Twitter | Search | |
Tim Allclair
Kubernetes Security
91
Tweets
453
Following
1,138
Followers
Tweets
Tim Allclair Jun 2
Replying to @pires_oss
Yeah, for now the kubelet only supports 1 CRI, but both containerd and crio support multiple handlers.
Reply Retweet Like
Tim Allclair retweeted
Yoshi Tamura May 15
🚀 Sandbox powered by now publicly available ! ✔️Additional layer of defense to pods with a click of a button ✔️Fully integrated with GKE and RuntimeClass ✔️Great fit for SaaS and Multi-Tenancy 👉 the blog to learn more!
Reply Retweet Like
Tim Allclair Apr 29
Replying to @pires_oss
Not any time soon, unfortunately. Since hyperkube packs so many components together, it has a lot of dependencies. We need to tackle each individual component first.
Reply Retweet Like
Tim Allclair Apr 29
Replying to @tallclair
is like `FROM scratch`, but it fixes a bunch of issues with missing directories and configuration files for static binaries:
Reply Retweet Like
Tim Allclair Apr 29
What's better than patching container vulnerabilities? Not having them in the first place! system images are moving to :-)
Reply Retweet Like
Tim Allclair Apr 18
Kudos for eliminating ~450,000 lines of code from last week between and !
Reply Retweet Like
Tim Allclair Mar 28
I used one until one day I was just sitting at my desk typing away, and the next instant I was on the floor on the popped remains.
Reply Retweet Like
Tim Allclair Mar 28
Replying to @tallclair
Correction: we rated CVE-2019-1002101 as high severity. It only affects kubectl though, so your production servers are probably safe!
Reply Retweet Like
Tim Allclair Mar 28
patch day! We just announced a medium severity CVE in CNI and kubectl. See the announcements for more details:
Reply Retweet Like
Tim Allclair Mar 20
would be the prerequisites, but the multitenancy working group is working on putting together a more comprehensive set of best practices:
Reply Retweet Like
Tim Allclair Feb 15
I like that the first Google result for "tls book" is "Free Printable Worksheets for Preschool":
Reply Retweet Like
Tim Allclair Feb 12
Replying to @jessfraz
This is why when I write a test, I always add an intentional bug to make sure the test fails (especially in CI!)
Reply Retweet Like
Tim Allclair retweeted
Maya Kaczorowski Feb 11
If you're running on GKE, see the security bulletin for patch availability. Only Ubuntu nodes in GKE are affected:
Reply Retweet Like
Tim Allclair Feb 4
Oh, good to know. Thanks for the pointer.
Reply Retweet Like
Tim Allclair Feb 4
Replying to @bitwarden_app
seems to be one of the only password managers that completed a 3rd party audit, though the results were somewhat concerning. Also based on open source.
Reply Retweet Like
Tim Allclair Feb 4
I've been frustrated with lately (still no webauthn / U2F?) Why is it so hard to find an actual comparison of password manager security?
Reply Retweet Like
Tim Allclair Dec 17
We crammed a brief history of security (spoiler: CVE-2018-1002105 wasn't the first!), some big new features, and a few gnarly open issues into this 30-minute talk!
Reply Retweet Like
Tim Allclair Dec 17
¿Achievement Unlocked? Kubernetes CVE-2018-1002105 highlighted in my favorite security podcast - Episode #523 @ 34:45
Reply Retweet Like
Tim Allclair Dec 14
It was fun thinking up the attack paths for my talk, "Recent Advancements in Container Isolation". Check it out for a retrospective from the future!
Reply Retweet Like
Tim Allclair Dec 10
Here are the slides from and my talk: " Security through the ages". We've come a long way, but we're not done yet!
Reply Retweet Like