HackerTrans
TopNewTrendsCommentsPastAskShowJobs

st3fan

no profile record

Submissions

Rsync and outrage

medium.com
185 points·by st3fan·mês passado·29 comments

comments

st3fan
·há 8 dias·discuss
Why not Templ? Does it do something different or better?
st3fan
·há 10 dias·discuss
My ARM64 experiment started in 2020 with the MacBook Air M1 and I have not looked back. ARM on the desktop or your lap is possible.
st3fan
·há 19 dias·discuss
I call BS on that story
st3fan
·há 19 dias·discuss
Browsers are also a continuous finger printing target.
st3fan
·há 19 dias·discuss
It is opt-in on iOS for Applications. Applications have to declare upfront what sites they will communicate with.

It is called app transport security. if you don't set it up your app boots in a sandbox with no network.

Settings -> Privacy Security -> App Privacy Report

Unfortunately 1 - as a _user_ you cannot opt-in or out. I wish Apple would take the next step and let us select which sites an app is not allowed to communicate with. Or ideally even globally for all apps.

Unfortunately 2 - the list of sites the app wants to communicate with is not clearly communicated upfront like before you install.

Unfortunately 3 - the list can also contain wildcard domains

Small steps - they really need to push this to the next phase IMO.
st3fan
·há 19 dias·discuss
On iOS those are collected and sent to the developer via the OS so you would still get them via Xcode. Sentry would obviously not work.
st3fan
·há 30 dias·discuss
For 350 USD, and note that this is without a case, storage and power, you can also buy a N100 or N150 mini pc.

The Pi was supposed to be cheap. What happened.
st3fan
·mês passado·discuss
There is no excuse. GitHub runs a great program on HackerOne and it should just have been submitted there.

Also note that the person who found this was pissed because they had a difficult experience with submitting a bug for VSCode THREE YEARS AGO through MSRC which is _completely different_ than the GitHub H1 program and no doubt much more challenging with a different experience.

There is really no excuse for this irresponsible disclosure. They could have at least tried instead of holding a grudge for three years.
st3fan
·mês passado·discuss
Loud fans and 4 hours of battery life?
st3fan
·mês passado·discuss
How do you “feed data into a model” ? Use the correct terminology and concepts please. It is important.
st3fan
·há 2 meses·discuss
please don’t generalize. there is no “we” ..

“we” are all different and i can tell you from experience that there are also many people and teams who use go and prefer ORMs and frameworks and do not build everything from scratch …
st3fan
·há 3 meses·discuss
Weird .. macOS is still completely open is my experience. Can you give an example?
st3fan
·há 3 meses·discuss
Such a classic. Played these for many hours as a kid.
st3fan
·há 3 meses·discuss
But now I need a DPA with ComplyTech and send all my data there first ...

Nice ad folks.
st3fan
·há 4 meses·discuss
The privacy angle here is wrong, or at least incomplete.

The reason for that is that your ISP is most likely capturing all your unencrypted DNS traffic (port 53) to build that exact profile of you.

And unlike CloudFLare or Google, your ISP, which often is also the company from which you get your mobile phone subscriptions, now knows where you live, who you are, what your family looks like and which specific websites you visit.

Cable/Fiber modem manufacturers are also known to do exactly this kind of data collection. There was a recent example of this where it happened with firmware directly on the cable modem for a Dutch provider.

Running your own DNS server does not change this at all. From a network perspective this is the same: unencrypted DNS that anyone in the middle can see and record.

The only way to work around companies upstream from you is actually to use a DNS forwarder combined with some form of DNS privacy (encryption). A very good way is to have a local DNS Server that forwards to a outside trusted DNS server over DoT or DoH. Both of which are encrypted. Your ISP can see the traffic, but they can't see inside it and find out what DNS queries you do.

That means your devices on your local network can just talk "plain" DNS port 53 like they always do, to your self hosted DNS server. But your self hosted DNS server will then forward those queries to a trusted server _outside of your and the ISP network_ over an encrypted channel.

I do this with Unbound and the following config https://gist.github.com/st3fan/22ac09b7219b29f446a45d6cc599c...

Note that I do not trust my ISP (Bell Canada) but I do feel ok with using Google and CloudFlare. That is my personal choice and not a recommendation. You can probably find better options - they do need to support DoT or DoH though.
st3fan
·há 4 meses·discuss
Try it out. It is ok to not like it.
st3fan
·há 4 meses·discuss
Every OS has papercuts like this. Want me to write a story about Linux or Windows that is equally painful? Pick your poison .. i've dealt with it all.
st3fan
·há 4 meses·discuss
People comparing Docker and Jails don't really understand that Docker is 99% about packaging and composing software. From that perspective Jails are nothing like Docker containers. No versioning, no standard, no registry, no compose, no healthchcks, no tree of containers, etc. etc. etc.

If you want to compare Jails to something on Linux then I think LXD is probably much closer to what Jails are.
st3fan
·há 4 meses·discuss
Daiel is too nice and should should just file DMCA reports instead. That is likely a language that Microsoft speaks.
st3fan
·há 4 meses·discuss
That is why it is an old trick