RB nitrocode

Template terraform provider for darwin arm

Provider registry.terraform.io/hashicorp/template v2.2.0 does not have a package available for your current platform, darwin_arm64

why

The templatefile function only works with files. If you're working with files then switch to templatefile.

The hashicorp/template provider's template_file data source works with template strings and files (converted to strings) but was archived/deprecated before creating an arm release forcing people to look into other options if using Apple M1 (based on ARM).

Github "Verified" commits using GPG key with private email

It's nice to see a Verified message next to each commit for peace of mind.

Using GPG or S/MIME, you can sign tags and commits locally. These tags or commits are marked as verified on GitHub so other people can be confident that the changes come from a trusted source.

Install latest gpg

If using a mac use homebrew

Preface:

It is, unfortunately, extremely common for customers and enterprises operating in AWS to have chosen a workload/storage bearing account (more than likely, the main production account) as the Organization Management Account (formerly known Organization "Master" account, before AWS adopted better naming).
Many customers and companies operating in AWS made this decision in 2018 or so and its unforunately not something that can be easily changed as of 2024. Many customers have requests to AWS to make a friendly path for rehoming the Org Management account, but last I heard it is still not prioritized. Thus, we as customers are left to go through the nerve-wracking, if not dangerous process of migrating to a new AWS Organization in order to align with modern best practices and reduce common privilege escalation and account to account lateral movement concerns (made worse if you happen to have enabled things like Cloudformation Stacksets, Control Tower, or other powerful services in the same

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

	#!/usr/bin/env python

	import boto3
	import os
	import json

	script_dir = os.path.dirname(os.path.realpath(__file__))

	owner_account = 'xxxxxxxxxxx'

	provider "aws" {
	region = "us-west-2"
	}

	ephemeral "random_password" "db_password" {
	length = 16
	}

	resource "aws_secretsmanager_secret" "db_password" {
	name = "db-password"