mozillazg
LightNews LightNews
mozillazg.bsky.social
mozillazg
@mozillazg.bsky.social
12 followers 96 following 10 posts
https://github.com/mozillazg
github.com
Posts Media Videos Starter Packs
mozillazg.bsky.social
mozillazg @mozillazg.bsky.social · 1d
A kubelet image credential provider for Alibaba Cloud Container Registry(ACR)
github.com/mozillazg/ku...
GitHub - mozillazg/kubelet-credential-provider-acr: A kubelet image credential provider for Alibaba Cloud Container Registry(ACR)
A kubelet image credential provider for Alibaba Cloud Container Registry(ACR) - mozillazg/kubelet-credential-provider-acr
github.com
Reposted by mozillazg
mark.atwood.name
Mark Atwood @mark.atwood.name · 3d
If you are a volunteer maintainer of an open source project, you owe nobody a "responsible disclosure" policy. If enterprises and foundations want you to have one, tell them they can pay you.
1 1
Reposted by mozillazg
tracketpacer.bsky.social
TracketPacer @tracketpacer.bsky.social · 11d
what happens if u cut 4 wires out of an ethernet cable & then plug it into yr PC
16 43 290
Reposted by mozillazg
securitylabs.datadoghq.com
Datadog Security Labs @securitylabs.datadoghq.com · 12d
Our State of Cloud Security 2025 study is out!

www.datadoghq.com/state-of-clo...

• On AWS, 40% of organizations leverage data perimeters
• 11% of Google Cloud GKE and 23% of Google Cloud VMs are overprivileged
• On Azure, 1.3% of storage containers are public, 58% proactively block public access
State of Cloud Security | Datadog
For our 2025 report, we analyzed AWS, Google Cloud, and Azure data from thousands of organizations to understand the latest trends in cloud security posture.
www.datadoghq.com
1 4 8
Reposted by mozillazg
mccune.org.uk
Rory McCune @mccune.org.uk · 14d
Calling all Kubernetes security interested folk. We're planning the next version of the OWASP Kubernetes Top 10, and have a survey to solicit ideas and feedback here docs.google.com/forms/d/e/1F... . Shouldn't take more than a couple of minutes to fill out and all feedback's welcome!
OWASP Kubernetes Top 10 2025 Survey
We're looking to update the OWASP Kubernetes Top 10 and as such want to canvas ideas on what should be included. The goal of the Top 10 is to provide awareness on the most serious risks that Kubernet...
docs.google.com
7 5
Reposted by mozillazg
cyberciti.biz
nixCraft @cyberciti.biz · Aug 31
If you're new to the Unix or Linux command line, I just want you to know:

Me and all my colleagues with years of experience

Still get confused between `ln -s` and `ln` daily.
31 27 300
Reposted by mozillazg
pchaigno.bsky.social
Paul Chaignon @pchaigno.bsky.social · Aug 11
The list of papers accepted at the 3rd #eBPF workshop has been published! conferences.sigcomm.org/sigcomm/2025...
Screenshot of the eBPF workshop program, showing Session 3 ("Time for Better and Safer Programming") and the beginning of Session 4 ("Profiling meets Machine Learning and Privacy").
3 4
Reposted by mozillazg
mlbiam.dev
Marc Boorshtein @mlbiam.dev · Aug 16
Please please please please do not follow this advice. Sealed secrets are a terrible idea. Git is designed to be easily branchesd and not tracked. Secrets management is about tracking secrets and easy rotation. Encrypting data in git isn't more secure then keeping your secrets in etcd.
kubesploit.io Kubesploit @kubesploit.io · Aug 16
Sealed Secrets provides declarative Kubernetes Secret Management in a secure way

Since the Sealed Secrets are encrypted, they can be safely stored in a code repository

https://ku.bz/17NJS0d9k
1 1 5
Reposted by mozillazg
brancz.com
Frederic Branczyk @brancz.com · Aug 16
Ok, I have a rant I have to let go of.

If you generate a change to an open-source project fully with AI, didn't read, review, understand, and questioned it, then at least have the decency to say this on the PR description.

You're stealing people's time by making them review it for you.
3 7 40
mozillazg.bsky.social
mozillazg @mozillazg.bsky.social · Aug 10
MCP Server for Kubernetes Audit Logs
github.com/mozillazg/ku...
GitHub - mozillazg/kube-audit-mcp: MCP Server for Kubernetes Audit Logs
MCP Server for Kubernetes Audit Logs. Contribute to mozillazg/kube-audit-mcp development by creating an account on GitHub.
github.com
Reposted by mozillazg
breakawaybilly.bsky.social
Bill Mulligan 🐝🐝🐝 @breakawaybilly.bsky.social · Jul 10
Next eBPF acquisition in the books, this time for security

www.cyera.com/de/press-rel...
1 4
Reposted by mozillazg
pchaigno.bsky.social
Paul Chaignon @pchaigno.bsky.social · Apr 30
With NSDI'25 coming to an end today, I've updated the list of #eBPF papers to include the three papers published at USENIX NSDI this year! pchaigno.github.io/bpf/2025/01/...
Screenshot of the top of the list, showing the interactive selectors and the three eBPF papers published at NSDI'25.
2 2
Reposted by mozillazg
tmpout.sh
tmp0ut @tmpout.sh · Mar 21
Would you look at that, it's tmp.0ut Volume 4! Happy Friday, hope you enjoy this latest issue!

tmpout.sh/4/
table of contents for tmp.0ut volume 4
2 66 130
Reposted by mozillazg
pchaigno.bsky.social
Paul Chaignon @pchaigno.bsky.social · Feb 11
I've added talk recordings to my list of eBPF papers, when available. That's 33 videos of ~20min discussing various aspects and use cases of #eBPF!
pchaigno.github.io/bpf/2025/01/...
5 8
mozillazg.bsky.social
mozillazg @mozillazg.bsky.social · Feb 10
ptcpdump v0.32.1 is released!

