HackerTrans
TopNewTrendsCommentsPastAskShowJobs

throwfaraway398

no profile record

comments

throwfaraway398
·السنة الماضية·discuss
I saw there's an option to match on a cgroup among nft meta expressions (but I've never tried it). It could be enough if you just want to add per-process firewall rules, but not configure an additional namespace with it's associated interfaces, routing/nating.
throwfaraway398
·قبل سنتين·discuss
It's funny because one thing I like about ansible is how easy it is to get the reference doc for any module with `ansible-doc -t module`.

I do sometimes struggle to find the right doc when I'm searching for something about ansible core itself, but that doesn't happen too often.
throwfaraway398
·قبل سنتين·discuss
It's possible but the way the connection is blocked is surprising. If you're blocking based on an IP you'd just drop the first syn and the client would never receive the syn-ack. If you're blocking based on the SNI you would be waiting for the first TLS client-hello, but in that case packet are droped before the client-hello is sent.
throwfaraway398
·قبل سنتين·discuss
Besides that, the author points out that the final handshake ACK never reaches the server and that packet is small, not going to go over the mtu.
throwfaraway398
·قبل سنتين·discuss
I would go for a 1u with redundant PSUs on each sides and with 4 hard drives in the front (the spinning kind, not those fancy nmve thingy) to counterbalance the PSUs.It should be pretty well balanced without being too heavy or big to handle. Of course the only way to know for sure is to try, any donors ?
throwfaraway398
·قبل سنتين·discuss
optical fiber ? it may cost a bit more than copper for the transceivers (is that still true nowadays?) but given the price of the hardware i doubt it's really an issue.
throwfaraway398
·قبل 3 سنوات·discuss
It seems to me that in all these trolley problems, the real villain of the story is the philosopher that created the situation in the first place.

Just something to consider before you switch careers...
throwfaraway398
·قبل 3 سنوات·discuss
Something like the JVM security manager ? https://docs.oracle.com/javase/8/docs/api/java/lang/Security...

I wonder if anyone tried to use it to limit dependency risk in that way.
throwfaraway398
·قبل 3 سنوات·discuss
I wouldn't even call it a solution. If you have a trustworthy dependency that uses, say, net and fs APIs, and that dependency suddenly becomes malicious, the malicious update will still be able to wreak havoc without increasing its API use and triggering any alert. And as another comment has pointed out, if a dependency is allowed to use unsafe it can do pretty much whatever it wants. Ultimately you still have the same choices for each dependency :

- Trust it blindly

- Audit the code (and do that again for each update)

- Write it yourself instead

The last two can be time and resource consuming so you sometime have to choose the first solution.

Cackle can be a useful tool to (occasionally) raise alarms for when dependencies you trust blindly start using different APIs (so the trust isn't completely blind anymore). But it doesn't really solve the problem.
throwfaraway398
·قبل 3 سنوات·discuss
all packets in and out

Are you sure about that ? According to man tc, it only works on egress.
throwfaraway398
·قبل 3 سنوات·discuss
With these specs, I wonder if some countries military wouldn't be willing to offer them more money than they could ever make with deliveries... (At least on a per-drone basis)
throwfaraway398
·قبل 3 سنوات·discuss
Original source from march 2022 : https://pure.tue.nl/ws/portalfiles/portal/197416841/20220325... page 71, thanks to wikipedia
throwfaraway398
·قبل 3 سنوات·discuss
I don't get the lag. They first started measure in 2021 for the iphone 12. Did it take 2 years to check the result ? Is it from a new test ?

https://data.anfr.fr/anfr/visualisation/table/?id=ad8014ec-f...