HackerTrans
TopNewTrendsCommentsPastAskShowJobs

imduffy15

no profile record

Submissions

Pulling images from private registries with KEP-4412

youtube.com
3 points·by imduffy15·anno scorso·1 comments

Troubleshooting the Engineer's Brain

ianduffy.ie
1 points·by imduffy15·anno scorso·0 comments

Ask HN: How do I get my ISP's IPs out of PerimeterX's block list?

3 points·by imduffy15·3 anni fa·3 comments

Apple, an Airport, 802.11 Channel Flags, and Some Binary

pansift.com
2 points·by imduffy15·3 anni fa·1 comments

comments

imduffy15
·anno scorso·discuss
Absolutely loving the functionality KEP-4412 brings to kubernetes.

Having the pods service account token passed to the credential provider allows for seamless authentication with private registries.

Before you either had to use the node identity which in some cases isn’t oidc based or create a bunch of imagePullSecrets.

Code and walkthrough at https://github.com/cloudsmith-io/cloudsmith-kubernetes-crede...
imduffy15
·3 anni fa·discuss
I could use a vpn but I already pay for my broadband connection and shouldn’t have too.
imduffy15
·4 anni fa·discuss
Not a solution for shared multi factor auth but maybe some ideas…

- the root account should not be used. Disable it from being able to do anything with an SCP

- new accounts created with aws organisations by default have a random password and no mfa. Access is granted by going through the password reset process. Switch to this process for existing accounts, randomise all the passwords, grant break glass access via password resetting (ensure your contact details are valid). The password reset typically requires access to the email account (make it accessible via SSO) and potentially a phone call, ensure a virtual phone number is used and root holders can point it at their phone.

- use the likes of azure ad, keycloak or okta to store your organisations identities. Require MFA on them via yubikey. Enable access to multiple aws accounts via aws sso.

- for ssh access switch to using aws ssm.
imduffy15
·4 anni fa·discuss
Sad, frustrated, bitter & angry to have been apart of this. Started the job on April 4th, casual 1:1 with my manager on May 26th turned into HR stating it’s over. Not even one months severance as a good will gesture.

Why does bad planning on your part need to result in stress, anxiety, and financial concern for me?

The market is thankfully in a good place and I’m good at what I do. Did atleast one interview activity with 20+ places, it was hell, busier than a average work day. To get to final around it took 6-8 hours of interview activities.

It would be amazing to see companies that are struggling to hire to create a fast tracked interview process for those laid off.
imduffy15
·4 anni fa·discuss
My bet is you could remove the user. Do some DNS messing about either on your router or hosts file to drop all communications to goguardian and then resign into your sons account.

The end result will be that the school management scripts will still run but they’ll be unable to fetch and install goguardian.