HackerTrans
TopNewTrendsCommentsPastAskShowJobs

superq

no profile record

comments

superq
·السنة الماضية·discuss
Both sides agree that America has provided at least $100 billion and possibly up to a half-trillion in aid and other consideration to Ukraine. That's a fair bit of money!

And, if Zelenskyy is to be believed, it was a "grant", or a gift, which makes Zelenskyy's disrespectful attitude and hubris in the White House even more outrageous.
superq
·السنة الماضية·discuss
Technically, Zelenskyy instituted martial law and cancelled Ukrainian elections, so although he is the undisputed leader in power in Ukraine, he's not an elected president.

Do actual presidents show up in sweatshirts and insult their benefactors?
superq
·السنة الماضية·discuss
It's a bit odd that literally every single top comment is pro-Zelenskyy and anti-White House.

I haven't seen a single thoughtful critique of Zelenskyy or his behavior on HN; it seems very one-sided and strange.

(also interesting that the BBC mispelled his last name, even though they're obviously big fans..)
superq
·السنة الماضية·discuss
Mozilla owns Pocket.
superq
·السنة الماضية·discuss
Mozilla now sells data, while Brave does not?
superq
·قبل 3 سنوات·discuss
Temp differentials are still differentials, though, so sun warmth would be already accounted for.
superq
·قبل 3 سنوات·discuss
Throw a trillion cores at anything and it can be global scale.
superq
·قبل 3 سنوات·discuss
Six months and it still doesn't have a basic and open web interface. Not impressive. Many apps, including HN, operate for years with only a web interface.
superq
·قبل 3 سنوات·discuss
> Not exactly true.

Still, mostly true.. read-only is just dumb. Nice to be back in 2008, when mobile-first turned into mobile-only.

The entire point of this thread was that this is a Python/Django web app, but it's not actually a web app at all, so what's the point of pointing out any of this?
superq
·قبل 6 سنوات·discuss
That's a good point. Even just using Github or Gitlab issues to track incidents with approvals is better than nothing.
superq
·قبل 6 سنوات·discuss
That makes sense to me -- thanks for clarifying!
superq
·قبل 6 سنوات·discuss
Agreed! I've run into the malware scanning audit issues at several clients in the past but things have gotten a bit better (or auditors have gotten smarter, since we certainly don't want to install commercial anti-virus software or even ClamAV on certain types of systems): recently, for Linux systems, we successfully used cron-job rootkit scanners/FIM (such as Tiger) to clear the malware scanning hurdles, while on Mac and Windows workstations, client security manuals require built-in anti-virus software (Mac XProtect, Windows Defender).
superq
·قبل 6 سنوات·discuss
Right, agreed 100%. In terms of security, the value of centralizing credentials is debatable.
superq
·قبل 6 سنوات·discuss
I've been through the process before and just went through it again, and the first thing listed (Single Sign-On) is not required at all. I'm not even sure it's mentioned directly in the AICPA criteria.

I'm also not sure what SSO really buys you, except for just moving the criteria target to another SOC-2 report. ;)

Also, MDM is not really critical at all, as long as you have a solid/documented way of managing accounts on web and mobile apps.

I do like the rest of the article except for the list itself, however. SOC-2 is all about documentation and processes. Justifying your security choices is less important than carefully and fully documenting them, and the processes that you have in place.