Squarespace/pgbedrock: Manage a Postgres cluster's roles, role memberships, schema ownership, and privileges
pgbedrock is an application for managing the roles, memberships, ownerships, and most importantly the permissions for tables, sequences, and schemas in a Postgres database.

Given the parameters to connect to a Postgres database (i.e. host, port, etc.) and a YAML file (a "spec") representing the desired database configuration, pgbedrock makes sure that the configuration of that database matches the spec. If there are differences, it will alter the database to make it match the spec.

It can be run as a docker container (via docker run quay.io/squarespace/pgbedrock) or as a local command-line utility (via pip install pgbedrock).
squarespace  postgres  authentication  authorisation  permissions  python 
9 days ago
tobegit3hub/mirror-dockerhub: Tools to mirror container images from docker hub
Mirror-dockerhub is the tool to mirror container images from docker hub.

You can mirror images from not only docker hub but also other private registries.

Collection of rough bash scripts to mirror docker reops
mirror  docker  bash  github 
10 days ago
λ Tony's blog λ - scala.Option Cheat Sheet
Many people who are coming in to Scala first encounter the Option type, which may be thought of (among other things) as a type-safe null. They also encounter pattern matching as both a new and (relatively) powerful concept, but also one that is easy to understand. This leads to quite a lot of use of pattern matching and often excessively so in what I have observed.
scala  cheat_sheet  option 
13 days ago
Deploying EFF's Certbot in AWS Lambda
This post describes the steps needed to deploy Certbot (a well-maintained LetsEncrypt/ACME client) inside AWS Lambda. The setup used below is now powering 100% automated TLS certificate renewals for this website - the lambda runs once a day and if there’s less than 30 days remaining on my existing cert it will provision a new one and import it to be served by my CDN.
eff  lambda  certbot  letsencrypt  ssl  tls  certificates  aws 
16 days ago
kelseyhightower/kubernetes-the-hard-way: Bootstrap Kubernetes the hard way on Google Cloud Platform. No scripts.
This tutorial walks you through setting up Kubernetes the hard way. This guide is not for people looking for a fully automated command to bring up a Kubernetes cluster. If that's you then check out Google Kubernetes Engine, or the Getting Started Guides.

Kubernetes The Hard Way is optimized for learning, which means taking the long route to ensure you understand each task required to bootstrap a Kubernetes cluster.
documentation  github  kubernetes  containers  tutorial  devops 
17 days ago
autoscaler/FAQ.md at master · kubernetes/autoscaler
The answers in this FAQ apply to the newest (HEAD) version of Cluster Autoscaler. If you're using an older version of CA please refer to corresponding version of this document:
documentation  kubernetes  autoscaling  github 
17 days ago
Istio / Consuming External Web Services
In many cases, not all the parts of a microservices-based application reside in a service mesh. Sometimes, the microservices-based applications use functionality provided by legacy systems that reside outside the mesh. We may want to migrate these systems to the service mesh gradually. Until these systems are migrated, they must be accessed by the applications inside the mesh. In other cases, the applications use web services provided by external organizations, often over the World Wide Web.
istio  documentation  service_mesh 
17 days ago
firstlookmedia/gpgsync: GPG Sync is designed to let users always have up-to-date public keys for other members of their organization
GPG Sync is designed to let users always have up-to-date OpenPGP public keys for other members of their organization.

If you're part of an organization that uses GPG internally you might notice that it doesn't scale well. New people join and create new keys and existing people revoke their old keys and transition to new ones. It quickly becomes unwieldy to ensure that everyone has a copy of everyone else's current key, and that old revoked keys get refreshed to prevent users from accidentally using them.

