HackerTrans
TopNewTrendsCommentsPastAskShowJobs

cyrnel

no profile record

comments

cyrnel
·9 months ago·discuss
The response to that: https://andre.arko.net/2025/10/09/the-rubygems-security-inci...
cyrnel
·9 months ago·discuss
Both are billion dollar companies, we as individuals have nothing in common with them. Enshittification happens due to market conditions that apply to small and large companies alike. Redis and elasticsearch aren't underdogs fighting for the little guy, they are just a smaller scale version of the same shit.

I'd rather have a software commons and have tech be owned by the workers and not soul-sucking corporations, no matter the size.
cyrnel
·9 months ago·discuss
+1 for Node-RED. If we've learned anything from elasticsearch/redis/bitnami/and dozens of others, it should be "don't build important things on code that isn't enshittification-resistant"
cyrnel
·10 months ago·discuss
I know, right? It's sycophancy.

If you are actually against the policy and suspect a lot of people are too, then don't silence your employees by keeping their feedback isolated to 1:1s which you admit are ineffective.

Executives need clear feedback to avoid making major mistakes.
cyrnel
·10 months ago·discuss
Code signing, 2FA, and reducing dependencies are all incomplete solutions. What we need is fine-grained sandboxing, down to the function and type level. You will always be vulnerable as long as you're relying on fallible humans (even yourself) to catch or prevent vulnerabilities.

Apparently they've tried to implement this in JavaScript but the language is generally too flexible to resist a malicious package running in the same process.

We need to be using different languages with runtimes that don't allow privileged operations by default.
cyrnel
·last year·discuss
Amazon really encourages valkey in the elasticache dashboard. There's a banner advertising lower prices and it's listed first in the dropdown when you go to create one. Default settings do have power.
cyrnel
·2 years ago·discuss
Actually yes, most of those things are required for SOC 2 which is verified by an independent auditor and visible in their report.
cyrnel
·2 years ago·discuss
When you all self-host this, you also do the following, right?

- Create threat models that identify weaknesses in the design of your self-hosted setup.

- Harden the OS with things like MAC, and harden the container with dropped privs, read-only root filesystem, and outbound network filtering.

- Deploy an intrusion detection system to know if you've been compromised.

- Perform all OS and app patching automatically, or regularly without fail.

- Follow CVE feeds in case a zero day needs to be fixed before the next patch window.

- Arrange for an expert to perform regular penetration tests.

- Deploy a tool that detects and alerts on things like firewall misconfigurations.

- Regularly test your backup and recovery methods, since if you also store 2FA codes and backup codes in there, you could be permanently locked out of your accounts.
cyrnel
·2 years ago·discuss
One of the most common platform combos on the planet (Chrome + Windows) still doesn't natively support cloud sync for passkeys apparently? https://support.google.com/chrome/answer/13168025

Is that true?
cyrnel
·3 years ago·discuss
In my case, I couldn't imagine configuring LittleSnitch to only allow certain hostnames from my browser. It has a "allow all traffic to 53/80/443" rule, otherwise most websites would flood me with hundreds of new LittleSnitch popups.