Thanks! Glad it was helpful. I didnt have any similar realization until I had worked in the field for awhile amd honestly didnt have anyone to tell so i probably rambled. Good summary. Lean more into WAF, EDR and observability before a honeypot but yeah both are valid.

Hope your talk goes well!

By no means am I the microservices guy. Im more of a self hosted person than anything and used to always be a monolith guy and would still prefer that in many situations. But now I would at least “wrap” the monolith with supplemental self hosted microservices.

But TLDR this is the logic as I understand it and the key thing. Dont cast your pearls before swine. Its basically biblical. Lol jk jk. But really put a cheap reverse proxy with a honey pot and some alerting… or even better a WAF and/or EDR then catch and isolate them when they compromise your front end and garbage honey pot before they can even move laterally internally.

The longer slightly more technical answer is a malicious actor compromises one utility they likely made a lot of noise doing it which is key to securing the assets. First a lot of malicious activity can be mitigated with a proactive WAF. There are a few free solutions here Crowdsec WAF (ModSecurity, i think is another, working from memory could be wrong) has a decent signature detection and shared banned list. If you couple it with proper alerting you should be able to see, watch and isolate attackers in near real time. So even if they get the reverse Proxy and you messed up alerting on WAF, if you have layers of security, you still have your fall back EDR (like elk stack) alert for when proxyUser starts issuing ping commands and performing asset discovery. So you should see it days before they escalate privileges (unless 0 day or nation state etc).

They will still do damage you are absolutely right. But let’s assume a tiered microservice approach for a functioning SAAS app where you have something like pocketbase for Auth, Umami for analytics, Stripe for payments and Postgres for paid api data. Even an issue in pocketbase / Auth doesn’t necessarily mean they get all your paid api data because hopefully you have per user rate limits on postgres and backend services (should your pocketbase user even be reading or writing to your paid data tables? Additionally alerting should provide observability into admin sign ins from new /suspicious locations, or multiple other suspicious behavior such as one user signing into multiple accounts, seeking priv escalation and so on.) But the main thing, they don’t get any cardholder data and that is a huge win. In fact if you are storing cardholder data PCI compliance requires segmentation.

Additionally look at actual CVEs related to pocketbase and you will find a lot to do with OATH so in this case its simple. Disable OATH for best security. Put a WAF in front of your app using something like traefik with crowdsec or ModSecurity with an nginx reverse proxy to catch bad actors when they try to abuse your non existent OATH endpoint and ban them instantly. You catch a lot of bad actors with that trap.

Or to take it back to your first example, if I have a segmented service that is compromised. I want to catch and isolate them before they even realize they are in a rootless podman container by taking advantages of the natural footguns that any script or malicious actor would naturally stumble into. For instance if my “reverseProxyUser” or any process in that entire container uses the sudo command that is a 10/10 fire type alert. That im pretty sure you could even automatically isolate or spin down with a few scripts, something like Argo or probably even off the shelf EDR.

Is it perfect, no. Any determined actor will find a way into any system given enough time. But a layered approach like this is best in my opinion. Of course it needs modified for every system this is just one example.

You can do the same thing with a monolith and good scripting. It isnt exclusive to microservices. Its just natively built that way in the instances that I am aware of thanks to the prominence of Kubernetes really. At least I think that’s why.

Edit: i can’t type / got interrupted mid reply. Its half decent now.

Separation of concerns is a major benefit that shouldn’t be overlooked with security implications. Assuming you are properly restricting access to each worker node / “tier”, when one tier inevitably becomes compromised; it doesn’t result in the complete compromise of the entire monolith.

In life in general, I’ve found people who arrive for the wrong reasons typically make a short stay before moving on.

Don’t worry, when you graduate it gets more isolating.

Portability, abstraction and inheritance are fundamental concepts, not buzzwords. Strongly typed languages can and does have all of these things.

At least we can all agree about something.

Post 2008 crash grad who eventually made it into engineering. I didnt realize this world existed so recently. I’ve never had less than three interviews for any job other than receptionist.

You have no idea how many of my closest friends have been to jail for drugs. I think that is a problem with the system, but im not going to go to the opposite end of the spectrum and act like we were being upstanding citizens.

Getting people addicted to things is bad. It doesn’t matter if you are a drug dealer, a casino, or a social media app.

A lot of drugs are very addictive and ruin people’s lives. I’m well aware a lot of lives were ruined by the stigma attached to to drugs, but to swing from they are evil criminal people to just equating drug dealing with every other job is insane to me.

You know its bad when dude casually drops that he’s a drug dealer and we all collectively shrug, like yeah sounds about right.

deleted by creator

Police: You are wasting electricity just to get high! Me: How many times do I have to explain it is high availability

I mean, I’m pretty sure this is extremely widespread in China, so I’d say it’s more cultural than anything else. In fact, since there are so many Chinese, that probably means more people call it A.P.P. than app. But I honestly have no clue, and it doesn’t matter to me either way. Words change. It’s nothing to get bent out of shape about.

So many good points in one post. People have to get off their high horse on democracy. My goto is every US president since WW2 is a war criminal. Do you think the people suffering war crimes care about democracy? It would be laughable if it wasnt infuriating.

Just to bolster your argument on the Middle East all anyone has to do is look at Sykes Picot. The whole middle east is just some brit in an office drawing squiggly lines, so that the west can extract as many resources from them as possible.

Its like people forgot the ottoman empire even existed and instead just get real racist with lines like “prone to war” “stuck in the past”. Bro the US is still creating nation states in the Arab world. Of course they are going to go to war, the west is standing on their neck.

.

Its the iphones fault.

I feel the pain in your comment.

I too have been burned by “cross-platform” tooling. What I’ve learned is the more complex your project is, the less likely it is to have simple cross compliation.

But with that huge caveat, I’ll say I’ve had a better time doing cross comp on dotnet than I have rust. Either of them are infinitely better than learning cmake though. That’s definitely just my amateur take though. I’m sure smarter people will tell you I’m wrong.

1000% percent. If they can’t even figure out how dates work in COBOL we are getting a vibe coded SSA. Let’s hope they trained LLMs on COBOL or we are cooked.

Pen Tester here. While i don’t focus on LLMs, it would be trivial in the right AI designed app. In a tool-assist app without a human in the loop as simple as adding to any input field.

&& [whatever command you want]] ;

If you wanted to poison the actual training set in sure it would be trivial, but It might take awhile to gain some respect to get a PR accepted, but we only caught an upstream attack on ssh due to some guy who feels the milliseconds of a ssh login sessions. Given how new the field is, i don’t think we have developed strong enough autism to catch this kind thing like in SSH.

Unless vibe coders are specifically prompting chatgpt for input sanitization, validation, and secure coding practices then a large portion of design patterns these LLMs spit out are also vulnerable.

Really the whole tech field is just a nightmare waiting to happen though.

Which faang company are you sr. engineer at?