Skip to content
Snippets Groups Projects
Commit f0944c16 authored by nimrod's avatar nimrod
Browse files

- Fixed issues raised by proselint.

parent 7395b7d3
No related branches found
No related tags found
No related merge requests found
...@@ -48,9 +48,9 @@ ansible-galaxy to install the git repo of the role and the dependencies as well. ...@@ -48,9 +48,9 @@ ansible-galaxy to install the git repo of the role and the dependencies as well.
Testing Testing
------- -------
First of all, I configured `pre-commit <http://pre-commit.com/>`_ hooks that First, I configured `pre-commit <http://pre-commit.com/>`_ hooks that check,
check, among other things, the validity of the YAML files and the does a syntax among other things, the validity of the YAML files and the does a syntax check
check of the Ansible playbook. of the Ansible playbook.
As for Molecule, the configuration of the test environment is mainly under As for Molecule, the configuration of the test environment is mainly under
:code:`molecule.yml`. That is were you'd go to change the Vagrant box to test. :code:`molecule.yml`. That is were you'd go to change the Vagrant box to test.
...@@ -77,8 +77,8 @@ A word on CI ...@@ -77,8 +77,8 @@ A word on CI
Now you have all of the different pieces and workflow to run complete tests on Now you have all of the different pieces and workflow to run complete tests on
roles the next obvious step is setting up a CI pipeline. In my tests and as I roles the next obvious step is setting up a CI pipeline. In my tests and as I
know the various CI services (I personally tried Travis-CI and CircleCI) disable know the various CI services (I tried Travis-CI and CircleCI) disable the
the option to run any hypervisor. For me it's a deal breaker because I depend on option to run any hypervisor. For me it's a deal breaker because I depend on
VirtualBox (I need to test on different OSes, not just Linux). If LXC serves VirtualBox (I need to test on different OSes, not just Linux). If LXC serves
your needs than you should be able to run Vagrant with the LXC provider and your needs than you should be able to run Vagrant with the LXC provider and
therefore Molecule. For me it's a deal breaker. therefore Molecule. For me it's a deal breaker.
......
...@@ -14,8 +14,8 @@ How I start new projects ...@@ -14,8 +14,8 @@ How I start new projects
This little tool, along with `ssl-ca <https://www.shore.co.il/cgit/ssl-ca/>`_ This little tool, along with `ssl-ca <https://www.shore.co.il/cgit/ssl-ca/>`_
and `ssh-ca <https://www.shore.co.il/cgit/ssh-ca/>`_ have some commonality in and `ssh-ca <https://www.shore.co.il/cgit/ssh-ca/>`_ have some commonality in
how I use them and this seems like a good opportunity to share. First of all I how I use them and this seems like a good opportunity to share. I keep my rc
keep my rc files (like :code:`.vimrc`) in the files (like :code:`.vimrc`) in the
`rcfiles <https://www.shore.co.il/cgit/rcfiles/`>_ repo. However I don't install `rcfiles <https://www.shore.co.il/cgit/rcfiles/`>_ repo. However I don't install
them as mentioned in the documentation. Instead I add them as Git sub modules them as mentioned in the documentation. Instead I add them as Git sub modules
and now I can be reasonably sure that when I clone the rcfiles repository, the and now I can be reasonably sure that when I clone the rcfiles repository, the
......
...@@ -19,17 +19,17 @@ opensource software. ...@@ -19,17 +19,17 @@ opensource software.
Also, I'm a part-time freelancer so you can contact me at `nimrod@shore.co.il Also, I'm a part-time freelancer so you can contact me at `nimrod@shore.co.il
<mailto: nimrod@shore.co.il>`_ or at 052-8713696 (+972-52-871-3696 outside of Israel). <mailto: nimrod@shore.co.il>`_ or at 052-8713696 (+972-52-871-3696 outside of Israel).
Resume Résumé
------ ------
My resume is available online in the following formats: My résumé is available online in the following formats:
- `HTML (single file) <https://www.shore.co.il/resume>`_. - `HTML (single file) <https://www.shore.co.il/résumé>`_.
- `OpenDocument text <https://www.shore.co.il/resume/resume.odt>`_. - `OpenDocument text <https://www.shore.co.il/résumé/résumé.odt>`_.
- `PDF <https://www.shore.co.il/resume/resume.pdf>`_. - `PDF <https://www.shore.co.il/résumé/résumé.pdf>`_.
