HackerTrans
TopNewTrendsCommentsPastAskShowJobs

gwittel

429 karmajoined 7 years ago
Computer security Anti-spam / malicious content filtering Backends Scaling

glwittel [at] gmail [dot] com

comments

gwittel
·2 days ago·discuss
Chronicle has a lot of great resources. I’ve been out of Java for a few years but when I had to write high perf code, the libraries and blog insights were invaluable.

A lot of the advice is good in general - keeping things simple, generating fewer objects, etc. Profiling with Yourkit or JMH to find and improve slow spots.

This let us build high performance software that had a vast difference in say p90 input size and p99. It involved rewriting third party libraries to let us 3x speed and substantially reduce GC. I think in the end we were around a p99 of 7ms and p90 well under that (the data spread was kbs to megabytes) across hundreds of millions of inputs per day.
gwittel
·20 days ago·discuss
Pretty much this. We see CF hosted/protected content all the time. CF does nothing for days or weeks. By then the campaign is gone and on a new account etc. Tycoon and Kratos are two phish kits that heavily use CF.

CF does have small anti-abuse teams, but it’s just not a business priority for the company to do better. We’ve tried many times to engage at a corporate level and the bottom line is they don’t care - they don’t want to police content as often stated by the executives.
gwittel
·23 days ago·discuss
Given how little they do now to stop malicious content hosted behind/by Cloudflare, the bare minimum if anything.
gwittel
·3 months ago·discuss
> "GitHub only gets better if people who give a shit stick around to make it better"

At a basic level I appreciate this sentiment. However, the common dysfunction I see in large corporation is its not the lack of people who give a shit. Its lacking a sufficient number of people in positions of power that give a shit -- such that they can actually make change happen.

All too often competing pressures (features, profit, delivery speed, politics) take precedence; not leaving time for things that would really move the needle. In essence, too many leaders are happy to ship garbage; they don't care (or don't know).

If Github were to put out a statement saying "service quality is our priority", it is fairly meaningless. If they added "here's how we'll get there", maybe it helps some. Moreso -- "from now on executive compensation is tied to these SLOs", then maybe something would actually happen.
gwittel
·3 months ago·discuss
Yes. In the past I helped sort out tooling like this for competitive analysts. There are a few ways this is done:

1) Check the businesses’ MX record. Often this points to a third party provider like Microsoft or Google. 2) Connect to the mail server identified in the MX record. Sometimes these have banners that identify the vendor (vs something generic like sendmail) 3) Email headers from messages sent to users in the company (or sometimes a bounce). Often these have headers from one or more providers. You’ll have to sort out the path to understand which bits were added by the sender/recipient path though.

These days often companies have multiple providers (security) so they might have one at the edge (mx) and more internal hops. You can usually see these in the headers.
gwittel
·7 months ago·discuss
Yes. I remember listening to it on the radio. The DJ used the handle Hard Hat Mack. It was pretty awesome to hear SID music over the radio.

I found this archive that has some of the shows recorded, and set playlists (I'm giving two links as the site is using frames so the top level page requires you navigate the menus to get to these):

  - Recordings: https://www.transbyte.org/SID/KDVS.html
  - Playlists: https://www.transbyte.org/SID/6581.html
The set playlists (using HVSC) works. For actual recordings they're 404 from this site -- arnold.c64.org is gone. But there are a few archives of the arnold.c64.org site! This should help re-construct the original links from the above page:

  - https://www.mmnt.net/db/0/0/arnold.c64.org/pub/sidmusic/lala/ra
  - https://archive.org/download/arnold.c64.org  (download the whole thing and dig into pub/sidmusic/lala/ra)
Due to the era, most of the files are in RealAudio format; with a few MP3s as well. Wonder if this could all be re-posted somewhere in modern formats to make it more accessible.

Its possible the authors are still around and have more copies; doubtful KDVS has archives, maybe tapes buried in the library.

Anyway, hope this helps! Its a cool piece of history and brings back a few memories.
gwittel
·8 months ago·discuss
Tools like Playwright and Puppeteer are abstractions on top of CDP. The other use case is when these frameworks don’t expose or don’t use a CDP command you need (often they hide some parameters for cross browser compatibility).

Webdriver BiDi is a future cross browser replacement:

https://www.w3.org/TR/webdriver-bidi/
gwittel
·8 months ago·discuss
I’ve had a similar thing happen to me recently. 500$ tariff on $130 of stuff. The tariff should have been like $20. UPS has been completely non responsive and still won’t show me the customs forms. Total scam.
gwittel
·4 years ago·discuss
TwinWave | Sr Software Engineer | REMOTE (US) | Full Time | https://www.twinwave.io/

Want to have fun while helping keep the world safe from cybersecurity threats?

TwinWave is looking for a senior software engineer to join our development team. We are passionate about creating products that solve real problems and help protect organizations from the security threats they face every day. This drive to build amazing products has resulted in a loyal customer base that includes some of the world's largest banks, insurance companies and other Fortune 500 organizations.

We are looking for someone with 5+ years professional experience as a Software Engineer to join our core development team. This team is responsible for all layers of our product stack, from our front-end UI to our back-end services. Daily responsibilities will include:

- Designing and developing code in Go, Python and Javascript/Typescript (React) to bring exciting new functionality to our customers

- Working in a team environment to decide what engineering work will best help our product, and planning to accomplish it together

- Observing our product in action and taking action to improve its operation

- Focusing on creating testable, maintainable and secure code using best practices

- Contributing to our CI/CD and DevOps technologies to improve our developer and operational experience

TwinWave pays market competitive salaries based on experience and qualifications. The salary range for this position is $150,000 – $200,000 along with participation in our bonus (profit sharing) program.

At TwinWave we truly believe in work life balance. We want people to take the time outside of work so that they can recharge and do their best work when they are working. We offer fully paid health insurance, 401k, flexible hours and lots of time off.

Interested? Please send your resume to: [email protected]

https://www.twinwave.io/jobs/
gwittel
·4 years ago·discuss
TwinWave | Sr Software Engineer | REMOTE (US) | Full Time | https://www.twinwave.io/

Want to have fun while helping keep the world safe from cybersecurity threats?

TwinWave is looking for a senior software engineer to join our development team. We are passionate about creating products that solve real problems and help protect organizations from the security threats they face every day. This drive to build amazing products has resulted in a loyal customer base that includes some of the world's largest banks, insurance companies and other Fortune 500 organizations.

We are looking for someone with 5+ years professional experience as a Software Engineer to join our core development team. This team is responsible for all layers of our product stack, from our front-end UI to our back-end services. Daily responsibilities will include:

- Designing and developing code in Go, Python and Javascript/Typescript (React) to bring exciting new functionality to our customers

- Working in a team environment to decide what engineering work will best help our product, and planning to accomplish it together

- Observing our product in action and taking action to improve its operation

- Focusing on creating testable, maintainable and secure code using best practices

- Contributing to our CI/CD and DevOps technologies to improve our developer and operational experience

Even though we are small, we truly believe in work life balance. We want people to take the time outside of work so that they can recharge and do their best work when they are working. We offer fully paid health insurance, flexible hours and lots of time off.

Interested? Please send your resume to: [email protected]
gwittel
·5 years ago·discuss
Pretty much this. It’s likely down to the lack of incentives for leaders and line workers. Ie: search spam volume isn’t a measure by which search team performance is graded