Git configurations in a code audit
From BSides Boulder 2024, many attempts to figure out who did what, when, where, and why in a git repository (and some lessons learned, too). This is an expanded set of slides and resources since ...
From BSides Boulder 2024, many attempts to figure out who did what, when, where, and why in a git repository (and some lessons learned, too). This is an expanded set of slides and resources since ...
It’s the same actions-runner-controller you know and love (or curse), but with many fewer CVEs to generate compliance paperwork. With a new gig and new tech stack to learn, let’s do something a li...
Last time, we covered the basics of GraphQL to interact with custom fields and other project management properties in GitHub’s project boards. Now that we know how to use it, here’s some patterns,...
Every now and then, there’s a problem that absolutely, positively must be solved with GraphQL - the query language API interface. It takes me a day or two just to remember how to use it every time...
Feedback is a gift. Unsolicited positive feedback to someone’s manager is the quiet gift you never know you received. 🎁 Give this gift freely. 🎁 I have a habit of writing these short “sparkles...
I’m not sure I know what the “real internet” looks like anymore. 🙈 I’ve haven’t seen much in the way of advertising on the internet in perhaps 10 years or so, as I’ve been running a Pi-hole as a n...
bincapz is an open-source utility that enumerates predicted binary capabilities for both compiled and scripting languages (more here). Even before the recent problems with the xz compression libra...
There was a lot to read this weekend about the xz backdoor, how maintainers get burned out, and a great tl;dr response plan. As someone who’s both led a terrifyingly complex software factory and w...
🎉 This is post number 50! 🎉 I read a lot before starting this blog about capital-B Blogging, building an audience/brand/etc., and many writings on writing from writers I admired. There’s a solid ...
Part 1: A gentle intro to container escapes (link) 🔐 Lots of security and sysadmin courses talk about a “container escape”, but what is that really? We’ll go over what a container is, demonstrate ...