arianvp

Native Secure Enclave backed ssh keys on MacOS

It turns out that MacOS Tahoe can generate and use secure-enclave backed SSH keys! This replaces projects like https://github.com/maxgoedjen/secretive

There is a shared library /usr/lib/ssh-keychain.dylib that traditionally has been used to add smartcard support to ssh by implementing PKCS11Provider interface. However since recently it also implements SecurityKeyProivder which supports loading keys directly from the secure enclave! SecurityKeyProvider is what is normally used to talk to FIDO2 devices (e.g. libfido2 can be used to talk to your Yubikey). However you can now use it to talk to your Secure Enclave instead!

tormath1

Cluster API OpenStack using Flatcar

This is done on devstack environment.

Resources

• YouTube video: https://www.youtube.com/watch?v=H2Eqw33m2S0
• https://github.com/tormath1/tormath1.github.io/blob/main/kcd-munich-flatcar-capi.pdf

From an existing Kubernetes cluster deployed with Kind:

larsch

#!/bin/sh
exec ip netns exec vpn su user -c "$*"

ScriptingSquirrel

(Assuming a Debian 8-like system)

• Install prometheus-node-exporter

  $ sudo apt update && sudo apt install prometheus-node-exporter

• Configure prometheus-node-exporter to expose metrics only to localhost, not on to all networks. Modify file /etc/default/prometheus-node-exporter:

  # Set the command-line arguments to pass to the server.

wanglf

How to use?

• Copy content of vsix-bookmarklet, create a bookmark in your browser.
• Navigate to the web page of the VS Code extension you want to install.
• Click the bookmark you just created, then click the download button.
  
• After download finished, rename the file extension to *.vsix.
• In VS Code, select Install from VSIX... in the extension context menu.
  

peko

#!/bin/bash
tar cf - * | mbuffer -m 1024M | ssh -i ~/.ssh/<key.pem> <destination_ip> '(cd /home/ubuntu/<destination_folder>; tar xf -)'

totallyunknown

#!/usr/bin/env python
#
# Tested with SuperMicro

import re, subprocess, pprint, time, os, sys


if not os.path.exists("/usr/sbin/ipmi-sensors"):
  print >> sys.stderr, 'freeipmi tools are not installed'
  sys.exit()

jawadatgithub

Note for community:

A. IdentityServer3 docs, samples and source code use OIDC & OAuth2 terms interchangeably to refer to same thing in many areas. I think that's make sense because OIDC introduced as complement & extension for OAuth2.

B. IdentityServer3, STS, OP, OIDC server, OAuth2 server, CSP, IDP and others: means same thing (software that provide/issue tokens to clients) as explained in [Terminology] (http://identityserver.github.io/Documentation/docs/overview/terminology.html).

C. Grants and flows mean same thing, grant was the common term in OAuth2 specs and flow is the common term in OIDC specs.

D. This document will not focus on custom flow/grant.

E. [Important] Choosing wrong flow leads to security threat.

domenic

Auto-deploying built products to gh-pages with GitHub Actions

This is a set up for projects which want to check in only their source files, but have their gh-pages branch automatically updated with some compiled output every time they push.

A file below this one contains the steps for doing this with Travis CI. However, these days I recommend GitHub Actions, for the following reasons:

• It is much easier and requires less steps, because you are already authenticated with GitHub, so you don't need to share secret keys across services like you do when coordinate Travis CI and GitHub.
• It is free, with no quotas.
• Anecdotally, builds are much faster with GitHub Actions than with Travis CI, especially in terms of time spent waiting for a builder.

botchagalupe

##My Recent Noteworthy Presentations

DevOps Road Blocks DOES14 - John Willis - DevOps Road Blocks

Building an Open Cloud From the Network Perspective ( need Safari subscription) Building an Open Cloud From the Network Perspective - OSCON 2014

Alice in Wonderland Openstack Summit Atlanta 2014