| AWS |
AWS Mobile Blog |
Building a social network app with Amplify Form Builder and Storage |
https://aws.amazon.com/blogs/mobile/building-a-social-network-app-with-amplify-form-builder-and-storage/
|
Building a social network app with Amplify Form Builder and StorageFor apps that are heavily image dependent like social media apps managing file upload and access is core to the app s success Integrating with all the services needed for cloud based file management and access can be painful but Amplify Studio can provide you with tools to integrate quickly and easily with AWS S storage In … |
2023-07-27 20:07:03 |
| AWS |
AWS |
Back to Basics: Automating Provisioning of IoT Devices |
https://www.youtube.com/watch?v=WCZET7Hbl3Y
|
Back to Basics Automating Provisioning of IoT DevicesMany developers face challenges when designing a secure and scalable way to onboard Internet of things IoT devices to their cloud infrastructure In this episode join Yuri as he discusses AWS IoT core can help and the best practices when connecting device and designing event driven IoT Architectures Additional Resources Manufacturing devices with x certificates AWS IoT Provisioning Devices that don t have unique device Certificate AWS IoT Provisioning Devices that have device certificate Check out more resources for architecting in the AWS cloud AWS AmazonWebServices CloudComputing BacktoBasics IoT |
2023-07-27 20:47:49 |
| 海外TECH |
MakeUseOf |
The 10 Best ChatGPT Crypto Prompts |
https://www.makeuseof.com/the-best-chatgpt-crypto-prompts/
|
chatgpt |
2023-07-27 20:45:28 |
| 海外TECH |
MakeUseOf |
How to Organize Your Projects With Trello |
https://www.makeuseof.com/how-to-organize-projects-trello/
|
trello |
2023-07-27 20:45:28 |
| 海外TECH |
MakeUseOf |
6 Lesser-Known Alternative Web Browsers for Linux |
https://www.makeuseof.com/tag/12-worthy-alternative-browsers-for-linux/
|
alternative |
2023-07-27 20:45:28 |
| 海外TECH |
MakeUseOf |
8 Ways Doomscrolling Can Negatively Affect Your Mental Health and Wellbeing |
https://www.makeuseof.com/negative-impacts-of-doomscrolling/
|
aspects |
2023-07-27 20:30:27 |
| 海外TECH |
MakeUseOf |
What Are MMO Games, and How Have They Changed? |
https://www.makeuseof.com/what-are-mmo-games/
|
reason |
2023-07-27 20:16:23 |
| 海外TECH |
DEV Community |
True Secrets Auto Rotation with ESO and Vault |
https://dev.to/canelasevero/true-secrets-auto-rotation-with-eso-and-vault-1g4o
|
True Secrets Auto Rotation with ESO and Vault RequirementsA Kubernetes cluster that you can use kind minikube something managed and kubectl to connect to itVault CLIExternal Secrets Operator ESO installed Vault installed through the helm chart What we want to achieveThis guide aims to establish an automatic hourly rotation of a database connection secret Following these steps an administrator sets up the process once ensuring that the secret refreshes every hour Simultaneously the application will always maintain valid credentials for seamless database interactions ESO secret Generators️As of this writing this feature is in alpha state and we want more people to help test it so we can make improvements and eventually promote to stable Documentation around it is a bit limited that s why I am getting this guide out in my blog while we figure better ways to bring these into our documentation Getting StartedJust so we start with the same setup I have locally I have installed Vault in a namespace named vault You can use helm install vault hashicorp vault n vault create namespace command instead of the one provided in the guide Follow all steps in there to init Vault unseal and get the cluster keys json with the token You can skip other steps I have installed ESO in the default namespace In this guide we are going to use Vault token authentication just for the sake of simplicity However please never use this in