[Renovate Bot](https://github.com/renovatebot/renovate)

Automatic updates of Docker images with Renovate Bot

I’ve been writing recently about best practices for patching and deprecating Docker images , but today I want to show how to automate a huge part of this process. You might already hear about Dependabot1, it’s a Github’s way to notify developers about security vulnerabilities in their projects. Renovate2 is similar tool3, but doesn’t require Github. For my professional work I use Bitbucket, so Renovate feels more universal as can be used anywhere. ...

2024-03-01 · 4 min · timor
[xkcd.com](https://xkcd.com/349/)

Best practices for patching and deprecating Docker images

Intro One of the biggest benefits of Docker images is their immutability. Once they’re built, they don’t change. Built once, would work forever… That’s how nightmares of security guys starts 🤣 We have then two contradictory concepts: flowchart LR id1(Keep it stable) <---> id2(Keep is up to date and secure) For day to day work, usually first concept wins. You want your builds stable and try to avoid tempting distractions of upgrading log4j to latest version… Who knows what might break. That’s fine, makes sense. ...

2024-02-09 · 7 min · timor
[Photo by Markus Winkler from Pexels](https://www.pexels.com/photo/wood-dirty-rope-door-3828944/)

Creating fully encrypted ZFS pool

What I want to do? I use my pool to securely store backups, archive my old documents and keep huge family’s photo library. I have new disks. They were tortured with badblocks , so they’re ready to create ZFS pool. I’ve read few documents about different approaches 1 2 3. I wanted to be sure if anything changed during past years. One of articles recommends mirroring over RAIDZ. Resilvering is faster, at the same time putting IO less stress on whole pool. But pool as small as mine, relies on single drive which might die in between and data won’t be recoverable. Eventually, I decided to go for RAIDZ1 for now and in the future I rather move to RAIDZ2. For that, I have to buy one more disk - Black Friday is close, we will see. ...

2021-11-22 · 5 min · timor

Bezpieczeństwo aplikacji webowych

Bezpieczeństwo aplikacji webowychAuthors: Michał Bentkowski, Gynvael Coldwind, Artur Czyż, Rafał Janicki, Jarosław Kamiński, Adrian Michalczyk, Mateusz Niezabitowski, Marcin Piosek, Michał Sajdak, Grzegorz Trawiński, Bohdan Widła ksiazka.sekurak.pl

2019-10-04 · 1 min · timor

DevOps

DevOpsŚwiatowej klasy zwinność, niezawodność i bezpieczeństwo w Twojej organizacji Authors: Gene Kim, Patrick Debois, John Willis, Jez Humble, John Allspaw helion.pl

2019-10-04 · 1 min · timor

Broń matematycznej zagłady

Broń matematycznej zagładyJak algorytmy zwiększają nierówności i zagrażają demokracji Author: Cathy O'Neil helion.pl

2018-03-22 · 1 min · timor

Cisza w sieci

Cisza w sieciAuthor: Michał Zalewski helion.pl

2018-02-23 · 1 min · timor

Black Hat Python

Black Hat PythonJęzyk Python dla hakerów i pentesterów Author: Justin Seitz amazon.plempik.comhelion.pl

2017-05-22 · 1 min · timor

Sztuka podstępu

Sztuka podstępuŁamałem ludzi, nie hasła Authors: Kevin Mitnick, William L. Simon helion.pl

2016-02-10 · 1 min · timor

Prepare for DoS like Cloudflare do

I watched nice presentation about how Cloudflare protects itself against DoS. Most of us are not able to do that exactly like them but some of tips were general enough to be used on typical web front server. I took notes from this presentation and presented here. Thanks to Marek agreement I also reposted all examples (in easier to copy paste way). Howto prepare against ACK/FIN/RST/X-mas flood Use conntrack rule: ...

2016-02-05 · 4 min · timor