stupid docker tricks #239192

 cats, hack, security, virtual  Comments Off on stupid docker tricks #239192
Feb 022016
 
stupid docker tricks #239192

1) Limit max processes on container; unfortunately docker seems intent on me not doing docker stupid tricks, so this is actually a bit of a pain on some systems… but if you figure out/etc/security/limits.conf, or can use prlimit (or write your own; use RLIMIT_NPROC instead of RLIMIT_NOFILE), you can do “prlimit –pid 666 –nproc=3:3” to limit the processes on the system to a very small number. Say… only what you’re running inside […]

<3 Policy

 art, audit, dinosaur, philosophy, security, tech, work  Comments Off on <3 Policy
Dec 082014
 
<3 Policy

Security Policies Let us praise, slay, and bury security policies together. A security policy is perhaps the best way to deal with the security monster. It concerns itself with business and organizational issues, and is designed to assist the organization succeed in spite of human nature. I sometimes not-so-glibly say that a security policy is simply an expression of your desire. What do you want to see within your organization […]

certificates and security

 crypto, philosophy, security, tech, web  Comments Off on certificates and security
Aug 052014
 
certificates and security

npm is the defacto package manager for the node.js javascript network programming environment thingee. The folks who make npm have taken a security leap: npm no longer supports its self-signed certificates Ah, they build the bastions of light and goodness, protecting us from the sins of the masses by standing tall. So… how do you install npm, anyway? Ah, yes, you look it up on their site… let’s see… why, […]

ITAR

 audit, code, DARPA, data, fast track, ipmi, python, security, tech  Comments Off on ITAR
Feb 262013
 

Well, not really.  Actually I.tar.gz.  In the gzip’d tar there are 3 files; little IPMI/BMC configuration file sucker, a suggested set of security recommendations that could be checked, and an even smaller program to parse the first program’s output. Because… well, no good reason, actually, one is in python3 and the other in python2. I guess I’m testing your readiness. The programs are pretty heavily commented, especially ipmifreely.py, so […]

In logs we trust

 cars, data, embedded, forensics, government, science, security, tech  Comments Off on In logs we trust
Feb 152013
 
In logs we trust

It’s a mess. The NYT wrote a fairly scathing review of the new Tesla roadster, and Tesla fires back (summary here).  Both sides have – or feel that they have – a lot at stake here.  It would appear that there’s simply no way of telling who is telling the truth, since the system that generates the Tesla data is proprietary and who in the hell knows how it […]

© 2012 trouble Suffusion theme by Sayontan Sinha