real setups Prefer service account auth After properly starting Vault and unsealing it take note of your auth token Let s do a port forward and authenticate in our work desktop so we don t have to exec into Vault every time we need to run commands In a new terminal this terminal will be blocked kubectl n vault port forward service vault In another terminal you can run export VAULT ADDR vault login type your auth token Simple Deployment of PostgreSQLTo have an interesting example let s deploy psql and configure it so we can let Vault and other workloads connect to it Let s first create a configmap with an admin user and password for this psql instance just for simplicity and to get to the other part of the guide quickly cat lt lt EOF gt postgres config yamlapiVersion vkind ConfigMapmetadata name postgres config labels app postgresdata POSTGRES DB postgresdb POSTGRES USER admin POSTGRES PASSWORD psltestEOFApply it kubectl apply f postgres config yamlNow create the postgres deployment yaml cat lt lt EOF gt postgres deployment yamlapiVersion apps vkind Deploymentmetadata name postgres Sets Deployment namespec replicas selector matchLabels app postgres template metadata labels app postgres spec containers name postgres image postgres Sets Image imagePullPolicy IfNotPresent ports containerPort Exposes container port envFrom configMapRef name postgres configEOFApply it kubectl apply f postgres deployment yamlAnd finally let s create a service so other workloads can access it cat lt lt EOF gt postgres service yamlapiVersion vkind Servicemetadata name postgres Sets service name labels app postgres Labels and Selectorsspec type NodePort Sets service type ports port Sets port to run the postgres application selector app postgresEOFApply it kubectl apply f postgres service yaml Preparing DB with new readonly roleExec into the psql pod kubectl get pods get pod namekubectl exec it lt postgres pod name gt bashChange into postgres user and run commands to create the new role su postgrespsql c CREATE ROLE ro NOINHERIT psql c GRANT SELECT ON ALL TABLES IN SCHEMA public TO ro We are going to use this role when configuring Vault to use Dynamic Secrets with psql plugin Vault Dynamic SecretsVault Dynamic secrets are in fact meant to be used as a way to get short lived credentials However there is nothing stopping us from using them in our auto rotation process There are various other plugins that integrate with other systems like AWS credentials or certificate issuing systems Most of these are also interesting in the context of ESO but I wanted a self contained example with no need to create external accounts for you to try it out Lets first enable the database engine vault secrets enable databaseAfter that let s configure PostgreSQL secrets engine with the admin creds we had before we are passing credentials into the connection url here never do that outside of test labs POSTGRES URL with name of the service and namespaceexport POSTGRES URL postgres default svc cluster local vault write database config postgresql plugin name postgresql database plugin connection url postgresql admin psltest POSTGRES URL postgres sslmode disable allowed roles readonly username root password rootpassword Create an SQL file container the templated command that will be used by Vault when dynamically creating roles tee readonly sql lt lt EOFCREATE ROLE name WITH LOGIN PASSWORD password VALID UNTIL expiration INHERIT GRANT ro TO name EOFWrite that into Vault and configure default expiration of new requested roles and other fields this will fail if you did not create the ROLE ro correctly while setting up psql vault write database roles readonly db name postgresql creation statements readonly sql default ttl h max ttl hYou can already check within Vault if you can get the temporary credentials before setting up other steps