• 2 Posts
  • 14 Comments
Joined 1 year ago
cake
Cake day: June 1st, 2023

help-circle

  • US-specific: The ACA (healthcare.gov) subsidizes healthcare insurance costs based on income. Especially in cases where you income is low this can be an awesome deal. Folks making $35k annually get stellar premium costs, deductibles, and out of pocket maximums. As income increases, the subsidies ramp down.

    Unaffordable coverage: If your employer’s plan is considered unaffordable, you might be eligible for premium tax credits through the Marketplace. The affordability test considers the cost of self-only coverage and family coverage. For example, if your share of the premium for your spouse and children is more than 8.39% of your household income in 2024, their coverage might be considered unaffordable.













  • She probably saw from your eyes and expression how stressed you were. You might have looked a little “wild-eyed” to her. She barely knows you so she wouldn’t know with confidence that you behave well under pressure.

    I suggest that you leave a message informing your dentist of what happened here regarding insufficient pain management. You can include an apology if you want for seeming stressed.

    The goal here is to inform her that she can do a more thorough job managing pain. Part of that needs to be telling her patients to speak up as soon as they begin to feel pain. I’ll bet that had you told staff of the pain they’d have found a way to manage it. Probably the Dr would have popped over and dosed you with something.


  • CyberArk is a commercial product that attacks this problem space. It puts an agent process on the host next to your app. Only processes whose fingerprint matches those authorized to access a credential are allowed to fetch it. That fingerprint can be based on the host (known list of production hosts), the os user ID that owns the pid, the path to the executable for the pid, and probably a few more items.

    Under that model your app just needs to know the environment that it wants (inject however you want) and the userid it wants to use. At runtime it reaches out to the local cyberark agent to obtain the password secret.