HackerTrans
TopNewTrendsCommentsPastAskShowJobs

piccirello

no profile record

Submissions

AWS Lambda introduces MicroVMs: isolated sandboxes with full lifecycle control

aws.amazon.com
10 points·by piccirello·18일 전·1 comments

Plopcop – To Protect and Scrub

plopcop.com
1 points·by piccirello·24일 전·0 comments

SSH Secret Menu

twitter.com
353 points·by piccirello·4개월 전·176 comments

Eight Sleep: Making the Pod outage-proof

eightsleep.com
6 points·by piccirello·9개월 전·5 comments

comments

piccirello
·3개월 전·discuss
This excerpt from the article describes the risk well.

> In Firefox Private Browsing mode, the identifier can also persist after all private windows are closed, as long as the Firefox process remains running. In Tor Browser, the stable identifier persists even through the "New Identity" feature, which is designed to be a full reset that clears cookies and browser history and uses new Tor circuits.
piccirello
·4개월 전·discuss
I've been using SSH for ~15 years and never knew about these escape sequences. I'm eagerly awaiting my next hung session so that I can test `~.`. It's much nicer than my current approach of having to close that terminal window.
piccirello
·5개월 전·discuss
`setHTML` is meant as a replacement for `innerHTML`. In the use case you describe, you would have never wanted `innerHTML` anyway. You'd want `innerText` or `textContent`.
piccirello
·6개월 전·discuss
In Apple's case, starting with macOS Tahoe, Filevault saves your recovery key to your iCloud Keychain [0]. iCloud Keychain is end-to-end encrypted, and so Apple doesn't have access to the key.

As a US company, it's certainly true that given a court order Apple would have to provide these keys to law enforcement. That's why getting the architecture right is so important. Also check out iCloud Advanced Data Protection for similar protections over the rest of your iCloud data.

[0] https://sixcolors.com/post/2025/09/filevault-on-macos-tahoe-...
piccirello
·6개월 전·discuss
> We’re gradually transitioning the AWS European Sovereign Cloud to be operated exclusively by EU citizens located in the EU. During this transition period, we will continue to work with a blended team of EU residents and EU citizens located in the EU.

I find it fascinating that the goal is to staff this exclusively with EU citizens, thereby excluding non-citizen residents of the EU.
piccirello
·6개월 전·discuss
The docs explicitly describe this cloud's independence from the US.

> The AWS European Sovereign Cloud will be capable of operation without dependency on global AWS systems so that the AWS European Sovereign Cloud will remain viable for operating workloads indefinitely even in the face of exceptional circumstances that could isolate the AWS European Sovereign Cloud from AWS resources located outside the EU, such as catastrophic disruption of transatlantic communications infrastructure or a military or geopolitical crisis threatening the sovereignty of EU member states.
piccirello
·7개월 전·discuss
Here's the PR[0] that resolved the SSRF issue. This fix was shipped within 24 hours of receiving the initial report.

It's worth noting that at the time of this report, this only affected PostHog's single tenant hobby deployment (i.e. our self hosted version). Our Cloud deployment used our Rust service for sending webhooks, which has had SSRF protection since May 2024[1].

Since this report we've evolved our Cloud architecture significantly, and we have similar IP-based filtering throughout our backend services.

[0] https://github.com/PostHog/posthog/pull/25398

[1] https://github.com/PostHog/posthog/commit/281af615b4874da1b8...
piccirello
·7개월 전·discuss
I work on security at PostHog. We resolved these SSRF findings back in October 2024 when this report was responsibly disclosed to us. I'm currently gathering the relevant PRs so that we can share them here. We're also working on some architectural improvements around egress, namely using smokescreen, to better protect against this class of issue.