HackerTrans
TopNewTrendsCommentsPastAskShowJobs

hermanb

no profile record

comments

hermanb
·2 माह पहले·discuss
Our baby was capable of sending these signals when she was a few weeks. So most pees she does hanging above the sink. This saves so many diapers, crazy. And much more comfortable for her to never have a wet butt, not even a minute. Would recommend!

I think within the next few months we can actually get her to go to the potty by herself. She’s 15 months now.

This industry wasn’t just good. It did destroy babies sensitivity to soiling.
hermanb
·5 माह पहले·discuss
I had this idea / pet project once where I did exactly this for email. Emails would immediately bounce with payment link and explanation. If you paid you get credit on a ledger per email address. Only then the mail goes through.

You can also integrate it in clients by adding payment/reward claim headers.
hermanb
·3 वर्ष पहले·discuss
If Kargo requires R/W access to GitHub, and auto updates charts/images, isn’t that asking for your production environment to be infected by a change prepared and cultured in your dev environment and then auto updating / hiding itself into prod freight?

We disallow writing back to GitHub to avoid this issue, and manage stages through branches, combined with directories for overlays. Things can get out of sync, but comparing branches is easily automated.
hermanb
·3 वर्ष पहले·discuss
It would be pretty interesting if they shared some more detail on this indeed. I was wondering the same when I read “forged” elsewhere.

How can you forge a token? Did they use quantum machinery to retrieve a JWT Private Key? Did they factor RSA keys?

But no, they used a bug/weakness to exchange a token.
hermanb
·3 वर्ष पहले·discuss
It is not disconnected by “a chip”. It is disconnected by something that closely resembles a physical switch.

This is the point of the article. There is no software involved. It can’t be hacked.
hermanb
·3 वर्ष पहले·discuss
If the image doesn’t leave the device and only the hash does… What is stopping one from uploading existing public images, banning a whole lot of innocent people?
hermanb
·4 वर्ष पहले·discuss
Honestly, this seems like little. We should be wary of the source we try to pull, but given how easy it is to upload something malicious you’d expect thousands of images of this kind. Maybe DockerHub is already detecting and deleting these packages?

Or why aren’t more people interested in this?

Not sure, but maybe injecting into commonly used libraries via subdependencies is seen as a more effective method, getting more focus. Would be interesting to have a broader analysis of malicious artifacts!
hermanb
·4 वर्ष पहले·discuss
https://hueblog.com/2022/07/16/natural-light-new-function-no...
hermanb
·4 वर्ष पहले·discuss
It is a feature of the Hue bulbs being worked upon, see: https://hueblog.com/2022/07/16/natural-light-new-function-no...
hermanb
·4 वर्ष पहले·discuss
Philips Hue is fully Flutter since a while now (v4). There were issues with (pre-rendering of) animations but those have been resolved in Flutter.
hermanb
·4 वर्ष पहले·discuss
I’ve been wondering about this too and always used full sha’s until now. But recently I’ve made an action myself: You actually need to publish the action to the marketplace with each tag manually. It feels like there might be more going on.

Is GitHub storing those published tags and avoiding tampering by only letting you use those tags once? Are they warning or blocking runs if you tamper? …

I’m really curious because it seems like SUCH a giant risk otherwise.
hermanb
·4 वर्ष पहले·discuss
Happens with GitHub Pages too. You can crawl for repos with CNAME file and if any of those repos is removed or CNAME is removed, you can takeover.

I believe this is now hardened a bit by setting the CNAME to a GitHub domain with the user/org as subdomain.
hermanb
·4 वर्ष पहले·discuss
Really sounds like an awesome tool. Fits right into the serverless / JAMStack kind of systems too. Just like Netlify CMS.

I was actually in the process of tweaking Netlify CMS to be more easily hostable yourself without depending on the Netlify Pro plans as much. Basically involves hosting a combination of Netlify Identity and Git Gateway compliant backends in GCP CloudRun or AWS Lambda. Maybe even making it easy to configure a build pipeline on CloudBuild.

I wanted to use this for small business websites, but also configuration management and translations for projects at work. Sounds like FlyCode is a great (not self-built) alternative I can recommend. Great business model as well. Almost no databases needed (auth only?) and easy to host stateless on serverless offerings. Scales linearly
hermanb
·4 वर्ष पहले·discuss
Original article is a good read too:

https://www.cell.com/cell-reports-physical-science/pdf/S2666...