Grok3 is here and it’s amazing. I used it to recreate a favorite game of mine from the 1980s, “Paratrooper”. You can play it at the bottom of the post, the controls are as follows: Left arrow key: Move left Right arrow key: Move right “z” key: shoot “r” key: restart Yes, the game is a little rough around the edges, but it’s still fun to play and the whole experience took around three minutes. ...
In a previous post I wrote about how to set Cloudflare HTTP headers using Cloudflare Workers. In this post, I’ll show you how to do the same thing using Hugo. Thanks to Grok, I learned a nifty trick for setting Cloudflare HTTP headers in Hugo. Instead of using Cloudflare Workers, you can use Hugo’s built-in support for setting HTTP headers. To do so, create the file static/_headers with your header content following Cloudflare’s format. As an example, here’s the content of this site’s static/_headers file: ...
After 13 years, I deleted my Evernote account. I wish them well in rebuilding their business, because the company I work for is treading similar ground. It’s funny because I think our companies suffered from the same decline: market creation, overlong self-congratulation, lag in response to competition pivoting to novel and compelling features. The difference between Evernote and the company I work for is they seem keen to raise prices on existing consumers instead of chasing growth with a lower barrier to entry. I’m not sure how well that’s going to work for them, but I’ll be cheering them on from the sidelines. ...
BLUF Competing priorities, cost-consciousness, and lower-hanging security fruit were the reasons penetration didn’t make it into my AOP this year. I’m not in a highly regulated environment, though, so if regular penetration testing is a requirement, then your options are limited, but here are some things to consider. Analysis Each offensive security consultancy and penetration tester has their own methodlogy. Penetration testing isn’t guaranteed to find your most prevalent vulnerability, nor your most difficult, movie-plot security threat. It should, more often than not, find your lowest hanging fruit. Nothing in life is guaranteed so you may find you spent five figures to learn that those critical vulnerabilities your vuln scanner has complained about for weeks are, in fact, critical vulnerabilities that attackers will abuse to gain access to your data. ...
CVE-2024-3094 highlights the strengths and weaknesses of Open Source.
Life’s busy. Also, it’s hard. Software that breaks compatibility or predictability makes life harder. Returning to a project after years off requires re-orientation of architecture and tooling. Although difficult, it’s a fair assumption to make that one should need to re-orient on an architecture: understanding where everything goes is natrual. The tooling, on the other hand, should remain stable. Familiar. Predictable. Imagine moving out of your childhood room to attend university or join the military. You’re gone for several years, and return one night, exhausted. You open the door and begin to search for your bed. As your fingers find the lightswitch and turn it on, instead of light you’re greeted with an error sound. Frustrated, you walk to where your bed ought to be. ...
I describe how Pillars, Pipelines, and Vaults is the best Life Management system I’ve found
Add MFA to sudo and gnome in Fedora using a Yubikey and authselect
RMS, Dan Kaminsky, FLoCS, Fedora
This post covers using AWS Config as a starting point to find public s3 buckets in your organization.