HackerTrans
TopNewTrendsCommentsPastAskShowJobs

piccirello

no profile record

Submissions

AWS Lambda introduces MicroVMs: isolated sandboxes with full lifecycle control

aws.amazon.com
10 points·by piccirello·18 วันที่ผ่านมา·1 comments

Plopcop – To Protect and Scrub

plopcop.com
1 points·by piccirello·24 วันที่ผ่านมา·0 comments

SSH Secret Menu

twitter.com
353 points·by piccirello·4 เดือนที่ผ่านมา·176 comments

Eight Sleep: Making the Pod outage-proof

eightsleep.com
6 points·by piccirello·9 เดือนที่ผ่านมา·5 comments

comments

piccirello
·3 เดือนที่ผ่านมา·discuss
This excerpt from the article describes the risk well.

> In Firefox Private Browsing mode, the identifier can also persist after all private windows are closed, as long as the Firefox process remains running. In Tor Browser, the stable identifier persists even through the "New Identity" feature, which is designed to be a full reset that clears cookies and browser history and uses new Tor circuits.
piccirello
·4 เดือนที่ผ่านมา·discuss
I've been using SSH for ~15 years and never knew about these escape sequences. I'm eagerly awaiting my next hung session so that I can test `~.`. It's much nicer than my current approach of having to close that terminal window.
piccirello
·5 เดือนที่ผ่านมา·discuss
`setHTML` is meant as a replacement for `innerHTML`. In the use case you describe, you would have never wanted `innerHTML` anyway. You'd want `innerText` or `textContent`.
piccirello
·6 เดือนที่ผ่านมา·discuss
In Apple's case, starting with macOS Tahoe, Filevault saves your recovery key to your iCloud Keychain [0]. iCloud Keychain is end-to-end encrypted, and so Apple doesn't have access to the key.

As a US company, it's certainly true that given a court order Apple would have to provide these keys to law enforcement. That's why getting the architecture right is so important. Also check out iCloud Advanced Data Protection for similar protections over the rest of your iCloud data.

[0] https://sixcolors.com/post/2025/09/filevault-on-macos-tahoe-...
piccirello
·6 เดือนที่ผ่านมา·discuss
> We’re gradually transitioning the AWS European Sovereign Cloud to be operated exclusively by EU citizens located in the EU. During this transition period, we will continue to work with a blended team of EU residents and EU citizens located in the EU.

I find it fascinating that the goal is to staff this exclusively with EU citizens, thereby excluding non-citizen residents of the EU.
piccirello
·6 เดือนที่ผ่านมา·discuss
The docs explicitly describe this cloud's independence from the US.

> The AWS European Sovereign Cloud will be capable of operation without dependency on global AWS systems so that the AWS European Sovereign Cloud will remain viable for operating workloads indefinitely even in the face of exceptional circumstances that could isolate the AWS European Sovereign Cloud from AWS resources located outside the EU, such as catastrophic disruption of transatlantic communications infrastructure or a military or geopolitical crisis threatening the sovereignty of EU member states.
piccirello
·7 เดือนที่ผ่านมา·discuss
Here's the PR[0] that resolved the SSRF issue. This fix was shipped within 24 hours of receiving the initial report.

It's worth noting that at the time of this report, this only affected PostHog's single tenant hobby deployment (i.e. our self hosted version). Our Cloud deployment used our Rust service for sending webhooks, which has had SSRF protection since May 2024[1].

Since this report we've evolved our Cloud architecture significantly, and we have similar IP-based filtering throughout our backend services.

[0] https://github.com/PostHog/posthog/pull/25398

[1] https://github.com/PostHog/posthog/commit/281af615b4874da1b8...
piccirello
·7 เดือนที่ผ่านมา·discuss
I work on security at PostHog. We resolved these SSRF findings back in October 2024 when this report was responsibly disclosed to us. I'm currently gathering the relevant PRs so that we can share them here. We're also working on some architectural improvements around egress, namely using smokescreen, to better protect against this class of issue.