- `Microsoft Word docx <https://www.shore.co.il/resume/resume.docx>`_. - `Microsoft Word docx <https://www.shore.co.il/résumé/résumé.docx>`_.
There's also a `repository <https://www.shore.co.il/cgit/resume/about>`_ that There's also a `repository <https://www.shore.co.il/cgit/résumé/about>`_ that
contains the original reStructuredText version and publishing pipeline. contains the original reStructuredText version and publishing pipeline.
Last thing, my public `GPG public key <{filename}/static/nimrod.asc>`_ Last thing, my public `GPG public key <{filename}/static/nimrod.asc>`_
...@@ -38,5 +38,5 @@ How does it work ...@@ -38,5 +38,5 @@ How does it work
---------------- ----------------
On launch, the container runs and uses its own DNS resolver (in this case NSD). On launch, the container runs and uses its own DNS resolver (in this case NSD).
This way the OS caching or upstream caching interferes with querying and every This way the OS caching or upstream caching don't interferes with querying and
new container starts with a clean slate. every new container starts with an empty cache.
...@@ -13,13 +13,13 @@ functionality. ...@@ -13,13 +13,13 @@ functionality.
Practices I avoid Practices I avoid
----------------- -----------------
First of all, changing the listening port. The upside is that a high random port First, changing the listening port. The upside is that a high random port is
is scanned less often and the various script kiddies sometimes fails to notice scanned less often and the various script kiddies sometimes fails to notice it,
it, thus reducing the noise in the logs. This however is no real security thus reducing the noise in the logs. This however is no real security measure
measure as any capable attacker will quickly spot the daemon listening on a as any capable attacker will quickly spot the daemon listening on a different
different and all benefits will be lost. The downside is that by not using the and all benefits will be lost. The downside is that by not using the default
default port you need to configure all clients accordingly. So, no substantial port you need to configure all clients accordingly. So, no substantial wins
wins and minor loss. I pass on this idea. and minor loss. I pass on this idea.
The second most common is allowing access only from the office IP or a few The second most common is allowing access only from the office IP or a few
select IP addresses. The security benefit is high but the risk is also high. I select IP addresses. The security benefit is high but the risk is also high. I
......
...@@ -12,7 +12,7 @@ You have a website and you want to encrypt the traffic going in and out of your ...@@ -12,7 +12,7 @@ You have a website and you want to encrypt the traffic going in and out of your
Known attacks on SSL and TLS Known attacks on SSL and TLS
---------------------------- ----------------------------
First of all, SSL 2.0 is insecure (it's even disabled by default in IE7) so we'll not be using it. Version roll back attacks allow a man in the middle to change the response from the client to force a lower grade (read the lowest grade possible) cipher suite. First, SSL 2.0 is insecure (it's even disabled by default in IE7) so we'll not be using it. Version roll back attacks allow a man in the middle to change the response from the client to force a lower grade (read the lowest grade possible) cipher suite.
The BEAST attack exploits a weakness in CBC ciphers in TLS 1.0. But fixes all major browsers have been released for quite some time, so we're going to assume that the client is secure and CBC ciphers are safe to use (reasonable assumption, but still an assumption). The BEAST attack exploits a weakness in CBC ciphers in TLS 1.0. But fixes all major browsers have been released for quite some time, so we're going to assume that the client is secure and CBC ciphers are safe to use (reasonable assumption, but still an assumption).
CRIME and BREACH exploit a weakness in compression and RC4 is considered to be weak although not broken like DES or MD5. CRIME and BREACH exploit a weakness in compression and RC4 is considered to be weak although not broken like DES or MD5.
......
...@@ -12,7 +12,7 @@ Instead of a lengthy blog post, I publish a git repo. The repo has a :code:`READ ...@@ -12,7 +12,7 @@ Instead of a lengthy blog post, I publish a git repo. The repo has a :code:`READ
file, the code is documented, there's a :code:`Makefile` or :code:`fabfile`, file, the code is documented, there's a :code:`Makefile` or :code:`fabfile`,
you can clone and fork the repo. It's almost always better than a blog post. you can clone and fork the repo. It's almost always better than a blog post.
But now I have many repositories and just a few blog posts. What I'm going to do However now I have many repositories and just a few blog posts. What I'm going to do
from now on is I'll publish the git repo, but add a short post announcing the from now on is I'll publish the git repo, but add a short post announcing the
repo. repo.
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment