HackerTrans
TopNewTrendsCommentsPastAskShowJobs

s-mon

no profile record

Submissions

How to Bypass JavaScript Agents, CSP and Crawlers (Client-Side Security Testing)

cside.com
1 points·by s-mon·há 9 meses·0 comments

Exploiting Vulnerabilities in Cellebrite UFED and Physical Analyzer

signal.org
2 points·by s-mon·há 11 meses·0 comments

Cosmic Ray Bit Flips and the Hidden Risk at Scale

cside.dev
10 points·by s-mon·há 11 meses·1 comments

Around 6k porn sites start checking ages in UK

bbc.com
7 points·by s-mon·há 12 meses·2 comments

CoinMarketCap Client-Side Attack

cside.dev
3 points·by s-mon·ano passado·0 comments

[untitled]

1 points·by s-mon·ano passado·0 comments

Making CSP more usable for organizations at scale

github.com
3 points·by s-mon·ano passado·0 comments

Exploiting Vulnerabilities in Cellebrite UFED (2021)

signal.org
7 points·by s-mon·ano passado·0 comments

Weaponized Google OAuth Triggers Malicious WebSocket

cside.dev
9 points·by s-mon·ano passado·1 comments

[untitled]

1 points·by s-mon·ano passado·0 comments

[untitled]

1 points·by s-mon·ano passado·0 comments

comments

s-mon
·há 7 meses·discuss
Congratulations to the team. Knowing some of the folks on the Bun team I can not say I am surprised. They are the top 0,001% of engineers, writing code out of love. I’m hugely bullish on Anthropic, this is a great first acquisition.
s-mon
·há 10 meses·discuss
And its faster than Vercel!
s-mon
·há 12 meses·discuss
Vistors are successfully bypassing age verification by using showing pictures of movie characters or their dog to complete photo age verification.
s-mon
·há 12 meses·discuss
Something to understand about the word “leak” is that it implies at some point it was keeping things in. Microsoft security is so underfunded and garbage, it is fundamentally making technology as a whole unsafe.

Example: if Kroger or whatever your supermarket of choice distributed meat that was infected they would get sued to bits. Microsoft distributes thousands of malicious NPM dependencies and underfund the NPM security team - if there is such a thing - resulting in an entire industry of supplychain security companies to exist. No other registry has the issue of malicious packages as badly as NPM since Microsoft acquired Github.

Microsoft just does not know how to handle security, which is why so many security companies exist to fill their gaps. I don’t trust their security practices one bit tbh.
s-mon
·há 12 meses·discuss
Back at one of my previous employers we had a long internal briefing about why our latest device did not have USB-C when other solutions on the market by then had.

The connector is solid but my god have there been disasters because of USB-C.

1. Power distribution upto high wattage, not always with auto sensing, 2. Wites rated to different data transmission speeds. 3. USB standard data transfers and Thunderbolt over the same connector and wire but most accessories are not rated for Thunderbolt.

Omg I love it and I hate it.
s-mon
·há 12 meses·discuss
Having worked on bot detection in the past. Some really simple old fashioned attacks happened by doing the opposite of what the robots.txt file says.

While I doubt it does much today, that file really only matters to those that want to play by the rules which on the free web is not an awful lot of the web anymore I’m afraid.
s-mon
·ano passado·discuss
Wondering what the hotels in Vegas around Defcon will think of it this year lol.
s-mon
·ano passado·discuss
Love Elixir so much, building a kick-ass notification engine with it now. Its so so good.
s-mon
·ano passado·discuss
While I like the blogpost, I think the use of unexplained acronyms undermines the opportunity of this blogpost to be useful to the wider audience. Small nit: make sure acronyms and jargon is explained.
s-mon
·ano passado·discuss
Great presentation and thanks for sharing the slides. Wondering, can any of these methods be used for 3D too?
s-mon
·ano passado·discuss
Who else here is going to the Zod meetup tonight?
s-mon
·ano passado·discuss
https://www.wired.com/story/north-korea-stole-your-tech-job-... - same day, what a coincidence!
s-mon
·há 3 anos·discuss
I read: 'I had a bad experience with a product manager, so all are bad.'

I agree that there are tons of bad PMs out there. But allow me to summarize what a good PM does:

Talk to customers; either to dig deep into their use case, deescalate a situation, figure out solutions, or conduct research. Monitor the rest of the market. Plan launches, pricing, and coordinate with sales teams, etc. - I had Product Marketing staff before, but they missed context and delivered bad experiences. I find it way harder to find a good product marketing manager than a good product manager. The PM is the DRI (Directly Responsible Individual) and therefore takes a lot of shit. The PM acts as a filter so you can continue doing your job. A good PM can even write a line of code here and there. Prototyping is part of the job. Roadmap, strategy, vision, build vs. buy... often the center of friction between what the business wants, what customers want, what the business can afford, and what engineers want to build. Finding a middle ground. You are right; these are not skills you learn in school. A PM wears a lot of hats. People with a solution architect or engineering background with a customer-facing element to their past tend to have the best chance of being a good PM. But by no means is the PM job an unnecessary one - do you want to figure out how to price a product and be responsible if sales can't sell it? I hope you come across a good PM in your career.

'Just hire great people' - what's new?

PS: The success of a PM highly depends on the engineering culture. If engineers are convinced all PMs are useless and they have no real job, or as a real-life example: engineer thinks A, PM shows data that shows B, but engineer just thinks the data is wrong and will do A anyway... it will be a highly frustrating collaboration for both. Please keep an open mind.