ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login
    1. Topics
    2. stacksofplates
    3. Posts
    • Profile
    • Following 0
    • Followers 13
    • Topics 145
    • Posts 7,946
    • Groups 0

    Posts

    Recent Best Controversial
    • RE: Managing Publicly hosted Linux Servers through Cockpit

      @pete-s said in Managing Publicly hosted Linux Servers through Cockpit:

      @stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

      Solarwinds is far from "devops tooling" and that feels like a weird thing to say since most devops tooling is open source and not built in private like Solarwinds.

      I didn't say that. I said that the cybercriminals are going after management tools including devops tooling. Just because it's open source doesn't make it automatically safe.

      Yeah no one said open source is automatically safe, but the reason the Solarwinds hack was successful was because it was closed. If the build logs were open like most open source tools, and the source was available, it could have easily been caught.

      Relying on pre-built binaries is starting to fade. With languages like Go where you can pull the source and build locally in the same command, it's not needed any longer.

      Also, in reality supply chain vulnerabilities are extremely difficult to pull off. Solarwinds wasn't because of an upstream dependency in the chain, it was the tool itself which was compromised in a build step. While SBOM information is really important, these attacks are rare and you're most likely to get attacked somewhere else.

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Managing Publicly hosted Linux Servers through Cockpit

      @pete-s said in Managing Publicly hosted Linux Servers through Cockpit:

      @stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

      The Solarwinds hack was from an injection during a pipeline where they modified the actual binary that was built. Ansible wouldn't be compromised that way since it's a Python package and you can just pull the Ansible source and run it. It doesn't need compiled.

      Supply chain attack doesn't have to modify binaries. You could modify anything. In Ansible's case they say that the weak link is the community developed modules. That it's built on Python changes nothing.

      No, them being community developed modules changes nothing. 1) All of Ansible is community maintained. 2) If you're referencing the modules that come with Ansible, they are in the main repo with Ansible. Only recently have they started shipping collections which are separately maintained and that wouldn't be a failing of Ansible itself.

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Managing Publicly hosted Linux Servers through Cockpit

      @dustinb3403 said in Managing Publicly hosted Linux Servers through Cockpit:

      @stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

      @dustinb3403 said in Managing Publicly hosted Linux Servers through Cockpit:

      @stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

      @dustinb3403 said in Managing Publicly hosted Linux Servers through Cockpit:

      @stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

      There's a big movement now around SBOM with tools like in-toto, SPIFFE/SPIRE, TUF, and a lot more. We are working with gov't clients and they are headed towards requiring SBOM information for each release.

      It's been mandated that software now include a SBOM (see my recent post in IT news).

      Yeah but that mandate is only for open source (for whatever dumb reason). I'm all for SBOMs for open source software, but it's ignoring the fact that the issue has historically come from closed source software. An SBOM is much less effective when you already have access to 99% of what's included in the product.

      Well it mentions open source specifically, but also targets close source

      Ah I read the first part. It made it sound like it was only open source.

      Not that anyone but the US Government will know what is actually included in any specific closed source software

      If enterprises are smart they will require it too. And at that point it would hopefully just be publically available.

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Managing Publicly hosted Linux Servers through Cockpit

      @dustinb3403 said in Managing Publicly hosted Linux Servers through Cockpit:

      @stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

      @dustinb3403 said in Managing Publicly hosted Linux Servers through Cockpit:

      @stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

      There's a big movement now around SBOM with tools like in-toto, SPIFFE/SPIRE, TUF, and a lot more. We are working with gov't clients and they are headed towards requiring SBOM information for each release.

      It's been mandated that software now include a SBOM (see my recent post in IT news).

      Yeah but that mandate is only for open source (for whatever dumb reason). I'm all for SBOMs for open source software, but it's ignoring the fact that the issue has historically come from closed source software. An SBOM is much less effective when you already have access to 99% of what's included in the product.

      Well it mentions open source specifically, but also targets close source

      Ah I read the first part. It made it sound like it was only open source.

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Managing Publicly hosted Linux Servers through Cockpit

      We are working with Platform One and some others and they want to require it for everything. Hopefully that gets more traction.

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Managing Publicly hosted Linux Servers through Cockpit

      @dustinb3403 said in Managing Publicly hosted Linux Servers through Cockpit:

      @stacksofplates said in Managing Publicly hosted Linux Servers through Cockpit:

      There's a big movement now around SBOM with tools like in-toto, SPIFFE/SPIRE, TUF, and a lot more. We are working with gov't clients and they are headed towards requiring SBOM information for each release.

      It's been mandated that software now include a SBOM (see my recent post in IT news).

      Yeah but that mandate is only for open source (for whatever dumb reason). I'm all for SBOMs for open source software, but it's ignoring the fact that the issue has historically come from closed source software. An SBOM is much less effective when you already have access to 99% of what's included in the product.

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Managing Publicly hosted Linux Servers through Cockpit

      There's a big movement now around SBOM with tools like in-toto, SPIFFE/SPIRE, TUF, and a lot more. We are working with gov't clients and they are headed towards requiring SBOM information for each release.

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Managing Publicly hosted Linux Servers through Cockpit

      @pete-s said in Managing Publicly hosted Linux Servers through Cockpit:

      What most people seems to miss is that the Solarwind attack was a supply chain attack.
      That means that the tool itself was compromised.

