ZuriHac 2025 ZuriHac is a free annual Haskell event brought to you by «Zürich Friends of Haskell»

ZuriHac project list. We're hacking on dataframes in Europe this June

zfoh.ch/zurihac2025/...

Whoa am I bleeding out of my butt!? Nope, turns out if you eat half a red velvet cake it does a thing to your poops 🫠

20 cores and 256gb of ecc ram for 300$ 🥵

Lord give me the strength to not buy a janky dual Xeon workstation from the early 2010s off eBay

Ah yes, so my goal is to harden a developer workstation so I guess I should have asked about the application default credentials instead 🤷. I've seen work around moving service account creds off disk so figured that might be easier to achieve

If this is the only factor for auth that is fine by me. So its not really about MFA.

Kind of. I want hardware bound credentials so that my cloud credentials can't be stolen and used elsewhere. I also want to authorize access to those credentials using something like touching my Yubikey. Something that a background process on my machine can't do.

Oh interesting does that simplify the set up in some ways? Maybe I should go read the SPIFFE docs on that. How is authorization to the TPM controlled? I guess I like the idea of authorizing by touching a security key so that some background process can't access those creds

Yeah, the FIDO authenticator support for SSH keys is so easy to set up (e.g cmp0st.dev/posts/yubike...) it would be awesome if cloud providers made it just as easy to keep credentials off disk

I'm thinking more hardware security key like Yubikey, Nitrokey etc

GitHub - salrashid123/cloud_auth_tpm: Trusted Platform Module based python auth library for cloud providers Trusted Platform Module based python auth library for cloud providers - salrashid123/cloud_auth_tpm

The proof-of-concept for TPM based ones here github.com/salrashid123... is really cool. Would be awesome if these were supported out of the box by `gcloud` and less of a pain to set up

Does anyone know if GCP supports FIDO authenticator backed service account credentials similar to man.openbsd.org/ssh-keygen#F...?

Playing around with mobile development (Flutter) this holiday. Dang I see why folks talk about needing more than 8GiB of memory now 🥲 Golang backend development would never do me like this

...regardless of whether or not it's broken 😁

Microscopic view of small intestine section

Microscopic view of ant legs

Microscopes are soooo cool no matter the age. Best early Christmas gift 😍

I did not know!

Yeah can confirm but don't have a screen shot. In a sad twist of events a pentester even reported this to us 🙃 I forget which scanner they used though

Thanks so much for all your hard work ❤️❤️

Using your hardware security key for `git` the un-crappy way:

Hello world!