SELinux (Security-Enhanced Linux) is weird. It comes bundled with Amazon Linux and CentOS Linux but is in
Disabled mode by default. You can check using the getenforce command like this: [ec2-user@ip-172-31-26-55] ~]$ getenforce
You can also run SELinux in
Permissive mode which just means that it logs to /var/log/audit/audit.log the things that it would block if it were in Enforcing mode.
Switching SELinux to
Enforcing mode in production is not something you should do lightly. It can cause things to break in mysterious ways. Continue reading Switching SELinux to enforcing mode in production
At SWM we use Nginx’s built-in caching module to help serve our content. We run a flexible Content API which powers our apps, webpages, RSS feeds, AMP articles and even a bot which is available through Facebook Messenger.
Continue reading Caching with ngx_http_proxy_module
Crypto anchoring using HSM (Hardware Security Module) to protect against offline attacks.
“How do we turn an offline attack into an online attack?”
Extreme defense in depth!
Exfiltration Resistant Infrastructure, Square – Security @ Scale 2014
How to stop systemd starting codedeploy-agent automatically when system boots (EC2 instance running CentOS 7 Linux)
rm -fv /etc/init.d/codedeploy-agent
rm -fv /etc/cron.d/codedeploy-agent-update
systemctl disable codedeploy-agent
Also while you are there fix the permissions bits like so:
chmod 0644 /usr/lib/systemd/system/codedeploy-agent.service
In this video from 2009 a
t about the 47th minute Taleb talks about two tier system then also about insurance.
My first Riemann config file.
Bit of a complicated one actually. The main goal was to be able to see custom metrics like internal counters and gauges in Amazon CloudWatch.
Multi-account made it tricky and so did batching of requests to save money.
Publishing metric data to Amazon CloudWatch from Riemann
Recent outages for major services
iCloud, Cloudflare, Slack, Google Cloud, Facebook, Instagram, Stripe
Launching a Clojure Socket REPL inside Spring Boot
pom.xml for Maven: <dependency>
At the top of your
App.java file: import clojure.java.api.Clojure;
Then just after
app.run() in your main method add the following: // Load Clojure to trigger starting of socket REPL server
IFn plus = Clojure.var("clojure.core", "+");
System.out.println("Clojure loaded! 1 + 2 = " + plus.invoke(1, 2).toString());
Thanks to the helpful folks in this forum thread:
You can then
nc localhost 5555 and mess around like so: (def ctx (com.example.commons.ApplicationContextProvider/getApplicationContext))
(def service (.getBean ctx com.example.service.impl.SmsService))
(.sendMessage service "61400000000" "hello from repl")
(def ds (.getBean ctx "dataSource"))
Just read his eloquent, well considered and patient replies in this thread: