How does a good instructor, syllabus, and/or academic institution not need this? I went to an Ivy League school with hopefully above average teachers and saw a lot of plagiarism.
I agree. I would like to seem more details of how they determined it was only crypto mining. Finding only mining scripts in your logs doesn't mean they were not running other code once they had root.
This is great. My only worry is that people shouldn't be allowed to self diagnose Covid-19. It will lead to trolls and cause tons of people self isolating unnecessarily, then eventually not using it once they realize the abuse. Maybe have the sever validate the diagnosis or have the person required to enter a code signed by the server's private key.
Because it can abused. The easier you make it upload, it also allows bad actors to upload invalid data to cause people to go into quarantine unnecessarily. It only works well if you can trust the data, so I think it should error on the side of validating the data instead of openness.
It's normally not a fixed amount. It's generally a percentage above costs. If all costs increase, they increase their revenue. They get the same percentage of a bigger pie.
Having youtube tutorials on something does not make you an expert on the subject. He appears to not have the skills to do basic JS debugging. It's great to ask for help, everyone needs help at some point. The issue I see is starting with "The dark side of GraphQL". If you haven't found the actual issue, how do you even know what the cause is? Just because your SQL query is fast doesn't mean there is some inherent problem in GraphQL or Apollo. That argument doesn't follow. It could be user error.
Not sure why you are getting downvoted. The person actually states that they don't know how to debug, "honestly, I'm not 100% sure the best way to debug from here." They are just looking at Datadog stats and not finding the root cause. They could do some basic JS debugging of the open source library to figure out the issue. Blaming Apollo would be a stretch (which may not even be the issue since they haven't done any debugging), but the protocol of graphql is way too far.
Yeah absolutely. But have you audited the mobile apps or the chrome extensions, etc. (Extensions can update in the background without interaction)? Every time a new release happens? Those products are created by completely different developers.
Not saying that a company could not have a malicious release. It could. I just think the odds are much lower because their release process has better security controls and is generally audited better.
It really surprises me that people are using pass or any other password manager developed as open source.
Yes, the code is open source, but unless you download the code yourself and compile it, which not many people do on desktop and no one does for mobile clients, you have to trust the deploy process of a random group of people. None of the people even have to be malicious. They just have to have an insecure deploy process (which allows an attacker to insert code), which is extremely common in open source. Very few if any open source projects have audited their deploy process and have monitoring for vulnerabilities or exploits happening. It's just too time intensive/expensive for a side project someone isn't getting paid for.
I prefer to trust an organization that has gone through tons of audits. Not just on whether the client is secure (can encrypt securely), but that their software development lifecycle is secure. They also have a huge financial incentive to keep things secure, which is not the case in open source.
We have been using it at my company (100 employees) for 2 internal services for about 6 months with Google SSO. It has been working great. There has been 1 outage where it was down for a couple hours.
My only complaint is the security of it is not perfect. When you launch the tunnel, you declare the domain you want it to use. I can be any domain on the account and can't limit it to specific domains. It's a little dangerous if you have sensitive domains on your Cloudflare account that you don't want to use Argo.
I think "some" is very few (if any at all) in my experience. If you are generally looking for knowledge or not sure, you preface with "I may be wrong", "I am not an expert" or other such phrases, but most often people state wrong information as facts with no caveats. It's probably some combination of over confidence and ignorance.
It took me a while to realize this. It wasn't until there was a post about something I was an expert on. I finally realized people respond here often with little knowledge or even no knowledge at all. It made me question everything I read before on this site.