Posts by cmp0st
Whoa am I bleeding out of my butt!? Nope, turns out if you eat half a red velvet cake it does a thing to your poops 🫠
20 cores and 256gb of ecc ram for 300$ 🥵
Lord give me the strength to not buy a janky dual Xeon workstation from the early 2010s off eBay
Ah yes, so my goal is to harden a developer workstation so I guess I should have asked about the application default credentials instead 🤷. I've seen work around moving service account creds off disk so figured that might be easier to achieve
If this is the only factor for auth that is fine by me. So its not really about MFA.
Kind of. I want hardware bound credentials so that my cloud credentials can't be stolen and used elsewhere. I also want to authorize access to those credentials using something like touching my Yubikey. Something that a background process on my machine can't do.
Oh interesting does that simplify the set up in some ways? Maybe I should go read the SPIFFE docs on that. How is authorization to the TPM controlled? I guess I like the idea of authorizing by touching a security key so that some background process can't access those creds
Yeah, the FIDO authenticator support for SSH keys is so easy to set up (e.g cmp0st.dev/posts/yubike...) it would be awesome if cloud providers made it just as easy to keep credentials off disk
I'm thinking more hardware security key like Yubikey, Nitrokey etc
The proof-of-concept for TPM based ones here github.com/salrashid123... is really cool. Would be awesome if these were supported out of the box by `gcloud` and less of a pain to set up
Does anyone know if GCP supports FIDO authenticator backed service account credentials similar to man.openbsd.org/ssh-keygen#F...?
Playing around with mobile development (Flutter) this holiday. Dang I see why folks talk about needing more than 8GiB of memory now 🥲 Golang backend development would never do me like this
...regardless of whether or not it's broken 😁
Microscopic view of small intestine section
Microscopic view of ant legs
Microscopes are soooo cool no matter the age. Best early Christmas gift 😍
I did not know!
Yeah can confirm but don't have a screen shot. In a sad twist of events a pentester even reported this to us 🙃 I forget which scanner they used though
Thanks so much for all your hard work ❤️❤️