HackerTrans
TopNewTrendsCommentsPastAskShowJobs

superq

no profile record

comments

superq
·पिछला वर्ष·discuss
Both sides agree that America has provided at least $100 billion and possibly up to a half-trillion in aid and other consideration to Ukraine. That's a fair bit of money!

And, if Zelenskyy is to be believed, it was a "grant", or a gift, which makes Zelenskyy's disrespectful attitude and hubris in the White House even more outrageous.
superq
·पिछला वर्ष·discuss
Technically, Zelenskyy instituted martial law and cancelled Ukrainian elections, so although he is the undisputed leader in power in Ukraine, he's not an elected president.

Do actual presidents show up in sweatshirts and insult their benefactors?
superq
·पिछला वर्ष·discuss
It's a bit odd that literally every single top comment is pro-Zelenskyy and anti-White House.

I haven't seen a single thoughtful critique of Zelenskyy or his behavior on HN; it seems very one-sided and strange.

(also interesting that the BBC mispelled his last name, even though they're obviously big fans..)
superq
·पिछला वर्ष·discuss
Mozilla owns Pocket.
superq
·पिछला वर्ष·discuss
Mozilla now sells data, while Brave does not?
superq
·3 वर्ष पहले·discuss
Throw a trillion cores at anything and it can be global scale.
superq
·3 वर्ष पहले·discuss
Six months and it still doesn't have a basic and open web interface. Not impressive. Many apps, including HN, operate for years with only a web interface.
superq
·3 वर्ष पहले·discuss
> Not exactly true.

Still, mostly true.. read-only is just dumb. Nice to be back in 2008, when mobile-first turned into mobile-only.

The entire point of this thread was that this is a Python/Django web app, but it's not actually a web app at all, so what's the point of pointing out any of this?
superq
·6 वर्ष पहले·discuss
That's a good point. Even just using Github or Gitlab issues to track incidents with approvals is better than nothing.
superq
·6 वर्ष पहले·discuss
That makes sense to me -- thanks for clarifying!
superq
·6 वर्ष पहले·discuss
Agreed! I've run into the malware scanning audit issues at several clients in the past but things have gotten a bit better (or auditors have gotten smarter, since we certainly don't want to install commercial anti-virus software or even ClamAV on certain types of systems): recently, for Linux systems, we successfully used cron-job rootkit scanners/FIM (such as Tiger) to clear the malware scanning hurdles, while on Mac and Windows workstations, client security manuals require built-in anti-virus software (Mac XProtect, Windows Defender).
superq
·6 वर्ष पहले·discuss
Right, agreed 100%. In terms of security, the value of centralizing credentials is debatable.
superq
·6 वर्ष पहले·discuss
I've been through the process before and just went through it again, and the first thing listed (Single Sign-On) is not required at all. I'm not even sure it's mentioned directly in the AICPA criteria.

I'm also not sure what SSO really buys you, except for just moving the criteria target to another SOC-2 report. ;)

Also, MDM is not really critical at all, as long as you have a solid/documented way of managing accounts on web and mobile apps.

I do like the rest of the article except for the list itself, however. SOC-2 is all about documentation and processes. Justifying your security choices is less important than carefully and fully documenting them, and the processes that you have in place.