Yup. I read it as “compose and manage containers with systemd.”
Sure, there is a k8s layer abstracted into podman to do this, but you don’t manage or interact with it. Everything is a systemd unit file, a simple text document with a well understood structure. Containers are started and logged like services.
Easy, direct, tidy.
deleted by creator
It’s not common, but it should be.
Still, that was just one example. EDR reacting to your code is likely a sign of some other shortcut being taken during the development process. It might even be a reasonable one, but if so it needs to be discussed and accounted for with the IT security team.
No one on earth trusts McAfee, be it the abysmal man or abysmal AV suite.
If the EDR or AV software is causing issues with your code running, it’s possibly an issue with the suite, but it’s more likely an issue with your code not following common sense security requirements like code signing.
My teams new hire project manager was even more advanced. When they found out we were working on 5-10 projects at once with no PM, they quit.
We had 3 PMs when I started here, and have been down to 0-1 for 6 months. That 0-1 runs a whole unrelated team, but is technical still a PM.
Dysfunction is fun. The plus side? No one asks me for estimates.
Yes and no. The auditing is likely the harder part. You can use something like tailscale or nebula vpn to get the always on vpn/ACLs. With a dozen or two devices, it should be doable at a home scale.
If you want clientless zerotrust then you’re talking heavier duty things like Palo alto gear and the like.
ZeroTrust is a specific type of network security where every network device has its access to other devices validated and controlled, not a statement on the trustworthiness of vendors.
Instead of every device on a LAN seeing every other device, or even every device on a VLAN seeing other devices on a VLAN, each device can only connect with the other devices it needs to work, and those connections need to be encrypted. These connectioms are all monitored, logged and alerted on to make sure the system is working as intended.
You do need to trust or validate the tooling that does the above, regardless of what you’re using.
Copper core versus copper clad aluminum is going to matter here too. Both will claim to hit the spec, but you’re more likely to get there with the expensive copper only.
deleted by creator
deleted by creator
A wonderful mix of actual hacking (social engineering, phreaking) and batshit crazy “future hacks” (hack the gibson!)
Nice hacking mate.
Had to look this up as well. Its not rm specific:
* is a simple, non-recursive wildcard representing zero or more characters which you can use for paths and file names. ** is a recursive wildcard that can only be used with paths, not file names.
deleted by creator
I know, right? Needs more tab.
Ehh. Depending on the industry and issue, thats wholley justified, not only from a “least privilege” sense, but from a regulatory one.
Step over into cybersecurity and you end up spending all day clamping down on usability because the company has legal requirements to meet to continue to exist. Many of the things we are compelled to do are overeager and overly pedantic, but it’s either “do it, pay up, or shut down.” The execs tend to prefer “do it” in my experience, which makes everyone’s day a bit more tiresome.
So its entirely possible that was out of their hands.
“Please god come throw your body in the pile we use to fill up the holes. We are very nearly out of unwitting flesh here.”
All over the article you posted:
and since Floorp currently has no advertising, my own salary is, of course, zero. It’s just not going to last.
I have made many plans, including earning development money on this projects, but all have been derailed by open source projects.
There is some code in the closed source code to prepare for this. If these are forked, my hundreds of hours will have been wasted.
The purpose is to learn how to publish code that cannot be used for forking as open source.
I have to obligate the folks to choose whether they want to pay me or help me code.
So hes forked the open source Firefox, added some polish, and is now miffed that others have taken his forked project and forked it themselves, because it cuts off a possible income stream he had planned. That code, the things he intended to profit from, is whats hidden in the “closed source” part of the repo. He says he will open source it eventually, likely after he figures out a way to profit from all of the code Mozilla kindly let him fork for free.
He doesnt want anyone else to profit from the hundreds of hours of code hes added to the millions of hours of free code hes currently trying to profit from. This is of course a very reasonable and consistent moral stance in line with common open source principles.
I was Haskalling for that one. I need to Go and shake off the Rust, maybe work on my Lisp to make sure people React well.
Node what I’m saying?
I’m still new to this myself, but yes that’s the gist of it. This isn’t k8s or even k3s. It’s an easy way to deploy a container via code on a single node system using the already present systemd for management. It let’s you pretend that Linux handles containers natively like it does daemons.
This article from redhat has more information about the why and what.