I hereby claim:
- I am xirkus on github.
- I am mllaguno (https://keybase.io/mllaguno) on keybase.
- I have a public key whose fingerprint is 404C E144 8375 3993 DAFB CEDD 799A B1E2 0103 7B37
To claim this, I am signing this object:
Mel Llaguno xirkus
xirkus
/ terraform_the_missing_manual.md
Last active
July 8, 2023 11:00
Terraform - The Missing Manual
Infrastructure-as-Code is a principal that drives modern DevOps practice. I discuss the current state of Terraform and provide some basic guidelines/principles regarding how to structure it's usage for your project.
% terraform plan
Running plan in the remote backend. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.
Preparing the remote plan...
To view this run in a browser, visit:
https://app.terraform.io/app/scrb/scrb/runs/run-ynhciGC5Dp5CKHgy
xirkus
/ hipaa_compliance_guidelines.md
Last active
June 21, 2021 08:40
Collection of HIPAA Compliance Guidelines
- Summary of the HIPAA Security Rule <- annotated
- The Security Rule <- annotated
- Guidance on Risk Analysis <- annotated
- HIPAA Security Rule Toolkit
- Security Risk Assessment Tool
xirkus
/ synology_self_signed_cert_howto.md
Last active
November 7, 2024 00:54
Using the Synology NAS Certificates to Provision Private/Locally Scoped Self-signed SSL Certificates
It's possible to use a Synology Diskstation's Certificate generation functionality to create a set of privately scoped (non-FQDN) self-signed SSL certificates that you can use to provision internal network services so that connecting to them does not cause your browser to throw warning messages (or in the case of Chrome, prevent you from connecting at all).
Usually, when you add network devices to your personal private network, they are refereneced by IP addresses as naming requires either maintaining individual host files on each machine or setting up DNS. The first is pretty cumbersome; the second seems like overkill (unless you're a masochist, which I have been in the past). As an alternative, I considered using locally scoped names associated with fixed IPs associated via a light-weight DNS resolver (in my case, using unbound running on my Raspberry Pi with Pi-Hole).
**WARNING: This is clearly a HACK and is not intended to be used for production environments. If you need full SSL certi
xirkus
/ yubikey+gpupgp+ssh_howto.md
Last active
September 19, 2024 14:54
Security Adventures 1. How to get yubikey+gpg+ssh+gitbhub working on MacOS
I've spent the day trying to get this setup working with GitHub and given the number of gotcha's I encountered, it seemed like a good idea to document how I finally got this working with as few hacks as possible. There's a lot of documentation out there (some of it old and misleading) and committing here for posterity will help me remember this when I inevitably need to do this again.
Passwords are simply not enough these days. Regardless of the company, breaches (and the associated Personally Identifiable Information harvested) are a matter of not if, but when. There are a number of things you can do to protect yourself, but being on the tin-foil-hat side of paranoia, means there are a few Commandents that I adhere to (and recommend for other folks)[Insert link to Fight Club Rules for the Secure Internet].
That being said, if you use 2-factor authentication and have committed to using a hardware token such as the Yubikey, then you're already ahead of the curve. The problem is that wh