I work regularly administering GitHub and 100’s of repos across multiple organizations and came across something a little off kilter the other day.
I found a user named eng-admins
. Not interesting at a first glance, but kind of weird, eh? Here is their GitHub page (archived for reference):
https://web.archive.org/save/https://github.com/eng-admins?tab=overview&from=2023-12-01&to=2023-12-31
It looks like a team name, even though it is an active GitHub user account.
eng-admins
is likely a default name any admin would use for a team name. It would be very easy to accidentally add this user to an existing team since the name is so generic.
I reported it to GitHub, since the user never has never committed any code…Not that it would be hard for said person to get around that. I do wonder about other generically named users out there.
Easy enough to fix though, right? Just prepend your team names with something like your company name like: microsoft-eng-all
. Well, easy enough until someone creates a user that is named the same.
This reminds me of a similar problem in O365 involving groups. See more at: https://support.microsoft.com/en-us/office/create-a-group-in-outlook-04d0c9cf-6864-423c-a380-4fa858f27102#ID0EBF=Windows
This assumes creating groups is allowed in your organization. The problem involves setting up a group name in Outlook like that of someone in power, say like Bill Gates, or CxO somewhere.
If your normal email pattern is bill.gates@contoso.com
, you could set up a group named similarly:
bill.gates.group@contoso.com
.
Then anyone emailing said group may not look at autocompletion and email the wrong person (or group in this case) with potentially sensitive information.
This could be either an insider threat or external threat if someone’s credentials are compromised.
We could also assume said threat could store and forward the email to the correct recipient and this becomes a quasi-man-in-the-middle attack as they now become the relay.
Remember children: All your base are belong to us.
]]>There needs to be an easy-button for dealing with hundreds of emails for root access to AWS accounts. These emails are used for:
*Note: To create the AWS accounts themselves easily, consider AWS Control Tower Account Factory for Terraform (AFT). This is beyond the scope of what we’re looking at is just the email portion.
Set up a separate domain with a catchall address to forward emails to your real domain (or distribution list). I set up all my domains and
yourmom@aws.cloud.benfran.com
may be considered more spammy, but I haven’t tested that theory (YMMV).
cloud-bfran.com
or bears-beets-battlestargalactica.com
…really just anything will doThis is how it looks in CloudFlare
aws-prod@cloud-bfran.com
and non-prod to non-prod@cloud-bfran.com
As a bonus, you can do something similar to a personal domain so any emails going there can be forwarded to a specific address or distribution list. This is helpful to see who may be spamming you, or to have some specific rules in place to deal with lot’s o’ mail.Case in point, Slip ‘N Slide. If you’ve ever slid on one, you know how thin and cheap they are. Instead of paying whatever amount for a slip n slide, my parents had an awesome idea of using some construction plastic that we had lying around to use in lieu of the name brand product.
As luck would have it, we lived on a pretty awesome hill that not only was good for sledding on snow in the winter, but also, for our new summer experiment, a DIY slip n’ slide.
It was about a million times better than the toy found at stores. You see the construction plastic was probably 20 feet wide and 40 feet long, ~8 Mil thick, taking up most of our front yard. We got it all set up with the garden hose at the top, and we were slippin’ and slidin’ and having all sorts of fun. We even got some dish soap to make it slickery’er than snot! I would have killed at the time for some non-chloric, silicon based kitchen lubricant from Clark Griswold to make us go sailing even faster. Even the cool kids who never would have been seen dead with us decided it was worth the cost of moving down a few rungs on the social ladder and joined in.
This went on for a day or three until ….
On my last run, I got revved up to launch myself down this mountain of mayhem. The air blistering through my hair, I made it about halfway down the run, having the time of my life, until the most unfortunate thing happened. You see my backside found one of the sprinkler heads as I was going about 90mph down the hill. Well let me tell you, that was not something I was expecting, and I whelped in pain. The rest of the ride wasn’t so fun as I twisted and contorted in excruciating agony. It hurt for days upon days afterwards. I think I broke my Coccyx (like Grandma in the sand dunes). Needless to say, I didn’t want to do slip n’ slide anymore.
]]>Remember back in the 80’s all the colorful and extremely-awesome pure, unadulterated all-sugar-cereals that were advertised (as part of this complete breakfast)? There was the normal cereals like Fruity Pebbles, Coco Puffs and Captain Crunch. Each cereal had their own whimsical commercials trying to outdo each other that were embedded with Saturday morning cartoons.
