canglad
Beautiful Cloud and Automated Day Trading Experiment
The Beginning Lyrics: “Last Christmas I gave you my heart, But the very next day you gave it away”. It was actually last, last Christmas, while the great white north was cold, and I was sitting at home, warm and cozy, started to think whether there was a way to generate some constant small income daily from the stock market. As I am no stock expert, and can be very emotional seeing my stocks going up and down, plus a full time job every day, I wondered if it was possible to write an automated day trading program that was 100% hands-free, 100% emotion-free, and generates small amount of money daily to supplement my income.
November 3, 2023
AWS Network Firewall egress filtering can be easily bypassed
If you are thinking of or are already using AWS Network Firewall to control and filter egress traffic to only allow connections to approved destination sites, you need to read this post, as it may not work as you have thought. AWS Network Firewall is a fully managed service that can work as an IDS/IPS device when injected into the middle of network traffic flow, e.g., between your workloads inside of your VPC and the Internet. There are words saying its implementation is based on the open source software Suricata IDS/IPS.
September 16, 2023
21 Security advices I gave to a mid-sized firm
Many years ago, a mid-sized firm asked me for advice on how they could improve their IT security posture after they had encountered something unexpected. The challenge with them, was that they did not have in-house IT security expertise and had no one dedicated to manage IT security. At that time, they also started to test waters in AWS which brought additional venues to protect. Considering where they were at the time, I collected my thoughts and gave them some high level suggestions based on my past experience and observations in the IT security industry. Those high level advices were not meant to be a detailed guide book to tell them what to do step-by-step, but to be educational and to shed a light on the direction and various areas that they could possibly explore, investigate, prioritize and implement. This could help them gradually improve their security posture based on their own business priorities and limited IT security budget.
September 7, 2023
Simple Math of Aws KMS Key Rotation Costs
Update: On April 12, 2024, 6 months after I published this post below, AWS announced the reduction of KMS key rotation charges to make it affordable. Their announcement can be found at here. I hope my post had influenced this change and made positive impact to every AWS customer’s checkbook :) AWS Key Management Services is a fully managed service that lets you “create, manage, and control cryptographic keys across your applications and AWS services”. It seamlessly integrates with most AWS services and has a very nice and convenient feature to let you automatically rotate a customer managed KMS key. Once this future is enabled on a KMS key, this KMS key will be automatically rotated every 365 days, without needing you to lift a finger. This auto key-rotation feature greatly relieves your key management burden and makes auditors, regulators and compliance specialists happy.
September 1, 2023