Wilson Mar bio photo

Wilson Mar


Email me Calendar Skype call

LinkedIn Twitter Gitter Instagram Youtube

Github Stackoverflow Pinterest

Posts listed chronologically


HashiCorp Vault

How to keep secrets secret (in a central place), but still shared and refreshed.

Threat Modeling

This is perhaps the most impactful analysis, considering the importance and urgency of keeping your organization from being stolen

MacOS within AWS

Mac Mini instances without buying hardware within AWS EC2 (and MacStadium): step-by-step and in one command using Terraform

AWS Networking

Setting up VPC (Virtual Private Cloud), IPv6, IMDSv2, IPAM, DNS, Security Groups, WAF, BGP, etc. using CLI, GUI, Terraform, Cloud Formation

Scaled Agile

Are organizations really more Agile with SAFe?


Filter out ads and malware sites on your home network using PiHole.

OPA processing Rego language

Write Rego language policies code for decision by an OPA (Open Policy Agent) within Terraform, Kubernetes, etc.

HashiCorp Boundary

Secure SSH accessing servers in AWS and other clouds: implement Zero-Trust with granular control of least-privilege just-in-time access using HashiCorp Boundary

Azure Cloud Onramp

Azure URLs, Subscriptions, Support plans, Tenants, Directories, ARM portal Keyboard Shortcuts, CLI Bash & PowerShell scripting

Design Systems

Specifications for look and feel by various tech companies, also providing secure UI libraries

AWS Security

Securing secrets in Bash shell scripts while learning to pass the AWS Certified Security - Specialty (SCS-C01) exam

.Net Development

Buy Visual Studio to code C# Azure Functions and cross-platform ASP.NET apps within the Microsoft ecosystem


Universal Directory IAM via OIDC using JWT over OAuth2 for API and SWA or SAML SSO Authentication with MFA for identity federation using SCIM in cloud or on-...


Tips and tricks to install and use the MacOS Terminal for Programmatic access to AWS.

Food (online, delivered)

How I feed via deliveries by UPS, FedEx, and USPS, instead of dining in different restaurants during the pandemic.


Open-source CI/CD with full features, running in Kubernetes

Log Parsing

Analyze logs using the AWK CLI utility and systems


How to code your app to use HashiCorp Vault to get rid of static database passwords by generating credentials in Secret_ID temporarily in cubbyholes, wrapped...

Kubernetes (K8s)

Get certified in how to orchestrate containers, especially in clouds, including OpenShift

K8s Operators

Control Kubernetes internals from Golang programs, as a part of the Red Hat Industrial Complex

Museums Roadtrip USA

Visual, architectural, and culinary art in every state and major city, mapped by Machine Learning



Immutable declarative versioned Infrastructure as Code (IaC) and Policy as Code provisioning into AWS, Azure, GCP, and other clouds using Terragoat, Bridgecr...

(FIDO) Passkey

Block the most common vector for stolen credentials used to inflict ransomware and killware - stolen credentials - by using Passkey and temporary passwords f...

Load Balancers

Distribute load to scale and upgrade servers with no down time. Also route transactions across clouds using ZeroLB


ArgoCD (for Kuberetes Helm), Flux from WeaveWorks, etc.


How to stay ahead of inflation and recession

Cyber Security

Enterprise data risks and vulnerabilities and how to mitigate them with controls

HashiCorp Consul

Enterprise-grade secure Zero-Trust routing to replace East-West load-balancing using service names rather than static IP addresses. Enhance Service Mesh with...

AWS Lambda Basics

Scalable stateless short-lived functions. Nothing to do with Java Lambdas.

Self-driving cars

What can possibly go wrong with autonomous vehicle robots smarter than humans?


Collect metrics (for visualization by Grafana), analyze using PromQL coding, and identify alerts, free from CNCF, especially for Kubernetes

IoT Raspberry Install

How to setup a Raspberry Pi on macOS with Raspbian, Python, Node, Ansible, Kubernetes

AWS Service Catalog

Select your way to a set of services to assemble your app, with curated (known-safe) settings (in Terraform too)

Rustlang (Rust language)

Efficient, secure, performant concurrent systems programming that compiles to machine running byte-code

Making videos

Tediously using Camtasia, Audacity, OBS, and automating animated PowerPoint on a Mac


Apple's integration for practically every car except Tesla


TLS v1.3 (Transport Layer Security), the latest successor to SSL, secures network communications with https protocol and mTLS (mutual TLS) using x.509 format...


Code JavaScript to performance test locally and using their k6.io SaaS cloud

Bash (script) coding

Walk though the tricks (Bashisms) used in a script to install, configure, and run many programs on macOS and Linux

Google Apps Scripting

Because Microsoft Word and Excel files can go in and out of Google Docs and Sheets (mostly) well, you can now extract lines from Google Docs into Google Shee...

