#random (2022-09)

Non-work banter and water cooler conversation

A place for non-work-related flimflam, faffing, hodge-podge or jibber-jabber you’d prefer to keep out of more focused work-related channels.

Archive: https://archive.sweetops.com/random/

2022-09-07

Hila F avatar

Hi all,

## Helping others, especially women, is a privilege ##

Check out my posts in LinkedIn & Twitter about how joining one community has allowed me to get the opportunity to reach women in Africa and help them find their first role in the hi-tech industry. The event is THIS Friday and OPEN FOR ALL TO JOIN, so feel free to pass that along to whoever will find it useful.

1

2022-09-09

bradym avatar

had 7 concurrent users today

guess it’s time for kubernetes

3

2022-09-17

Aritra Banerjee avatar
Aritra Banerjee

Hi Everyone,

Does anyone have any tips for transferring domain and cpanel from hostmonster to GoDaddy. Any particular points I need to remember. We are also transferring domain control from hostmonster to Godaddy for dnssec setup

2022-09-18

Alanis Swanepoel avatar
Alanis Swanepoel

Personally, I would steer clear of godaddy, they are heavily oversubscribed on their hosting solutions. As for the dns setup- backup all your records, and ensure they exist on godaddy before you do your domain transfer. As an alternative- look at doing your dns through Cloudflare perhaps?

2
AJ avatar

+1 I use CloudFlare as well.

Aritra Banerjee avatar
Aritra Banerjee

Can I host the cpanel thing in godaddy and the dns thing in cloudflare, is that possible?

Alanis Swanepoel avatar
Alanis Swanepoel

Absolutely

Stephen Tan avatar
Stephen Tan

I migrated to Cloudflare some time ago and haven’t looked back. For solutions using automatino of TLS certs - ie LetsEncrypt/Certbot/etc you want a DNS provider with an API so that you can automate TLS management!

2022-09-22

mike avatar

anyone know of a channel that has folks talking in it?

Joe Niland avatar
Joe Niland

I would try hangops for that style of Slack

2022-09-23

2022-09-25

Aritra Banerjee avatar
Aritra Banerjee

Hi,

I am facing an issue with regex for a nginx rewrite. The bane of my existence has been regex which I don’t seem to understand much.

So the problem I am facing is that I have to implement a solution where based on url segments, a rewrite will happen. So suppose

Ex- a/b/ab-xy-qr should redirect a/b/abc/xyz should NOT redirect a/b/abc/xyz/pqr should NOT redirect

Not able to solve this and my trusty google fu is failing me now. Any help will be appreciated

Warren Parad avatar
Warren Parad

let’s start by having you share what you already tried and why it didn’t work. We can go from there

Aritra Banerjee avatar
Aritra Banerjee
rewrite ^/a/b/(\d+)-([^/]+) <https://a.com/leadership#$1>;
rewrite ^/a/b/([a-zA-Z0-9\-\_]+)/$ <https://a.com/leadership#$1>;

this throws 404

Warren Parad avatar
Warren Parad

But what’s the url that doesn’t match?

Aritra Banerjee avatar
Aritra Banerjee

https://a.com/about-us/leader/y - something like this

Warren Parad avatar
Warren Parad

and which regex is that supposed to match?

Aritra Banerjee avatar
Aritra Banerjee

I tried both but didn’t work

Warren Parad avatar
Warren Parad

Of course not, which regex do you think it will watch and why, neither of those work for this url right now, do you see why?

idan926 avatar
idan926

I’m looking for feedback - we’re thinking about whether we should keep working on this project.

We built a CLI tool to help prevent misconfigurations in CI/CD pipelines and reduce issues in production. It supports GitHub Actions and GitLab Pipelines, comes with built-in rules and supports custom rules. I would appreciate any feedback, and thoughts about that. https://github.com/allero-io/allero

allero-io/allero

By scanning CI/CD misconfigurations, Allero helps reduce production issues, harden your security posture and shift-left CI/CD from DevOps to developers.

Warren Parad avatar
Warren Parad

Depends on the point of the project, what’s your goal with it?

allero-io/allero

By scanning CI/CD misconfigurations, Allero helps reduce production issues, harden your security posture and shift-left CI/CD from DevOps to developers.

idan926 avatar
idan926

We want to make something people need. We will also provide a SaaS offering. But the open source will stay free and open source.

Warren Parad avatar
Warren Parad

“we want to provide something people need” your open source already achieves that doesn’t it? It may not be remotely helpful for your SaaS but that’s not entirely relevant for you, right?

idan926 avatar
idan926

We’re trying to understand if this open source is something people really need, if not we will be killing it. Have you checked it out? Do you think it can be handy for people like you?