vault read database creds readonly responseKey Value lease id database creds readonly CPqcUrGfqfrAQKMVpeOlease duration hlease renewable truepassword p xDWSCIuz hlZPrsusername v root readonly SQjhNhGxxmKxQaRKsxM ESO Generator and ExternalSecretBefore next steps we are going to base encode the token so we can apply it with a secret Grab you Vault token and echo it into base echo somethinsomething baseNow we can use the new External Secrets Operator CRD the Generator Use the value outputted above for the auth token secret vault token cat lt lt EOF gt vaultDynamicSecret yamlapiVersion generators external secrets io valphakind VaultDynamicSecretmetadata name psql example spec path database creds readonly this is how you choose which vault dynamic path to use method GET this path will only work with GETs parameters no needed parameters provider server vault url In this case vault service on the vault namespace auth points to a secret that contains a vault token tokenSecretRef reference to the secret holding the Vault auth token name vault token key token apiVersion vkind Secretmetadata name vault tokendata token aHZzLkMMoUWNQSWYQkRJVUaWNNNzVHdwo token base encodedEOFApply this file kubectl apply f vaultDynamicSecret yamlAnd finally we can now create our ExternalSecret that in the end will let the operator create the final Kubernetes Secret cat lt lt EOF gt vaultDynamicSecret yamlapiVersion external secrets io vbetakind ExternalSecretmetadata name psql example es spec refreshInterval h the same as the expiry time on the dynamic config of Vault or lower so apps have always new valid credentials target name psql example for use the final name of the kubernetes secret created in your cluster dataFrom sourceRef generatorRef apiVersion generators external secrets io valpha kind VaultDynamicSecret name psql example reference to the generatorEOFApply this and check if the status of the ExternalSecret is ok kubectl get externalsecret responseNAME STORE REFRESH INTERVAL STATUS READYpsql example es h SecretSynced TrueIf you get errors here verify that you used the right path in the Generator Also check that you created the right roles inside psql and you can ping vault from a pod in the ESO namespace Checking the final secretYou should get a secret containing new users and passwords with read only access to the database every hour k get secrets psql example for use o jsonpath data response password VlSWUlqZzdvQSyOTFaVNSWE username diybLXJlYWRvbmxLVlXQkzZhbkhSbGtuYFqTUgLTEOTANzIwMzc To check one of the values you can get it and base decode it k get secrets psql example for use o jsonpath data password base dNow your application can use this secret it will be automatically auto rotated and still be a valid credential to the database CaveatsIf you use secrets as Environment Variables you will need to use something to make workloads get the new credentials if they just loose connection You can use the Reloader project for that If you use secrets as volumes pods will get that update automatically and you won t have problems connecting as long as your application can get the new values ConclusionThat s it We ve set up an auto rotating secret for a database connection using ESO and Vault The magic is as we said you can set it once and forget Your secret refreshes every hour and your app stays connected to the database with valid credentials It is secure you follow best practices with regard to rotation and you avoid manual intervention if that is not needed |
2023-07-27 20:40:37 |
| Apple |
AppleInsider - Frontpage News |
Hot tech deals: save $1,000 on Samsung 4K TV, 16-inch MacBook Pro $769, Apple MagSafe Charger $29, OWC Thunderbolt Dock $99 |
https://appleinsider.com/articles/23/07/27/hot-tech-deals-save-1000-on-samsung-4k-tv-16-inch-macbook-pro-769-apple-magsafe-charger-29-owc-thunderbolt-dock-99?utm_medium=rss
