How to bootstrap trust in an on-premise environment?

As part of moving from few on-premise monoliths to multiple on-premise microservices, I’m trying to improve the situation where database passwords and other credentials are stored in configuration files in /etc.

Regardless of the the technology used, the consumer of the secrets needs to authenticate with a secret store somehow. How is this initial secret-consumer-authenication trust established?

It seems we have a chicken-and-egg problem. In order to get credentials from a server, we need to have a /etc/secretCredentials.yaml file with a cert, token or password. Then I (almost) might as well stick to the configuration files as today.

If I wanted to use something like HashiCorp Vault (which seems to be the market leader) for this, there is a Secure Introduction of Vault Clients article. It outlines three methods:

  • Platform Integration: Great if you’re on AliCloud, AWS, Azure, GCP. We’re not
  • Trusted Orchestrator: Great if you’re using Terraform, Puppet, Chef. We’re not
  • Vault Agent: The remaining candidate

When looking at the various Vault Auth Methods available to the Vault Agent, they all look like they boil down to having a cert, token or password stored locally. Vault’s AppRole Pull Authentication article describes the challenge perfectly, but then doesn’t describe how the app gets the SecretID 🙁

The only thing I can think of is IP address. But our servers are all running in the same virtualization environment, and so today, they all have random IP addresses from the same DHCP pool, making it hard to create ACLs based on IP address. We could change that. But even then, is request IP address/subnet sufficiently safe to use as a valid credential?

We can’t be the first in the universe to hit this.
Are there alternatives to having a /etc/secretCredentials.yaml file or ACLs based on IP address, or is that the best we can do?
What is the relevant terminology and what are the best-practices, so we don’t invent our own (insecure) solution?

sharepoint online – How to migration between each environment of SPO modern site?

Stack Exchange Network


Stack Exchange network consists of 177 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.

Visit Stack Exchange

service – linux capabilities to read environment variables?

I’d like to run a service as a non-privileged user, but it needs to bind to a system port number (i.e. less than 1024), so I give it setcap 'cap_net_bind_service=+ep' <path for service>, all good.

Problem is, on startup, the service reads environment vars and for some reason it can’t do that when it has cap_net_bind_service. So, with two copies of the executable, one with cap_net_bind_service, one without, only the one without can read environment vars.

It’s as though there’s a default set of capabilities that allows reading env vars, but the exe loses that capability when I give it cap_net_bind_service. Is that right, or is something else going on? What additional capability might I need to give to the service so that it can read env vars? There’s nothing in capability.h that jumps out as being “allow env var reading”?

wireframe – How to help Quality Assurance team to validate designs against development environment in an Agile project?

First, there is no “right” answer to this. There are, however, many things teams have done to effectively address this and get even better UI/UX in the process.

1] Focus on experiences, not components

When you have a user story that reads “As a user searching for products, I would like to filter the results to focus them on the items I’m looking for.” The UI/UX designer should focus on how that interaction should work. The developers then try to create that experience. I see the filtering in your example, but I also see the header, which seems more like a component.

2] Use the whole page wireframes as context, not direction

When you’re looking at whole pages, use basic boxes and icons. This means a page can come together in a matter of seconds. This makes it easier to change as needed.

3] Style guides!!!

Ask your designer to create a style guide with heuristics to follow instead of designs for everything. Most developers working with application front-ends have a basic understanding of design and can use a style guide to make good choices even without consulting the designer.

4] Rapid prototyping tools

Tools like Zeplin blur the line between design and code. I’ve worked with a number of teams where both the designers and developers use tools like this to collaborate more effectively with each other.

All of these approaches can really help either on their own or used together. I hope there are some options in there your team finds helpful.

java – How do I fix the printlight Spring error code in my visual studio environment?

I have a problem with my visual studio code environment. I am practicing with SpringMVC and after importing the libraries from it, I get a common error always regardless of how the libraries are. Try manual and also by Maven. Both things I get some errors from the code.

But watch out. The project compiling and testing if it works smoothly both in Maven and adding manual. I don't know if it can be my VS that I should configure something but I'm not very clear what I should do.