Warren Parad avatar
Warren Parad

I honestly didn’t click on the link, it didn’t sound remotely interesting. “Rules for gitlab?” I don’t know what that means, but it doesn’t sound a problem we are having. That link text could better speak to the value it provides

2022-09-26

2022-09-27

Aritra Banerjee avatar
Aritra Banerjee

Hi,

Does enabling DNSSEC on godaddy for a domain cause any downtime.

harold avatar

Hi, enabling shouldn’t, only disabling can be cause of downtime

Aritra Banerjee avatar
Aritra Banerjee

okay, can you please make an educated guess about how much downtime it can cause

harold avatar

Downtime depends on your DNS caching TTL value. The cause of downtime is cached DNS records which contains DNSSEC value too

2022-09-28

Gerald avatar

Great piece on Terraform testing strategies https://snyk.io/blog/testing-effectively-in-terraform/

Testing effectively in Terraform | Snykattachment image

Terraform is an infrastructure as code (IaC) solution that enables DevOps teams to deploy on-premise or public cloud infrastructure components. Today, we’ll discuss some common strategies for testing effectively in Terraform.

2022-09-30

Aritra Banerjee avatar
Aritra Banerjee

Hi everyone, I am looking into implementing yubikey for our it infrastructure, can someone point me to some guides or something on how to implement hardware 2fa for application access. Like we are already using gravitational teleport for our server access and adding 2fa to it is easy. I just want 2fa to be used to login to our dev sites without making any changes to the application layer itself. Also RBAC is a must

Warren Parad avatar
Warren Parad

I think easiest way to achieve that is going to pull in an identity provider since some a lot of those come with federated access that support 2FA with yubikey.

I assume you are already using one for your apps, is that correct?

Aritra Banerjee avatar
Aritra Banerjee

No 2fa at the moment for any of our sites. We use gravitational teleport for server access and that’s it

Alanis Swanepoel avatar
Alanis Swanepoel

Are you using the paid gravitational teleport, or the free version?

Alanis Swanepoel avatar
Alanis Swanepoel

youi would still need to implement the ability for an idp to auth against your sites - the easiest might be to have someone like auth0 (now part of the okta group) handle that for you

Alanis Swanepoel avatar
Alanis Swanepoel

then, you could for your dev sites, limit the auth to only use teleport as the authprovider - but i believe that would require using the paid version of teleport

Aritra Banerjee avatar
Aritra Banerjee

hi, the free version. Currenly looking at authelia to implement this, not an issue someone has to login twice

Warren Parad avatar
Warren Parad

Are you using a cloud?

Aritra Banerjee avatar
Aritra Banerjee

yes, exclusively hosted on AWS

Warren Parad avatar
Warren Parad

you can throw an ALB in front of applications you don’t own and use Cognito login to get the federated SSO experience. If your SSO has 2FA you’ve just automatically enabled that for your apps without needing to touch them.

Aritra Banerjee avatar
Aritra Banerjee

ok but is Cognito good, from what I heard cognito is not good

Warren Parad avatar
Warren Parad

If it is for internal usage it shouldn’t be a problem

Warren Parad avatar
Warren Parad

Where are your internal users stored, do you already have an IdP?

Aritra Banerjee avatar
Aritra Banerjee

We use google workspace mainly

Aritra Banerjee avatar
Aritra Banerjee

But I wouldn’t term it as internal users only but the whole org

Warren Parad avatar
Warren Parad

How do you plan on restricting which users should be allowed to access these resources?

Aritra Banerjee avatar
Aritra Banerjee

My plan was to create a group in workspace with all the developers

Warren Parad avatar
Warren Parad

I don’t think that is going to work

Warren Parad avatar
Warren Parad

your best bet is to use cognito with the google workspace federated and create a cognito group

Warren Parad avatar
Warren Parad

the much much easier solution is to make a change to the application

Warren Parad avatar
Warren Parad

but if you don’t own it than its not possible

Aritra Banerjee avatar
Aritra Banerjee

Yeah best case will be to avoid making any changes in the application. Convincing the PMs will take six months

Warren Parad avatar
Warren Parad

should be easy if you throw in an authorization framework, we help clients do that all the time, most get it done in a week and it’s scalable. But I understand if that isn’t the direction you want to. In the end it is much more maintainable, and avoids needing to use cognito. But I think that’s the only other option full in on cognito or potentially the “right way”

Aritra Banerjee avatar
Aritra Banerjee

pardon me but what’s and authorization framework

Warren Parad avatar
Warren Parad

so like a provider that offers user/group management, along with access controls for the application in question. So like google workspace or even cognito only really focus on the user identity, and while you can use cognito groups for some things, it isn’t usually the best approach. Maybe I’ll share this for more context: https://authress.io/knowledge-base/authn-vs-authz

To authenticate or to authorize - what is the difference?attachment image

Authentication vs authorization - which one is which? Even experienced software developers confuse the two. Let’s make it crystal clear once and for all - what is the difference and why it matters.

Aritra Banerjee avatar
Aritra Banerjee

ok will read this thank you

Warren Parad avatar
Warren Parad

I’m happy to answer any questions about it. And honestly, we usually chat directly with the development teams in question to help them get something implemented.

    keyboard_arrow_up