no more cubes

Blog

  • OPA GateKeeper

    Open Policy Agent to manage policy for Kubernetes with GateKeeper.

    Blog: OPA Gatekeeper: Policy and Governance for Kubernetes

  • BeA: Besonderes elektronisches Anwaltspostfach ohne Umlaute

    Es ist schlimmer, als wir alle gedacht haben.

    Mail rechtzeitig verschickt, Frist aber trotzdem versäumt: Das BeA kommt mit Umlauten nicht klar, der Absender einer Nachricht erfährt davon aber nichts.

    Source: BeA: Besonderes elektronisches Anwaltspostfach kann kein Deutsch – Golem.de

  • 7 Powerful Talks To Make You a Better Product Manager

    Should you be working in Product Management, this may well be a good selection for Sunday evening to watch:

    TED Talks for Product Managers
    TED

    As a product manager, you’ll want to continuously be seeking out new ways to learn, new information, fresh ideas, and inspiration. It’s a constant learning process, and it’s important to stay open and stay motivated. While there are many resources out there, including books, blogs, podcasts, influential people on social media, and tons of online publications, there is something we love about TED Talks.

    1.) How great leaders inspire action, by Simon Sinek

    2.) Chris Hadfield: What I learned from going blind in space

    3.) Sheena Iyengar: The Art of Choosing

    4.) Margaret Gould Stewart: How giant websites design for you (and a billion others, too)

    5.) Guy Kawsaki: The art of innovation

    6. Seth Godin: How to get your ideas to spread

    7. Navi Radjou: Creative problem-solving in the face of extreme limits

    Source: 7 Powerful TED Talks To Make You a Better PM

  • What We Can Learn from the Capital One Hack

    Capital One

    Earlier this week, it became public that Capital One was victim to a privacy leak, affecting more than 100 million of their customers. News revealed details about the source of the attack, that apparently an individual conducted and bragged about it publicly.

    Now, a few days later and more facts known, the always excellent Krebs on Security blog offers some lessons learned from the incident. It has good statements from Netflix, CloudFlare, DisruptOS and AWS personnel, including citations about the involvement of IAM, EC2 and WAF. In particular, it points out mitigations that AWS recommends in response to Server Side Request Forgery (SSRF).

    Interesting is the conclusion that Rich Mogull comes to, that the industry is facing a major gap in skills, related to this kind of cloud security. Basic skill and availability thereof has always been a major gap in the entire industry. Only with the arrival of cloud it becomes more sparse. Mostly, because corporations maintain both their existing data centers and new cloud infrastructure, leaving out on the opportunity to become more secure in the cloud.

    Source: What We Can Learn from the Capital One Hack

  • Batman has a bad day.

    https://twitter.com/Crashingtv/status/1155527513638133760
    We’ve all been there.

    via.

  • Look, No Hands!

    Look, No Hands!

    Black Hat 2019
    Black Hat 2019

    Google’s Project Zero drops a hand full of Zero Day vulnerabilities for the iPhone at Black Hat 2019. Apparently one of them isn’t patched yet. Interaction-less Attack Surface in this context means, it’s wormable, executing code with no human interaction.

    Source: Look, No Hands! — The Remote, Interaction-less Attack Surface of the iPhone

  • Unlock your product organization’s potential by defining “done”

    Simplifying and aligning conversations with a definition of done

    All too often, the task list for your teams shared project management tool shows items like “Create Workflow” or “Define Process”. Items that do resonate well in the flow of work and in the nexus of individuals. But they do fall short of allowing the rest of the organization to grasp the meaning and even fail to do so for the reporter when some time has passed.

    Some consice expressions on expectations on what this story or ticket is about can do wonder to getting things done. Rather than “defining a a workflow”, for example the product management team would

    • Check for Duplicate Entries
    • Describe the Requirement
    • Outline all depending products
    • Draw a critical path
    • Align all stakeholders on the critical path
    • Communicate to the team

    The core idea is to eliminate any discussion about when an issue, item or story is delivered and is unique across function. Of course, the above serves as an example and will vary by team and work, and needs revision in any particular scenario. Having specific action advise will help reducing debates and focus on an actual deliverable, that is done by all opinion.

    Source: Unlock your product organization’s potential by defining “done”

  • #FashionID

    Heute hat der Europäische Gerichtshof in einem Fall von FashionID, des Onlineshop des Modehändlers Peek & Cloppenburg, ein Urteil gesprochen. Es geht darin darum, wie mit der Weitergabe von Benutzerdaten bei der Verwendung von 3rd Party Content umgegangen werden muss. Dass der Einsatz von beispielsweise Facebook Like Buttons

    Unter anderem versucht die Tagesschau aufzuklären. Weil das Urteil durch den EuGH ergangen ist und daher Konsequenzen über Deutschland hinaus haben wird, berichten auch internationale News wie Techcrunch und Yahoo(Reuters).

    Simon Assion von #twobirds, Twitter-aktiver Rechtsanwalt, fasst eben dort einige Stichpunkte zu dem Urteil in einem Thread zusammen.

  • Big O Notation Cheat-Sheet

    https://twitter.com/PPathole/status/1155464941177987072

    Quick Context: Big O Notation describes an execution limitation of a function, given an argument tends towards a particular value. In other words, smaller values describe better execution, typically in execution time.

  • Therapeutic Jira

    Anyone in software development can relate.

    Leave a comment what you would do!