HackerTrans
TopNewTrendsCommentsPastAskShowJobs

itintheory

no profile record

comments

itintheory
·vor 10 Tagen·discuss
> the Switch 2 takes carts

I believe the switch 2 carts don't contain the actual game, just a license key. The game is downloaded on first run.
itintheory
·vor 12 Tagen·discuss
Somehow not in the wayback machine or archive.ph. Probably just coincidence.
itintheory
·vor 15 Tagen·discuss
> blue teamers

Pretty sure you mean red team here. While I've heard people refer to any offensive security (eg including blackhat) as 'red team' , it typically means people you've hired or contracted to try to break into your systems, whereas the blue team are people you've hired to build and operate your security defenses. Red and blue team are both your employees / contractors but perform different functions.
itintheory
·vor 17 Tagen·discuss
> nobody deploys `node:latest`

Oh how I wish that were true.
itintheory
·vor 17 Tagen·discuss
Pull-through cache the images. Sure, they could decide you can't pull anymore, or impose problematic rate limits, but you shouldn't add a runtime dependency on their registry in any case.
itintheory
·vor 23 Tagen·discuss
Another own goal - eliminate screw worm from north america...
itintheory
·vor 29 Tagen·discuss
Huh. I remember playing a very similar game on Apple II, but I believe it had a Dutch / European theme, and was called something like "Ooperhoofd". I can't find any reference to it online. Maybe it was a 'modded' version of this? That one, and Odell Lake[0] were the best disks in the library computer lab in middle school.

[0] https://classicreload.com/apple2-odell-lake.html
itintheory
·vor 29 Tagen·discuss
For some reason this made me think of Pirates Constructible Strategy Game [0]

[0]: https://en.wikipedia.org/wiki/Pirates_Constructible_Strategy...
itintheory
·vor 29 Tagen·discuss
They should have called this "WishingWell". I'm wishing them well, but some of these projects are so over the top pie-in-the-sky silly, and funded with $0.25.
itintheory
·vor 30 Tagen·discuss
Care to share any specifics?
itintheory
·letzten Monat·discuss
Same. I have used the controller as a container. Take a backup of the configuration and you don't even need to keep it running. I returned to a network after two years, fired up a controller, imported the config backup and g2g
itintheory
·letzten Monat·discuss
Gonna need a description of the correct way to do these things. I have a feeling I'll be one of today's lucky 10,000.
itintheory
·letzten Monat·discuss
It has a name in the security industry, Insecure Direct Object Reference (IDOR) [1]. Somewhat related to Path Traversal [2]. Unfortunately CFAA is very broad and can be (mis)interpreted in wild ways.

[1] https://cheatsheetseries.owasp.org/cheatsheets/Insecure_Dire... [2] https://owasp.org/www-community/attacks/Path_Traversal
itintheory
·letzten Monat·discuss
There are many good options. [1]

[1] https://news.ycombinator.com/item?id=48321089
itintheory
·letzten Monat·discuss
I was thinking along similar lines to what you've suggested here, but then I considered how many VPS might be configured by folks following some random web tutorial, to set up their LAMP stack (or whatever), that end up doing something like what was described.
itintheory
·letzten Monat·discuss
This feels like using sudo is just inherently unsafe.
itintheory
·letzten Monat·discuss
Parallel construction is when they use illegally obtained evidence to construct a separate set of ostensibly legitimate evidence. Like, an illegal wiretap might lead to someone being in the right place at the right time to witness a crime.
itintheory
·vor 2 Monaten·discuss
<always has been meme>

While containers have some useful properties, it was never intended to be, and never really functioned as a strict security boundary. We've duct-taped around that, and it's reasonably good now, but that only goes so far.
itintheory
·vor 2 Monaten·discuss
I'm surprised that this has apparently been ongoing for 6-7 months. I thought outfits like GitGuardian, or solo researchers with trufflehog (etc) would find leaked keys in days, not months. Maybe this is related to the major growth of github? The scanners can't keep up?
itintheory
·vor 2 Monaten·discuss
Yep, that's the advice from AWS for the previous set of vulnerabilities:

https://aws.amazon.com/security/security-bulletins/2026-027-...

That one also includes disabling user namespaces. Could be problematic if they're in use.