HackerTrans
TopNewTrendsCommentsPastAskShowJobs

conioh

no profile record

comments

conioh
·4 jaar geleden·discuss
> I can steal the network, change the registry, simply delete their binaries, update shared dlls, or any number of other easy hacks to get them offline.

That's a bold claim. Mostly incorrect, but bold. A proper Windows endpoint protection software's Registry filter will prevent you from modifying its Registry data; its filesystem minifilter will prevent you from modifying its files; its EXEs will use the Windows mitigation policy that loads only Microsoft-signed DLLs; its connection with its management server will be encrypted and signed with known keys/certifications (rather than trusting everything from the Windows Certificate Store), etc.

An admin can still bypass all of that with enough effort but it's not nearly as trivial as you say. What is trivial that you can't actually do the things you said and it's common knowledge (in the field).
conioh
·4 jaar geleden·discuss
> They fixed it with an update this month, but CrowdStrike was hooking /every/ single call to NtCreateUserProcess on my work machine last month, and you /know/ how electron-based apps work. VSCode took so long to launch its sub processes it would pop up a crash reporter. "Hello World" compiled from C++ would take a minute to launch sometimes. WSL straight up could not be started because the TTY timed out waiting for it.

There's nothing wrong in hooking ~EvErY~ call to NtCreateUserProcess or even a thousand other functions in and of itself. The issue is what they're doing inside those hooks.

We have installed another product that also hooks +@EvErY sInglE@+ call to NtCreateUserProcess and to couple dozen other functions and you know what? VSCode works just fine. WSL too. Edge and Chrome too.

Sure there's a measurable effect on performance but nothing like you're describing.
conioh
·4 jaar geleden·discuss
conioh
·4 jaar geleden·discuss
I see you're not a paying Windows user. :_(
conioh
·4 jaar geleden·discuss
> Perhaps, but unless you want a permanent under class of people unable to find real employment, there needs to be an on-ramp. Either someone is too dangerous to have in public (which case they should still be imprisoned), or they have served their sentence and their punishment is over.

That's not how the "criminal justice system" works. Not in the US and not in most of the rest of the world, especially the "first world"/"Western world".

Prisoners are NOT release only once they are deemed no longer dangerous. They are release once their allotted prison time is over. They can still be dangerous and released, and they can be not dangerous at all from they one and still go to prison.

Also: Choosing to like someone and dislike someone else, choosing whom you assist when not obligated by law and whom you don't, choosing who gets your time and who doesn't - all of this is not part of the punishment people are sentenced to by the state court system and thus it is not "over" in any sense or way once they are release from prison. You, I, and Mr. sowwww are free to volunteer our time, money and efforts towards whom and what we'd like and we're under no obligation to assist people we don't like just because "they have served their sentence and their punishment is over".
conioh
·4 jaar geleden·discuss
There's a huge plot hole in the story.

> When the economy and job market began storming back, we were inundated with inbound requests for our services. Our perseverance seemed to be paying off. Except now we were hit with a new gut punch: “The Great Resignation.” Now our workers were reticent to come back to work. And if they did accept a job, they’d often leave after only a few days.

I couldn't understand how "The Great Resignation" made the situation more difficult for 70MJ. I've read the follow up comment[GrRegCm] and it didn't make things any clearer:

> During the Great Resignation, we found it took 10x the time and effort to get someone placed, eroding our already thin margins. Plus, if a worker left (which they began doing at a great rate), we're obligated to replace them. All of this made it pretty much impossible for us to make money. (Again, we're a for-profit business). I hope this clarifies things.

It doesn't.

There's a _sort of_ incoherency and inconsistency here.

On the one hand the "formerly incarcerated" have a hard time (re)-integrating into society. Among other difficulties they struggle harder than others, ceteris paribus, finding a job.

In turn this has, supposedly, certain negative effects like "the pernicious cycles of recidivism in this country--cycles that destroy lives, tear apart families and decimate communities"

That's both the societal issue you set out to improve and what made the for-profit venture viable.

But on the other hand the same "formerly incarcerated" can allow themselves to "often leave after only a few days", "which they began doing at a great rate". I guess the welfare system in the US is quite extensive if people - and not just any people but ex-cons - can allow themselves to quit jobs after a few days with nothing else in the horizon.

I'll qualify all of that and note that, as I wrote above, it's only _sort of_ inconsistent. It's possible that they don't have good alternatives, but they see everyone else quitting, including spoiled and overindulged by 2021 tech sector employees, and think their circumstances apply. Or they don't think but just do what everyone else.