With Fruity Pebbles based on the Flintstones cartoon. The commercials were pretty hilarious with Fred’s anger issues exacerbated by Barney’s shenanigans.
There were people going cuckoo for Coco Puffs with that wacky bird-moose thing named Sonny. If Sonny was real, it would scare the ever-living deuce out of you. Sorry Steven King, you got nuttin’ on Sonny the bird-moose. I have no idea what this nightmare is doing in this image. Perhaps it’s caught all of “us” which surely shivers my timbers.
There was also Cap’n Crunch the old-timey French-looking Navy captain that spoke English like an American. I don’t think he ever ate Cap’n Crunch because his mouth was never bleeding in the commercials.
Then there was an era of specialty cereals we’ve never seen the likes of before nor since. These were crossover cereals that were based on popular shows, cartoons, or video games. This is what sent my little brain into hyperdrive.
There was Nintendo Cereal System that was popularized during the OG NES console video gaming days. Why was it good? We thought the commercial said, “Nintendo, it’s a very good cereal!” Then we’d just sing that on loop. Why was it good? Because it was good! My brain didn’t understand basic logic at the time. It was just good!
I still pity any fools who never laid waste to these crispy yellow goodies. Wait a second! We were poor! I never got to taste Mr T cereal! I’m a fool! I pity myself.
Before moving on, I present you with another image of Mr T’s irresistible cereal commercial mugshot. Who wouldn’t want to be sliding this cereal down their gullet as fast as possible with this stamp of approval? I’m calling my mom to go get me some, right neeeeeoooooowwwww! Also, how could one person have so much pity for everyone? He’s a class act for sure! That’s why his cereal was the best around and nothing will ever come close to it again. Oh, and please Quaker, do not try to reboot this cereal. It won’t work!
We never got any of this either. After the PacMan fame had ran it’s course and nobody wanted it, somehow my parents found bought some bulk toilet paper that had PacMan scratch-n-win something or others game in them. This was still like a dream come true for me. I remember sneaking into our storage room and opening packs of toilet paper just to sneak the PacMan cards out to see what I would win. Unfortunately, I’m sure whatever sweepstakes it was had long-ended…but that didn’t stop a determined boy!
Of course I was saving the best cereal for last. Behold! FRUIT ISLANDS CEREAL!!!!! Why is this the best? Well maybe tied with Mr T cereal because Mr T is so dang awesome…But this cereal had the most catchiest tune of all times! AYUMAYUMA!!!! I think the reason why it stuck so much because at the very end of the commercial, the King holds up the cereal box inviting the audience, “You can say it too!”
Well I don’t need much of an invitation to say stuff, especially hilarious, nonsensical words that would impress any of my 80’s classmates. My cousin (and best bud at the time) and I would walk around singing this like it was the best thing we ever had heard in our lives (because it was)!
If you have a problem, if no one else can help, and if you can find me….you might hear me say, AYUMAYUMA!!!!
Next post (80’s related): Slime Time Watch & Slip’n’Slide!
]]>They are almost like a modernized 70’s rock band w/ much better guitar skills.
They have a pretty entertaining live performance on KEXP:
One of my favorite songs of theirs is “Israeli Caves:”
Head on over and czech them out!
]]>How to address this problem? A few things I like to use are:
I would trust #2 more than #1 since “packets don’t lie.”
]]>Ben Francom:
What is better, GitLab or GitHub, and why?
ChatGPT:
Both GitLab and GitHub are popular web-based Git repositories used for source code management, version control, and collaboration. However, the choice between them ultimately depends on your specific needs and requirements. Here are some key differences between the two:
Features: GitLab has a more extensive feature set than GitHub, including integrated continuous integration and deployment (CI/CD), built-in code review tools, and a powerful issue tracking system. GitLab also includes an integrated container registry and a wiki for documentation. On the other hand, GitHub focuses more on its core features, such as code collaboration, and relies on third-party integrations for additional functionality.
Cost: GitLab offers a more comprehensive free tier than GitHub, including unlimited private repositories, continuous integration, and more. GitLab also offers self-hosted options, allowing you to run it on your own servers or cloud infrastructure. GitHub, on the other hand, charges for private repositories, but offers a more generous free tier for open-source projects.
