Nefarious Container

We recently evaluated Lacework as a Cloud Workload Protection Platform for Workiva. To test some of the CWPP capabilities of Lacework I created a nefarious-container that did some … errr … nefarious things that should be caught by a CWPP. The container code is up on Github. It pulls information from a known crypto mining site as well as modifies the /etc/resolv file to trigger the File Integrity Monitoring (FIM) feature of Lacework. [Read More]

Docker with Homebrew

As part of my job at Workiva I work quite a bit with containers and I need to install Docker Desktop on my Mac running Big Sur. Instead of just downloading and installing the DMG from Docker, I instead wanted to install just the command line with Homebrew. The first step, of course, is to install Homebrew. I won’t replicate those instructions here. Once you’ve done that and checked the installation, proceed with the following instructions. [Read More]

New Year's Eve

This has been an absolutely crazy year on a number of fronts, political, social, medical, and personal. I’ve switched jobs during a pandemic and have witnessed both the good and the bad in people.

I hope this message finds you and yours safe and secure this New Year’s Eve and that 2021 will bring better times and happier days.

I Miss Conferences

I have been attending a number of virtual conferences over the last few months and I’ve come to the conclusion that I miss in person conferences. From Kubecon to re:Invent, I miss the interaction with other people in the field. Talking at birds of a feather sessions help to understand where the industry is moving and help solve common problems we all face. Not to mention the fact that I miss going to Las Vegas for re:Invent. [Read More]

Toggle Mute in Google Meet

In my last post you learned I was moving on from the Bank to Workiva. The transition has been very interesting and I am enjoying the new work and the new team. Workiva uses Google Meet for our teleconferencing solution. I’ve found that a browser based solution, although easy to use, requires you to have the Google Meet tab active to toggle mute within the meeting. Application based conferencing solutions (like Zoom, Webex, Teams) allow you to directly use AppleScript to control the mute function in the application. [Read More]

Moving On

I am moving on from my position as a Senior Security Analyst at Bank of America to become a Cloud Security Architect at Workiva. I’ve decided to move back in to the development side of the business but still keep my Security focus. I look forward to the new opportunity and am grateful for being able to make such a move during the pandemic.

Podman Vagrant

Still working at home during the pandemic, the Bank has indicated that there will be no COVID-19 layoffs until the end of the year for which I am grateful. In addition we will be working from home until probably October. During the pandemic, I wanted to come up to speed on new technologies and have started working with Podman and created a vagrant file to build a Centos 8 based Podman installation. [Read More]

k3s Vagrant Cluster

Life continues in the time of COVID-19. To continue my work with k3s I’ve created a new Github project to build a development k3s cluster to use on my new iMac box (with 64Gb of memory I might add). Right now the project is in a very early stage and it builds on plenty of work of other contributors on other Github projects. The Project Head on over to k3s-vagrant-cluster and have a look. [Read More]

macOS Change Shell

I recently purchase a 2019 27" iMac from the Apple refurbished store to use as my main desktop machine at home. Compiles now fly and I love the 5K screen resolution. The only problem is that I reinstalled Catalina from scratch and realized that Apple has changed the default shell from bash to zsh. The version of bash installed is very old so I decided to upgrade to a newer version of bash (as of this writing, 5. [Read More]

k3s Traefik Dashboard

Traefik is automatically deployed as part of the k3s Kubernetes cluster. To enable the dashboard for Traefik follow these instructions. Enable the Dashboard The dashboard is not enabled in the base k3s distribution. Enable the dashboard by editing the traefik.yaml manifest at /var/lib/rancher/k3s/server/manifests: sudo vi /var/lib/rancher/k3s/server/manifests/traefik.yaml Add the line dashboard.enabled: "true" in the spec: set: section. Remember this is YAML so match the indent of the previous line. Save the file and k3s will deploy the dashboard service, you can see the service with the kubectl get service command: [Read More]