GPG Sync solves this problem by offloading the complexity of GPG to a single trusted person in your organization. As a member of an organization, you install GPG Sync on your computer, configure it with a few settings, and then you forget about it. GPG Sync takes care of everything else.
crypto  gpg  pgp  python  github 
4 weeks ago
RevK®'s rants: Unicode Dicks
One of the things that has always slightly amused and puzzled me is that unicode lacks a "cock" glyph. I mean, it seems to have characters and symbols from modern and historic cultures and forms of writing, and surely cave men have been drawing dicks on cave walls for tens of thousands of years, so why is this missing?
typography  unicode  fonts  blogs 
6 weeks ago
kamranahmedse/pennywise: Cross-platform application to open anything in a floating window
Pennywise allows you to open anything in a small floating window that always stays on top of the other applications all the time, allowing you to multitask with ease. No need to keep struggling with alt + tab, use pennywise and have your work in front of you all the time.
gui  macos  linux  windows  github 
6 weeks ago
runatlantis/atlantis: Terraform For Teams
A self-hosted golang application that listens for Terraform pull request events via webhooks.
terraform  aws  github  devops  atlantis  CI 
7 weeks ago
erikvanbrakel/anthology: A private Terraform registry implementation as an alternative to the official registry.
Anthology is a reimplementation of the Terraform Registry API, intended to be used when your modules can't, shouldn't or don't need to be public. For all means and purposes it works in the same way as the public registry.
terraform  repository  github 
11 weeks ago
select * from depesz; » Blog Archive » Conditional DDL?
Every now and then I see people ask the question – how to create table if it doesn't exist yet, how to drop it, but only if it does exist and so on.
postgres  DBA  DDL  conditional  plpgsql 
12 weeks ago
shorts/Postgres-Users.md at master · ankane/shorts
Setting up database users for an app can be challenging if you don’t do it often. Good permissions add a layer of security and can minimize the chances of developer mistakes. Following the principle of least privilege, we want to give users only the privileges they need.
postgres  DBA  github  gist 
12 weeks ago
Postgres Distributed Key Generation
This SQL creates a Postgres function to generate sequential, numeric, unique IDs in a consistent format across services. Useful for database sharding or microservices.

Draws heavily on Instagram's ID generator, via Rob Conery, with minor modifications.

The main changes are that the unique number resolution is per-second rather than per-millisecond. This is to reduce key size below 2^53^-1 so that generated IDs that are under Javascripts Number.MAX_SAFE_INTEGER limit . This is important if you're using these on a Node.js server (e.g. our use case is an Express API using Hashids).

Max IDs are in the order of 51 bits, broken down as follows:

31 bits for the timestamp difference
10 bits for a unique service ID (eg ID of the service/shard)
10 bits for a global sequence ID (modulo 1024 — meaning a maximum of 1024 unique records per second)
postgres  sharding  instagram  plpgsql  sql  DBA 
september 2018
Bartosz Milewski - Category Theory - YouTube
Category theory for programmers by Bartosz Milewski. Seattle, Summer 2016.
video  programming  FP  category_theory  youtube  education  computer_science 
august 2018
spf13/afero: A FileSystem Abstraction System for Go
Afero is an filesystem framework providing a simple, uniform and universal API interacting with any filesystem, as an abstraction layer providing interfaces, types and methods. Afero has an exceptionally clean interface and simple design without needless constructors or initialization methods.
filesystem  github  golang 
august 2018
niieani/bash-oo-framework: Bash Infinity is a modern boilerplate / framework / standard library for bash
Bash Infinity is a standard library and a boilerplate framework for writing tools using bash. It's modular and lightweight, while managing to implement some concepts from C#, Java or JavaScript into bash. The Infinity Framework is also plug & play: include it at the beginning of your existing script to import any of the individual features such as error handling, and start using other features gradually.
github  cli  library  bash 
august 2018
rewrite of gpg in rust?
pgp  gpg  rust  security 
august 2018
Introduction - Integrating with Active Directory Certificate Services (AD CS) Using Jamf Pro | Jamf
This guide provides a step-by-step workflow to integrate Jamf Pro with AD CS. Integrating with AD CS allows you to add AD CS as a PKI Provider in Jamf Pro to use as the CA for distributing certificates to devices via configuration profiles.
jamf  active_directory  certificates  deployment  sysadmin 
july 2018
pwm-project/pwm: pwm
PWM is an open source password self service application for LDAP directories. PWM is an ideal candidate for organizations that wish to “roll their own” password self service solution, but do not wish to start from scratch. Overview/Screenshots
password  ldap  java  pass  active_directory 
july 2018
Ldapwiki: AD Determining Password Expiration
if "pwdLastSet" + "Max-Pwd-Age" >= "now" "password is expired"
active_directory  password  algorithm 
july 2018
chubin/cheat.sh: the only cheat sheet you need
Unified access to the best community driven cheat sheets repositories of the world.

