HackerTrans
TopNewTrendsCommentsPastAskShowJobs

contrahax

no profile record

comments

contrahax
·3 mesi fa·discuss
A doctor command that does this is always nice! Wish more services would have this
contrahax
·3 mesi fa·discuss
There's a handful of perf related PRs open already so maybe it will be faster soon. I'm sure with enough focus on it we could have a hyper optimized version in a few hours.
contrahax
·4 mesi fa·discuss
I set up like 90% of my vehicles in here - struggled a bit with old VINs for mopeds that basically have no VINs but this is awesome. Cures my ADHD around managing lots of things that need maintenance, parts, docs.
contrahax
·5 mesi fa·discuss
This is called dynamic analysis!
contrahax
·8 mesi fa·discuss
Try pulumi!
contrahax
·8 mesi fa·discuss
Really good internal security practices by the people who make the OS :) I don't think an attacker would be able to pull off disabling features like secure domains, secure enclave, etc. in macOS without anyone noticing seeing as it takes months of approvals, testing, etc. for a single build to even hit the beta channel.
contrahax
·8 mesi fa·discuss
This ultimately needs to get addressed at the OS level. Why is a random JS file on disk allowed to read my browser cookies without my awareness? Why is a native extension downloaded from S3? This goes across all package managers (npm, pypi, cargo).

I think security controls on macOS have been trending in the right direction to tackle these types of things comprehensively with secure domains, sandboxing, etc. but there is always a war of how much friction is too much when it comes to security.

We saw the same thing with 2SV where people were vehemently against it, and now many are clamoring that it should be the only way to be able to do things like publish packages (I agree! I have no issue jumping through some extra hoops when I publish something a million people will install).

This might be a hot take but I think a lot of loud mouths with their personal preferences have been holding security in this space back for a while, and recently people seem to be getting tired of it and pushing through. The engineering leadership that won't just make these types of high impact security decisions because it might irritate a handful of highly opinionated workflows is unfortunate!