Attached photo of the error.
** enter image description here **

Thank you very much in advance.

performance tuning: does the following change in MKL environment variable increase Mathematica speed on AMD CPUs?

Personally, I don't have an AMD CPU, but since they are literally getting pretty hot these days, I thought if the next solution (as proposed here: https://www.reddit.com/r/matlab/comments/dxn38s/ howto_force_matlab_to_use_a_fast_codepath_on_amd /) would skip checking the Intel CPU. Perhaps this could allow the AVX2 instruction set to be used for AMD CPUs. Therefore, anyone with an AMD CPU can verify if the solution works.

Create and save a batch file (.bat) as shown below (this is for Windows only, see the link above for Linux). Make sure the Mathematica folder is in your environment variables.

@echo off
set MKL_DEBUG_CPU_TYPE = 5
Mathematica.exe

Run the batch file to start Mathematica and run some MKL-based code (many Mathematica functions for numbers depend on it). Compare the speed of code execution now by starting Mathematica normally (i.e. no batch file).

Do you notice any difference?

terminal: why are my environment variables removed on Mac OS Catalina?

I am currently using MacOS Catalina, and every time my computer starts up because I have turned off the environment variables are cleared. I literally have to run manually export FOO=bar every time my computer starts up.

I have tried adding environment variables to ~/.bash_profile but that doesn't seem to work, I think because Catalina uses zsh instead of bash. (Is there a way to go back?)

Anyway, how do I persist environment variables so I don't have to manually export them every time? Could there be something wrong with my computer that is causing this? There are also other weird problems when my computer does a new boot.

c # – How does ECS handle systems that need to know more about the environment of the entities it processes?

I am trying to understand the concept of ECS (Entity Component System). I think I understand the concept of different parts, entities, components, and systems.

Entities: Basically just a container for components

Components: Data. For example, transform component hold position, rotation, and scale.

System: It runs on a subset of entities that match a combination of components. E.g. RenderSystem that processes all entities with a mesh and a transformation.

What I'm having trouble understanding is how a system is supposed to map data about the surrounding environment to components without using global data. And it's probably for lack of understanding.

Example of what I am getting stuck:

Let's say I have a Player entity that consists, among others, of a Transform component. And let's say there are multiple Zombie entities roaming the game world, which has a Transform component and an AIPathfinding component. So naturally I would create a System that works on Transformations and AIPathfinding to make zombies chase the player.

My only problem is, how is the system supposed to know where the player is, or if there is even a player within range, without having to grab the player globally?
Of course it could pass the player to the creation of the system. But what would happen if along with the player the zombie also chases a constantly changing number of civilians? Do I also pass them to the system in creation? Or should I have some global way to search for entities that match a component query, similar to how the system detects which entities to operate on?

I understand that this could completely depend on the implementation of ECS. But I find it difficult to find resources that explain more than the most basic systems (RenderSystem, etc.).

c # – Can you share a common ActiveMQ service in a development environment without consuming messages between developers?

Our development environment currently shares an ActiveMQ service hosted on AWS.
However, this resulted in issues where Developer A's service produces a message that will trigger Developer B's localhost consumer.

Is there a way to segregate and "fence" a common ActiveMQ service so that we can share the same MQ service without someone else consuming messages?

We have tried the following:

  1. Each development point has its own MQ installation localhost instance. (workable, but if I can get it working on a shared instance then it will avoid additional configuration steps for new developers)
  2. Looking for a VirtualHost function like in RabbitMQ, where I read that it can work in my use case. Can't find a similar feature for ActiveMQ.

Additional Information:

Our project is based on .netCore 3.1 C #. The implementation of MQ in the code is abstracted under the Mass Transit library.

Find line in .bat file export that line to an ini and mak that line too and system environment variable

Can someone help me? I am looking for a solution:

  1. Search string in batch file (FindStr) to find examp: NXconfig: xxxxxxxx, I want to find Ntrconfig with everything: xxxxxxx

  2. so i want to export that line to a text or ini file

  3. I also want to make findtr and systemvariable with setx

Who can help me in the right direction?

with findtr a line in a config batch file, then I want to export the whole line to an ini, that line wants to make a system variable due to setx)