https://www.gravatar.com/avatar/ffa68a092e250fa39e9680419592aa6e?s=240&d=mp

KMS key context, IAM conditions, and s3

At $work, I’ve been using KMS to encrypt s3 bucket contents for some time now. It works rather well, but one thing that had been bugging me is that our IAM policies granted both read permissions on bucket objects and encrypt/decrypt on the relevant KMS key. That is, principals with the policies attached can use the key to encrypt/decrypt anything they otherwise have permission to access, not just objects in the bucket.

Conditional git Configuration

git has always(?) allowed for additional configuration files to be unconditionally included: 1 2 [include] path = path/to/gitconfig Each individual git repo has always had the ability to maintain its own configuration at .git/config. However, sometimes on our systems we also have certain locations where we store multiple git projects, which may need different configuration from the global, but still common across that location. Since … well, for the last year or two at least, git has allowed for the conditional inclusion of configuration files.

Fast Project Finding With fzf

fzf is a fantastic utility, written by an author with a history of writing useful things. He’s also a vim user, and in addition to his other vim plugins he has created an “enhancement” plugin called fzf.vim. One of the neat things fzf.vim does is make it easy to create new commands for fuzzy searches. If you’re like me, you probably have some absurd number of project repositories you keep around and jump to, as necessary.

No, use *my* DNS. (aka Netflix vs tunnelbroker.net)

Google DNS is being hardcoded into a significant number of devices now. Which is nice, because it pretty much always works.

…except when you’re trying to use Netflix and you have a tunnelbroker IPv6 tunnel. Ugh.

So, this is a brief followup to Stupid OpenWRT tricks. Or maybe “Getting Netflix to work when your ISP doesn’t support IPv6 yet” is a better way to put it…