      That means that any tool, regardless of how you use it, is at risk for this kind of attack. It certainly doesn't have to be anything that is centrally hosted/administered.

      Even ssh itself is at risk, but it's more likely to occur in tools where you have lots of source code from many sources. For instance ansible or devops tooling.

      nobody was mentioning Solardwinds. They were referencing specific MSPs being breached and all of their clients being on the same networks.

      The Solarwinds hack was from an injection during a pipeline where they modified the actual binary that was built. Ansible wouldn't be compromised that way since it's a Python package and you can just pull the Ansible source and run it. It doesn't need compiled.

      Solarwinds is far from "devops tooling" and that feels like a weird thing to say since most devops tooling is open source and not built in private like Solarwinds.

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: ESXi VMware ESXTOP

      Does the esxi shell have awk?

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: NodeBB 1.17 Update

      @scottalanmiller said in NodeBB 1.17 Update:

      @danp said in NodeBB 1.17 Update:

      Looks like the ads are broken.

      In what way? They seem fine here.

      Screenshot_20210508-120000_Brave.jpg

      posted in Announcements
      stacksofplatesS
      stacksofplates
    • RE: Upgrading to Fedora 34

      @jaredbusch said in Upgrading to Fedora 34:

      @stacksofplates said in Upgrading to Fedora 34:

      I don't care for the new Windows-esque "installing updates don't power off your computer" screen on a reboot that was introduced in 34.

      It was in 33 also if you did a clean install.

      Ah I haven't used it in a while. I just saw it mentioned the other day.

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Upgrading to Fedora 34

      @dustinb3403 said in Upgrading to Fedora 34:

      Bit of dick much?

      This seems like a personal question.

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Upgrading to Fedora 34

      I don't care for the new Windows-esque "installing updates don't power off your computer" screen on a reboot that was introduced in 34.

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Upgrading to Fedora 34

      @dustinb3403 said in Upgrading to Fedora 34:

      So get bent

      278731-1546128589810-11a2a6231da82.jpg

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Send CSV file to Slack Channel by bash script through Webhook

      @pete-s said in Send CSV file to Slack Channel by bash script through Webhook:

      @laksh1999 said in Send CSV file to Slack Channel by bash script through Webhook:

      @pete-s said in Send CSV file to Slack Channel by bash script through Webhook:

      @laksh1999 said in Send CSV file to Slack Channel by bash script through Webhook:

      Hi
      I am trying to send the assigned tickets in the queue as .csv file to the slack channel. I am able to download the .csv file in the dev desktop through bash script but unable to send that file to the Slack Channel.

      Anyone have tried this before?

      I have checked this

      https://api.slack.com/methods/files.upload

      I have only Webhook URL no other token is there with me as per the suggestion in the above link.

      You must have a token or some kind of authentication, otherwise anyone would be spam slack with files.

      Also the function you are looking at is not a webhook. Webhooks are triggered by an event. And they cause a http request to be sent.

      I accept with your point the csv file which i download is authenticated with the kerberos only.So is that enough and send the .csv file to the slack channel through the webhook ?

      @stacksofplates maybe you can offer some insight?

      At the bottom of the upload API page they give you an example of what you need. You need your API token and the channel ID(s) that you want to send the data to.

      curl -F [email protected] -F "initial_comment=Shakes the cat" -F channels=C024BE91L,D032AC32T -H "Authorization: Bearer xoxa-xxxxxxxxx-xxxx" https://slack.com/api/files.upload

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Ergonomic Keyboard

      @gotwf said in Ergonomic Keyboard:

      @stacksofplates Ah yes, Ergodox. Massdrop? Getting stuff off pinkies and onto thumbs is a big win. Alas, I don't have such a rig myself. Fairly pricey, iirc, no?

      Yeah with the rests, lift kit, and lights it was around $350. I got it from ZSA soi didn't have to assumble it. They built it and sent it.

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Ergonomic Keyboard

      So idk about other ergonomic keyboards, but this one def is very comfortable and the adjustable legs and wrist rests make it really adjustable to your liking.

      20210315_175236.jpg

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Ergonomic Keyboard

      @scottalanmiller said in Ergonomic Keyboard:

      @stacksofplates said in Ergonomic Keyboard:

      @stacksofplates said in Ergonomic Keyboard:

      I just got an Ergodox with cherry browns and I love it. It's split, so I don't feel like I'm rounding my shoulders anymore to type. It's really comfortable and very customizable. I'd def buy it again.

      I ordered it from ZSA since they put it together and everything.

      https://ergodox-ez.com/

      Wait, do you actually wear it around your neck?

      Only once.

      Misread, thought you said "did you".

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Ergonomic Keyboard

      @stacksofplates said in Ergonomic Keyboard:

      I just got an Ergodox with cherry browns and I love it. It's split, so I don't feel like I'm rounding my shoulders anymore to type. It's really comfortable and very customizable. I'd def buy it again.

      I ordered it from ZSA since they put it together and everything.

      https://ergodox-ez.com/

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • RE: Ergonomic Keyboard

      I just got an Ergodox with cherry browns and I love it. It's split, so I don't feel like I'm rounding my shoulders anymore to type. It's really comfortable and very customizable. I'd def buy it again.

      posted in IT Discussion
      stacksofplatesS
      stacksofplates
    • 1
    • 2
    • 13
    • 14
    • 15
    • 16
    • 17
    • 397
    • 398
    • 15 / 398