Ask HN: Adversarial System Administration?

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Kubernetes Postgresql ElasticSearch squid Rabbitmq

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • infrastructure

    This repository documents the steps required to set up a fresh RecipeRadar environment (by openculinary)

    • Hi folks,

    I enjoy developing and maintaining the RecipeRadar[1] project's infrastructure in a truly open fashion.

    Since the project itself is AGPL-licensed, that means I like to -- ideally -- push infrastructure documentation and changes before the associated administrative commands are run. That means that the code to the system itself is already published and available (in a chronological sense) to anyone using the service over the network at any given point in time.

    However, it does introduce a set of strange risks: what if there changes expose security vulnerabilities that are _not yet_ introduced, but will be when the commands are run.

    In a typical system administration scenario, generally the 'home team' acts carefully and is primarily only aware of their own actions - aside from monitoring for any externally-initiated or unexpected system behaviour during maintenance.

    If a mistake is made, sometimes they'll backtrack and clean up, but for some kinds of system change, it's hard to know whether an exposed vulnerability was exploited, because the exposure window may have been very brief.

    I have a sense that the best overall solution to this kind of problem (in this kind of open environment) would be an 'adversarial' system administration approach; perhaps involving some kind of mirroring.

    Two (or more) systems would walk through the same series of administration steps, each with one (or more) red teams attempting to exploit the process -- already armed with the knowledge of the steps to be applied in advance.

    Does that make sense to anybody, and/or can anyone provide thoughts or reading material about research into this kind of area?

    [1] - https://www.reciperadar.com/

    [2] - https://github.com/openculinary/infrastructure/

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Code Search Is Hard

    13 projects | news.ycombinator.com | 10 Apr 2024

  • Introducing pgzx: create PostgreSQL extensions using Zig

    3 projects | news.ycombinator.com | 21 Mar 2024

  • Homelab: Running Postgres on Kubernetes

    2 projects | news.ycombinator.com | 2 Jan 2024

  • No disk space crashloop but pod healthy · Issue #3788 · CrunchyData/postgres-operator

    1 project | /r/Health2020 | 9 Dec 2023

  • Run PostgreSQL. The Kubernetes Way

    6 projects | news.ycombinator.com | 22 Sep 2023