Derek Tamsen

The Future of Ops Is Platform Engineering honeycomb.io/blog/future-op… via @honeycombio by @mipsytipsy

Overturning Roe v. Wade and denying women the right to control their own bodies is an outrage and in defiance of what the American people want. Democrats must now end the filibuster in the Senate, codify Roe v. Wade, and once again make abortion legal and safe.

@kelp Was it a cold shower?

One of the things I really love is to write technical blog posts. so here is a NEW one - my AWS RDS Vulnerability blog.lightspin.io/aws-rds-critic… #AWS #cloudsecurity #Lightspin

@ircri Was using kind.sigs.k8s.io. It allowed us to run apps locally using existing k8s manifests. It's still containers which got a bit cpu & mem heavy. Now using components from telepresence.io. Eng have on demand remote environment and use it locally

What's the modern way to configure and manage laptop development environments in an organization? It can't just be "docker", right? There's always more to it than just running containers. There's credential config, git setup, local disk <> container sync, etc. What do you use?

Here is the entirety of Cory Booker’s speech about Ketanji Brown Jackson and the history she is making. Watch it. EnJOY it. Share it.

@zeeg If you are looking for an internal blog, this looks interesting planetscale.com/blog/introduci…

Because we don't have an internal blog, I decided to publish a memo I sent to Sentry employees a couple of weeks ago on my own blog, so that I can link to it in another internal memo. Maybe I'll have to publish that too?

Triggering the infinite loop in BN_mod_sqrt() is surprisingly easy to do! :D Here's an explanation of how this vulnerability works, and the first step for a full PoC of CVE-2022-0778: github.com/drago-96/CVE-2…

We've got a product designer role open for someone who loves data visualizations, complexity, and moving at lightning speed. #sentry #torontotech #productdesign #data #apm sentry.io/careers/330913…

New files are being signed with the stolen #NVIDIA certificate. #Lapsus You can search for the files signed with the stolen cert using the below query in #MDE: DeviceFileCertificateInfo | where CertificateSerialNumber == "43BB437D609866286DD839E1D00309F5" #ThreatHunting #dfir

@bascule I recently found out this was a thing from a video Tom Scott did on the subject. The British wanted to create an underground gas storage chamber with a nuclear blast in Yorkshire in 1969 youtu.be/ceWZslOfEjs. This is all kinds of bad.

"The Rulison Test should prove the plowshare contention that there are two good reasons to favor nuclear over conventional explosives: economy and efficiency"

Of all of the nuclear shit that went wrong where I grew up, this has to be the most fucked up: nuclear fracking. It worked in terms of liberating natural gas/methane, but there was a small problem: the resulting liberated gas was radioactive. youtube.com/watch?v=yXQhfZ…

@bascule That's insane. I know it was not strictly for energy production but Hanford has some 53m gallons of liquid nuclear waste in leaking containment vessels. Plus ground water contaminated with technetium

Last night I had to deal with the decommissioned San Onofre nuclear plant's Twitter account trying to explain nuclear waste doesn't work like "The Simpsons" and is solid not liquid *after* highlighting an incident involving liquid nuclear waste twitter.com/bascule/status…

Russian troops are shelling a nuclear power plant and I'm being gaslighted by nuclear power zealots who insist only 30 people died from the Chernobyl disaster and that means nuclear power is totally safe and definitely doesn't have a problematic past

"Platform Engineering" is rapidly becoming the new DevOps or SRE. Almost every day we hear about another org building an internal developer platform or control plane. Want to know what platform engineering is, where the trends are going, and why you should care? Read on 🧵👇

“Once you deploy, you aren’t testing code anymore, you’re testing systems — complex systems made up of users, code, environment, infrastructure, and a point in time.” @mipsytipsy is so fine. increment.com/testing/i-test…

The model of computing implemented by Active Directory isn't the problem, they said. Use Kerberos with it instead of NTLM, they said. We're in an era where self-managed home computers can be more secure than corporate ones because of how easy AD makes arbitrary lateral movement.

Exactly this: "Everyone seems to have missed the bit about devices" I remember digging into how the commercial solutions did strong device identity, correlated to procurement inventory, and frequent device identity+state attestation ... they just flat-out didn't do any of that.

The federal government just dropped a 29-pg memo laying out its "transition to a zero trust approach" A few surprises: ✴️ there's more in it than just zero-trust ✴️ it goes beyond what most orgs do today I read the whole thing so you don't have to... bastionzero.com/blog/i-read-th…

Carl Sagan pretty much nailed the current zeitgeist with this passage from his 1995 book “The Demon-Haunted World”

ICYMI 📣 We wrote about building with microservices and the three main patterns we’ve seen for handling authorization data: 1. Leave the data where it is 2. Use a gateway to attach the data to all requests 3. Centralize authorization data into one place osohq.com/post/microserv…