HackerTrans
TopNewTrendsCommentsPastAskShowJobs

itintheory

no profile record

comments

itintheory
·10 hari yang lalu·discuss
> the Switch 2 takes carts

I believe the switch 2 carts don't contain the actual game, just a license key. The game is downloaded on first run.
itintheory
·12 hari yang lalu·discuss
Somehow not in the wayback machine or archive.ph. Probably just coincidence.
itintheory
·15 hari yang lalu·discuss
> blue teamers

Pretty sure you mean red team here. While I've heard people refer to any offensive security (eg including blackhat) as 'red team' , it typically means people you've hired or contracted to try to break into your systems, whereas the blue team are people you've hired to build and operate your security defenses. Red and blue team are both your employees / contractors but perform different functions.
itintheory
·17 hari yang lalu·discuss
> nobody deploys `node:latest`

Oh how I wish that were true.
itintheory
·17 hari yang lalu·discuss
Pull-through cache the images. Sure, they could decide you can't pull anymore, or impose problematic rate limits, but you shouldn't add a runtime dependency on their registry in any case.
itintheory
·23 hari yang lalu·discuss
Another own goal - eliminate screw worm from north america...
itintheory
·29 hari yang lalu·discuss
Huh. I remember playing a very similar game on Apple II, but I believe it had a Dutch / European theme, and was called something like "Ooperhoofd". I can't find any reference to it online. Maybe it was a 'modded' version of this? That one, and Odell Lake[0] were the best disks in the library computer lab in middle school.

[0] https://classicreload.com/apple2-odell-lake.html
itintheory
·29 hari yang lalu·discuss
For some reason this made me think of Pirates Constructible Strategy Game [0]

[0]: https://en.wikipedia.org/wiki/Pirates_Constructible_Strategy...
itintheory
·30 hari yang lalu·discuss
They should have called this "WishingWell". I'm wishing them well, but some of these projects are so over the top pie-in-the-sky silly, and funded with $0.25.
itintheory
·30 hari yang lalu·discuss
Care to share any specifics?
itintheory
·bulan lalu·discuss
Same. I have used the controller as a container. Take a backup of the configuration and you don't even need to keep it running. I returned to a network after two years, fired up a controller, imported the config backup and g2g
itintheory
·bulan lalu·discuss
Gonna need a description of the correct way to do these things. I have a feeling I'll be one of today's lucky 10,000.
itintheory
·bulan lalu·discuss
It has a name in the security industry, Insecure Direct Object Reference (IDOR) [1]. Somewhat related to Path Traversal [2]. Unfortunately CFAA is very broad and can be (mis)interpreted in wild ways.

[1] https://cheatsheetseries.owasp.org/cheatsheets/Insecure_Dire... [2] https://owasp.org/www-community/attacks/Path_Traversal
itintheory
·bulan lalu·discuss
There are many good options. [1]

[1] https://news.ycombinator.com/item?id=48321089
itintheory
·bulan lalu·discuss
I was thinking along similar lines to what you've suggested here, but then I considered how many VPS might be configured by folks following some random web tutorial, to set up their LAMP stack (or whatever), that end up doing something like what was described.
itintheory
·bulan lalu·discuss
This feels like using sudo is just inherently unsafe.
itintheory
·bulan lalu·discuss
Parallel construction is when they use illegally obtained evidence to construct a separate set of ostensibly legitimate evidence. Like, an illegal wiretap might lead to someone being in the right place at the right time to witness a crime.
itintheory
·2 bulan yang lalu·discuss
<always has been meme>

While containers have some useful properties, it was never intended to be, and never really functioned as a strict security boundary. We've duct-taped around that, and it's reasonably good now, but that only goes so far.
itintheory
·2 bulan yang lalu·discuss
I'm surprised that this has apparently been ongoing for 6-7 months. I thought outfits like GitGuardian, or solo researchers with trufflehog (etc) would find leaked keys in days, not months. Maybe this is related to the major growth of github? The scanners can't keep up?
itintheory
·2 bulan yang lalu·discuss
Yep, that's the advice from AWS for the previous set of vulnerabilities:

https://aws.amazon.com/security/security-bulletins/2026-027-...

That one also includes disabling user namespaces. Could be problematic if they're in use.