I do not work with AI tools. This is not advice from experience of working with AI. It is advice from working with access controls in general.
Any agent has responsibility and authority. Responsibility is what it is required to produce. Authority is the set of resources that you provide to that agent. This does not change if the agent is human or automation, and AI agents fall in to that later category.
My defaults are set for Linux Kernel development, but I have been in Qemu land lately and these values make it easier to format.
set shiftwidth=4
set expandtab
set tabstop=4
retab
Using ebpf and the bpftrace command line utility, you can perform simple reporting on function calls. Here’s an example:
Continue readingI have wasted a lot of time as a developer waiting for long running processes to complete. Whether it is a Linux Kernel compile, and Ansible Playbook tearing down and recreating a system on a remote server, or a gitlab pipeline building and testing code, the common problem is that my head is in the problem being addressed there, but I cannot do anything to verify hypotheses until the process completes. I often get distracted while waiting, and find that what could have been a 5 minute turn around has become a 2 hour turn around.
Continue readingI tend to want to work with three windows side by side. Two have the code I am working with, often production code on the left, test code on the right. The third window is the output from running commands to test the code.
I recently have decide to go all-in on vim, and it is progressing nicely. Thank you the Jake Worth for inspiring this. In Vim, the meta key for for doing windows operations is Ctrl-W. Here are a few commands I have gathered up from the internet. I will collect up the links where I get them at the bottom
We have a build system that has grown organically. It started as a shell script. We needed to run it from gitlab, so we wrote helper scripts to insulate our code from gitlab. Then we added some helper functions to mimic the gitlab interactions when working with them from the comand line. The helper functions grew until you could not practically run the original shell script without them.
It is a mess.
I want to refactor it.
Refactoring Shell is painful.
I want objects. I want python.
So I am rewriting the gitlab and functions layer in python with an eye to rewriting the whole thing. Here’s what I have learned;
Continue readingAssuming PRINCIPAL is your Kerberos principal and $IPASERVER is the FQDN of your server, you can query your identity on the IPA server via curl:
kinit $PRINCIPAL
curl -k -H referer:https://$IPASERVER/ipa -H "Content-Type:application/json" -H "Accept:applicaton/json" --negotiate -u : --cacert /etc/ipa/ca.crt -d '{"method":"whoami","params":[[],{"version": "2.220"}],"id":0}' -X POST https://$IPASERVER/ipa/json
{"result": {"object": "user", "command": "user_show/1", "arguments": ["ayoung"]}, "version": "4.5.4", "error": null, "id": 0, "principal": "ayoung@YOUNGLOGIC.COM"}This is handy if your system is not registered as an IPA client.
To fetch by username:
curl -k -H referer:https://$IPASERVER/ipa -H "Content-Type:application/json" -H "Accept:applicaton/json" --negotiate -u : --cacert /etc/ipa/ca.crt -d '{"method": "user_show", "params": [[ "ayoung" ], { "all": true, "rights": true } ]}' -X POST https://$IPASERVER/ipa/json
dmidecode -t processor | grep Version
Version: Ampere(R) Altra(R) Processor
Version: Ampere(R) Altra(R) Processor
Role Based Access Control (RBAC) as defined by NIST is based on the concept of global roles. Global, in this case, means the scope of the application. So if you have the role of ADMIN, and you are in a globally scoped RBAC based application, that role applies to all APIs and resources within the program.
OpenStack was written assuming that the ADMIN role was a global role. But then it was implemented as a non-global role. It was implemented as a role scoped to a tenant. The term tenant was the original (and I would argue, better) term for what was later called Project, and then again expanded to Domains as well.
Continue readinghttps://gnome.pages.gitlab.gnome.org/libxml2/xmllint.htmlLets say you want to see what src RPMs are in a given yum repo. If the author used createrepo to create the yum repo, it should be an a fairly standard layout. The following xpath query should pull it out.
Note that you can get xmllint to run the xpath query from libxml2
curl http://$yumserver/$somerepo/ > repo.html
xmllint --html --xpath "//html/body/table/tr/td/a/@href" repo.html | grep srcThe portion of the query a/@href will match a tag like this
<a href="https://blam.src.rpm">