HackerTrans
トップ新着トレンドコメント過去質問紹介求人

hermanb

no profile record

コメント

hermanb
·2 か月前·議論
Our baby was capable of sending these signals when she was a few weeks. So most pees she does hanging above the sink. This saves so many diapers, crazy. And much more comfortable for her to never have a wet butt, not even a minute. Would recommend!

I think within the next few months we can actually get her to go to the potty by herself. She’s 15 months now.

This industry wasn’t just good. It did destroy babies sensitivity to soiling.
hermanb
·5 か月前·議論
I had this idea / pet project once where I did exactly this for email. Emails would immediately bounce with payment link and explanation. If you paid you get credit on a ledger per email address. Only then the mail goes through.

You can also integrate it in clients by adding payment/reward claim headers.
hermanb
·3 年前·議論
If Kargo requires R/W access to GitHub, and auto updates charts/images, isn’t that asking for your production environment to be infected by a change prepared and cultured in your dev environment and then auto updating / hiding itself into prod freight?

We disallow writing back to GitHub to avoid this issue, and manage stages through branches, combined with directories for overlays. Things can get out of sync, but comparing branches is easily automated.
hermanb
·3 年前·議論
It would be pretty interesting if they shared some more detail on this indeed. I was wondering the same when I read “forged” elsewhere.

How can you forge a token? Did they use quantum machinery to retrieve a JWT Private Key? Did they factor RSA keys?

But no, they used a bug/weakness to exchange a token.
hermanb
·3 年前·議論
It is not disconnected by “a chip”. It is disconnected by something that closely resembles a physical switch.

This is the point of the article. There is no software involved. It can’t be hacked.
hermanb
·3 年前·議論
If the image doesn’t leave the device and only the hash does… What is stopping one from uploading existing public images, banning a whole lot of innocent people?
hermanb
·4 年前·議論
Honestly, this seems like little. We should be wary of the source we try to pull, but given how easy it is to upload something malicious you’d expect thousands of images of this kind. Maybe DockerHub is already detecting and deleting these packages?

Or why aren’t more people interested in this?

Not sure, but maybe injecting into commonly used libraries via subdependencies is seen as a more effective method, getting more focus. Would be interesting to have a broader analysis of malicious artifacts!
hermanb
·4 年前·議論
https://hueblog.com/2022/07/16/natural-light-new-function-no...
hermanb
·4 年前·議論
It is a feature of the Hue bulbs being worked upon, see: https://hueblog.com/2022/07/16/natural-light-new-function-no...
hermanb
·4 年前·議論
Philips Hue is fully Flutter since a while now (v4). There were issues with (pre-rendering of) animations but those have been resolved in Flutter.
hermanb
·4 年前·議論
I’ve been wondering about this too and always used full sha’s until now. But recently I’ve made an action myself: You actually need to publish the action to the marketplace with each tag manually. It feels like there might be more going on.

Is GitHub storing those published tags and avoiding tampering by only letting you use those tags once? Are they warning or blocking runs if you tamper? …

I’m really curious because it seems like SUCH a giant risk otherwise.