HackerTrans
トップ新着トレンドコメント過去質問紹介求人

contrahax

no profile record

コメント

contrahax
·3 か月前·議論
A doctor command that does this is always nice! Wish more services would have this
contrahax
·3 か月前·議論
There's a handful of perf related PRs open already so maybe it will be faster soon. I'm sure with enough focus on it we could have a hyper optimized version in a few hours.
contrahax
·4 か月前·議論
I set up like 90% of my vehicles in here - struggled a bit with old VINs for mopeds that basically have no VINs but this is awesome. Cures my ADHD around managing lots of things that need maintenance, parts, docs.
contrahax
·5 か月前·議論
This is called dynamic analysis!
contrahax
·8 か月前·議論
Try pulumi!
contrahax
·8 か月前·議論
Really good internal security practices by the people who make the OS :) I don't think an attacker would be able to pull off disabling features like secure domains, secure enclave, etc. in macOS without anyone noticing seeing as it takes months of approvals, testing, etc. for a single build to even hit the beta channel.
contrahax
·8 か月前·議論
This ultimately needs to get addressed at the OS level. Why is a random JS file on disk allowed to read my browser cookies without my awareness? Why is a native extension downloaded from S3? This goes across all package managers (npm, pypi, cargo).

I think security controls on macOS have been trending in the right direction to tackle these types of things comprehensively with secure domains, sandboxing, etc. but there is always a war of how much friction is too much when it comes to security.

We saw the same thing with 2SV where people were vehemently against it, and now many are clamoring that it should be the only way to be able to do things like publish packages (I agree! I have no issue jumping through some extra hoops when I publish something a million people will install).

This might be a hot take but I think a lot of loud mouths with their personal preferences have been holding security in this space back for a while, and recently people seem to be getting tired of it and pushing through. The engineering leadership that won't just make these types of high impact security decisions because it might irritate a handful of highly opinionated workflows is unfortunate!