zigara | 6 years ago | on: Go Creeping In
zigara's comments
zigara | 7 years ago | on: Matrix.org Security Incident
It seems the issue was developers using SSH agent forwarding which was abused to access the production environment.
zigara | 7 years ago | on: Matrix.org Security Incident
The attacker seems to have responded:
https://github.com/matrix-org/matrix.org/issues/357 edit: just saw the rest: https://github.com/matrix-org/matrix.org/issues?utf8=%E2%9C%...
"[SECURITY] SSH Agent Forwarding
I noticed in your blog post that you were talking about doing a postmortem and steps you need to take. As someone who is intimately familiar with your entire infrastructure, I thought I could help you out.
Complete compromise could have been avoided if developers were prohibited from using ForwardAgent yes or not using -A in their SSH commands. The flaws with agent forwarding are well documented."
zigara | 11 years ago | on: Show HN: SeaLion 2 – Linux Server Monitoring, Alerting and Debugging Tool
I'm also a UNIX geek, and I would have to disagree with your opinion.
The design looks solid. I don't know anyone that has troubles scrolling on their laptop these days. I found that quite bizarre to hear. With daily use, you can be nearly as nimble as using a real mouse.
Could you give some suggestions on what you would change? I'm curious how you would display that much data on the screen in a clean manner.
Not trying to argue here, genuinely interested in improving my UI/UX knowledge. Quite useful when building webapps these days.
zigara | 11 years ago | on: Using Docker as a Python Development Environment
Don't get me wrong, I've been using containers for many many years. I run pure LXC on my desktop at home for simple containers. Containers are great in many situations. It's a shame LXC didn't get as much hype as Docker (not sure if Docker is LXC based anymore, but was for quite sometime).
However, you do require Docker (or LXC), and you need proper cgroup support in your kernel if you want true isolation. This is perfectly fine for myself and perhaps a few of my developers running Linux, but it starts to look less appealing in other environments.
Personally, I have to maintain multiple FreeBSD servers and even have a local FreeBSD machine for related purposes. I've also had to develop and maintain python applications for SmartOS (solaris based) machines.
Perhaps one day Docker will support Solaris Zones or FreeBSD jails, who knows. :)
zigara | 11 years ago | on: Using Docker as a Python Development Environment
While they do make sense in certain situations, they also add more complications. On linux, it's much easier, but If I want to run this on windows, or osx, they tell you to run Docker inside of a full VBox VM (and maintain it), this is not ideal as VBox destroys my battery and other annoyances.
You also have to maintain those containers/images (not to mention lug around a 600+mb base OS image and update it). I am not sure how Docker handles keeping images updated, I assume overlayfs makes it easy to keep your base docker OS images updated, but not sure how it'd handle certain package configurations.
zigara | 11 years ago | on: Using Docker as a Python Development Environment
How about you use a simple virtualenv wrapper such as https://pypi.python.org/pypi/vex ?
Then you can easily type 'vex myenv python myapp.py', no need to spin up a linux container for simple development.
page 1
It was useful enough that someone made a standalone package: https://github.com/mmatczuk/go_generics