Forwarded from CatOps
How Google got rid of VPN and other old(?) security methods
They called it BeyondCorp and it main goal sound as:
Every Google employee work successfully from untrusted networks without the use of a VPN. It needed for improving productivity and keep company secure.
Implementation started in 2011 and successfully ended in 2014, proccess was described in this article. Now Google starts sharirg the lessons that they have learned over the 5 years of exploitation.
P.S. On Google SSO page you can find random pictures (: desktop version required)
#security
They called it BeyondCorp and it main goal sound as:
Every Google employee work successfully from untrusted networks without the use of a VPN. It needed for improving productivity and keep company secure.
Implementation started in 2011 and successfully ended in 2014, proccess was described in this article. Now Google starts sharirg the lessons that they have learned over the 5 years of exploitation.
P.S. On Google SSO page you can find random pictures (: desktop version required)
#security
Google Online Security Blog
How Google adopted BeyondCorp
Posted by Lior Tishbi, Program Manager and Puneet Goel, Product Manager, Justin McWilliams, Engineering Manager It's been almost five ye...
Forwarded from oleg_log (Oleg Kovalov)
LinkedIn запили еще одну систему для stream processing.
Даешь еще одну Кафку.
https://engineering.linkedin.com/blog/2019/brooklin-open-source
https://github.com/linkedin/Brooklin/
Даешь еще одну Кафку.
https://engineering.linkedin.com/blog/2019/brooklin-open-source
https://github.com/linkedin/Brooklin/
Linkedin
Open sourcing Brooklin: Near real-time data streaming at scale
Forwarded from Пятничный деплой
Поднимаем vault с etcd бекендом в k8s https://medium.com/@jackalus/deploying-vault-with-etcd-backend-in-kubernetes-d89f9a0068bf #vault #k8s
Medium
Deploying Vault with etcd backend in Kubernetes
I needed a secrets management tool that can be highly available, on-premise, cloud-native, run on low resources, and easily orchestrated…
Forwarded from Пятничный деплой
Смотрите, говорят в k8s завезли нативный CI\CD - https://medium.com/@kmadel/prow-keeping-kubernetes-ci-cd-above-water-kurt-madel-42a241e5a515
#cicd #prowe #k8s
#cicd #prowe #k8s
Medium
Prow: Keeping Kubernetes CI/CD Above Water
Native K8s CD
Forwarded from GitHub'ненько
Forwarded from DevOps&SRE Library
How Netflix Thinks of DevOps
Интересное видео про то, как устроено IT в Netflix.
https://youtu.be/UTKIT6STSVM
Интересное видео про то, как устроено IT в Netflix.
https://youtu.be/UTKIT6STSVM
Forwarded from CatOps
ec2-metadatafs: 'cat' your AWS EC2 metadata
This tool exposes AWS EC2 metadata as a filesystem for easy
Advantages over
- Support for tags
- Use filesystem permissions to control access
- Use traditional unix tools to walk and interrogate the tree
- Tab completion of paths
- No need to remember the special IP address of the service
Advantages over the ec2-metadata tool:
- Support for tags
- No need to cut the output of commands to get just the field
- Can use filesystem permissions to control access
- Access to all metadata fields, not just the limited subset the tool returns
Well and browsing the metadata endpoint as a filesystem from an EC2 instance is really cool idea.
#aws #toolz
This tool exposes AWS EC2 metadata as a filesystem for easy
ls, cat, and grep'ing.Advantages over
curl http://169.254.169.254:- Support for tags
- Use filesystem permissions to control access
- Use traditional unix tools to walk and interrogate the tree
- Tab completion of paths
- No need to remember the special IP address of the service
Advantages over the ec2-metadata tool:
- Support for tags
- No need to cut the output of commands to get just the field
- Can use filesystem permissions to control access
- Access to all metadata fields, not just the limited subset the tool returns
Well and browsing the metadata endpoint as a filesystem from an EC2 instance is really cool idea.
#aws #toolz
Forwarded from Пятничный деплой
Ещё один материал от netflix, на этот раз про анализ canary deploy #cicd https://medium.com/netflix-techblog/automated-canary-analysis-at-netflix-with-kayenta-3260bc7acc69
Medium
Automated Canary Analysis at Netflix with Kayenta
by Michael Graff and Chris Sanden
Forwarded from Технологический Болт Генона
A game that teaches locking and concurrency.
