HackerTrans
TopNewTrendsCommentsPastAskShowJobs

hermanb

no profile record

comments

hermanb
·2 เดือนที่ผ่านมา·discuss
Our baby was capable of sending these signals when she was a few weeks. So most pees she does hanging above the sink. This saves so many diapers, crazy. And much more comfortable for her to never have a wet butt, not even a minute. Would recommend!

I think within the next few months we can actually get her to go to the potty by herself. She’s 15 months now.

This industry wasn’t just good. It did destroy babies sensitivity to soiling.
hermanb
·5 เดือนที่ผ่านมา·discuss
I had this idea / pet project once where I did exactly this for email. Emails would immediately bounce with payment link and explanation. If you paid you get credit on a ledger per email address. Only then the mail goes through.

You can also integrate it in clients by adding payment/reward claim headers.
hermanb
·3 ปีที่แล้ว·discuss
If Kargo requires R/W access to GitHub, and auto updates charts/images, isn’t that asking for your production environment to be infected by a change prepared and cultured in your dev environment and then auto updating / hiding itself into prod freight?

We disallow writing back to GitHub to avoid this issue, and manage stages through branches, combined with directories for overlays. Things can get out of sync, but comparing branches is easily automated.
hermanb
·3 ปีที่แล้ว·discuss
It would be pretty interesting if they shared some more detail on this indeed. I was wondering the same when I read “forged” elsewhere.

How can you forge a token? Did they use quantum machinery to retrieve a JWT Private Key? Did they factor RSA keys?

But no, they used a bug/weakness to exchange a token.
hermanb
·3 ปีที่แล้ว·discuss
It is not disconnected by “a chip”. It is disconnected by something that closely resembles a physical switch.

This is the point of the article. There is no software involved. It can’t be hacked.
hermanb
·3 ปีที่แล้ว·discuss
If the image doesn’t leave the device and only the hash does… What is stopping one from uploading existing public images, banning a whole lot of innocent people?
hermanb
·4 ปีที่แล้ว·discuss
Honestly, this seems like little. We should be wary of the source we try to pull, but given how easy it is to upload something malicious you’d expect thousands of images of this kind. Maybe DockerHub is already detecting and deleting these packages?

Or why aren’t more people interested in this?

Not sure, but maybe injecting into commonly used libraries via subdependencies is seen as a more effective method, getting more focus. Would be interesting to have a broader analysis of malicious artifacts!
hermanb
·4 ปีที่แล้ว·discuss
https://hueblog.com/2022/07/16/natural-light-new-function-no...
hermanb
·4 ปีที่แล้ว·discuss
It is a feature of the Hue bulbs being worked upon, see: https://hueblog.com/2022/07/16/natural-light-new-function-no...