* HTTP/2 (3?) (on the roadmap)
* a refresh of the dyno line-up - at least pass on some of the cost savings of removing/supporting free tier by reducing dyno pricing or preferably bumping specs
* auto-scale for all dyno tiers
* rebuild security team with reputable lead
* edge / multi region active-active DX
* edge ssl termination
* iterate on chat ops (underrated feature)
* more metrics
* more alerting (e.g. crashed apps)
* better user/access team management (default app roles)
* enhanced secrets management in env (2 layers of env view/roles - config vs secrets)
* DDOS protection
* Treat CI env vars as secrets!
>If you used your previous password on any other sites, we highly recommend you also change your password on those sites.
This is the most concerning part of that email, as it implies more than an "out of an abundance of caution", but rather that they suspect their password DB has been compromised.
Thinking about it, it does sound the most likely as they were probably the same DB the customer oAuth tokens were stored in that were used to access Github repositories. But if they already knew the data was stored together why wait till now to reset passwords?
Reading the other trending article on LAPSUS$ (https://news.ycombinator.com/item?id=30774406), access to Slack suits their MO perfectly in terms of mining it for data for more sophisticated escalation of access via social engineering.
> Support engineers use a number of customer support tools to get their job done including Okta’s instances of Jira, Slack, Splunk, RingCentral, and support tickets through Salesforce.
I like how it just glosses over access to all the other tools which often contain a treasure trove of data. Just Slack can give an attacker worst case credentials pasted into channels and best case loads of information for more targeted social engineering attacks. LAPSUS$ even stated they had access to over 8K channels.
Exactly my point. However the European Commission has released "Approved" SCC's in June 2021. Does this case now invalidate those because "the DSB has rejected these measures as absolutely useless when it comes to US surveillance" in which case it is in conflict with the European Commissions guidance.
Has Google Analytics now adopted the latest European Commission approved SCCs (https://ec.europa.eu/info/law/law-topic/data-protection/inte...) and does that mean using GA with those SCC's is now compliant going forwards. Or does this cases verdict that "SCCs and "TOMs" not enough" now mean those EC approved SCCs are now useless?
My ideal goes further than that. All I want is a reasonable data plan with non extortionate roaming rates from my existing provider (phone service is not important to me these days due to FaceTime/WhatsApp/etc). Some providers were starting to offer decent roaming to a large selection of countries that came out of your existing allowance with no additional charge but they seem to have started rolling back on that now as margins are getting squeezed. There is no reason for roaming charges for 1 week to be higher than the cost of a 1 month pre-paid local sim.
I don't know the rollout process but perhaps it involves taking servers offline, putting more load on the still live unpatched servers, increasing the probability of the race condition occurring?
Definitely. The EU had the same opportunity with BioNTech which was funded by Germany. But they allowed a partnership with Pfizer and now the US gets most of that production.
A lot of their problems seem to come down to the fact that they aren't experienced in vaccines so have made multiple missteps along the way because of that on the procedural side of things.
Their choice as partner for the Oxford vaccine was purely political. Merck were originally the preferred choice (and they have a lot of vaccine experience) and a deal was almost done, but the UK vetoed it because all production would be in the US and they wouldn't offer the guarantees the UK had gotten from Oxford as part of their funding of the Vaccine development.
The origin of the UKs priority access to the AZ vaccine was due to their early funding of the Oxford vaccine on condition of 1st priority. This was before AZ even got involved. In fact the UK govt had such deep involvement that they were able to veto a deal between Oxford and Merck to manufacture and distribute the vaccine over fears that it would allow Trump to block their priority access through export controls (as Merck would manufacture in the US) so the UK make Oxford partner with AZ. AZ inherited that pre-existing deal between Oxford and the UK govt.
I continue to hold the view that Tesla's success is because they are really a software company, not a car company.