|
Hot tech deals save on Samsung K TV inch MacBook Pro Apple MagSafe Charger OWC Thunderbolt Dock From TVs to smartwatches and chargers to power stations this list has something for everyone Shop now and take advantage of these limited time offers At AppleInsider we re committed to finding unbeatable deals for you every day Our team scours online retailers curating a diverse list of bargains across multiple categories Whether you re looking for exciting discounts on Apple products top notch TVs or must have accessories we ve got you covered Count on us to bring you the best deals to help you save big on all your tech purchases Shop smart and make sure to stay tuned daily for the hottest deals on the web Read more |
2023-07-27 20:26:48 |
| Apple |
AppleInsider - Frontpage News |
MLS Season Pass sets new viewership record highs with Messi's debut |
https://appleinsider.com/articles/23/07/27/mls-season-pass-sets-new-viewership-record-highs-with-messis-debut?utm_medium=rss
|
MLS Season Pass sets new viewership record highs with Messi x s debutApple now holds the MLS Season Pass record for the top three most watched matches almost certainly due to Major League Soccer s acquisition of Argentine soccer superstar Lionel Messi MLS Season PassOn Thursday Apple announced that it had set a new record for MLS Season Pass viewership for the week of July through July Read more |
2023-07-27 20:22:44 |
| 海外TECH |
Engadget |
X placed ads from Discovery, Showtime and USA Today on a neo-Nazi account |
https://www.engadget.com/x-placed-ads-from-discovery-showtime-and-usa-today-on-a-neo-nazi-account-202133800.html?src=rss
|
X placed ads from Discovery Showtime and USA Today on a neo Nazi accountX formerly Twitter continues to struggle to keep advertisers on board and the brands that have stuck around are seeing ads show up in unexpected places As reported by Media Matters brands such as Honeywell Discovery Showtime and USA Today are having their ads placed alongside tweets from The National Socialist Network account a neo Nazi group that actively advocates for violence and terrorism A job recruitment ad for the U S Border Patrol also appeared on the page It s clear that not only is X still allowing hate groups to exist on the platform it s allowing them to monetize their tweets The National Socialist Group s leader Thomas Sewell was found guilty of quot recklessly causing injury and array quot following a attack Other members of the group have pleaded guilty to quot possessing documents and records of information for terrorist acts quot Yet the group s Twitter account is still active Media Matters also reports that the account joined shortly after owner Elon Musk purchased Twitter It has been quot verified since July quot and according to Musk all verified accounts are eligible to receive a share of ad revenue on the platform Earlier this week Twitter started slashing new ad booking prices by percent through the end of the month The company says that the discount is necessary to allow advertisers to quot gain reach during crucial moments quot such as sporting events Twitter was also asking brands to spend at least per month on ads or verification in order to retain their verified badge on the platform This article originally appeared on Engadget at |
2023-07-27 20:21:33 |
| 海外科学 |
NYT > Science |
Titanium Clouds Engulf This Ultrahot Neptune-like Planet |
https://www.nytimes.com/2023/07/27/science/space/titanium-clouds-exoplanet.html
|
cosmic |
2023-07-27 20:51:08 |
| 海外科学 |
NYT > Science |
A Half-Million Americans May Have Tick-Linked Meat Allergy, C.D.C. Says |
https://www.nytimes.com/2023/07/27/health/alpha-gal-ticks-meat-allergy.html
|
alpha |
2023-07-27 20:22:19 |
| 海外科学 |
NYT > Science |
The U.S. Government Wants Your Dead Butterflies |
https://www.nytimes.com/2023/07/27/us/butterfly-moths-dead-mail.html