Well Architected Cloud

What is your team's maturity at adopting best practices? Here is the comprehensive industry-standard framework from Amazon, Microsoft, and Google

Acronyms (and contractions)

Here are all acronyms together in one place because it's often difficult to know whether an acronym is from Security, Networking, Finance, etc.

Python Samples

My collection of useful ways to use Python securely in a production setting

Git Signing

Sign git commits and tags (for non-repudiation) in GitHub using GPG, Vault, Yubikey, Keybase

AWS CDK (Cloud Development Kit)

Write dynamic Python, Java, .NET, NodeJs, or TypeScript code which are synth'd into Cloud Formation or Terraform static yaml

Zero Trust

Evolve your traditional systems to new ways before your ransomware adversaries do.


Make better decisions using data. Pass Microsoft's PL-100 Query Editor, DAX, and Models

prodsys - production systems

Here we maintain assets SREs (System Reliability Engineers) use to fearlessesly and adroitly face production.


How to use Jira for good, not to create frustration

Xcode install (on MacOS)

Xcode IDE contains Command-Line utilities, which can also be installed separately. But separate Command-Line installer cause errors for use by Homebrew, Pyth...

Zsh (Z shell on MacOS)

Apple's heavy hand is forcing adoption of POSIX and even switch to Python, to get away from Bashisms

RBAC vs ABAC vs PBAC (Access Control)

Role, Attribute, and Policy Based Access Control simplify IAM at scale using the most fine-trained way access in AWS, Azure, Kubernetes, and other systems

AWS Amplify

Create and host web & mobile apps in a low-code way within AWS


Elixir leverages the Erlang BEAM VM for running low-latency, distributed, and fault-tolerant systems in web development, embedded software, data ingestion, a...


Power Automate

Microsoft's RPA (Robotic Process Automation) and DPA (Digital Process Automation) product to create and run low-code flows accessing various connectors, augm...

Python Coding

The rules shown in samples using Keywords, arguments, Exception Handling, OS commands, Strings, Lists, Sets, Tuples, Files, Timers


An index to my tutorials about using Python for programming

Azure DevOps

Pass Microsoft's comprehensive AZ-400 on DevOps for automated CI/CD pipelines in the Azure cloud as well as GitHub Actions

AWS Config (Compliance-as-Code)

Dynamically audit AWS resource configrations using using OPA Rego, Lambda alerts using SNS through EventBridge, then automatically remediate (via SSM)


Behavior-driven Development (BDD) by automating Gherkin test specs using Pytest for test coverage analysis, data-driven tests, and localization verification

Internet Computer

A distributed ecosystem for hosting containers (apps) without AWS, Google, Facebook.

Python Certs

The topics for learning the Python language thoroughly, for professional status


"Notebooks" display HTML markup as comments between executable Python code (for Machine Learning and Data Science), for Style Transfer of images, etc.


Statistics to evaluate classification: Confusion Matrix, Specificity, ROC, and AUC, etc.

Azure Machine Learning

Notes for before and after getting AI-900, AI-102, and DP-100 certified, as we automate ML workflows in the Azure PaaS cloud

eXplinable AI

Ask your Machine Learning/AI why it made the decisions it did, to satisfy GDPR and other legislation

TFE (Terraform Enterprise)

Use Terraform's sentinel command on Workspaces from a module registry, to automatically identify RBAC-based violations

AWS Onboarding

Tips and tricks to get account. Lock down root accounts. Install and use the AWS CLI, securely

Flood the Internet (control JavaScript)

Use Dave Hoeffner's web app (the-internet) which challenge Selenium coders to compare scripts for performance/capacity testing (JMeter, Flood Element, etc.)

Chaos Engineering

Use Gremlin, Chaos Monkey, and monitoring tools (such as Datadog) to measure and improve MTTD and MTTR

Azure networking

vNets, Peering, NSG, CDN, Scaling with Load Balancers, Gateways, Firewall, Front Door, Traffic Manager, DDoS

Azure Monitoring

How to get logs and metrics ingested and displayed with actionable alerts

Docusaurus (v2)

Build book-like internationalized, indexed, searcheable websites using React made easy

MacOS Bootup

To diagnose and troubleshoot getting started (vs. Linux)


Security Information and Event Management


How we configure each GitHub repo to maximize teamwork


My learnings from FreeCodeCamp's Information Security certification and other resources on penetration testing

Git Guardian

Full-featured free secret scanning for open source and small teams on GitHub and GitLab



ITSM automated in the cloud for Incident Management and other ITSM functionality


Caring about sharing within commerical enterprises using GitHub

Bash scripts (coding)

This sample Bash script contains multiple features: install, configure, and run (then remove) a web app within Docker on macOS and Linux, with one copy/paste


How to get your stuff on paper from macOS and Linux


Run the deliberately insecure Java app within Docker with a Contrast Security agent reporting issues and trends over time.

