A/B testing

August 11, 2024

I quite liked the storytelling of A/B testing - An interactive look at Thompson sampling from everyday-data-science. Not sure how long this link will work. For reference: significance check multi-armed bandits Bernoulli distribution beta distribution Thompson sampling

Kubernetes Security - CtF style learning & pentesting

July 26, 2024

Series: [blog k8s security]

More resources to have fun with kubernetes from a security point of view and for learning: challenges If you had fun with the Damn Vulnerable Web Application (DVWA), there is something equivalent for Kubernetes from Madhu Akula: Kubernetes Goat. You can also deploy your own playground. K8S lan party seems also quite promising. (from Wiz) tooling offensive Peirates is a bit alike a (still lightweight) Metasploit (payload) for k8s. One “batteries included” binary.

probabilistic database lookup

July 3, 2024

Series: [blog]

Assuming a database DB is slow to query for x. It reduces pressure on the DB if you can avoid a query. But how to know the DB will find nothing for x without a query to the database? Add a preprocessing step, to handle at least the majority of queries which will not get a match in the database. the oracle Aside from syntax and domain specific checks (don’t forget them!

deleting stuck namespace in kubernetes

June 25, 2024

Series: [blog k8s]

When you create and delete resources and according objects in a namespace in your kubernetes cluster, you might just want to delete your namespace after your tests: kubectl delete ns test stuck namespace When namespace deletion seems stuck in a Terminating status, check if there are any object left over in your namespace: kubectl get all -n test for CRD you need to check for each type: kubectl api-resources --verbs=list --namespaced -o name | xargs -n 1 kubectl get --show-kind --ignore-not-found -n <terminating-namespace> (I found this snipped and also hints for the API calls here) If all is clean, but the namespace is stuck in Terminating, check (kubectl get ns test -o yaml) for Finalizers.

random points on spheres

May 2, 2024

Series: blog

If you are into the computing about randomness and statistics, then Dr Martin Roberts blog extreme learning might be interesting. I was trying to improve the performance of a Monte Carlo method over a sphere. Since I didn’t want to correct for a uneven distribution: I did a small deep dive how to uniformly sample from (high-dimensional) spheres. Then I found the How to generate uniformly random points on n-spheres and in n-balls article and from there the blog.

Kubernetes Network Policies

April 27, 2024

Series: [blog k8s]

What a shame that I was writing my Kubernetes Network Policies mostly by hand until now. There is this handy graphic interactive editor available. To bad it doesn’t support reading a netpol as input. Sometimes a visualization helps debugging. Network policies won’t provide the visibility you can achieve with a mesh network (e.g. Istio/linkerd/Consul ) regarding attempted policy violations. But sometimes all you want is the separation. This provides it the easy way.

hints for using ssh

March 10, 2024

Series: [security blog]

After some ssh -fNT -L 6443:10.0.6.2:6443 bastion & again, it is probably time to refer to some SSH hints. Yes, everything is referenced in the man ssh page. But sometimes I am lazy, too. (And for now I blissfully ignore, that there are multiple ssh implementations and focus just on the using ssh part) ProxyJump is probably my most used ssh config for ssh (just after User and having a nice alias).

notes from creating TLS setups

March 9, 2024

Series: [security blog]

Sometimes you need to debug a generated TLS certificate. I always forget CLI arguments, thus as a reminder for myself: Let’s create a dummy RSA certificate for testing with openssl, quick and dirty openssl genpkey -algorithm RSA -out privatekey.pem -pkeyopt rsa_keygen_bits:4096 create an RSA based key openssl req -new -key privatekey.pem -out certrequest.csr interactive generate the cert request. You can review it later with openssl req -text -noout -in certrequest.csr.

about "being glue"

November 29, 2023

Series: blog

being glue - how “non-tech” work is necessary in order to ship “tech” goals. Including quotable reference about certain dynamics you should at least be aware of and how to mitigate as one who is affected by them.

the POSIX test command

November 29, 2023

Series: blog

Have you ever wondered, how evaluation of statements work in the shell? I found the test bracket article from Julio Merino. It provides a nice overview about the [ and test POSIX command and the shell extension (as [[ for bash).