The Deadlock Empire
Slay dragons, master concurrency!
https://deadlockempire.github.io
The Deadlock Empire
Slay dragons, master concurrency!
https://deadlockempire.github.io
deadlockempire.github.io
The Deadlock Empire
Slay dragons, learn
concurrency! Play the cunning Scheduler, exploit flawed
programs and defeat the armies of the Parallel Wizard.
concurrency! Play the cunning Scheduler, exploit flawed
programs and defeat the armies of the Parallel Wizard.
Forwarded from DocOps
Ещё один пост про ретроспективы конференций в Plesk, на этот раз даже со скриншотами. Вообще это отчёт по #HighloadSiberia, о ретроспективах — в конце поста.
https://habr.com/ru/company/plesk/blog/460885/
https://habr.com/ru/company/plesk/blog/460885/
Хабр
Интересные доклады на HighLoad++ Siberia 2019 по версии Plesk
Всем привет! В июне в Новосибирске прошла конференция по разработке высоконагруженных приложений HighLoad++ Siberia 2019. Ранее в статьях на Хабре мы упоминали, что мы в компании Plesk проводим...
Forwarded from Konstantin Sverdlov
ДоДо пицца раскурили https://www.youtube.com/watch?v=sLDYgmhNxfU
YouTube
BeyondCorp: модель DevOps-безопасности без регистрации и VPN / Глеб Лесников (Додо Пицца)
Приглашаем на конференцию Saint HighLoad++ 2024, которая пройдет 24 и 25 июня в Санкт-Петербурге!
Программа, подробности и билеты по ссылке: https://vk.cc/cuyIqx
--------
--------
HighLoad++ Moscow 2018
Тезисы и презентация:
http://www.highload.ru/m…
Программа, подробности и билеты по ссылке: https://vk.cc/cuyIqx
--------
--------
HighLoad++ Moscow 2018
Тезисы и презентация:
http://www.highload.ru/m…
Forwarded from Сергей
InfoQ
A Continuation of Devops: Policy as Code
Gareth Rushgrove looks at examples of tools that move security controls into code, with a focus on ModSecurity, InSpec and Open Policy Agent, explores the properties of successful infrastructure management tools, what is missing in security tools today,…
Forwarded from Sysadmin Tools 🇺🇦
Livejournal
Container Domains (Types)
One of the things people have always had a hard time understanding about SELinux is around different types. In this blog, I am going to discuss Contianer Domains. Recently I had someone questioning me about specifying types to run containers inside of Kubernetes.…
Forwarded from Sysadmin Tools 🇺🇦
Kubernetes
Introducing Volume Cloning Alpha for Kubernetes
Kubernetes v1.15 introduces alpha support for volume cloning. This feature allows you to create new volumes using the contents of existing volumes in the user's namespace using the Kubernetes API.
What is a Clone? Many storage systems provide the ability…
What is a Clone? Many storage systems provide the ability…
Forwarded from Sysadmin Tools 🇺🇦
Прислали в лс ништяков для postgresql
1) http://pgconfigurator.cybertec.at/
2) https://pgtune.leopard.in.ua/#/
3) https://github.com/jfcoz/postgresqltuner
1) http://pgconfigurator.cybertec.at/
2) https://pgtune.leopard.in.ua/#/
3) https://github.com/jfcoz/postgresqltuner
pgtune.leopard.in.ua
PGTune - calculate configuration for PostgreSQL based on the maximum performance for a given hardware configuration
PgTune - Tuning PostgreSQL config by your hardware
Forwarded from Sysadmin Tools 🇺🇦
Вспомним такую полезную тулзу как Gixy
Описание на русском
Gixy is a tool to analyze Nginx configuration. The main goal of Gixy is to prevent security misconfiguration and automate flaw detection.
Описание на русском
GitHub
GitHub - yandex/gixy: Nginx configuration static analyzer
Nginx configuration static analyzer. Contribute to yandex/gixy development by creating an account on GitHub.
Forwarded from Sysadmin Tools 🇺🇦
www.opennet.ru
Amazon опубликовал Open Distro for Elasticsearch 1.0.0
Компания Amazon представила первый выпуск продукта Open Distro for Elasticsearch, в рамках которого подготовлена полностью открытая редакция платформы поиска, анализа и хранения данных Elasticsearch. Опубликованная редакция пригодна для применения на предприятиях…