Whatâs your go-to strategy for giving engineers access to production?
Iâve been in this field for almost 15 years, and I donât think Iâve ever seen two companies handle this the same way
Some other places just hand out just-in-time database access with short-lived credentials, others rely on rigid role-based permission, and others go all in on anonymized data dumps or shadow environments to avoid prod access altogether
Whatâs your go-to when it comes to giving access to engineers to access production app ⊠â Read more
** The Access Control Apocalypse: How Broken Permissions Gave Me Keys to Every Digital Door**
Hey theređ
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/th ⊠â Read more
↳
In-reply-to
»
To combat malware and financial scams, Google announced today that only apps from developers that have undergone verification can be installed on certified Android devices starting in 2026.
†Read More
@bender@twtxt.net That is a noble goal. We can talk about that â as long as it doesnât mean giving up essential freedoms like choosing which software you can run on your device (without having to ask someone for permission).
↳
In-reply-to
»
Just discovered how easy it is to recall my last arg in shell and my brain went đ€Ż How come I've never learned about this before!? I wonder how many other QOL shortcuts I'm missing on đ„Č
†Read More
@aelaraji@aelaraji.com I use Alt+. all the time, itâs great. đ
FWIW, another thing I often use is !! to recall the entire previous command line:
$ find -iname '*foo*'
./This is a foo file.txt
$ cat "$(!!)"
cat "$(find -iname '*foo*')"
This is just a test.
Yep!
Or:
$ ls -al subdir
ls: cannot open directory 'subdir': Permission denied
$ sudo !!
sudo ls -al subdir
total 0
drwx------ 2 root root 60 Jun 20 19:39 .
drwx------ 7 jess jess 360 Jun 20 19:39 ..
-rw-r--r-- 1 root root 0 Jun 20 19:39 nothing-to-see
i have been on a ROLL fixing server issues the other day i fixed my dead SFTP server which had a chroot permission issue
↳
In-reply-to
»
HI EVERYONE MY INSTANCE DIED FOR A WHILE AND MY LIFE TURNED TO SHIT SO I COULDN'T FIX IT BUT I JUST DID YAYYYYYYYY
†Read More
idfk where the error came from it just broke one day, maybe from one of my many server crashes which are becoming frequent and UGH i have to fix that too but i have a headache right now so one thing at a time. the error was âunexpected end of JSON inputâ or something, for a while i thought oh permission error but turns out i canât read the error that clearly indicated something syntax related (i did double check my env file though)
OpenAI doesnât like it when you use âtheirâ generated slop without permission
OpenAI says it has found evidence that Chinese artificial intelligence start-up DeepSeek used the US companyâs proprietary models to train its own open-source competitor, as concerns grow over a potential breach of intellectual property. â« Cristina Criddle and Eleanor Olcott for the FT This is more ironic than writing a song called Ironic that lists situations that arenât actually ⊠â Read more
[ANN] Monero Remote Node Monitoring project updates
Since my last post on Reddit in June 2024, there have been some major changes and new features.
* updated the license from GLWTS to a more widely recognized and permissive one (BSD-3-Clause)
* UI: switched from SvelteKit to Templ+HTMX to reduce external dependencies
* added support for monitoring both IPv6 and I2P nodes
* set up a Tor Hidden service for the web UI
Links:
- GitHub repository
- [Website](https://xmr.d ⊠â Read more
@lyse@lyse.isobeef.org its a hierarchy key value format. I designed it for the network peering tools i use.. I can grant access to different parts of the tree to other users.. kinda like directory permissions. a basic example of the format is:
@namespace
# multi
# line
# comment
root :value
# example space comment
@namespace.name space-tag
# attribute comments
attribute attr-tag :value for attribute
# attribute with multiple
# lines of values
foo :bar
:bin
:baz
repeated :value1
repeated :value2
each @ starts the definition of a namespace kinda like [name] in ini format. It can have comments that show up before. then each attribute is key :value and can have their own # comment lines.
Values can be multi line.. and also repeated..
the namespaces and values can also have little meta data tags added to them.
the service can define webhooks/mqtt topics to be notified when the configs are updated. That way it can deploy the changes out when they are updated.
# ssh -p 2222 cas.run help
The authenticity of host '[cas.run]:2222 ([139.180.180.214]:2222)' can't be established.
RSA key fingerprint is SHA256:i5txciMMbXu2fbB4w/vnElNSpasFcPP9fBp52+Avdbg.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[cas.run]:2222' (RSA) to the list of known hosts.
abucci@cas.run: Permission denied (publickey).
So you would have:
type ErrPermissionNotAllowed []Permission
func (perms ErrPermissionNotAllowed) Is(permission Permission) bool {
for _, p := range perms {
if p == permission { return true }
}
return false
}
var err error = errPermissionNotAllowed{"is-noob"}
if errors.Is(err, ErrPermissionNotAllowed{}) { ... } // user is not allowed
var e ErrPermissionNotAllowed
if errors.As(err, e) && e.Is("a-noob") { ... } // user is not allowed because they are a noob.
You can have Error return just âpermission not allowedâ if the array is empty. It would print the same as the first.
New tool to secure your GitHub Actions
Introducing a new tool to monitor and control the permissions of the repository token for GitHub Actions. â Read more
Designâs journey towards accessibility
Design can have a significant impact on delivering accessible experiences to our users. It takes a cultural shift, dedicated experts, and permission to make progress over perfection in order to build momentum. Weâve got a long way to go, but weâre starting to see a real shift in our journey to make GitHub a true home for all developers. â Read more
Looks like Googleâs using this blog post of mine without my permission. I hate this kind of tech company crap so much.
New npm features for secure publishing and safe consumption
Now you can create tokens with fine-grained permissions for automating your publishing and organization management workflows. And a new code explorer allows you to view content of a package directly in the npm portal. â Read more
Huh⊠Nope.
HTTP/1.1 200 OK
Content-Length: 407
Content-Type: text/calendar
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag
Permissions-Policy: interest-cohort=()
Content-Security-Policy: default-src 'none'; sandbox
Referrer-Policy: same-origin
Vary: Authorization
BEGIN:VCALENDAR
VERSION:2.0;2.0
PRODID:SandCal
CALSCALE:GREGORIAN
BEGIN:VEVENT
DTSTAMP:20220822T180903Z
UID:bb63bfbd-623e-4805-b11b-3181d96375e6
DTSTART;TZID=America/Chicago:20220827T000000
CREATED:20220822T180903Z
LAST-MODIFIED:20220822T180903Z
LOCATION:https://meet.jit.si/Yarn.social
SUMMARY:Yarn Call
RRULE:FREQ=WEEKLY
DTEND;TZID=America/Chicago:20220827T010000
END:VEVENT
END:VCALENDAR
added some pages on #permissive #publicdomain licenses that I often reach for: !CC0 and !unlicense.
Impact Is Now Free & Open Source
My HTML5 Game Engine Impact launched almost 8 years ago. The last update was published in 2014. While Impact still works nicely in modern browsers, it lacks support for better graphic and sound APIs that are now available. I felt increasingly bad for selling a product that is hardly maintained or improved.
So as of today Impact will be available completely for free, published under the permissive MIT License.
Impactâs source is available on [gith ⊠â Read more