Pinboard (jm)
https://pinboard.in/u:jm/public/
recent bookmarks from jmA quick rage-thread about credentials2022-06-04T16:32:42+00:00
https://twitter.com/colmmacc/status/1532058883908198401
jmsecurity credentials authentication tls expiry ssl expiration keys key-rotation key-revocation colmmacchttps://pinboard.in/https://pinboard.in/u:jm/b:7b2660cd2e41/Handling GDPR: How to make Kafka Forget2017-12-05T23:05:40+00:00
http://www.benstopford.com/2017/12/04/handling-gdpr-make-kafka-forget/
jmHow do you delete (or redact) data from Kafka? The simplest way to remove messages from Kafka is to simply let them expire. By default Kafka will keep data for two weeks and you can tune this as required. There is also an Admin API that lets you delete messages explicitly if they are older than some specified time or offset. But what if we are keeping data in the log for a longer period of time, say for Event Sourcing use cases or as a source of truth? For this you can make use of Compacted Topics, which allow messages to be explicitly deleted or replaced by key.
Similar applies to Kinesis I would think.]]>kafka kinesis gdpr expiry deleting data privacyhttps://pinboard.in/https://pinboard.in/u:jm/b:7e063febc6e6/_Optimal Probabilistic Cache Stampede Prevention_ [pdf]2017-05-11T20:20:40+00:00
http://www.vldb.org/pvldb/vol8/p886-vattani.pdf
jmvia:marcbrooker caching caches algorithm probabilistic expiration vldb papers expiry cache-miss stampedeshttps://pinboard.in/https://pinboard.in/u:jm/b:e8b64dc20608/Manage DynamoDB Items Using Time to Live (TTL)2017-02-28T12:25:36+00:00
https://aws.amazon.com/blogs/aws/new-manage-dynamodb-items-using-time-to-live-ttl/
jmMany DynamoDB users store data that has a limited useful life or is accessed less frequently over time. Some of them track recent logins, trial subscriptions, or application metrics. Others store data that is subject to regulatory or contractual limitations on how long it can be stored. Until now, these customers implemented their own time-based data management. At scale, this sometimes meant that they ran a couple of Amazon Elastic Compute Cloud (EC2) instances that did nothing more than scan DynamoDB items, check date attributes, and issue delete requests for items that were no longer needed. This added cost and complexity to their application. In order to streamline this popular and important use case, we are launching a new Time to Live (TTL) feature today. You can enable this feature on a table-by-table basis, specifying an item attribute that contains the expiration time for the item.
]]>dynamodb ttl storage aws architecture expiryhttps://pinboard.in/https://pinboard.in/u:jm/b:61fd2a459e9a/The problems with forcing regular password expiry2016-04-19T16:55:31+00:00
https://www.cesg.gov.uk/articles/problems-forcing-regular-password-expiry
jm
The new password may have been used elsewhere, and attackers can exploit this too. The new password is also more likely to be written down, which represents another vulnerability. New passwords are also more likely to be forgotten, and this carries the productivity costs of users being locked out of their accounts, and service desks having to reset passwords.
It’s one of those counter-intuitive security scenarios; the more often users are forced to change passwords, the greater the overall vulnerability to attack. What appeared to be a perfectly sensible, long-established piece of advice doesn’t, it turns out, stand up to a rigorous, whole-system analysis. CESG now recommend organisations do not force regular password expiry.
]]>cesg recommendations guidelines security passwords expiry uk gchqhttps://pinboard.in/https://pinboard.in/u:jm/b:17124f78ef0e/Oops: Instagram forgot to renew its SSL certificate2015-04-30T14:32:28+00:00
http://thenextweb.com/apps/2015/04/30/oops-instagram-forgot-to-renew-its-ssl-certificate/
jmcerts ssl renewal expiry instagram outages lifecycle web httpshttps://pinboard.in/https://pinboard.in/u:jm/b:99a3ab5aa377/