cli VS canarytokens

This package is widely used for powerful CLI builds, it is used for example for Kubernetes CLI and GitHub CLI, in addition to offering some cool features such as automatic completion of shell, automatic recognition of flags (the tags) , and you can use -h or -help for example, among other facilities.

GitHub CLI 2.44.1

This Docker image is designed to support implementing Github Actions with Python. As of version 4.0.0., it starts with the official python docker image as the base which is a Debian OS. It specifically uses python:3-slim to keep the image size down for faster loading of Github Actions that use pyaction. On top of the base, we've installed curl gpg, git, and the GitHub CLI. We added curl and gpg because they are needed to install the GitHub CLI, and they may come in handy anyway (especially curl) when implementing a GitHub Action.

You might be interested in GitHub's cli tool, which is open source, if you want to access GitHub without running their proprietary JS code.

https://cli.github.com/

View on GitHub

(Context: I'm pretty thick into Nix, and have been for about four years. Most of this post is focussed on the NixOS desktop experience, so DevOps nerds, ymmv.)

Unpopular opinion: Nix is not that hard.

What's "hard" from a nix-promotion strategy is motivating people to understand why they would want the benefits it offers. Mostly because Nix, especially with home-manager, dramatically worsens UX for several day-to-day tasks, simply by violating the Law of Least Surprise every couple of hours in normal use.

I want a fully idempotent, version-locked, rewindable user environment, with a version-controlled central config, because I have half a dozen devices that, for reasons, I need to keep perfectly interchangeable with one another. Most users do not want this, for the simple fact that mutating their configs and differentiating them locally on specific machines is not a bug, but a feature.

Even more than that, it's an expectation that most software developers share as well.

Case in point: I filed a bug against the GitHub CLI last week. If any org has the scope and motivation to build software that's compatible with NixOS, an OS most of whose users are developers, it should be GitHub, which is, at least notionally, all about developers, developers, developers. A change in GH required a config format migration, which was sensibly done by opening the config .yml and rewriting it.

Of course, this breaks NixOS not just in practice but in principle. NixOS/home-manager makes config files read-only. Surprise! https://github.com/cli/cli/issues/8462

The response from GitHub was basically, "yeah, we knew this was going to happen, we mentioned it to the packagers at NixOS, but we did it anyway, because it was still the best way to proceed for us." (And they weren't wrong.)

Now, once a month is an annoyance, but I run into these problems daily. I can't imagine any sane person -- which I am not -- would persist with using it.

Why do I keep using NixOS, then? Because I am terribly and disproprotionately annoyed by small changes in my user experience, which I find disruptive to my workflow and hence threaten my success. For me, forbidding apps from mutating the config files I established for them is a selling point. Being able to version-control an idempotent declarative config for all of them at once is heaven.

Unless you're like me, you'll hate NixOS. But some were meant for Nix.

Because

GitHub CLI 2.40.0

This Docker image is designed to support implementing Github Actions with Python. As of version 4.0.0., it starts with the official python docker image as the base which is a Debian OS. It specifically uses python:3-slim to keep the image size down for faster loading of Github Actions that use pyaction. On top of the base, we've installed curl gpg, git, and the GitHub CLI. We added curl and gpg because they are needed to install the GitHub CLI, and they may come in handy anyway (especially curl) when implementing a GitHub Action.

Two CLI tools I install right away are the GitHub CLI (via brew) and the Netlify CLI (via npm).

From the second article, a minor point but possibly helpful to other here, he contrasts doing everything in the terminal with stacked commits vs going to the Github UI. If people aren't aware, Github offers a cli tool[1]. I've been using it for a few months now and am finding it does make me more productive -- it's nice to be able to open up a PR directly from my terminal. I do still use the GH UI for a lot of things, but I'll often at least start in the terminal, and it also makes the transition from terminal to browser easy as many commands support the `--web` flag open up the right page for you (eg `gh repo view --web`).

[1] https://cli.github.com/

I think it would be fun to leave behind a business card with a flash drive containing some informational PDFs inside a canarytokens.org folder. Note I said "fun" as in "geez, they need educated because they just plugged in a flash drive from a random stranger."

QR code with some pdfs from inside a canarytokens.org folder.

I do not think a trap or "phishing link" is a good idea if she are getting serious threats! But it is not too hard, you can generate a few with here and if somebody opens the link you will get an email containing the time and IP address of who opened it: https://canarytokens.org (note that, you can not really do much with these information on your own).

IIRC people get started for free with canary tokens: https://canarytokens.org

https://canarytokens.org/ and select 'Log4shell' as the token type.

Some data breach stories involve an external entity informing an organization that it might have been breached. This doesn’t have to be the case. Like canaries in coal mines were used to warn of gas, you can put canary tokens, users, or access keys in various places. The moment these are accessed or used, they alert you of possible mischief, giving you an early warning (which might be your only one). One service that you could get started with is canarytokens.org.

Thinkst Canary | Full Stack Software Engineer, Frontend Engineer | REMOTE or Cape Town / Johannesburg, South Africa | https://canary.tools

Thinkst Canary is a unique honeypot system deployed across networks you frequently use, with customers including a bunch of Valley unicorns, research labs, retailers, financial services, academic institutions, mining, defence, and more, across all seven (yes, seven!) continents.

We think it's great, but don't just take our word for it, our customers frequently express their love (https://canary.love)

Our tech stack mainly revolves around Python, Linux, and Vue.js. We use AWS, Azure, GCP to varying degrees, and ship actual hardware which keeps things exciting.

We bootstrapped to $11MM ARR (https://blog.thinkst.com/2021/03/we-bootstrapped-to-11-milli...)

We're looking for Fullstack and Frontend Engineers to join us in continuing to develop on the honeypots, on the management consoles, and on expanding our array of Canarytokens (https://canarytokens.org).

Our hiring process consists of a ~45min intro chat, a take-home practical coding exercise, a group interview, and a founder interview. No whiteboards.

If you'd like to know more, or are interested in applying, get in touch at [email protected] (and please include a CV if applying).