• 0 Posts
  • 10 Comments
Joined 1 year ago
cake
Cake day: July 1st, 2023

help-circle



  • I’d be cautious about the “kill -9” reasoning. It isn’t necessarily equivalent to yanking power.

    Contents of application memory lost, yes. Contents of unflushed OS buffers, no. Your db will be fsyncing (or moral equivalent thereof) if it’s worth the name.

    This is an aside; backing up from a volume snapshot is half a reasonable idea. (The other half is ensuring that you can restore from the backup, regularly, automatically, and the third half is ensuring that your automated validation can be relied on.)





  • Check Crowdstrike’s blurb about the 1-10-60 rule.

    You can bet that they have a KPI that says they can deliver a patch in under 15m; that can preclude testing.

    Although that would have caught it, what happened here is that 40k of nuls got signed and delivered as config. Which means that unparseable config on the path from CnC to ring0 could cause a crash and was never covered by a test.

    It’s a hell of a miss, even if you’re prepared to accept the argument about testing on the critical path.

    (There is an argument that in some cases you want security aystems to fail closed; however that’s an extreme case - PoS systems don’t fall into that - and you want to opt into that explicitly, not due to a test omission.)



  • Came here to say the same thing. The git book is an afternoon’s reading. It’s well worth the time - even if you think you know git.

    People complain about the UX of the cli tool (perhaps rightly) but it’s honestly little different from the rest of the unix cli experience: ad hoc, arbitrary, inconsistent.

    What’s important is a solid mental model and the vocabulary of primitive and compound operations built with it. How you spell it in the cli is just a thing you learn as you go.