Like any lab setup, this was kind of a headache. I'll save you the excruciating details and simply tell you what you actually need to get this thing going.

Executive Summary

With remote work in the USA at its peak during spring of 2020, so is the use of conferencing software and its accompanying paranoia. In this article, I talk about the recent buzz around Zoom's security flaws, and take a realistic look at its imperfections, the reasonable use cases of the software, and the expectations and alternatives we should incorporate and explore.

Why are people talking about Zoom?

During April of this year, several vulnerabilities have come into the public discourse about Zoom:

This script quickly outputs the iam policies for each folder in your GCP organization. This is a good tool if you're chasing down a permissions problem and you're not sure which folder might be the issue.

Fetch IAM policies
Fetch organizational policies

Where I work we have these smart cards (CACs) with x509 certs, protected by a PIN. There was some directive years ago to use these certs to login to all systems, but also the OpenSSH people said they would never support x509 for security reasons (x509 being too complex to be secure).

Backstory

I love open source. I love ElasticSearch, I love the AWS cloud, and I love not getting compromised. Today, I'm putting a solution in production that I just have to tell someone about or I'm going to explode. If you love any of these things too, then read on my friend, because I've created something that can make your life easier.

Backstory

So yeah privacy is dying in ways I never imagined. Your ISPs are harvesting data on you and selling that data without your knowledge or consent. They're monitoring all the devices you connect to your home network and aggregating who knows what kind of data about what you do on them, who manufactured them, etc. Honestly it's creepy that my ISP is spying inside my front door, and I'm taking measures to protect myself.

# $OpenBSD: relayd.conf,v 1.4 2018/03/23 09:55:06 claudio Exp $

An API generally doesn't want to restrict a request's origin. However, some things don't work well with Access-Control-Allow-Origin: *. So, the way around that is to just mirror back the Origin that a client sends. This apache config sets Access-Control-Allow-* headers when it receives an Origin header from a client, and mirrors the requested Origin back in the Access-Control-Allow-Origin header.

Building on this post, below are some examples of how to traverse your entire S3 inventory and:

---------------------------
ec2: error: unrecognized arguments
This is almost certainly caused by placing the EC2 dynamic inventory script in you project's ./library directory. What's happening is that the dynamic inventory python script has the same name as the default EC2 module. Therefore, it overloads the default module at runtime. Put your dynamic inventory scripts in the root directory of your project to avoid this problem.
---------------------------