|
population |
2023-07-27 20:13:47 |
| 海外TECH |
WIRED |
The NSA Is Lobbying Congress to Save a Phone Surveillance 'Loophole' |
https://www.wired.com/story/nsa-ndaa-lobbying-privacy-loophole/
|
The NSA Is Lobbying Congress to Save a Phone Surveillance x Loophole x The National Security Agency has urged top lawmakers to resist demands that it obtain warrants for sensitive data sold by data brokers |
2023-07-27 20:31:24 |
| 海外TECH |
WIRED |
6 Best Deals: PC Components and Sex Toys |
https://www.wired.com/story/sex-toys-pc-deals-july-2023/
|
components |
2023-07-27 20:15:21 |
| ニュース |
BBC News - Home |
World Fencing Championships: Ukraine's Olga Kharlan disqualified for refusing Russian Anna Smirnov's handshake |
https://www.bbc.co.uk/sport/fencing/66322668?at_medium=RSS&at_campaign=KARANGA
|
World Fencing Championships Ukraine x s Olga Kharlan disqualified for refusing Russian Anna Smirnov x s handshakeUkrainian fencer Olga Kharlan is disqualified from the World Fencing Championships for refusing to shake hands with Russian Anna Smirnova |
2023-07-27 20:05:15 |
| ニュース |
BBC News - Home |
James family 'together and healthy' after son collapse |
https://www.bbc.co.uk/sport/basketball/66332787?at_medium=RSS&at_campaign=KARANGA
|
arrest |
2023-07-27 20:12:59 |
| ビジネス |
ダイヤモンド・オンライン - 新着記事 |
ツイッターの新ロゴ「X」 混迷の出発 - WSJ PickUp |
https://diamond.jp/articles/-/326772
|
wsjpickup |
2023-07-28 05:45:00 |
| ビジネス |
ダイヤモンド・オンライン - 新着記事 |
メタに「友達」戻る 好決算で次の投資段階へ - WSJ PickUp |
https://diamond.jp/articles/-/326771
|
wsjpickup |
2023-07-28 05:35:00 |
| ビジネス |
ダイヤモンド・オンライン - 新着記事 |
ビッグモーター不正事件で平均年収1100万円、最高5000万円の「超高待遇」社員たちはどうなるのか? - 今週もナナメに考えた 鈴木貴博 |
https://diamond.jp/articles/-/326768
|
鈴木貴博 |
2023-07-28 05:30:00 |
| ビジネス |
ダイヤモンド・オンライン - 新着記事 |
ビッグモーター問題で揺れる損保、独自入手データで「もたれ合いの構図」浮き彫りに - ダイヤモンド保険ラボ |
https://diamond.jp/articles/-/326795
|
損害保険ジャパン |
2023-07-28 05:27:00 |
| ビジネス |
ダイヤモンド・オンライン - 新着記事 |
資産1億円台なら増税額は136万円!?相続&生前贈与新ルールの影響を独自試算 - やってはいけない!相続&生前贈与 |
https://diamond.jp/articles/-/326434
|
新ルール |
2023-07-28 05:25:00 |
| ビジネス |
ダイヤモンド・オンライン - 新着記事 |
“消費税18%”級の大増税も!岸田政権が「マイナ保険証」を強引に進める本当の理由 - マイナンバーカードの落とし穴 |
https://diamond.jp/articles/-/326773
|
健康保険証 |
2023-07-28 05:20:00 |
| ビジネス |
ダイヤモンド・オンライン - 新着記事 |
急浮上した8月下旬人事説で、最大の関心事は党役員の交代 - 永田町ライヴ! |
https://diamond.jp/articles/-/326719
|
内閣改造 |
2023-07-28 05:15:00 |
| ビジネス |
ダイヤモンド・オンライン - 新着記事 |
セブン・ファミマ・ローソン、社員の声に見る真の姿…「年功序列」「三菱商事や伊藤忠に不満」 - セブンの死角 伊藤忠&三菱商事の逆襲 |
https://diamond.jp/articles/-/326452
|
三菱商事 |
2023-07-28 05:10:00 |
| ビジネス |
ダイヤモンド・オンライン - 新着記事 |
【無料公開】ホテル業界の女王・森トラスト社長がコロナで悟った、多角化の「強さ」と「落とし穴」 - Diamond Premiumセレクション |
https://diamond.jp/articles/-/326686
|
diamond |
2023-07-28 05:05:00 |
| ビジネス |
東洋経済オンライン |
格安スマホが逆襲、大手キャリアの「牙城」に異変 悲観説を覆し、MVNOがシェアを盛り返した理由 | 通信 | 東洋経済オンライン |
https://toyokeizai.net/articles/-/689724?utm_source=rss&utm_medium=http&utm_campaign=link_back
|
東洋経済オンライン |
2023-07-28 05:40:00 |
| ビジネス |
東洋経済オンライン |
社会保険が子ども・子育てを支えるのは無理筋か 「提唱者」権丈善一・慶応大教授が寄稿(上) | 子ども・子育て支援と社会保険活用 | 東洋経済オンライン |
https://toyokeizai.net/articles/-/688025?utm_source=rss&utm_medium=http&utm_campaign=link_back
|
社会保険 |
2023-07-28 05:20:00 |
| ビジネス |
東洋経済オンライン |
ビッグ会見に見る「SNS時代の企業謝罪」の難しさ メディアだけでなくネット民も追及する時代に | ビッグモーター「保険金水増し請求」問題 | 東洋経済オンライン |
https://toyokeizai.net/articles/-/690158?utm_source=rss&utm_medium=http&utm_campaign=link_back
|
東洋経済オンライン |
2023-07-28 05:10:00 |
| 海外TECH |
reddit |
Shohei Ohtani hits a home run after pitching a complete game shutout earlier today, the 37th for the major league leader in homers! |
https://www.reddit.com/r/baseball/comments/15bczd5/shohei_ohtani_hits_a_home_run_after_pitching_a/
|
Shohei Ohtani hits a home run after pitching a complete game shutout earlier today the th for the major league leader in homers submitted by u Blazingbee to r baseball link comments |
2023-07-27 20:45:48 |
コメント
コメントを投稿