2022-10-16 18:14 UTC

Managing SSH Known Hosts With SSSD And LDAP

For various reasons, I manage on-premises, non-cloud infrastructure. For centralized authentication, I use PAM and OpenLDAP along with SSSD for purposes of caching for availability and load reduction. I rely on the openssh-lpk.openldap.schema LDAP schema for passwordless authentication with OpenSSH, and, recently, I discovered that the same schema can be ... read more

2019-03-18 10:32 UTC

Fun MySQL fact of the day: REPLACE your expectations

So, if we agree that we should avoid using INSERT ... ON DUPLICATE KEY UPDATE and INSERT IGNORE, surely we can use REPLACE INTO to upsert a row, right?! And yes, you can, if you want a DoS bug feature or account/identity takeover vulnerability in your multi-tenant system. Yep, ... read more

2019-03-14 11:33 UTC

Fun MySQL fact of the day: ON DUPLICATE KEY LEAK DATA

As developers, part of our job is ensuring system stability long after we are finished writing code. It is our responsibility to ensure the next developer in our place doesn't inherit a system littered with landmines and that our customers' data integrity and privacy is always a top priority. Today's ... read more

2012-01-01 19:22 UTC

Running Firefox As An Isolated Linux User

A few years back, I decided that the risks of running some Internet-connected programs on my workstation containing personal data was a bigger risk than necessary. After discussing this topic with several colleagues, the general consensus was that I'm too paranoid. ... read more