“Ev, do you have time later today to discuss the new web GUI for the command line terminal?” said the Slack message. It came from Alex, our user experience chief and the product in question is the SSH client. Part of me was worried. The command line environment had a sanctuary where I found peace and happiness away from the world of browser-based tools.
Free and open source software (FOSS) components have become the basic building blocks of our software products, helping today’s developers build and ship innovative products faster than ever before. Many developers tend to forget that while open source licenses are free, they still come with a set of terms and conditions that users must abide by.
Information security should be at the heart of every system launched. In accordance with the Federal Information Security Management Act (FISMA), an information technology system is granted an Authority to Operate (ATO) after passing a risk-based cybersecurity assessment.
Let’s have a look at two popular ways of opening remote shells: the good ol’ ssh and its modern counterpart, kubectl exec. Below, I will only look at the “kubectl exec” subcommand and its friends. kubectl itself is a swiss-army knife for all things Kubernetes. Comparing all of it to ssh is like comparing systemd to BSD init. Also, I will use “SSH” to mean “OpenSSH”, which is the de-facto standard for SSH protocol implementation.
No one wants to be the next Equifax. Just thinking about their company’s name being in a headline along with the words “security breach” is enough to keep CISOs up at night. Much like Fight Club, however, the first rule of data breaches is: You do not talk about security breaches...unless you’re mandated by notification laws like GDPR. Even though organizations don’t reveal much publicly, their concern is reflected in the amount of money spent to prevent cyber attacks.
I witnessed the transition from bespoke authentication to standards-based authentication. It’s time to do the same for authorization. Twenty years ago, almost everything in the IT world was on-premises: hardware and software, including the tools you used to verify who your users were and what they could do in your systems.
Did you know that in the United States, the Social Security Number was never intended to become the defacto method for physical identification? On its surface, this may come as a shock given how ubiquitously SSNs are used for this exact reason, but looking beneath the surface, we find that SSNs are terrible forms of identification. Ignoring the security concerns of a nine digit numeric code, an SSN is not for universal identification.
