HackerLangs
TopNewTrendsCommentsPastAskShowJobs

preinheimer

2,580 karmajoined 15 ปีที่แล้ว
I'm working on https://wonderproxy.com/ and our new product https://testlocal.ly

[ my public key: https://keybase.io/preinheimer; my proof: https://keybase.io/preinheimer/sigs/xuqraBrBI-TAX8MtkyTCa-K8RyFslHOHT1dfAddxO1Q ]

preinheimer.at.hn

comments

preinheimer
·6 ชั่วโมงที่ผ่านมา·discuss
Great post. Anyone who talks, and actually implements, client key rotation gets a +1 from me.

Far too many systems don’t have a zero downtime key rotation.
preinheimer
·10 วันที่ผ่านมา·discuss
You want to use a lot of electricity? Great! We sell electricity. We will need cash in advance to handle some upgrades, rather than passing those costs on to other rate payers.
preinheimer
·16 วันที่ผ่านมา·discuss
Stripe is at I. I think they’ll ipo.
preinheimer
·เดือนที่แล้ว·discuss
Lots of endowments come with strings attached. We made a charitable donation to a local university for them to buy some specific science outreach equipment, they bought it.

This all seems reasonable to me. If you want my money or things, you’ll have to use them like I suggest.
preinheimer
·เดือนที่แล้ว·discuss
No, they came up with some legal theory in which they’d bought the assets of some company, including the company’s ownership of some art, but not obligations like paying royalties.
preinheimer
·เดือนที่แล้ว·discuss
> I have absolutely no doubts a court would consider it impossible to transfer goods under consignment to a different entity free of the burden of the consignment contract.

Reminds me of the whole "disney must pay" debacle.
preinheimer
·2 เดือนที่ผ่านมา·discuss
IPInfo did a report on this: https://ipinfo.io/blog/vpn-location-mismatch-report

From our side we noticed a VPN provider had a location we'd been trying to get, but had been unable to, so we started digging to find their provider. Long story short the server purportedly in some middle east country was actually 3ms away from our server in Berlin.
preinheimer
·2 เดือนที่ผ่านมา·discuss
I mean, most “residential proxy” providers are selling access to hacked devices, or sneaky plugins

https://medium.com/@xianghangmi/resident-evil-understanding-...

Technical paper: https://ieeexplore.ieee.org/document/8835239
preinheimer
·2 เดือนที่ผ่านมา·discuss
I discovered Terry Pratchett's books my summer in New York. I was a university student, and I'd gotten a job at eDonkey doing technical support. I lived in a crappy apartment in Brooklyn (this was circa 2004 or so), and worked near Union Square.

Quite a few days after work, or just on a weekend adventure I'd go to a bookstore a few blocks south of work and grab another Discworld book, and a slice of pizza from my favourite pizza shop labelled "Rays". I'd read some in a park, and explore.

I didn't know a lot of people in the city, filling days with Terry Pratchett was a great joy.
preinheimer
·2 เดือนที่ผ่านมา·discuss
Heads up: there's audio. It does add something.
preinheimer
·2 เดือนที่ผ่านมา·discuss
I think the OP is presenting themselves as the cryptographer, and the authors behind Forgejo as the amateur. At this point they've only filled one envelope but believe there is many more to find, and are hoping that in the process of tracking down this one they'll find more.
preinheimer
·2 เดือนที่ผ่านมา·discuss
They may not advertise “getting you there at 1.2x legal speed” but the sooner they drop you off, the sooner they can get another fare. Over a whole fleet it will add up to changing the size of the required fleet.

If getting a ticket one ride in a thousand is cheaper than deploying another 2000 cars to make up for the increased trip time I’d expect them to keep getting tickets.

I’m also not sure they don’t do it on purpose. Tesla self driving has an aggressive mode willing to speed and roll through stop signs. Those were deliberate, law breaking, choices.
preinheimer
·2 เดือนที่ผ่านมา·discuss
There’s an old cryptography story.

A cryptographer friend tells the story of an amateur who kept bothering him with the cipher he invented. The cryptographer would break the cipher, the amateur would make a change to “fix” it, and the cryptographer would break it again. This exchange went on a few times until the cryptographer became fed up. When the amateur visited him to hear what the cryptographer thought, the cryptographer put three envelopes face down on the table. “In each of these envelopes is an attack against your cipher. Take one and read it. Don’t come back until you’ve discovered the other two attacks.” The amateur was never heard from again.

https://www.schneier.com/crypto-gram/archives/1998/1015.html
preinheimer
·3 เดือนที่ผ่านมา·discuss
We used to run some servers in a colo, we had 4u.

The problem with actually owning hardware is that you need a lot of it, and need to be prepared to manage things like upgrading firmware. You need to keep on top of the advisories for your network card, the power unit, the enterprise management card, etc. etc. If something goes wrong someone might need to drive in and plug in a keyboard.

Eventually we admitted to ourselves we didn't want those problems.
preinheimer
·3 เดือนที่ผ่านมา·discuss
I find short form content really addictive. It’s so easy for me to lose half an hour to it, and at the end just feel like I’ve wasted my time.

Lacking better options I’ve turned on parental controls on my phone to block YouTube, and installed an extension to remove shorts from the site on my laptop.

I wish sites provided more real options.
preinheimer
·3 เดือนที่ผ่านมา·discuss
This feels like it would run against the “I bought my device, I should control how it behaves” line of thinking.
preinheimer
·3 เดือนที่ผ่านมา·discuss
Stripe supports 3d secure and has for years. https://stripe.com/en-ca/guides/3d-secure-2
preinheimer
·3 เดือนที่ผ่านมา·discuss
There was a research paper several years ago showing that the "residential IP" stuff is powered by botnets and compromised devices. Luminati is specifically called out.

Paper: https://xianghang.me/files/resi_paper.pdf Medium Article: https://medium.com/@xianghangmi/resident-evil-understanding-...
preinheimer
·4 เดือนที่ผ่านมา·discuss
I mean it’s a template, but in theory someone went and checked stuff. Did you actually have a quarterly security team meeting? Was there minutes? Was there an invite?

Did someone actually go and confirm your role based access control matrix is up to date and user accounts have the right access? Were all of those screenshots watermarked with timestamps?

There is work to do, whether or not auditors are doing it is another question.
preinheimer
·4 เดือนที่ผ่านมา·discuss
We did SOC 2 a few years ago, I'm glad we did it.

In my mind getting a clean report required three kinds of work:

1. Work that actively improved our security posture. 2. Work that didn't change much, but made our security posture easier to understand. 3. Busy work.

I think for most companies all three kinds of work will be required, but you can also make decisions that will push the percentages around. SOC 2 required us to start doing an annual security table top exercise. You could sit down, run a scenario, run it as fast as you can, and come up with a few pre-determined "improvements" that would help if you actually had that problem in the future. Or you could sit down and really put work into it, and see what works well and what doesn't.

As an example in our last tabletop I "exfiltrated" some data from one of our servers, and challenged the team to figure out what I'd done. The easy way out would have been for someone to say "We'll look at the logs and figure it out", but instead I asked them to actually try and find it. We discovered that the sheer volume of logs for that system made them hard to work with. So we made some changes to make them easier to work with and repeated the exercise later.

It could have been busy work, but instead we got real value from it.