Posts tagged with "security"

The standard SDLC model breaks for data science because model training requires production data. Here is a five-stage promotion framework that resolves the conflict between data scientist flexibility and production security controls.

Three GitHub Actions workflows, Dependabot, and a Lighthouse config — here's the full CI/CD pipeline that builds, deploys, secures, and monitors this Jekyll blog. Including the bugs I shipped along the way.

Typing passwords every time you SSH into a Proxmox node gets old fast — especially with a six-node cluster. Here's how to set up SSH key authentication and an SSH config so you can just type 'ssh harlan' and be in.

Dependabot misses Python pip security issues that pip-audit catches. Here's a GitHub Actions workflow that audits dependencies automatically without requiring pinned versions.

The ISC2 CC certification was offered free through end of 2024 — a solid entry point into security fundamentals and a direct stepping stone toward CCSP and CISSP.

Enabling Touch ID for sudo on macOS Sonoma, then fixing the two cases where it silently falls back to password: tmux sessions and DisplayLink external displays.

I’m live with the Lets Encrypt certificates for the blog.mcgarrah.org website. This has been awhile in the making and I’m kind of excited. I’m on a legacy environment with Ubuntu 12.04 LTS so part of the process is manual but certificate update just happens nicely. Updating the Apache config files has a little bit of effort but nothing too bad.

I’m beginning to setup enough infrastructure that a wildcard certificate would be nice but I’m uninterested in paying several hundred dollars a year for that certificate. The free certs that used to be around just are not there anymore so far as I can see. My goal is to setup SSL certificates for both my email server and all the virtual host web sites I’m hosting under my mcgarrah.org domain for less than a hundred dollars a year.