Update Wonderfall's blog posts

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2022-07-23 23:42:38 -04:00 committed by tommytran732
parent d6d0d9238f
commit 30b0561646
No known key found for this signature in database
GPG Key ID: 060B29EB996BD9F2
3 changed files with 4 additions and 4 deletions

View File

@ -108,7 +108,7 @@ Their client also lacks **TLS certificate pinning**, unlike Play Store which imp
It is an important security feature that is also straightforward to implement using the [declarative network security configuration](https://developer.android.com/training/articles/security-config) available since Android 7.0 (API level 24). See how GrapheneOS pins both root and CA certificates in their [app repository client](https://github.com/GrapheneOS/Apps): It is an important security feature that is also straightforward to implement using the [declarative network security configuration](https://developer.android.com/training/articles/security-config) available since Android 7.0 (API level 24). See how GrapheneOS pins both root and CA certificates in their [app repository client](https://github.com/GrapheneOS/Apps):
``` ```xml
<!-- res/xml/network_security_config.xml --> <!-- res/xml/network_security_config.xml -->
<network-security-config> <network-security-config>
<base-config cleartextTrafficPermitted="false"/> <base-config cleartextTrafficPermitted="false"/>

View File

@ -63,7 +63,7 @@ For these reasons, good practices were established:
However, distroless images are not suited for every application. In my experience though, distroless is an excellent option with pure Go binaries. Going with minimal images drastically reduces the available attack surface in the container. For example, here's a [multi-stage Dockerfile](https://docs.docker.com/develop/develop-images/multistage-build/) resulting in a minimal non-root image for a simple Go project: However, distroless images are not suited for every application. In my experience though, distroless is an excellent option with pure Go binaries. Going with minimal images drastically reduces the available attack surface in the container. For example, here's a [multi-stage Dockerfile](https://docs.docker.com/develop/develop-images/multistage-build/) resulting in a minimal non-root image for a simple Go project:
``` ```Dockerfile
FROM golang:alpine as build FROM golang:alpine as build
WORKDIR /app WORKDIR /app
COPY . . COPY . .
@ -221,7 +221,7 @@ A platform like ptrace or KVM is used to intercept system calls and redirect the
The security model of gVisor is comparable to what you would expect from a virtual machine. It is also very easy to [install and use](https://gvisor.dev/docs/user_guide/install/). The path to runsc along with its different configuration flags (`runsc flags`) should be added to `/etc/docker/daemon.json`: The security model of gVisor is comparable to what you would expect from a virtual machine. It is also very easy to [install and use](https://gvisor.dev/docs/user_guide/install/). The path to runsc along with its different configuration flags (`runsc flags`) should be added to `/etc/docker/daemon.json`:
``` ```json
"runtimes": { "runtimes": {
"runsc-ptrace": { "runsc-ptrace": {
"path": "/usr/local/bin/runsc", "path": "/usr/local/bin/runsc",

View File

@ -32,7 +32,7 @@ sed -i '/draft:.*/d' './content/os/Securing OpenSSH with FIDO2.md'
sed -i "s/tags:.*/tags: ['Operating Systems', 'Linux', 'Security']/" './content/os/Securing OpenSSH with FIDO2.md' sed -i "s/tags:.*/tags: ['Operating Systems', 'Linux', 'Security']/" './content/os/Securing OpenSSH with FIDO2.md'
sed -i '/^tags:.*/a ShowCanonicalLink: true' './content/os/Securing OpenSSH with FIDO2.md' sed -i '/^tags:.*/a ShowCanonicalLink: true' './content/os/Securing OpenSSH with FIDO2.md'
sed -i '/^tags:.*/a canonicalURL: https://wonderfall.dev/openssh-fido2/' './content/os/Securing OpenSSH with FIDO2.md' sed -i '/^tags:.*/a canonicalURL: https://wonderfall.dev/openssh-fido2/' './content/os/Securing OpenSSH with FIDO2.md'
sed -i '/^tags:.*/a author: Wonderfall' sed -i '/^tags:.*/a author: Wonderfall' './content/os/Securing OpenSSH with FIDO2.md'
# Blogs by Rohan Kumar (a.k.a Seirdy) currently need to be manually ported, as he uses a lot of HTML inside of the source instead of just markdown. # Blogs by Rohan Kumar (a.k.a Seirdy) currently need to be manually ported, as he uses a lot of HTML inside of the source instead of just markdown.
# His GitHub repo: https://github.com/Seirdy/seirdy.one # His GitHub repo: https://github.com/Seirdy/seirdy.one