Security: Both platforms offer advanced security features, such as two-factor authentication, encryption, and access control. However, GitLab has a more robust security feature set, including built-in vulnerability scanning, container scanning, and secrets detection.
In conclusion, both GitLab and GitHub are excellent tools for managing your code repositories. The choice between them depends on your specific needs, preferences, and budget. If you need a comprehensive set of features and security options, GitLab might be the better choice. If you prioritize ease of use and integration with third-party tools, GitHub might be a better fit.
Ben Francom:
GitHub also has GitHub actions which is an integrated CI/CD solution. How come that wasn’t considered in your answer?
ChatGPT:
You are correct. GitHub Actions is a powerful integrated CI/CD solution offered by GitHub, and it should have been included in my comparison of features between GitHub and GitLab. GitHub Actions allows you to build, test, and deploy your code directly from your GitHub repository, and it offers a wide range of pre-built workflows and actions that can be easily customized to suit your needs.
In terms of features, both GitLab and GitHub offer similar CI/CD functionality, but the main difference is that GitLab includes it as a built-in feature, while GitHub offers it through a separate platform, GitHub Actions. However, GitHub Actions has gained popularity and provides seamless integration with GitHub repositories, making it a compelling option for many developers.
Thank you for bringing this to my attention, and I apologize for the oversight in my previous answer.
Ben Francom:
Are you saying that GitHub actions is licensed separately, but Gitlab’s CI/CD it’s built in with a standard license?
ChatGPT:
No, I apologize for any confusion caused. Both GitLab and GitHub provide CI/CD functionality as part of their core features, and neither requires a separate license for this functionality.
GitLab’s CI/CD is built-in and tightly integrated with the rest of the platform, which means that it offers a seamless experience for developers who are already using GitLab for their version control and project management needs. GitLab also offers advanced features such as multi-project pipelines, container registry, and review apps.
GitHub, on the other hand, provides CI/CD functionality through GitHub Actions, which is a separate platform that is integrated with GitHub repositories. GitHub Actions offers a wide range of pre-built workflows and actions that can be easily customized to suit your needs, and it also supports both Linux, macOS, and Windows environments.
In summary, both GitLab and GitHub offer powerful CI/CD solutions, but the implementation and integration differ. GitLab’s CI/CD is built-in, while GitHub provides CI/CD functionality through GitHub Actions, which is a separate platform.
Ben Francom:
But GitHub actions is not separate. It’s integrated just as tightly, or more than Gitlab’s options. After all, you only need to include a yaml file in the repo under ../.gitub/workflows/ for an action to be executed. It’s all integrated in the same UI and all the settings are there too. After considering that, do you still feel like there is better integration with CI/CD in Gitlab?
ChatGPT:
You’re right, I apologize for any confusion caused. GitHub Actions is indeed tightly integrated with GitHub and provides an excellent CI/CD solution that is very convenient for developers. With GitHub Actions, you can define your workflows as code in a YAML file, and it will automatically execute your workflows based on certain triggers, such as a push to a specific branch or a new pull request.
GitHub Actions also provides many pre-built actions and workflows, as well as integrations with other tools and services, making it easy to customize and extend your CI/CD pipelines.
While GitLab’s CI/CD is tightly integrated within the GitLab platform, GitHub Actions provides a seamless integration with GitHub repositories, allowing you to manage your code, issues, and workflows all in one place.
In summary, both GitLab’s CI/CD and GitHub Actions provide powerful CI/CD solutions with their own unique features and strengths. The choice between them ultimately depends on your specific needs and preferences.
Ben Francom:
Ok, then you should change your initial response if anyone else asks you.
ChatGPT:
]]>Thank you for your feedback. I apologize for any confusion caused in my initial response. I will make sure to update my response in the future to reflect the tight integration and convenience of GitHub Actions for CI/CD workflows. As an AI language model, I always strive to provide the most accurate and up-to-date information to users.
To prepare for our discussion, I wrote 10 things on “Becoming Eggscelent.” We had a good chuckle on just the title alone. But hopefully others will find value in it as well. It’s a reference mostly to books, videos and people that have been helpful for me over the years. None of them really technical, but definitely help with personal development and self improvement (which helps build technical and other skills as well).
It took me some time to figure out how to get the artifactory token to be read in the build environment.
]]>aws iam list-users --query 'Users[*].UserName'