Those can be used? That could be a way around this then, thanks -- I'll investigate (just going on @badsectoracula's comment that phone or key is required, possibly I misinterpreted that).
Still something of a PITA though (and not really a second factor).
To be honest, the first Andor episode is really slow and I also almost dropped it right there, but the rest of the show is actually quite good (so far).
For those who are implementing these security guidelines: how do you ensure they have been correctly implemented?
Do you have any kind of static check program that can check beforehand that you are going to deploy a hardened kubernetes cluster? Do you have a "live" checker that can verify the actual configuration of a running cluster? Does it run all the time oronce in a while?
Also , if you have an automated way of verifying your configuration, which program do you use?
I only know about Chef's Inspec and the CIS profiles that are available online, but the experience wasn't extraordinary and I was wondering what is used in the wild?
So there are various commercial systems that fall under CSPM (or KSPM sometimes) that are designed to assess compliance with different standards.
My purely personal opinion on this is that it's difficult to do well as even with compliance standards automating assessment isn't always possible
For example the CIS benchmark for k8s can't say "Never use cluster-admin" as there are some legitimate use cases, so instead it says "minimize the use of cluster-admin" which can't be fully automated as a check.
To do it well, a company should come up with their own spin on applicable standards, automate where possible (either with 3rd party or internal tooling) and then manually review the things that can't be automated on a periodic bassis (either with internal resource, or consultants)
A lot of these things can't be meaningfully statically checked. It has to be done by a working policy apparatus. If your org can't adopt, implement, and adhere to policy then there's no amount of standards documents in the world that will help you much.
There's no way in the world to statically and automatically check if your org regularly reviews configurations, responds correctly to monitoring alerts, ensures your developers adhere to least privilege principles, and so on. It has to be policy.
The people that define the standards don't implement them. The people that implement them don't validate them. Government systems don't typically have any kind of system that periodically checks system configuration, though the systems might get reviewed every few years.
I'm implementing it right now actually and it's a combination of automated tools and someone third party actually going through and verifying all the controls.
I heard a lot about design systems the past few months, would one of you have a recommendation for a good read that would explain the challenges and/or the process to create such a system?
I also discovered K6 a few days ago, it looked quite nice and could be a good replacement for our Gatling tests.
We were initially looking for something slightly different though: we were interested to have perhaps less tests, but tests that would run much much more often (like every seconds or couple of seconds), in a continuous manner. Tue goal was to have something at the same time like a healtcheck (is it still working), like a performance test (does it answer in a timely manner) and like a validation test (does it answer the right result - the endpoints we wanted to test do "complex calculations").
Our best answer so far was to wrap K6 in an infinite loop, but I wonder if there could be something smarter.
I might be missing something, but k6 should be able to completely cover all of your use cases? I am one of the k6 developers, can you share exactly what the missing piece was?
> tests that would run much much more often (like every seconds or couple of seconds), in a continuous manner.
You can do that, just use an arrival-rate executor that runs an iteration every second, with a test duration of 365 days or something like that :) See https://k6.io/docs/using-k6/scenarios/arrival-rate
> Tue goal was to have something at the same time like a healtcheck (is it still working), like a performance test (does it answer in a timely manner) and like a validation test (does it answer the right result - the endpoints we wanted to test do "complex calculations"). Our best answer so far was to wrap K6 in an infinite loop, but I wonder if there could be something smarter.
You can certainly wrap k6 in an infinite loop. Nothing wrong with that, though you can probably use the `scenarios` feature (with long `duration` values) to achieve it without wrapping k6: https://k6.io/docs/using-k6/scenarios
I think this was the promise of Docker's InfraKit [1] (now DeployKit), to have your infrastructure constantly monitored and adjusted depending on the configuration you pushed into it.
Sadly it didn't go anywhere and it's now archived.
It really depends on how what your workload is though.
We have been running between 100 and 200 Jobs in Nomad, with the quantity of clients doubling then shrinking every day using 3 × t3.micro for the servers since years.
We have yet to see our Nomad usage increase enough to get rid of these machines.
I was cycling in Japan for about 2 weeks, just a few weeks ago. I was also impressed in most places by how clean it was, not only in the cities, but more generally speaking about everywhere.
At some point though, I was cycling along the coast of Mie then Wakayama prefectures, and although the scenery and roads were clean, I had a glance just behind the ramp walk, and realized that behind the trees, in the bush next to the road were hundreds of garbage bags, litter of all sort, really anything, just lying below. There was such a contrast from what my eyes were seeing until, I was shocked.
In another town several kilometres after (I forgot which place exactly, must have been while cycling up towards Wakayama city), I passed next to a big commercial area on my right. On my left there was a small patch of forest then the sea and again, that forest contained many many plastic bags, full but neatly tied up, every couple of meters or so, for several hundreds of meters.
I originally thought the first thrashes I saw along the road in the country side where "mistakes", like things flying off the window or pushed by the wind from another place (although there was a lot of garbage anyway). But when I saw these tied up plastic bags, they weren't there by chance, really people throw these bags away on the forest right here. That made me a bit sad, especially since it broke the original image I got.
(And I haven't spoke about the beaches and seafront all along that peninsula; I wouldn't walk bare foot there).
Then I came home in Switzerland, looked up the small water stream close to my place, and realized it wasn't as neat as one can see at first glance... So I should probably start with that before criticising other countries sigh
This [1] is more of less what I did. There wasn't much of any dedicated cycling lanes (such as the Shimanami Kaido road) anywhere I went, so sometimes the traffic was not so cool.
The parts in and out of the Alps, and in Mie prefecture (despite the off-road garbage ;) were the best to me: no so much traffic, few people, and the scenery was quite cool. My time was short and there were several places I wanted to connect, so YMMV.
I did 6 times but weather was a bit crap and many places were already closed (and I really needed that shower at the end of the day :p). On the other end, I was practically alone most of the time (I shared a barbecue under a tarp under the rain with a Japanese guy on my last camping day) and most of the camp sites were just by the sea, which was pretty cool.
