How to build a multi-site VPN mesh with SoftEther – connecting an on-premise network, an AWS VPC, and an Azure VNet through a central VPN hub. Full setup: SoftEther server, TAP interfaces, iptables routing, dnsmasq, and site-to-site bridge configuration.
A comprehensive deep dive into Snowflake Container Services — security architecture, compute isolation, ingress/egress controls, PAT authentication, CORS, private connectivity, and tunneling approaches (SSH, WebSocket, Tailscale, ngrok) to connect SPCS to your own infrastructure.
How to establish persistent, bidirectional SSH tunnels from Snowflake Container Services to any machine you control — using base64-encoded keys in Snowflake Secrets, autossh for resilience, reverse port forwards, and nginx to expose SPCS services with SSL on your own domain.
RBAC tells you if a role can access a table. But can this agent invoke this tool on this data for this purpose? The industry is building the pieces — Cedar, Proofpoint, Cisco, Immuta — but the unified policy engine that evaluates all attributes across all layers doesn’t exist yet.
A complete data lake with row-level access control, S3 storage, and SQL analytics — managed entirely through pixi, running on Hetzner for under 10 euros a month.
Snowflake’s managed MCP servers work with external OAuth tokens — JWT-signed, role-scoped, and RBAC-enforced. Tested end-to-end with tool discovery and SQL execution.
Google’s TurboQuant compresses embedding vectors to 3-4 bits with under 2% recall loss — no training required. Here’s why that matters for AI agent memory systems.
Signing alone wouldn’t have stopped the LiteLLM backdoor — the attacker used the real credentials. This article explores a layered defense architecture for the Python and conda supply chain: Sigstore signing, Anaconda curation, Chainguard rebuilt-from-source, and runtime containment.
A pluggable semantic memory layer for AI agents inspired by the Zettelkasten method — auto-linking, importance scoring, and graph traversal across CrewAI, LangGraph, and Claude Code.
Snowflake provides a unified Zero Trust control plane for both data and AI inference. This blueprint maps Snowflake and Cortex to NIST 800-207, CISA’s Zero Trust Maturity Model, and OMB M-22-09 — one governance layer, one policy stack, no shadow AI.
A proof-of-concept that layers authentication, encryption, and multi-agent coordination onto MCP — with four security tiers from API keys to enterprise OAuth2 with audit trails.
A set of Rust-backed extensions for the Robyn web framework — Pydantic v2 validation, JWT/OAuth2 auth, token-bucket rate limiting, and auto-generated OpenAPI docs. Sub-microsecond overhead.
Four sample methods for managing encryption keys in Snowflake — from session variables to cloud KMS to HYOK key wrapping — ensuring sensitive data is protected with keys you control. Postgres pgcrypto compatible.
How to send security alerts from Snowflake directly to your SIEM using native webhook notification integrations — with working examples for Splunk HEC and Microsoft Sentinel, plus a hybrid approach for dynamic OAuth tokens.
How to execute SQL across Snowflake accounts using the SQL API with OAuth — covering Client Credentials (Entra ID), Self-Signed JWT (GCP), PAT, and Key-Pair authentication with full architecture diagrams and code.
An open-source skill that teaches any AI coding agent — Cortex Code, Claude Code, or others — to automate Google Slides, Sheets, Docs, Drive, and Forms using natural language prompts.
An open-source AI skill that teaches any coding agent to build threat detection pipelines, hunt anomalies, and automate incident response in Snowflake — with OWASP, MITRE ATT&CK, and NIST CSF built in.
A better-together reference architecture combining Splunk’s real-time detection with Snowflake’s cost-effective data lake — federated search via DB Connect, 70-80% cost optimization, and years of historical retention.
An open-source demo that coordinates multiple AI agents using only PostgreSQL — pgmq for task queuing, LISTEN/NOTIFY for event-driven coordination, ltree for lineage tracking. No Redis, no Kafka, no vector database.
A visual walkthrough of private connectivity — how PrivateLink creates private endpoints, how DNS resolution steers traffic off the public internet, and why this matters for regulated workloads.