TIL: if you want a spring-boot cli app that uses an Oauth2 client, spring-boot will *not* autoconfigure it for you. autoconf is conditional on @EnableWebSecurity (depends on javax.servlet.Filter on cp) and thus the whole thing being a webapp.
package org.springframework.boot.autoconfigure.security.oauth2.client.servlet contains handy bean configs to copy over tho. #springboot #oauth2 #til
TIL: https://docs.aws.amazon.com/security/ (via CyberWeekly newsletter)
"endopint" #typooftheday
#sumologic api:
```
"errors":[{"code":"moved","message":"The requested resource SHOULD be accessed through returned URI in Location Header."
```
but did not send any location header... 🤦♂️
this happened after rebuilding a docker image:
`/loadjar.sh: line 3: /usr/bin/java: No such file or directory`
I didn't change the base image. the path just changed arbitrarily. wtf.
#til: `tac` is the reverse of `cat`.
both literally and functionally.
we just broke atlassian bamboo builds with emojis in commit messages.
TIL this is a thing: https://monitor.firefox.com/
TIL: tls server offers different subsets of ciphers among those configured depending on key type (rsa/ecdsa)
I just delivered a sql injection to a graphql endpoint* and my mind is quite blown atm 🤯
(*on a pentesterlabs exercise, not a real service!)
0xf00
boosted
Facebook Messenger still scans all messages, even with end-to-end encryption. Scanning is done locally on the device before text messages are sent and after received messages are decrypted.
Facebook privacy lol
#til: mysql driver has an option to create the db upon connection if doesn't exist already (as long as the user connecting has CREATE permissions), e.g.:
`jdbc:mysql://localhost:3306/someschema?createDatabaseIfNotExist=true`
0xf00
boosted
My colleague Kief Morris is curating the website "Infrastructure as Code", modeled after his book by the same name: https://infrastructure-as-code.com/
Also, he just made the source of the site, including all the useful information open source, so people can submit PRs and suggestions for improving the material: https://github.com/kief/infrastructure-as-code.com
I find it incredibly valuable, especially as a reference material. Have a read, improve it, let's all benefit from the aggregated knowledge!
I wonder if it's easy to write a fargate backend for garden now...
only after going through the pain of setting up a concourse cluster in fargate I realise that actually, it could never work as concourse needs privileged mode and fargate doesn't allow it 😭
"with great security comes great usability" -- security spiderman's uncle
quantum typing: when the waveform of your typing skill collapses when observed by your pair
I just rolled out my own test framework for infra tests in bash and it took 5 minutes and I have working tests and I'm not ashamed
0xf00
boosted
me: DevOps is good for your organization, your delivery and your culture
enterprise: We already do DevOps!
me: Oh cool, show me!
enterprise:
