Server & Website Updates
I just finished migrating sequentialread.com to an ODROID HC1, plus tons of updates to my infrastructure & apps!
Docker Security Cheat Sheet¶
cheatsheetseries.owasp.orgWebsite with the collection of all the cheat sheets of the project.
Standleitung - a tunnel for eternity
Expose private home services via a secure WireGuard tunnel using Socat and a Traefik reverse proxy on your VPS – without opening ports on your router. No Cloudflare, no magic. Just Docker, forwarding, HTTPS, and full control. My "Standleitung" setup is lean, fast, and fully self-managed.
How BeanHub works part1, contains the danger of processing Beancount data with sandbox
It has been more than two years since we launched BeanHub. Recently, we have been tirelessly releasing new features. Some of you may ask What were you busy with at the very beginning? Why wait until now to start adding new features? Well, we spent most of our time at the very beginning building the infrastructure to move faster later. We have adopted and developed many interesting technologies in-house. Sandbox is one of the technologies we explored and adopted.
Sandboxing Untrusted Containers with gVisor: Lessons from G-Fuzz Vulnerability Research
Secure containers with gVisor sandboxing—prevent kernel exploits in Kubernetes clusters while managing 59% startup overhead for untrusted workloads.
Giteas act_runner rootless: Startprobleme
Lösungen für /proc/self/exe: operation not permitted
Rootless act_runner for Gitea
Docker-in-Docker für better security
"rootless-dind" runner error `[rootlesskit:parent] operation not permitted`
Hi there. I was trying to follow [OWASP's Docker Security guide](https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html), removing "root" access from *act_runner* by switching to `gitea/latest-dind-rootless` version that wouldn't require access to `docker.sock` while keep…
Essential Docker Security Practices To Consider | joeeey
Learn the best strategies to protect your containers and data.
Moving Day
My home infrastructure, while functional, is a bit of a hot mess. For years I've been focused on precision of outcome rather than flexibility of implementation, to the point side projects sat on my backburner until I finished completely arbitrary milestones or learning programs. I ended up with such a
Mercure 0.23.5: Helm chart hardening - Kévin Dunglas
Mercure v0.23.5 just landed, and the dominant theme is the Helm chart. If you run hubs on Kubernetes, this release tightens defaults and adds the kind of policy templates that previously required forking the chart or templating policies outside it. The story behind the release: we audited a production Kubernetes cluster. The findings were straightforward
act_runner rootless: no start
Solving /proc/self/exe: operation not permitted
What is Firecracker?
Browserbase is the complete platform to build and deploy agents that browse and interact with the web like humans.