core feature (I've built several just over the past few years, so I definitely get it). I do wish…
If anyone's looking for an example, I used this trick a few months ago to embed a tiny helper binary[0] directly into my application[1] so I wouldn't have to ship two executables or add "hidden" behavior to the main…
Relay by Puppet | Senior Software Engineer | Portland, OR or remote (5 hour overlap with Pacific Time) | Full-time | https://puppet.com and https://relay.sh Hi! Relay is Puppet's fast-moving SaaS/PaaS endeavor into the…
Puppet | Senior Software Engineer | Portland, OR or remote (5 hour overlap with Pacific Time) | Full-time | https://puppet.com Hi! Relay[0] is Puppet's fast-moving SaaS/PaaS endeavor into the cloud-native arena. Relay…
Hi, I wrote an SSH step for you. Here's the source code: https://github.com/relay-integrations/relay-ssh/blob/master/... And since it isn't documented yet, here's how you would use it in a workflow: steps: - name: ssh…
We do have a Helm integration that might be able to help you out: https://relay.sh/integrations/helm/ The limiting factor right now would be whether your cluster is accessible to the internet, which of course isn't…
Thank you! I'll take a look through this! Would it be okay if I sent you an email in the next week or two for follow-up questions?
It varies. We have a primary PostgreSQL database for non-sensitive data including some workflow configuration. We store sensitive data in Vault and logs in Google Cloud Storage. A bit more info here:…
Hi, This is a good question, thank you! The flow of events into our system is somewhat different than GitHub Actions. We're trying to be a consumer of all sorts of events, including, say, data published to AWS SNS or…
> 1) Please, please support some other config file other than just YAML. Although we don't directly advertise it, you can in fact write a workflow in JSON and there's an underlying JSON interchange format that is…
A good book in this space is Normal Accidents[0], which describes (among others) the impressive cumulative failure that caused the Three Mile Island incident. Fascinating read and applicable to software systems as well.…
This article is about nurses, though. In the US many ER nurses work 12 hour shifts and they obviously don't have the option of personal downtime. It's likely that as "computer" people we're already reaping much of the…
Right, but this project doesn't solve that problem, either. It wraps the underlying collection in a builder to make it less easy to access, but it doesn't appear that it places any additional restrictions on the types…
Actually, it does, but they don't have explicit types. See java.util.Collections.unmodifiableCollection(...), etc.
Try running it through an SSL-capable proxy like mitmproxy[0]. You should be able to get the full request/response details that way. [0]: https://mitmproxy.org/, https://mitmproxy.org/doc/ssl.html
I believe the current attempt at mitigation for this is ASPA[0]. It still has a long way to go, but there are some big names behind it. [0]: https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-asp...
This website is at least 25 years old. It uses one of the pre-canned templates from FrontPage 2000. Cut 'em a little slack. :-) This was obviously someone's research project, and some of the papers have example code in…
Too bad they don't take security so seriously themselves. https://pagedout.institute/?page=/etc/passwd ;-)
Zero interest rate policy, which makes borrowing lots of money almost free, which makes it easy to hire lots of people using said borrowed money.
No. When you finance a car the lender gets a lien on the title. The title is still in your name. Usually one of the stipulations the lender places in their contract is that they hold the title for you in what is…
This is cool. I like the frontend aspect. Looks really handy for a lot of apps where integration with other services is a core feature (I've built several just over the past few years, so I definitely get it). I do wish…
If anyone's looking for an example, I used this trick a few months ago to embed a tiny helper binary[0] directly into my application[1] so I wouldn't have to ship two executables or add "hidden" behavior to the main…
Relay by Puppet | Senior Software Engineer | Portland, OR or remote (5 hour overlap with Pacific Time) | Full-time | https://puppet.com and https://relay.sh Hi! Relay is Puppet's fast-moving SaaS/PaaS endeavor into the…
Puppet | Senior Software Engineer | Portland, OR or remote (5 hour overlap with Pacific Time) | Full-time | https://puppet.com Hi! Relay[0] is Puppet's fast-moving SaaS/PaaS endeavor into the cloud-native arena. Relay…
Hi, I wrote an SSH step for you. Here's the source code: https://github.com/relay-integrations/relay-ssh/blob/master/... And since it isn't documented yet, here's how you would use it in a workflow: steps: - name: ssh…
We do have a Helm integration that might be able to help you out: https://relay.sh/integrations/helm/ The limiting factor right now would be whether your cluster is accessible to the internet, which of course isn't…
Thank you! I'll take a look through this! Would it be okay if I sent you an email in the next week or two for follow-up questions?
It varies. We have a primary PostgreSQL database for non-sensitive data including some workflow configuration. We store sensitive data in Vault and logs in Google Cloud Storage. A bit more info here:…
Hi, This is a good question, thank you! The flow of events into our system is somewhat different than GitHub Actions. We're trying to be a consumer of all sorts of events, including, say, data published to AWS SNS or…
> 1) Please, please support some other config file other than just YAML. Although we don't directly advertise it, you can in fact write a workflow in JSON and there's an underlying JSON interchange format that is…
A good book in this space is Normal Accidents[0], which describes (among others) the impressive cumulative failure that caused the Three Mile Island incident. Fascinating read and applicable to software systems as well.…
This article is about nurses, though. In the US many ER nurses work 12 hour shifts and they obviously don't have the option of personal downtime. It's likely that as "computer" people we're already reaping much of the…
Right, but this project doesn't solve that problem, either. It wraps the underlying collection in a builder to make it less easy to access, but it doesn't appear that it places any additional restrictions on the types…
Actually, it does, but they don't have explicit types. See java.util.Collections.unmodifiableCollection(...), etc.
Try running it through an SSL-capable proxy like mitmproxy[0]. You should be able to get the full request/response details that way. [0]: https://mitmproxy.org/, https://mitmproxy.org/doc/ssl.html