Lightnews — Scholar-powered news

Tim Bannister @lmktfy.bsky.social · 1d

It's not hard maths, but I only just realised for how long it's actually been called TLS: over 25 years.

Tim Bannister @lmktfy.bsky.social · 2d

Most TVs run Linux. All the manufacturer needs to do is own up to it.

🦇Stale Andy Corn 🎃 @yourlamentablefriends.com · 2d

5) Critical mass on the media side. Very unpopular choices by Intel and Nvidia, which are strongly partnered with MS in the desktop space are chasing AI winderfalls and the dollar signs shooting out of their breed-plumbing has fully blinded them. But people have no money. Which leads to: 6/🧵

1 2

Tim Bannister @lmktfy.bsky.social · 3d

@kubernetes.io

Tim Bannister @lmktfy.bsky.social · 3d

I'm not convinced that every human artist would produce a 100% plausible Go board, but it should at least need a good understanding of Go to spot the problem.

1 1

Tim Bannister @lmktfy.bsky.social · 7d

I keep hoping that someone will do ATproto micropayments and that might just be the perfect use case for it.

Reposted by Tim Bannister

Kubernetes @kubernetes.io · 7d

CVE-2020-8561: Webhook redirect in kube-apiserver -

CVE-2020-8561: Webhook redirect in kube-apiserver · Issue #104720 · kubernetes/kubernetes

A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver ...

github.com

1 4

Tim Bannister @lmktfy.bsky.social · 7d

The Soviet Union had very elaborate locks that they could add to a relatively plain safe. The idea wasn't that the locks were unpickable; people could bypass them.

What mattered was being sure whether tampering had happened. SGX and friends are partly about that, I think. Tamper sensors help here.

1

Tim Bannister @lmktfy.bsky.social · 9d

I'm going to Scotland next month for KCD UK (and I'm doing a talk there).

Might get one of these—I don't have any Scottish banknotes to take with me 😉.

Tim Bannister @lmktfy.bsky.social · 14d

Things that depend on the UN quietly doing work, #42:
The internet

From undersea cables to satellite radio links to the entire ITU (including the X.509 standard that's part of security for most popular websites), the UN has put in place pieces we would struggle to manage without. Really struggle.

3 6

Tim Bannister @lmktfy.bsky.social · 15d

Would be nice to have atomicity or something like a transaction here, wouldn't it?

There are tricks you can use to force a read. The default has definitely caught me out though.

1

Tim Bannister @lmktfy.bsky.social · 15d

As the cartoon I'm thinking of says in the caption: London property is theft.

1 1

Tim Bannister @lmktfy.bsky.social · 18d

Now that's what I call a keyboard

1

Tim Bannister @lmktfy.bsky.social · 19d

Vote early, vote once.

Tim Bannister @lmktfy.bsky.social · 28d

chroot() escape is older than I am.

I learned to do it circa 1999 and it is not hard. You know those split stable-type doors where you can lean in and undo the bolt? It's like building a jail with those on each cell.

Tim Bannister @lmktfy.bsky.social · Aug 23

If it's somebody else's bill, you can rent FPGAs.

Tim Bannister @lmktfy.bsky.social · Aug 18

Unfortunately, no one can be told what Kubernetes is. You have to see it for yourself.

1 1

Tim Bannister @lmktfy.bsky.social · Aug 14

You're right—and that's what makes it harder.

With >1 competing projects, people are more likely to use the one that everyone else uses (but few maintain), even over a project with corporate backing, an open source licence, but little adoption.

The few-maintainers team get nearly all the triage. 😐

Tim Bannister @lmktfy.bsky.social · Aug 14

Turn on OwnerReferencesPermissionEnforcement if you can, even if you've upgraded.

It's a handy control, but one that can't easily be made active by default.

1

Reposted by Tim Bannister

Minimus @minimus.io · Aug 13

🧊 🎩 Last week at Black Hat, Kat Cosgrove was on theCube to talk Kubernetes, open source security, and how minimal container images can cut vulnerabilities, costs, and complexity.

📺 Watch here: hubs.la/Q03CBgB_0

#ContainerSecurity #Kubernetes #DevSecOps #OpenSource #Minimus @kat.lol

Kat Cosgrove, Minimus | Black Hat 2025

Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.

hubs.la

4 11

Tim Bannister @lmktfy.bsky.social · Aug 1

The Kubernetes project spends a lot of cloud credits on CI/CD. More than $250000 (US) per year IIRC.

With incremental builds, smarter rollups, and other optimizations, I think the project could at least halve the environmental impact of that testing.

Needs people to staff the work, though!

Tim Bannister @lmktfy.bsky.social · Jul 21

The blog article directly: control-plane.io/posts/the-qu...

Tim Bannister @lmktfy.bsky.social · Jul 21

www.linkedin.com/posts/contro... if you wanted the hyperlink

Post-quantum cryptography is moving quickly! | ControlPlane

Post-quantum cryptography is moving quickly! 🛸🚨 Kubernetes, Golang, browsers and OpenSSH all have post-quantum secure key exchange with suitable client/servers, and the last 6 months have evolved tool...

www.linkedin.com

Tim Bannister @lmktfy.bsky.social · Jul 21

You can use post-quantum encryption between clients and your privileged platform APIs. You can and you should!

Post-quantum cryptography is moving quickly! | ControlPlane

Post-quantum cryptography is moving quickly! 🛸🚨 Kubernetes, Golang, browsers and OpenSSH all have post-quantum secure key exchange with suitable client/servers, and the last 6 months have evolved tool...

www.linkedin.com

2 1

Tim Bannister @lmktfy.bsky.social · Jul 2

Operator pattern

Operators are software extensions to Kubernetes that make use of custom resources to manage applications and their components. Operators follow Kubernetes principles, notably the control loop. Motivat...

kubernetes.io

Tim Bannister @lmktfy.bsky.social · Jul 2

If it's not doing a reasonable facsimile of a job formerly done by a human, I usually call it a "controller"—even if it uses a library with "operator" in its name.

1