1000% correct. the second you look in the mirror and you're happy with what you see, baby, you just lost the battle.
The amount of ideas Karl had that have since come to fruition is quite remarkable
Agree, when MS moved their office file formats to xml, I made plenty of money building extremely customizable templating engines all based on a very small amount of XSLT - it worked great given all the structure and…
Probably the only improvements I can think is running the runner as a gMSA and applying the relevant ACL's to that, so you can avoid needing to supply creds. Otherwise, on our fleet of hundreds of IIS, we've had success…
This is just to make it an IdP initiated flow (instead of a SP initiated flow) and its to prevent the extra hop back and forwards between Okta/IdP and the application.
Very well said - even with open source there seems to be a general lack of willingness to actually read code, let alone crack open the disassembler or attach a debugger - the skill is apparently not taught anymore
In AU, even for aerial powerlines, we run our own mix of fibre and radio comms between zone subs and stuff like ACR's... in fact I dont think any of the transmission or distribution operators utilise any telco stuff for…
Yah, this is why third party risk management is a thing. When I ran sec training, I always hammered home the point that a third party security issue is your issue. Now, sure, technically there may be circumstances when…
Global namespace shared resources, regional namespace shared resources, then each app provisions its own bit, consuming/linking the two aforementioned layers. Everyone gets here eventually and you can just fight over…
No, this is the new trend, browser isolation - see Island Browser for example
bowling is fucken weird..I was a junior almost pro bowler and I know Belmo, being around the same age, coming up at the same time and in the same area as him…he’s a freak in the best sense of the word. I remember some…
The amount of ideas that Karl had which came to reality, that Steve and Ricky dismissed as mental is what keeps me listening to Youtube compilations of their show to this very day :D
Microsoft have this for DFS-R and the spec is open https://learn.microsoft.com/en-us/openspecs/windows_protocol... - its pretty straight forward to implement.
There are API’s, just not public ones - only available under commercial agreement
Yah, that's the OAuth Client Credentials flow but as noted, you still have a static set of creds that are required to generate the short lived access token. Besides being useful for being able to limit scope in some…
To answer the why plain text, the feature this talks about is the Okta Secure Web App - basically if an app cant do proper SSO you can set it up as SWA which just acts like a password manager. The Okta browser plugin…
Yes, Google and most major search engines enable a RDNS lookup to validate they are really a googlebot
Yep, underrated advice. Run it, read the code, fiddle some bits and make sure what you fiddled matches your mental model. Honestly, learning to read code and execute it in your head is a super power
Heh your bit about Github resonates. I hire plenty of devs and the whole "make sure you have a GH body of work" has become such a meme that when people do include it on their CV, it's usually just a big list of forked…
Don’t know your exact specs or the premium you pay over consumer level but I buy/install commercial display panels and when I need a new TV or such, I just grab one of them. No extra stuff, fast input switching etc etc
Yeh this is bang on - I find that type of person tends to say they know something, where in fact they know the name of something and thats’s about it - there’s nothing below the surface.
That's a pigment company...
Yep we do this, works good - you can either trigger a server refresh from SNS (AWS notifies you of certain AMI updates) or we just rebuild our underlying fleet each week with the most current AL2 AMI
It’s not really, ask all us audax riders. it’s surprising to think that 250km in a day was so life changing when I/we do 1200km in 3 days regularly and at a leisurely pace
Yes (sort of). This is just a bunch of triggers that populate audit tables. In Mongo you'd use change streams (https://docs.mongodb.com/manual/changeStreams/) which are based off the oplog. Thus it requires a…
1000% correct. the second you look in the mirror and you're happy with what you see, baby, you just lost the battle.
The amount of ideas Karl had that have since come to fruition is quite remarkable
Agree, when MS moved their office file formats to xml, I made plenty of money building extremely customizable templating engines all based on a very small amount of XSLT - it worked great given all the structure and…
Probably the only improvements I can think is running the runner as a gMSA and applying the relevant ACL's to that, so you can avoid needing to supply creds. Otherwise, on our fleet of hundreds of IIS, we've had success…
This is just to make it an IdP initiated flow (instead of a SP initiated flow) and its to prevent the extra hop back and forwards between Okta/IdP and the application.
Very well said - even with open source there seems to be a general lack of willingness to actually read code, let alone crack open the disassembler or attach a debugger - the skill is apparently not taught anymore
In AU, even for aerial powerlines, we run our own mix of fibre and radio comms between zone subs and stuff like ACR's... in fact I dont think any of the transmission or distribution operators utilise any telco stuff for…
Yah, this is why third party risk management is a thing. When I ran sec training, I always hammered home the point that a third party security issue is your issue. Now, sure, technically there may be circumstances when…
Global namespace shared resources, regional namespace shared resources, then each app provisions its own bit, consuming/linking the two aforementioned layers. Everyone gets here eventually and you can just fight over…
No, this is the new trend, browser isolation - see Island Browser for example
bowling is fucken weird..I was a junior almost pro bowler and I know Belmo, being around the same age, coming up at the same time and in the same area as him…he’s a freak in the best sense of the word. I remember some…
The amount of ideas that Karl had which came to reality, that Steve and Ricky dismissed as mental is what keeps me listening to Youtube compilations of their show to this very day :D
Microsoft have this for DFS-R and the spec is open https://learn.microsoft.com/en-us/openspecs/windows_protocol... - its pretty straight forward to implement.
There are API’s, just not public ones - only available under commercial agreement
Yah, that's the OAuth Client Credentials flow but as noted, you still have a static set of creds that are required to generate the short lived access token. Besides being useful for being able to limit scope in some…
To answer the why plain text, the feature this talks about is the Okta Secure Web App - basically if an app cant do proper SSO you can set it up as SWA which just acts like a password manager. The Okta browser plugin…
Yes, Google and most major search engines enable a RDNS lookup to validate they are really a googlebot
Yep, underrated advice. Run it, read the code, fiddle some bits and make sure what you fiddled matches your mental model. Honestly, learning to read code and execute it in your head is a super power
Heh your bit about Github resonates. I hire plenty of devs and the whole "make sure you have a GH body of work" has become such a meme that when people do include it on their CV, it's usually just a big list of forked…
Don’t know your exact specs or the premium you pay over consumer level but I buy/install commercial display panels and when I need a new TV or such, I just grab one of them. No extra stuff, fast input switching etc etc
Yeh this is bang on - I find that type of person tends to say they know something, where in fact they know the name of something and thats’s about it - there’s nothing below the surface.
That's a pigment company...
Yep we do this, works good - you can either trigger a server refresh from SNS (AWS notifies you of certain AMI updates) or we just rebuild our underlying fleet each week with the most current AL2 AMI
It’s not really, ask all us audax riders. it’s surprising to think that 250km in a day was so life changing when I/we do 1200km in 3 days regularly and at a leisurely pace
Yes (sort of). This is just a bunch of triggers that populate audit tables. In Mongo you'd use change streams (https://docs.mongodb.com/manual/changeStreams/) which are based off the oplog. Thus it requires a…