documents VS SecLists

It's not about terraform handling it or not, it's about ensuring that drift is automatically corrected without a CI trigger. One of the core principles of GitOps is continuous reconciliation. This requires a reconciliation loop, e.g. some task that runs automatically and without user intervention. As far as I can tell from their docs Digger only runs its steps on a pull request, similar to Atlantis (but "without the backend"). This is continuous delivery, but it's not continuous reconciliation, and therefore not GitOps. GitOps would be something like combining Flux or ArgoCD with Crossplane.

think i'm going to take the feedback from this discussion to the opengitops working group tomorrow, hoping we can maybe get it defined in their vendor agnostic gitops glossary https://github.com/open-gitops/documents/blob/main/GLOSSARY.md haha, which i'm sure chatgpt will figure out about like 12 seconds later, consider correct, and then just wire the architecture together for us. but we can just start with kubefirst while chatgpt is trying to catch up haha.

The GitOps term was coined back in 2017 by Weaveworks, and paraphrasing OpenGitOps, a GitOps system is based on the following principles:

That's why there's systems for continuous reconciliation. I'ts one of the four fundamental principles of GitOps.

https://opengitops.dev/ https://github.com/open-gitops/documents

(Here is a link: https://github.com/open-gitops/documents/pull/51)

In 2021, the first OpenGitOps Standard v1 was created, to make sure we all GitOps enthusiasts speak the same language. For more information go to opengitops.dev.

The working group has been hard at work, over many meetings, github discussions, revisions, blood, sweat, and tears we've just merged the pre-release GitOps Principles and glossary. Check them out here and be sure to make issues/comments. It'd be great to hear everyone's thoughts.

https://github.com/danielmiessler/SecLists/blob/master/Usernames/xato-net-10-million-usernames.txt is not enough usernames

This reminds me of [0] where they maintain composite lists of frequently used passwords. Also in the repo is probably my favorite pull request ever [1].

[0] https://github.com/danielmiessler/SecLists

[1] https://github.com/danielmiessler/SecLists/pull/155

Maybe swagger.txt

Typical of the sorts of information a tester/attacker might be using from: Daniel Miessler's SecLists

Oh, and then you have this.

You can now also enable a rule for password dictionary. Appwrite knows what are the most common passwords, and with this rule enabled, it will not allow you users to set any of those passwords. It prevents your users from having passwords like password, 123456678, or qwertyui. Appwrite currently knows the 10,000 most commonly used passwords thanks to the same list used by other industry-leading auth providers. You can check out the dictionary list on GitHub.

Try wifite if you don’t know how to use hashcat it is pretty simple. Hashcat is pretty easy as well I am to lazy to get on my laptop right now but just get the right wordlist Seclist has a shit load of them https://github.com/danielmiessler/SecLists

Fellow rust players know the way