AI Ecosystems

Brand names for how corporate overlords are making humans into robots

Make (from) Makefile

How the venerable utility is used in Jenkins and GoCD to invoke shell commands around building Docker images for Kubernetes

Developer Teamwork

Tips for encouraging team Code Reviews, Pair Programming, and other techniques for better quality and productivity

OpenCV Color Python

Use the OpenCV to recognize a portion of your screen and have Selenuium Python click on a portion of it



Create data visualizations declaratively for ML and Data Science on a Mac, powered by Python

Web Scraping

How to use the Scrapy Python crawler framework to fetch HTML which Beautiful Soup parsers, on a Mac for Machine Learning visualizations


Manage photos and Python Scikit Learn

Tesseract (OCR)

Recognizes text and special characters in image files (after Imagemagic), for 60+ languages (using LTSM machine-learning). Used by Selenium

OpenCV SikuliX robot

Use the OpenCV to recognize a portion of your screen and have Selenuium Python click on a portion of it

Selenium Setup

How to emulate real users touching your web apps using Python controlling Selenium and Beautiful Soup for reading HTML


Although it doesn't have the path to production like Docker and Kubernetes, it's free (unlike VMware Fusion)

Flood local setup

Install Flood Element CLI to run TypeScript which (like Selenium) emulates manual actions in Google Chrome browsers

SAP Fiori

performance engineering SAP UI5 Fiori sample apps using Tricentis Flood.io Elements


A vibrant ecosystem for quickly building and maintaining dynamic feature-rich websites


Logging indexing and visualization



Deploy and control AWS, Azure, GCP, K8S, Serverless by coding JavaScript, TypeScript, Go, Python, etc.

Salesforce NPSP performance

How Gatling is used to measure the speed and capacity of microservices for Salesforce add-on NPSP (Non-Profit Success Pack)

Salesforce Heroku

Start using Heroku with a Postgres database and integrate it with Salesforce

Salesforce Jobs

Where to look, favored certifications, sample job descriptions, tips

Salesforce offerings

Competitors, Languages, Clouds, Industries, Domains, GitHubs, editions, pricing, features, versions

Salesforce Ohana

Offices, Financials, Social media, Communities, Events, Dreamforce, Dreamoji, Store


Computers interacting with people by voices, without keyboards

Home Assistant

Control a wide range of IoT devices using Python on Raspberry Pi, iOS, and Android



How to make streaming scream


From Pivotal, the Java Spring Boot web services people.

JVM Profilers

Identify and resolve performance bottlenecks, memory leaks, and threading issues

Cucumber testing

Gherkin user specs drive Selenium tests for behavior-driven development (BDD) within Agile

IntelliJ IDE

This gives you more, free for Java users (who have Eclipse)

Git Rebase

Make it appear that you only made one edit before pushing to the team repo


Install a generator of mock servers and client programs of the PetStore sample app

Why Git?

Git stores changes to use GitHub for backup and change management

Git Whoops

Don't panic. Here's how to un-do mistakes in Git

.NET profiling

Here's how to use Redgate ANTS to make C# really sing on NerdDinner

Time Series

See all 4+ dimensions (time) in visualizations

Image processing

Processing of image files using Artificial Intelligence and Machine Learning

Feature flags

Evaluate the options for Python for real-time feature configuration and impact control

Python API flask

Step-by-step using the Flask REST API library using SQLite3 locally in venv on a Mac

Python Robot testing

A robot python mimics what human testers do manually (to entertain real developers)

Testing AI

What can possibly go wrong with robots smarter than humans?


Sample Java Spring app for your abuse and amusement



This is the last framework you'll ever need to switch to, just like ReactJs. And Angular.

IoT Clouds

The value of IoT is the wisdom from analytics and notifications

News feeds

Ways to get out of the Facebook echo chamber


Now THIS is the industry standard. REST API is so last season.

IoT Camera

How to setup a camera on the Raspberry Pi 3B and other boards

Task runners

Gulp, Grunt, and other noises as it works automatically


Write and test native desktop apps in JavaScript within Node.JS


Microsoft made it free, as in if you have a license for Visual Studio

Dynatrace (APM)

He sees you when you're sleeping. He knows when you're awake ...

IoT barn feeder

Provide just enough food for animals at just the right time, automatically

MacOS Apps

OSX Applications for a long, prosperous, happy life

Intel IoT setup

It will do what you want if ask correctly, in the proper sequence


How the computer gets you to do what you should be doing now

About DevSecOps

You gotta do it for competitive speed AND for improving Security Posture


The kick-ass secure front-end web server proxy



Git Stash (automated by a script)

Get tips about the most common git commands (including stash, checkout, etc.) executed in a script so you can experiment on your own



An index of my work on IoT

My MacOS Topics

An index to my work on Apple Macintosh computers (vs. Linux)


Performance testing and engineering with monitoring