HackerTrans
TopNewTrendsCommentsPastAskShowJobs

intern4tional

no profile record

Submissions

Arene Base

github.com
2 points·by intern4tional·2개월 전·2 comments

comments

intern4tional
·2개월 전·discuss
arene_base provides low level C++ facilities to help development of safety critical software in compliance with Woven by Toyota's C++ development best practices.
intern4tional
·6개월 전·discuss
You misunderstand.

Ben is a random engineer, he is definitely not the proper point of contact. FOSS compliance is serious, so if this is real, do escalate it.
intern4tional
·6개월 전·discuss
Correct, that was my intent - Ben isn't the proper channel as he is just an engineer responding to comments here. Stuff like this is serious and so should be escalated.

Compliance with FOSS licenses isn't a joke.
intern4tional
·6개월 전·discuss
Nothing. This isn't something that is even tracked. AI usage is obviously encouraged but HR has far better things to do than go gather this kind of data.

Internally, depending on what product is being worked on teams will have different development flows and different usage points of AI. For things like VSCode, teams have freedom on how they use it completely.
intern4tional
·6개월 전·discuss
Assuming this is real and you have the authority to share your work from previous location; you should reach out and contact Microsoft Legal directly.

A random engineer on Hacker News is not the proper channel.

Link: https://www.microsoft.com/en-us/legal/compliance/sbc/report-...
intern4tional
·2년 전·discuss
QNX is heavily used in industries where functional safety or particular high assurance models are required.

Sure FreeRTOS has a SafeRTOS mode, but its not sufficiently functional for a modern ADAS stack or complex robotics systems. QNX is used in all major automotive companies around the world for a reason, and a crucial part of NVIDIA's DriveOS stack.
intern4tional
·2년 전·discuss
He was freed in 2020: https://arstechnica.com/tech-policy/2020/02/man-who-refused-...
intern4tional
·2년 전·discuss
https://web.archive.org/web/20061023112233/http://software.s...

"Microsoft made both changes in response to antitrust concerns from the European Commission. Led by Symantec, the world's largest antivirus software maker, security companies had publicly criticised Microsoft over both Vista features and also talked to European competition officials about their gripes."

Perhaps reactive, but there were definitely conversations between EU and MS.

As someone that watched the video (and directly worked on this stuff during my time at MS), I think Marcus has no idea on how the OS vendors relationships work with governments. He misses the fact that if Windows releases user-level APIs that provide similar functionality, it would break existing functionality and force a migration.

For the example he uses patch guard, existing functionality did not break anywhere as significant as say would evicting drivers from the kernel.
intern4tional
·2년 전·discuss
Windows does have the ability to have sovereign builds (and has had this since 2016?), but the capability wasn't present when the decision was made (in 2006). Windows build is complex and tightly coupled with performance testing, telemetry collection, etc and at the time this decision was made, not feasible to do.

Reversing a change from 2006 would likely bring anti-trust action from the remainder of the world immediately, as that change from 2006 is relied on by everyone else globally today.

The EUs stance isn't bad either, as MS has a competitor in this space that also relies on a kernel driver (MDATP does use a kernel driver) and it is unlikely MS would remove its own competitor from the kernel (at least this item was not discussed during my time at MS and I was in the security space of Windows).
intern4tional
·2년 전·discuss
Industry forum was external, MS did not start that.

I do not know enough to properly answer on the concrete reasons why, only that it was external. Sorry.
intern4tional
·2년 전·discuss
As someone that worked at MS, on a team that worked directly on this issue (among other things) some years ago, MS did figure out better solutions and did discuss it with industry.

MS has an entire forum for discussing these things with industry (https://learn.microsoft.com/en-us/defender-xdr/virus-initiat...) and has had variants of said forum for some time (I think the first effort was in 2010).

Kaspersky was running an SSL/TLS Proxy in the kernel IIRC and didn't want to have to move it elsewhere due to the fact it would require them to rework their product quite a bit.

The solutions MS (we) proposed were agnostic and overall better, the anti-malware industry simply doesn't want to make the changes as these things do impose technical work on existing products.
intern4tional
·2년 전·discuss
Here's an actual compliant at MS to the EU from an anti-malware vendor: https://www.techtarget.com/searchsecurity/news/450420491/Mic...

This is and has been a thing for quite some time. Windows is a highly regulated OS.
intern4tional
·2년 전·discuss
There is basis for that assertion.

Via Google: https://www.techtarget.com/searchsecurity/news/450420491/Mic...

(Also via myself, as I was at MS when we wanted to make this change and the EU said no.)
intern4tional
·2년 전·discuss
So the grandparent poster has a fundamental misunderstanding of how Windows works, and why CrowdStrike has a kernel driver in the first place.

Microsoft has long desired to kick AV vendors out of kernel space and has even attempted to do so prior, however because of its dominant position in the market, it is unable to do so. I was at MS when an iteration of this effort was underway, and the EU said no.

See, Windows is a highly regulated OS today, and making a change like kicking out AV vendors from the kernel runs afoul of antitrust laws.

Example: https://www.techtarget.com/searchsecurity/news/450420491/Mic...

Microsoft does provide user-space capabilities: https://learn.microsoft.com/en-us/windows/win32/amsi/antimal... but vendors are not required to use it, nor can Microsoft require vendors to use it (for the aforementioned antitrust reasons).

Microsoft also has ELAM: https://learn.microsoft.com/en-us/windows-hardware/drivers/i... which is a rootkit / bootkit defensive mechanism. A defect in the definition files (as noted in the twitter thread) is what caused the crash in an ELAM driver. CrowdStrike obviously was not following the required process for ELAM drivers.

Mind you, the claim about CrowdStrike not impacting Linux is also bogus: https://www.neowin.net/news/crowdstrike-broke-debian-and-roc...
intern4tional
·2년 전·discuss
I think returning results in a timely manner is more than an acceptable assumption.

The poster clearly thought about search in terms of the existing Google search functionality which is near instantaneous.

Usability matters to the average end user and a delayed search is not usable for most people.
intern4tional
·2년 전·discuss
This makes it something that the average person cannot do; you're suggesting something that already requires more time and resources than 75% of the population has access to.

If you're serious about this than go talk to a non-tech person and tell them to self-host email and see how they do. Look at their challenges, build a solution and then offer it.
intern4tional
·3년 전·discuss
I don’t disagree with this either, I just didn’t think of it when I put my response in.

Naming and shaming does work.
intern4tional
·3년 전·discuss
Of course, but it that’s good in most cases as then you don’t get an overreaction.

The right people will read it (Chattr.ai’s customers) and respond . Right now everyone looks at it and some CISO will overreact and make everyone go check their Firebase configurations which may likely be a non-value add.
intern4tional
·3년 전·discuss
Title: I pwned Chattr.ai via Firebase misconfiguration

That’s what you should call it. It explains to readers what’s going on without over sensationalism.

That isn’t too long either.
intern4tional
·3년 전·discuss
No, as company employee is directly tied to and the responsibility of the company.

These companies are responsible for their employees behavior and data but they are not responsible for nor legally liable for (in most cases, some exceptions apply) the actions of a third party that they have retained to help with hiring.

In fact the contract they have with said third party likely absolves them of any liability.

The title should be: I owned an AI startup via Firebase misconfiguration.

You can even name the startup if you want. That’s not flashy though and this person wants marketing.