Let's imagine for a moment that there is such a thing as an ideal cheat sheet. How it should look like? What features should it have?
documentation  programming  development  software  cheat_sheet  cli 
july 2018
gaia-pipeline/gaia: Build powerful pipelines in any programming language.
gaia is an open source automation platform which makes it easy and fun to build powerful pipelines in any programming language. Based on HashiCorp's go-plugin and gRPC, gaia is efficient, fast, lightweight and developer friendly. Gaia is currently alpha! Do not use it for mission critical jobs yet!

Develop pipelines with the help of SDKs (currently only Go) and simply check-in your code into a git repository. Gaia automatically clones your code repository, compiles your code to a binary and executes it on-demand. All results are streamed back and formatted to a user-friendly graphical output.
golang  ci  devops  build  docker  hashicorp 
july 2018
GitHub - hunterli/remserial: bridge between socket and serial port
The remserial program acts as a communications bridge between a TCP/IP
network port and a Linux device such as a serial port. Any character-oriented
Linux /dev device will work.

The program can also use pseudo-ttys as the device. A pseudo-tty is like
a serial port in that it has a /dev entry that can be opened by a program
that expects a serial port device, except that instead of belonging to
a physical serial device, the data can be intercepted by another program.
The remserial program uses this to connect a network port to the
"master" (programming) side of the pseudo-tty allowing the device driver
(slave) side to be used by some program expecting a serial port. See example
3 below for details.
networking  tcp  serial  linux 
july 2018
ferm - for Easy Rule Making
ferm is a tool to maintain complex firewalls, without having the trouble to rewrite the complex rules over and over again. ferm allows the entire firewall rule set to be stored in a separate file, and to be loaded with one command. The firewall configuration resembles structured programming-like language, which can contain levels and lists.
iptables  security  linux  firewall  networking 
july 2018
A New Angle on L2 Regularization
Deep neural networks have been shown to be vulnerable to the adversarial example phenomenon: all models tested so far can have their classifications dramatically altered by small image perturbations
machine_learning  images  image_classification  deep_learning 
july 2018
Failed Experiments: The High Cost of AnyVal subclasses...
The claim of a multi-paradigm language is to harmoniously serve various approaches to programming. The AnyVal subclass feature forms a strong counterargument to Scala’s multiparadigm claim.
performance  type_safe  scala  development  software  blogs 
july 2018
astrada/google-drive-ocamlfuse: FUSE filesystem over Google Drive
google-drive-ocamlfuse is a FUSE filesystem backed by Google Drive, written in OCaml. It lets you mount your Google Drive on Linux.

Full read/write access to ordinary files and folders
Read-only access to Google Docs, Sheets, and Slides (exported to configurable formats)
Multiple account support
Duplicate file handling
Access to trash (.Trash directory)
Unix permissions and ownership
Symbolic links
Read-ahead buffers when streaming
Accessing content shared with you (requires configuration)
Team Drive Support
fuse  google  ocaml  filesystem  google_drive  storage  github 
june 2018
« earlier      
active_directory agile amazon apache api apple architecture art articles audio authentication automation aws backup bash best_practice blog blogs books bugs build business cacti cassandra centos certificate_authority certificates chat cheat_sheet ci cisco cli cloud clustering community computer_science configuration coreos cpan crypto css culture dashboard data database databases dba debian deployment design desktop development devops distributed diy dns docker documentation ec2 education electronics email encryption esx etcd facebook fedora filesystem filetype:pdf film finance firefox foreman framework games gentoo git github gnome golang google google_apps government gpg graphics graphite hacking hardware high_availability history hosting howto http hubot humour ibm internet iphone ipv4 ipv6 irc java javascript json kernel keyboard kubernetes kvm lambda law ldap lifehacks linux load_balancing logging logstash london lotus lotus_notes mac mail management maths media media:document microsoft migration mobile monitoring music mysql nagios netflix networking news nodejs oauth open_source osx package_management packaging password pdf performance performance_tuning perl pgp php pki plugins politics postgres powershell privacy productivity programming puppet puppet_module python rabbitmq rails redhat reference rest reviews rhel rpm rt ruby ruby_gems s3 scala scalability scripting security shell sinatra snmp software solaris sql ssh ssl sso startup storage subversion svn sysadmin technology templates terminal terraform testing tmux tools tsm tutorial ubuntu uk unix version_control video vim virtualisation vmware voip vpn web web2.0 wiki wikipedia windows wireless workflow xml xmpp xp

Copy this bookmark: