HackerTrans
トップ新着トレンドコメント過去質問紹介求人

kkl

no profile record

投稿

You don't want long-lived keys

argemma.com
79 ポイント·投稿者 kkl·3 か月前·62 コメント

Anonymous credentials: an illustrated primer (Part 2)

blog.cryptographyengineering.com
37 ポイント·投稿者 kkl·3 か月前·0 コメント

Go's filepath.Clean does not prevent path traversal

argemma.com
2 ポイント·投稿者 kkl·5 か月前·0 コメント

String comparison timing attacks in Go

kel.bz
1 ポイント·投稿者 kkl·6 か月前·0 コメント

Confessions to a Data Lake

confer.to
37 ポイント·投稿者 kkl·7 か月前·13 コメント

Control planes are a useful concept

kel.bz
2 ポイント·投稿者 kkl·7 か月前·1 コメント

コメント

kkl
·3 か月前·議論
SSH CAs are not incompatible with my argument! An SSH CA can sign short-lived certificates for just-in-time generated keys.
kkl
·3 か月前·議論
> "we can't have service accounts"

To be clear: This is not my position! I advocate for service accounts in my post:

> It is much harder to reason about, say, the security of an arbitrary Engineer's laptop than it is an EC2 instance that exists exclusively to tell KMS to sign something.

> So every time we fire or lay off the person whose name is on the automation, we need to rotate the keys?

If a person previously had access to the key and knowledge of the key gives you control over that automated workflow, is that key (and by extension that workflow) still worth trusting?
kkl
·3 か月前·議論
Part of the threat model for an Engineering team is that people come and go. They move teams which have different levels of access. They leave the organization, in most cases, on good terms. I want to set up infrastructure where I don't need to remember that your SSH pubkey is baked into production configuration after you leave the company.

There are several options for setting up per-connection keys that are dispensed to users through the company SSO. That setup means you don't need to maintain separate infrastructure for (de-)provisioning SSH keys.
kkl
·4 か月前·議論
> "Had the engineer that acted on that known better, or did other checks, this would have been avoided."

<insert takes long drag tweet[1] here>

I personally find "LLMs can do $THING poorly" and "LLMs can do $THING well" articles kinda boring at this point. But! I'm hopeful that stories like this will shift the industry's focus towards robustness instead of just short-term efficiency. I suspect many decision making and change management processes accidentally benefited from just being a bit slow.

[1] https://waffles.fun/amy.png
kkl
·4 か月前·議論
> The job of a code reviewer isn't to review code. It's to figure out how to obsolete their code review comment, that whole class of comment, in all future cases, until you don't need their reviews at all anymore.

Making entire classes of issues effectively impossible is definitely the ideal outcome. But, this feels much more complicated when you consider that trust doesn't always extend beyond the company's wall and you cannot always ignore that fact because the negative outcomes can be external to the company.

What if I, a trusted engineer, run `npm update` at the wrong time and malware makes its way into production and user data is stolen? A mistake to learn from, for sure, but a post-mortem is too late for those users.

I'm certainly not advocating for relying on human checks everywhere, but reasoning about where you crank the trust knob can get very complicated or costly. Occasionally a trustworthy human reviewer can be part of a very reasonable control.
kkl
·4 か月前·議論
It’s also the case that someone you trust makes an honest mistake and, for example, gets their laptop stolen and their credentials compromised. I do trust my team, and want that to be the foundation to our relationship, but I also recognize that humans are infallible and having guardrails (eg code review) is beneficial.
kkl
·5 か月前·議論
Congratulations! Fish is such a wonderful shell. It’s been my daily driver for many years now but I’ve had a renewed appreciation for it now that I’m working in several different development environments. The default fish install Just Works so well that I don’t bother with trying to schlep my dotfiles around.
kkl
·5 か月前·議論
I could also buy that the free domains were ran up by scammers which could have caused some of the hair trigger Safe Browsing denylisting.
kkl
·5 か月前·議論
While there are compliance/security benefits it is not the primary motivation.

If you have fairly complicated infrastructure it can be way more efficient to have a pool of ready to go beefy EC2 instances on a recent commit of your multi-GB git repo instead of having to run everything on a laptop.