HackerTrans
TopNewTrendsCommentsPastAskShowJobs

InitialBP

no profile record

Submissions

The Energy Transition Is Happrning Faster Than You Think

youtube.com
2 points·by InitialBP·2 месяца назад·1 comments

comments

InitialBP
·22 дня назад·discuss
This is actually the exact opposite for me. Rubber tipped buds will not stay put in my ears when I move around, while the original airpods models sit within my ears and don't fall out unless I'm doing cartwheels.
InitialBP
·в прошлом месяце·discuss
You should really remove the entire PDF of the book that you've shared on a public repo. No Starch Press is a gem and worth protecting.
InitialBP
·4 месяца назад·discuss
Another example is Old School Runescape, who reverted back to an earlier save and has now diverged as an entirely separate game running with older systems as they lost a ton of players with their "Evolution of Combat" update. While nostalgia is definitely a powerful tool, I agree with the previous commenter that the original WoW was a very different game than the modern version and it seems like that is one of the core aspects of what people desired.
InitialBP
·6 месяцев назад·discuss
This comes entirely down to the scope of the agreement for the assessment. Some teams are looking for you to identify and exploit vulns in order to demonstrate the potential impact that those vulnerabilities could have.

This is oftentimes political. The CISO wants additional budget for secure coding training and to hire more security engineers, let the pentesting firm demonstrate a massive compromise and watch the dollars roll in.

A lot of time, especially in smaller companies, it's the opposite. No one is responsible for security and customers demand some kind of audit. "Don't touch anything we don't authorize and don't do anything that might impact our systems without explicit permissions."

Wiz is a very prominent cloud security company who probably has incredibly lucrative contracts with AWS already, and their specialty, as I understand it, is identifying full "kill chains" in cloud environments. From access issues all the way to compromise of sensitive assets.
InitialBP
·7 месяцев назад·discuss
I'm sure you are correct about being able to do some clever prompting or tricks to get it to print inappropriate stickers, but I believe in this case it may be OK.

If you consider a threat model where the threat is printing inappropriate stickers, who are the threat actors? Children who are attempting to circumvent the controls and print inappropriate stickers? If they already know about topics that they shouldn't be printing and are trying to get it to print, I think they probably don't truly _Need_ the guardrails at that point.

In the same way many small businesses don't (most likely can't even afford to) opt to put security controls in place that are only relevant to blocking nation state attackers, this device really only needs enough controls in place to prevent a child from accidentally getting an inappropriate output.

It's just a toy for kids to print stickers with, and as soon as the user is old enough to know or want to see more adult content they can just go get it on a computer.
InitialBP
·7 месяцев назад·discuss
It sounds like that's a possibility, but why on earth would you take the time to setup a 3 node cluster of object storage for reliability and ignore one of the key tenants of what makes it reliable?
InitialBP
·7 месяцев назад·discuss
"If you select those people, what’s to keep them from creating a system that gives them ever more amounts of money, to the detriment of their constituents?"

That is literally the system that exists today, except instead of in the open (e.g. salary) it's through stocks with insider information and who knows how else.

The point isn't to optimize for people who are most incentivized through money, the point is to make the position more accessible for anyone who actually wants to do the "service" part, and to minimize the reasons that it's hard. As the previous commenter pointed out, right now independently wealthy people are some of the only ones who are actually capable of running, and someone who isn't independently wealthy who wins is even more susceptible to bribes because they may be in a tenuous financial position.

I would agree with you that we want individuals who's goal is to do "service" for their society, but our current system obviously isn't working and there are a lot of solid reasons why something like this _could_ improve the situation, what alternatives would you recommend?
InitialBP
·8 месяцев назад·discuss
I'm not sure where you got a quote from, but CVS is advertising on their website without insurance that it costs far less.

https://www.cvs.com/immunizations/flu?icid=immunizations-lp-...

Under the "How much does a flu shot cost?" section it says $75 for a standard dose.
InitialBP
·8 месяцев назад·discuss
That is awful, but it doesn't lessen the impact of someone who right now has access to your email and or other accounts. China having your DNA profile is not near as impactful as someone actively stealing your identity and potentially ruining your finances. Use 2fa everywhere, and if your email is in this list, you should change your password.
InitialBP
·8 месяцев назад·discuss
New macbooks with a notch hide icons underneath of the notch and those icons are completely inaccessible without installing 3rd party software to manage your status bar, or turning off a bunch of other software with visible icons on your bar.

IMO that's a far worse UX than update and shutdown turning the computer back on at the end.
InitialBP
·9 месяцев назад·discuss
Defaulting a furnace to on certainly shouldn't be considered safe. What if it's leaking CO into your house, what if it gets dangerously hot and causes a fire?

A thermostat and controls are a necessary requirement for HVAC systems and defaulting anything to "run" if your control plane doesn't exist anymore is definitely not the safe option.

The other issue is that in almost all situations (like this one) what you think is a safe and sane default won't align with what other people think.

There should be defaults and they should be clearly defined, but I don't think it's always obvious to determine what they are.
InitialBP
·9 месяцев назад·discuss
I have a nest and it's wired directly to your furnace via the thermostat control wires.

While it is controllable via the cloud, even without wifi it continues to function.
InitialBP
·9 месяцев назад·discuss
I believe the CLI _does_ ask permission for each program trying to access it. The author's example includes a malicious vscode extension abusing the fact that he intentionally granted vscode permission to access the vault for one purpose and then a malicious extension leveraged that access to retrieve information through the op cli.