I'll respond in more detail when I'm on the computer. I strongly agree, at the very minimum:
1. Secure bootloader
2. Lock flash, or better blow JTAG fuse
3. Keep CA certs on device and issue certs using CA to cloud servers
4. use signed OTA payloads, you'll need this if you're doing 1. (edited)
[10:03]
I learnt the hard way comprising security for usability/product requirements. :disappointed:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AWSTemplateFormatVersion: '2010-09-09' | |
Transform: AWS::Serverless-2016-10-31 | |
Resources: | |
Function: | |
Type: AWS::Serverless::Function | |
Properties: | |
Handler: handler.Handle | |
Runtime: python2.7 | |
CodeUri: ../cloudbookmarks.zip | |
Events: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env ruby | |
require 'bundler/setup' | |
require 'cloudformation-ruby-dsl/cfntemplate' | |
require 'cloudformation-ruby-dsl/spotprice' | |
require 'cloudformation-ruby-dsl/table' | |
template do | |
value AWSTemplateFormatVersion: '2010-09-09' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
set -e | |
echo "--- Clearing old build contents" | |
rm -rf build/* | |
echo "--- Getting yarn image" | |
docker pull kkarczmarczyk/node-yarn:6.7-slim |
Get centos, this will grab down centos:latest from docker hub.
docker pull centos
Run a container.
docker run -v $(pwd):/src -it centos /bin/bash
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
DOCUMENTATION = ''' | |
--- | |
module: cloudformation_stack_facts | |
short_description: list or describe stacks in cloudformation | |
notes: | |
- for details of the parameters and returns see U(http://boto3.readthedocs.org/en/latest/reference/services/cloudformation.html) | |
description: | |
- Lists or describes stacks in cloudformation. |
I hereby claim:
- I am wolfeidau on github.
- I am wolfeidau (https://keybase.io/wolfeidau) on keybase.
- I have a public key ASA_a8J3oBKsvIhbZjD8LHZS9t87vPf4yqrwubsxLioJtgo
To claim this, I am signing this object:
Build golang deb file.
tar xvzf go1.7rc5.linux-amd64.tar.gz
mkdir -p root/usr/local root/etc/profile.d
mv go root/usr/local
cat /etc/profile.d/golang.sh << EOF
PATH=$PATH:/usr/local/go/bin
export PATH
EOF
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
(/usr/sbin/blkid -t TYPE=ext4 | grep /dev/xvdk) || (/usr/sbin/wipefs -fa /dev/xvdk && /usr/sbin/mkfs.ext4 /dev/xvdk) | |
mkdir /mnt/ebs-docker | |
mount /dev/xvdk /mnt/ebs-docker -t ext4 | |
mkdir /mnt/ebs-docker/docker | |
ln -s /mnt/ebs-docker/docker /var/lib/docker | |