#random (2022-09)
Non-work banter and water cooler conversation
A place for non-work-related flimflam, faffing, hodge-podge or jibber-jabber you’d prefer to keep out of more focused work-related channels.
Archive: https://archive.sweetops.com/random/
2022-09-07
Hi all,
## Helping others, especially women, is a privilege ##
Check out my posts in LinkedIn & Twitter about how joining one community has allowed me to get the opportunity to reach women in Africa and help them find their first role in the hi-tech industry. The event is THIS Friday and OPEN FOR ALL TO JOIN, so feel free to pass that along to whoever will find it useful.
2022-09-09
2022-09-17
Hi Everyone,
Does anyone have any tips for transferring domain and cpanel from hostmonster to GoDaddy. Any particular points I need to remember. We are also transferring domain control from hostmonster to Godaddy for dnssec setup
2022-09-18
Personally, I would steer clear of godaddy, they are heavily oversubscribed on their hosting solutions. As for the dns setup- backup all your records, and ensure they exist on godaddy before you do your domain transfer. As an alternative- look at doing your dns through Cloudflare perhaps?
+1 I use CloudFlare as well.
Can I host the cpanel thing in godaddy and the dns thing in cloudflare, is that possible?
Absolutely
I migrated to Cloudflare some time ago and haven’t looked back. For solutions using automatino of TLS certs - ie LetsEncrypt/Certbot/etc you want a DNS provider with an API so that you can automate TLS management!
2022-09-22
anyone know of a channel that has folks talking in it?
I would try hangops for that style of Slack
2022-09-23
2022-09-25
Hi,
I am facing an issue with regex for a nginx rewrite. The bane of my existence has been regex which I don’t seem to understand much.
So the problem I am facing is that I have to implement a solution where based on url segments, a rewrite will happen. So suppose
Ex- a/b/ab-xy-qr should redirect a/b/abc/xyz should NOT redirect a/b/abc/xyz/pqr should NOT redirect
Not able to solve this and my trusty google fu is failing me now. Any help will be appreciated
let’s start by having you share what you already tried and why it didn’t work. We can go from there
rewrite ^/a/b/(\d+)-([^/]+) <https://a.com/leadership#$1>;
rewrite ^/a/b/([a-zA-Z0-9\-\_]+)/$ <https://a.com/leadership#$1>;
this throws 404
But what’s the url that doesn’t match?
https://a.com/about-us/leader/y - something like this
and which regex is that supposed to match?
I tried both but didn’t work
Of course not, which regex do you think it will watch and why, neither of those work for this url right now, do you see why?
I’m looking for feedback - we’re thinking about whether we should keep working on this project.
We built a CLI tool to help prevent misconfigurations in CI/CD pipelines and reduce issues in production. It supports GitHub Actions and GitLab Pipelines, comes with built-in rules and supports custom rules. I would appreciate any feedback, and thoughts about that. https://github.com/allero-io/allero
Depends on the point of the project, what’s your goal with it?
We want to make something people need. We will also provide a SaaS offering. But the open source will stay free and open source.
“we want to provide something people need” your open source already achieves that doesn’t it? It may not be remotely helpful for your SaaS but that’s not entirely relevant for you, right?
We’re trying to understand if this open source is something people really need, if not we will be killing it. Have you checked it out? Do you think it can be handy for people like you?
I honestly didn’t click on the link, it didn’t sound remotely interesting. “Rules for gitlab?” I don’t know what that means, but it doesn’t sound a problem we are having. That link text could better speak to the value it provides
2022-09-26
2022-09-27
Hi,
Does enabling DNSSEC on godaddy for a domain cause any downtime.
Hi, enabling shouldn’t, only disabling can be cause of downtime
okay, can you please make an educated guess about how much downtime it can cause
Downtime depends on your DNS caching TTL value. The cause of downtime is cached DNS records which contains DNSSEC value too
2022-09-28
Great piece on Terraform testing strategies https://snyk.io/blog/testing-effectively-in-terraform/
2022-09-30
Hi everyone, I am looking into implementing yubikey for our it infrastructure, can someone point me to some guides or something on how to implement hardware 2fa for application access. Like we are already using gravitational teleport for our server access and adding 2fa to it is easy. I just want 2fa to be used to login to our dev sites without making any changes to the application layer itself. Also RBAC is a must
I think easiest way to achieve that is going to pull in an identity provider since some a lot of those come with federated access that support 2FA with yubikey.
I assume you are already using one for your apps, is that correct?
No 2fa at the moment for any of our sites. We use gravitational teleport for server access and that’s it
Are you using the paid gravitational teleport, or the free version?
youi would still need to implement the ability for an idp to auth against your sites - the easiest might be to have someone like auth0 (now part of the okta group) handle that for you
then, you could for your dev sites, limit the auth to only use teleport as the authprovider - but i believe that would require using the paid version of teleport
hi, the free version. Currenly looking at authelia to implement this, not an issue someone has to login twice
Are you using a cloud?
yes, exclusively hosted on AWS
you can throw an ALB in front of applications you don’t own and use Cognito login to get the federated SSO experience. If your SSO has 2FA you’ve just automatically enabled that for your apps without needing to touch them.
ok but is Cognito good, from what I heard cognito is not good
If it is for internal usage it shouldn’t be a problem
Where are your internal users stored, do you already have an IdP?
We use google workspace mainly
But I wouldn’t term it as internal users only but the whole org
How do you plan on restricting which users should be allowed to access these resources?
My plan was to create a group in workspace with all the developers
I don’t think that is going to work
your best bet is to use cognito with the google workspace federated and create a cognito group
the much much easier solution is to make a change to the application
but if you don’t own it than its not possible
Yeah best case will be to avoid making any changes in the application. Convincing the PMs will take six months
should be easy if you throw in an authorization framework, we help clients do that all the time, most get it done in a week and it’s scalable. But I understand if that isn’t the direction you want to. In the end it is much more maintainable, and avoids needing to use cognito. But I think that’s the only other option full in on cognito or potentially the “right way”
pardon me but what’s and authorization framework
so like a provider that offers user/group management, along with access controls for the application in question. So like google workspace or even cognito only really focus on the user identity, and while you can use cognito groups for some things, it isn’t usually the best approach. Maybe I’ll share this for more context: https://authress.io/knowledge-base/authn-vs-authz
ok will read this thank you
I’m happy to answer any questions about it. And honestly, we usually chat directly with the development teams in question to help them get something implemented.