It's also possible that I'm still missing here something and my whole analysis is wrong because of that.

But it's also possible that "The Great Resignation" isn't the reason for the company's failing.

I'm not convinced. If I did miss something I'd be happy to hear.

[GrRegCm]: https://news.ycombinator.com/item?id=31600686
conioh
·4 jaar geleden·discuss
> > When I got my first Android phone I could root it pretty trivially and run a fully customized ROM, these days it's not really practical on many devices.

> Some of the easiest phones to do this to today, namely the Pixel phones, are also some of the most secure stock Android phones on the market. Freedom and security are not mutually exclusive.

What's so safe about it once you unlock the bootloader and install a custom ROM / rootkit (since by disabling boot verification you don't actually know that what you're booting is the custom ROM you intended to to boot or something else)?
conioh
·4 jaar geleden·discuss
> ARM has added both pointer authentication codes and memory tagging extensions to their ISA, from (I think) ARMv8.5-A. Apple are the only ones to implement silicon that supports PAC that anyone can buy today but a) this will change fast and b) I might've missed something else.

I'm not aware of other generally available chips with pointer authentication. The Qualcomm Snapdragon 8cx Gen 3 supposedly support PA. The Lenovo ThinkPad X13s supposedly contains it, but when will it actually be commercially available is anyone's guess.

Also, I think it's ARMv8.3.
conioh
·4 jaar geleden·discuss
> Disclosure: I was on the Go team at Google until earlier this month. Dealing with DeVault's bad faith arguments is one of the few things I won't miss of that job.

Speaking of bad faith arguments, aren't Google and its employees the ones that:

- Claimed that scrolling screenshot on Android are "infeasible" [INFEAS] despite Samsung, LG, HTC, etc. already implementing the feature in their forks/distributions of Android?

- Claimed "[t]he generic dilemma is this: do you want slow programmers, slow compilers and bloated binaries, or slow execution times?" as an excuse for not implementing Generics in Go?

- After years of claiming this nonsense finally implemented Generics in exactly those ways? [GoLang_GenImpl]

- Even when implementing Generics in exactly those old and previously known ways claim that "Russ Cox famously observed that generics require choosing among slow programmers, slow compilers, or slow execution times. We believe that this design permits different implementation choices." [GoLang_43651]

- "Loses" or "loses track" of their customer's mobile phones, and when said customers cancel the credit charges for the phones they never received or otherwise disappeared, block their Google accounts, including their access to email? [Google_Criminals]

Drew DeVault certainly deserves some or even a lot of criticism, but Google and its employees attacking other for "bad faith"? This should be acceptable in a civilized society.

[GoLang_43651]: https://go.googlesource.com/proposal/+/refs/heads/master/des...

[Google_Criminals]: For example: https://www.reddit.com/r/GooglePixel/comments/7nrx07/google_... and https://www.reddit.com/r/GooglePixel/comments/84sysx/update_... There have been other documented cases of the same so this is not a single uncharacteristic incident.

[GoLang_GenImpl]: https://go.googlesource.com/proposal/+/e0113ba8479092562cf9d...

[INFEAS]: https://issuetracker.google.com/issues/80491647#:~:text=Stat...
conioh
·4 jaar geleden·discuss
I should have been more clear perhaps.

"Docker Engine wasn't otherwise available on Windows or macOS" - when was this?

The first version of Docker Desktop for Windows that included support for Windows containers was released on 2017-01-19. See here: https://docs.docker.com/desktop/previous-versions/archive-wi...

Previous versions of Docker Desktop for Windows were just a lame wrapper around the so-called "MobyVM" Hyper-V VM they created for Linux containers.

There have been _instructions_ on how to install "Docker Engine" on Docker Inc.'s website as early as March 2017 and probably earlier. See here: https://github.com/docker/docker.github.io/blob/f9d6b41fcf26...

I'm still looking for the page I remember (which is not the one I linked above), but I have used Docker on Windows without Docker Desktop from day 1.

DockerMsftProvider which is officialy used to install "Docker EE" on Windows Server but gives you the same ZIP that runs on Windows workstation was published to the PowerShell Gallery on 2016-10-13 (https://www.powershellgallery.com/packages/DockerMsftProvide...).

I believe you either recall incorrectly or were misinformed or unaware at the time, but you did not have to use Docker Desktop to get Docker on Windows.
conioh
·4 jaar geleden·discuss
Just out of curiosity, when was this you say?