1. fix(backend): enable process filtering for the cgroup-skb backend
2. Use BPF ringbuf instead of perfbuf when kernel support is available
3. improve detection of backported tcx/ringbuf support in older kernels

github.com/mozillazg/pt...
Release v0.32.1 · mozillazg/ptcpdump
Changelog 792bbe1 fix(backend): enable process filtering for the cgroup-skb backend (#246) 020852d chore(bpf): improve detection of backported tcx/ringbuf support in older kernels (#244) d8b42a1 c...
github.com
Reposted by mozillazg
mccune.org.uk
Rory McCune @mccune.org.uk · Jan 29
The next blog in our #Kubernetes #Security fundamentals series is out now. This time we're taking a look at the world of network security!

securitylabs.datadoghq.com/articles/kub...
Kubernetes security fundamentals: Networking | Datadog Security Labs
A look at how network security works in Kubernetes
securitylabs.datadoghq.com
7 19
mozillazg.bsky.social
mozillazg @mozillazg.bsky.social · Jan 19
ptcpdump v0.32.0 is released!
* Add support for capturing traffic based on user ID
* Enrich capture output with user information
* Support for displaying thread ID and name in cgroup-skb output
github.com/mozillazg/pt...
Release v0.32.0 · mozillazg/ptcpdump
Changelog f5c4d69 feat(filter): Add support for capturing traffic based on user ID (#233) 924c6fa chore(deps): update github.com/cilium/ebpf to v0.17.1 (#232) 3f1dab8 chore(output): Remove group I...
github.com
Reposted by mozillazg
mccune.org.uk
Rory McCune @mccune.org.uk · Jan 18
First blog post of the new year and this is one I've been meaning to write up for a while which is some details on #Kubernetes API Server proxy feature and how it might be possible to use some known weaknesses in it to escalate your privileges in a cluster.

raesene.github.io/blog/2025/01...
Exploring the Kubernetes API Server Proxy
raesene.github.io
14 24
Reposted by mozillazg
mccune.org.uk
Rory McCune @mccune.org.uk · Jan 14
The next in my #Kubernetes #Security fundamentals video series is up now.

This time I'm looking at how service account authentication works in Kubernetes, with some hopefully interesting details on how bound service account tokens work.

youtu.be/jTswj4CS4IA?...
Kubernetes Security Fundamentals: Authentication - Part 3
YouTube video by Datadog
youtu.be
9 35
Reposted by mozillazg
pchaigno.bsky.social
Paul Chaignon @pchaigno.bsky.social · Jan 7
I've made an interactive list of #eBPF research papers. Only papers from the top academic conferences, including lots of papers on eBPF verification, kernel offloads, security analysis, etc.
pchaigno.github.io/bpf/2025/01/...
I plan to keep the list up-to-date.
eBPF Research Papers
When I started reading on BPF there weren’t many academic papers to describe how it worked, how it didn’t, or how it is used. There are many blog posts and informal articles out there, but it’s harder...
pchaigno.github.io
1 13 18
mozillazg.bsky.social
mozillazg @mozillazg.bsky.social · Jan 10
Exploring Workload Identity Federation for GKE
mozillazg.com/2025/01/secu...
Exploring Workload Identity Federation in GKE
In this article, we will briefly explore a feature called "Workload Identity Federation for GKE" that was recently announced by GKE in their official blog. Features Overview Workload Identity Federati...
mozillazg.com
mozillazg.bsky.social
mozillazg @mozillazg.bsky.social · Jan 1
happy new year!💥🎇🥳🎉🎊
1
mozillazg.bsky.social
mozillazg @mozillazg.bsky.social · Dec 22
ptcpdump v0.31.0 is released!
github.com/mozillazg/pt...
Release v0.31.0 · mozillazg/ptcpdump
Changelog b4870fe feat: support filter by container-id prefix matching 12 or more characters (#218) e3fa2ee feat(platform): Add support for OpenWrt 24.10 on x86-64 architecture (#214) a353f78 chor...
github.com
Reposted by mozillazg
b0rk.jvns.ca
Julia Evans @b0rk.jvns.ca · Dec 13
writing about the terminal is so funny because it's like "redirects are so useful! hooray!"

"okay and also `cmd file.txt > file.txt` will permanently delete the contents of `file.txt`”

lots of cool useful tools with the occasional horrifying fact that you just need to keep seared into your memory
19 25 290
mozillazg.bsky.social
mozillazg @mozillazg.bsky.social · Dec 8
github.com/mozillazg/pt...
Release v0.30.0 · mozillazg/ptcpdump
Changelog 7d71bb8 chore(bpf): Optimize BPF attachment by skipping netdev hooks when not using TC backend (#209) 0308649 feat(capture): Add --backend=cgroup-skb support for cgroup-based packet capt...
github.com