We all know that all software has bugs and that security is hard, but somehow we are still surprised when we see new vulnerabilities. Vulnerability A bug, flaw, weakness, or exposure of an application, system, device, or service that could lead to a failure of confidentiality, integrity, or availability. In 2020, there were 18,395 vulnerabilities reported, which means about 50 new vulnerabilities are reported every day. These numbers only include what has been reported to...

Read more

Setting up a new YubiKey as a second factor is easy—your browser walks you through the entire process. However, setting up a YubiKey to sign your Git commits and Secure Shell (SSH) authentication is a very different experience. In this post, I’ll walk through configuring a YubiKey and highlight some of the things I’ve learned along the way. I’ve used GPG for years, but it didn’t really "click" for me until I sat down and...

Read more

GitHub recently announced a new feature, GitHub Package Registry, currently in beta. It’s designed to allow GitHub users to publish and distribute packages of their software directly on GitHub instead of relying on an external system. At a glance, GitHub Package Registry has the following features and benefits. Supports multiple package clients: npm, Maven, NuGet, RubyGems, and Docker images Supports public and private packages Supports pre-release packages Can use webhooks and GitHub Actions to customize...

Read more

How many times have you checked your code into GitHub, just to have someone else check it out and find out there was some dependency missing so they could not get it to run? I rely heavily on Docker for my build environment, and before I release anything to a teammate, I like to run it through a quick test in Docker to make sure everything is working properly. This approach is simple and only...

Read more