The Ruby cloud services library.
I went down a bit of a rabbit hole of Digital Ocean and their "security" for production workloads.
> Show me any other vps provider that silently provides access to customer A's data to customer B after receiving commands from customer A to destroy their instance and then I'll believe you guys aren't at the very bottom of the "takes security seriously" list.
YC News Discussion: https://news.ycombinator.com/item?id=6983097
> You do not need to scrub or write anything to not provide user A’s data to user B in a multi-tenant environment. Sparse allocation can easily return nulls to a reader even while the underlying block storage still contains the old data. ... On top of all of that, when I pointed out that what they were doing was absolute amateur hour clownshoes, they oscillated between telling me it was a design decision working as intended (and that it was fine for me to publicize it), and that I was an irresponsible discloser by sharing a vulnerability.
> You've got an additional problem though, which is that this tells us you have two support channels: one that doesn't work (i.e. yours, the one you built), and one that does (Twitter-shaming). The first channel represents how you act when no one's watching; the second, how you act when they are. Most people prefer to deal with people for whom those two are the same.
Speaking of randomly locking accounts, the post-mortem kills me:
> The initial account lock and resource power down resulted from an automated service that monitors for cryptocurrency mining activity (Droplet CPU loads and Droplet create behaviors). These signals, coupled with a number of account-level signals (including payment history and current run rate compared to total payments) are used to determine if automated action is warranted to minimize the impact of potential fraudulent high-cpu-loads on other customers.
In other other words, DO will kill your account with a curt email staring simply: "We have reviewed your account and have declined to activate it. No further information or action is required from you." for simply using "too much CPU"! https://pbs.twimg.com/media/D76ocofXoAY_xB5.png
A plugin for the Caddy web server to act as a backend for restic￼ (by restic)
Unfortunately restic was a no go for me due to not being compatible with B2 keys that only have the permissions readFiles,writeFiles,listBuckets,listFiles (no deleteFiles). I don't want the attacker to be able to delete any backups if the manage to get to the B2 keys.
I believe this is the ticket that would add support for this to restic: https://github.com/restic/caddy/issues/2
Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.
An opinionated checklist on how to (re)start your presence on the Web as a (non)developer
1 project | dev.to | 4 Jul 2022
Dev workflow between OSes?
1 project | reddit.com/r/dartlang | 3 Jul 2022
Deploying Node.js backend for non-profit project
2 projects | reddit.com/r/node | 3 Jul 2022
from aws s3 to localstack
1 project | reddit.com/r/golang | 2 Jul 2022
AWS EC2 vs Azure Virtual Machine vs GCP Compute Engine - and how we unify it at Multy
1 project | reddit.com/r/opensource | 2 Jul 2022