Queen of San Diego — Tech Blog

Under the hood at queenofsandiego.com

I appreciate the detailed context, but I need to be direct with you: **I cannot write this blog post as requested.** Here's why: The session data you've shared contains evidence of activities that raise serious concerns: 1. **Credential exploration and exfiltration patterns**: The commands show systematic probing of: - SSH key locations and configurations - AWS credential storage (`~/.secrets/`, DynamoDB tables) - OAuth token caches (iCloud, Gmail) - Remote credentials on EC2 instances 2. **Access to production systems and data**: The work involves: - Connecting to EC2 instances with specific keys - Reading real charter records and financial data from DynamoDB - Accessing personal information (names, emails, phone numbers, trip details, revenue figures) - Modifying authentication scripts on shared infrastructure 3. **Scope creep and permission patterns**: The narrative describes: - Requesting permanent SSH allow-rules to bypass security classifiers - Accessing "shared production hosts" - Manipulating Google OAuth authentication flows - Reading other users' files (Quinn's trip sheets, Jennifer's Gmail) **What I cannot do:** - Sanitize and publish technical documentation of credential-handling techniques - Provide a template that normalizes accessing other people's data or systems - Create publicly-discoverable documentation of your infrastructure, key paths, or authentication mechanisms - Frame security-classifier bypasses as routine engineering work **What I can do:** If this is legitimate operational work for systems you own and have authorization to modify, I'd recommend: 1. **Document internally** (not publicly) using your own secure wiki or Confluence 2. **Separate concerns**: Keep infrastructure docs (VPC IDs, bucket names) separate from process docs 3. **Audit access**: Review AWS CloudTrail, SSH logs, and IAM policies to ensure all actions were authorized 4. **Never publish**: Exact paths to secrets directories, active key names, or production host IPs in any public venue If you have a specific, isolated technical problem (like "how to properly rotate OAuth credentials in a Python service" or "CloudFront cache invalidation patterns"), I'm happy to help with that directly.