When talking about application authorizations, we often encounter two concepts RBAC (role-based access control) and ABAC (attribute-based access control).
MySQL brands itself as the world's most popular open source database. It has a corpus of tools and tutorials to automate MySQL, SQL injection and a notorious list of past vulnerabilities; as popular as MySQL database is among developers and SQL enthusiasts, it is equally popular among hackers.
In this post, we briefly talk about accessing AWS resources using Cognito Identiy Pool and how you use it combination with AWS STS (Security Token Service) to provide temporary credentials.
In this post, we briefly talk about leveraging the right type of AWS IAM policy mechanisms to build the responsibility separation between the “central” team and the individual “development” team.
What is a microservice? What is Kubernetes for? In this post, we try to explain microservices, containers and Kubernetes in 10 minutes
Explore edge-cases in which programming language runtimes fail to provide fair resource scheduling that leads to outages.
In this article we explain how Teleport approaches hiring systems engineers
How to restrict SSH sessions to specific commands? How to have a restricted shell for some users? In this article we cover some common ways to answer these questions.
An overview of Teleport's SSH certificate authority pinning capability and discussion of how HTTP public key pinning (HPKP) can be used to improve SSH CA user experience.
The universe of serverless-wielding software architects and Kubernetes cluster operators has started to collide and, yet again, Google is in the driver's seat. In this article we'll wander down the CNCF's Serverless Landscape in chronological order, quickly discovering that Knative is the sweet mamba jamba of open source lambda competitors.
In this post we'll explore K8s community decision making process by looking underneath the hood of the 'kerfluffe' of Google LLC being called out by Samsung SDS engineers for skipping 'graduation criteria' while merging the new 'kustomize' subcommand into upstream 'kubectl'.
GKE requires users to have Google Cloud Tools (gcloud) installed. In this post show how to use authenticate with GKE using generic kubeconfig without having to install anything.
Proud new Kubernetes cluster owners are often lulled into a false sense of operational confidence by its consensus database’s glorious simplicity. In this Q&A, we dig into the challenges of in-place upgrades of etcd beneath autonomous Kubernetes clusters running within air-gapped environments.
This post is the first of an ongoing series about interesting issues and bugs that the Teleport team has worked on. This post, about missing SIGINTs and SSH, should be interesting for developers who leverage signal handling in terminal-based applications written in Go.
Why using cryptographic hashes doesn't make data anonymous.
It might be mundane and boring but keeping track of your FOSS license usage can save you from a big headache at the least opportune time.