luislavena.info
Creator of RubyInstaller for Windows, rake-compiler and many other Ruby tools for devs.
Opinions: Mine
21 posts
118 followers
26 following
Regular Contributor
comment in response to
post
Hola Scott! 👋 I couldn't wait and went rewinding, but not only on the talk, but into my memory too! (wiping tears from my face). Thank you for sharing this inspiring talk, to remind us the original purpose of this technology: to connect us. Thank you 🙏👏 ❤️
comment in response to
post
Claude is more open to tell you what is its system prompt.
comment in response to
post
You're not alone! I get SO anxious and the moment I copy it over start rushing to find the window/app that I need to paste that in... 😓
comment in response to
post
Behind the yak, using:
1. Heztner for this "core" server
2. Cloudflare for DNS and WAF
3. Evaluating Authentik/Zitadel for Auth/Authz (plugged to OpenTofu)
4. Mailgun for email/SMTP
Documenting everything with "emergency" plans and checklists takes some effort, but is worth it! 😅
comment in response to
post
So far, I've worked on:
1. Provision a "core" server, with secure credentials
2. Deploy critical elements there (Eg. Auth + Authz)
3. Setup encrypted backups locally and off-site
4. Automate all those with OpenTofu, so if servers burn, you get back quickly (part of Disaster Recovery Plan)
5/
comment in response to
post
I thought "how hard would be to bootstrap a company" with these things and have from the get-go some disaster recovery plan in place and making sure your critical infrastructure can come back in case of major disaster and oh my... this is a lot of yak shaving!
4/
comment in response to
post
So the first things I thought you need were:
1. Auth + authz (SSO, MFA, etc)
2. Secure access to any resource you aim to spawn part of your company
Note this is the "core" of your company: how you grant permissions, how people access resources, etc.
3/
comment in response to
post
When I said "security" is that if you want to sell your product, lot of companies look for your certifications (SOC 2, ISO, etc).
I know, I know, that is not "real security", but at some point having documented processes and recovery plans help everybody, and help you get those big clients.
2/