TIL: if you want a spring-boot cli app that uses an Oauth2 client, spring-boot will *not* autoconfigure it for you. autoconf is conditional on @EnableWebSecurity (depends on javax.servlet.Filter on cp) and thus the whole thing being a webapp.
package org.springframework.boot.autoconfigure.security.oauth2.client.servlet contains handy bean configs to copy over tho.

"errors":[{"code":"moved","message":"The requested resource SHOULD be accessed through returned URI in Location Header."
but did not send any location header... 🤦‍♂️

this happened after rebuilding a docker image:
`/loadjar.sh: line 3: /usr/bin/java: No such file or directory`
I didn't change the base image. the path just changed arbitrarily. wtf.

: `tac` is the reverse of `cat`.
both literally and functionally.

we just broke atlassian bamboo builds with emojis in commit messages.

TIL: tls server offers different subsets of ciphers among those configured depending on key type (rsa/ecdsa)

I just delivered a sql injection to a graphql endpoint* and my mind is quite blown atm 🤯

(*on a pentesterlabs exercise, not a real service!)

0xf00 boosted

Facebook Messenger still scans all messages, even with end-to-end encryption. Scanning is done locally on the device before text messages are sent and after received messages are decrypted.

Facebook privacy lol


: mysql driver has an option to create the db upon connection if doesn't exist already (as long as the user connecting has CREATE permissions), e.g.:

0xf00 boosted

My colleague Kief Morris is curating the website "Infrastructure as Code", modeled after his book by the same name: infrastructure-as-code.com/

Also, he just made the source of the site, including all the useful information open source, so people can submit PRs and suggestions for improving the material: github.com/kief/infrastructure

I find it incredibly valuable, especially as a reference material. Have a read, improve it, let's all benefit from the aggregated knowledge!

I wonder if it's easy to write a fargate backend for garden now...

Show thread

only after going through the pain of setting up a concourse cluster in fargate I realise that actually, it could never work as concourse needs privileged mode and fargate doesn't allow it 😭

"with great security comes great usability" -- security spiderman's uncle

quantum typing: when the waveform of your typing skill collapses when observed by your pair

I just rolled out my own test framework for infra tests in bash and it took 5 minutes and I have working tests and I'm not ashamed

0xf00 boosted

me: DevOps is good for your organization, your delivery and your culture
enterprise: We already do DevOps!
me: Oh cool, show me!

Show more

A Mastodon instance running on ThoughtWorks infrastructure for its employees to interact with the Fediverse.