HackerTrans
TopNewTrendsCommentsPastAskShowJobs

ahmedtd

no profile record

Submissions

Agent Substrate

github.com
2 points·by ahmedtd·vor 2 Monaten·0 comments

comments

ahmedtd
·letzten Monat·discuss
From the article, it doesn't seem like Go is trying to re-encode strings? Go is saying (correctly, IMO) that a UTF8String field in the Issuer is not the same as a PrintableString field in the Subject.
ahmedtd
·vor 4 Monaten·discuss
Stock grants (RSUs, like Google gives out) are taxed as ordinary income at the moment they vest.

If you sell them immediately, then you don't pay any additional capital gains tax, because there were no capital gains from the moment you got them to the moment you sold them.

If you hold on to them, you will eventually pay capital gains on any increase in value from the moment they vested until the moment you sell them.

Perhaps, once they are vested, you could take loans against them, to get some cash while avoiding selling them.

But no matter what, they are taxed at the moment you receive them, and again at the moment they leave your possession.
ahmedtd
·vor 5 Monaten·discuss
American laws also have universal jurisdiction (for example, the Bill of Rights doesn't say, "unless you are located outside the US"). Most countries do not explicitly recognize that their laws do not have universal jurisdiction.

In practice, it is easy to pick out the situations in which there is "practical" universal jurisdiction, vs "theoretical" universal jurisdiction.

A Colorado company selling locally in Colorado falls in the "theoretical" bucket.
ahmedtd
·vor 5 Monaten·discuss
I don't think this is true. It's something that could be useful, with some sort of ACME-like automated issuance, but should definitely be issued from a non-WebPKI certificate authority.
ahmedtd
·vor 5 Monaten·discuss
If that's all you want to accomplish, you don't need WebPKI. Just generate a private key and a self-signed certificate.

(This is basically how Let's Encrypt / ACME accounts work)
ahmedtd
·vor 5 Monaten·discuss
Can you link your PRs here?

Kubernetes is such a huge project that there are few reviewers who would feel comfortable signing off an an arbitrary PR in a part of the codebase they are not very familiar with.

It's more like Linux, where you need to find the working group (Kubernetes SIG) who would be a good sponsor for a patch, and they can then assign a good reviewer.

(This is true even if you work for Google or Red Hat)
ahmedtd
·vor 7 Monaten·discuss
I have exactly the same two problems, haha. I wonder why they seem unable to fix them.
ahmedtd
·vor 10 Monaten·discuss
Sam Altman skipped any attempt to prove his own statements right, so...
ahmedtd
·letztes Jahr·discuss
It's not enabled by default, but you can --- gRPC Reflection:

* https://github.com/grpc/grpc-java/blob/master/documentation/...

* https://grpc.io/docs/guides/reflection/

You can then use generic tools like grpc_cli or grpcurl to list available services and methods, and call them.
ahmedtd
·letztes Jahr·discuss
Various pieces support pieces for pod to pod mTLS are slowly being brought into the main Kubernetes project.

Take a look at https://github.com/kubernetes/enhancements/tree/master/keps/..., which is hopefully landing as alpha in Kubernetes 1.34. It lets you run a controller that issues certificates, and the certificates get automatically plumbed down into pod filesystems, and refresh is handled automatically.

Together with ClusterTrustBundles (KEP 3257), these are all the pieces that are needed for someone to put together a controller that distributes certificates and trust anchors to every pod in the cluster.
ahmedtd
·letztes Jahr·discuss
From the sync.Pool documentation:

> If the Pool holds the only reference when this happens, the item might be deallocated.

Conceptually, the pool is holding a weak pointer to the items inside it. The GC is free to clean them up if it wants to, when it gets triggered.
ahmedtd
·vor 2 Jahren·discuss
If they are using multitenant Docker / containerd containers with no additional sandboxing, then yes, then it's only a matter of time and attacker interest before a cross-tenant compromise occurs.
ahmedtd
·vor 2 Jahren·discuss
GKE does ship with both Ingress and Gateway controllers integrated, they set up GCP load balancers with optional automatic TLS certificates.

I think you need to flip a flag on the cluster object to enable the Gateway controller.
ahmedtd
·vor 2 Jahren·discuss
That page seems to be a community wiki, and I think the original authors are somewhat confused on that point.

If you salt and hash the password on the client side, how is the server going to verify the password. Everything I can think of either requires the server to store the plaintext password (bad) or basically makes the hashed bytes become the plaintext password (pointless).

There are password-based solutions that work like this --- PAKEs like Secure Remote Passwords: https://www.ietf.org/rfc/rfc2945.txt

They have low uptake because they don't really offer any security beyond just sending the plaintext password over a properly-functioning TLS channel.
ahmedtd
·vor 2 Jahren·discuss
In Washington, cyclists can treat stop signs as yield signs, as long as there is no other traffic approaching the intersection.

Obviously, though, if you almost hit a pedestrian then you aren't properly yielding.