HackerTrans
TopNewTrendsCommentsPastAskShowJobs

voidwtf

no profile record

comments

voidwtf
·năm ngoái·discuss
[flagged]
voidwtf
·năm ngoái·discuss
Replace “politicians” with “billionaires” and it’d be more accurate. Legislation has long stopped correlating highly with average citizen sentiment and has started correlating highly with wealthy and corporate interests.
voidwtf
·năm ngoái·discuss
I agree with you somewhat, but still applaud them for looking for promising future developers and paying them an amount that will attract them.

However, there are many promising junior developers that aren’t interested in the money as much as they’re interested in the challenge/fun. Sometimes high pay implies high expectations/stress and very little time to experiment/learn.

ex. I don’t want to work for a bank on fraud detection. I’d love working on AVL and in-vehicle remote monitoring systems though.
voidwtf
·năm ngoái·discuss
what’s scary is how ready i was to buy one
voidwtf
·2 năm trước·discuss
This is the correct answer for now, but when currently available options are functionally equivalent to what dial-up is now I think this opinion will not have aged well.
voidwtf
·2 năm trước·discuss
The rural electorate has voted overwhelmingly for candidates who oppose these regulations. This is apparently what they want.
voidwtf
·2 năm trước·discuss
The MDM does not give your employer a way to retroactively unlock the phone. Depending on the MDM solution and capabilities they allowed they may be able to install an application though. But most people that have accepted MDM on their personal device from their employer, the only thing the employer can do is remotely wipe the device.
voidwtf
·2 năm trước·discuss
Is the problem the tenets of communism? or is the problem the dictators and strongmen who inevitably rise to the top? or the corruption that grows from unchecked power?
voidwtf
·2 năm trước·discuss
These type of solutions don’t scale to large ISPs, and gets costly to deploy at the edge. It’s also not just about throughput in Gbps, but Mpps.

Also, this doesn’t take into account that the congestion/queueing issue might be at an upstream. I could have 100g from the customers local co to my core routers, but if the route is going over a 20g link to a local IX that’s saturated it probably won’t help to have fq/codel at the edge to the customer.
voidwtf
·2 năm trước·discuss
The answer in this scenario is to exempt that application and/or folder. Don’t throw the baby out with the bath water.

In my environment we have to add exceptions for Developers git folders for the realtime scanning for a similar reason. Apps with large numbers of small files or high frequency writes of smalls files, like temp files during the build process, need to be exempted unless you’re willing to pay the performance penalty for the security.
voidwtf
·2 năm trước·discuss
lol, that’s not how this works, that’s not how any of this works…

you cannot demand more than someone is willing to or able to pay, either a researcher out there will spend some time on it because it’s a relatively new contender to the market and they’re hoping for low hanging fruit, or they won’t.

obviously the bounty was enough for someone to look at it and get paid out for a find, otherwise we wouldn’t be having this conversation. trying to argue that they should set a bounty high enough to make it worth your time is pointless and a funny stance to take. feel free to ignore it or be upset that they aren’t offering enough to make you feel secure, it’s not going to make 100k appear out of thin air.
voidwtf
·2 năm trước·discuss
some of these licensing changes have led to larger players forking and/or implementing their own version.

personally i appreciate Amazon for sticking it to Oracle with Corretto after the JRE licensing changes.
voidwtf
·2 năm trước·discuss
When an open source project achieves success it does so on the backs of not only those who use it, but those who contribute. Sometimes these contributions are not just code but also include constructive feedback, bug reports (some very detailed with repros), documentation, advertisement by way of blog posts about the ways consumers use it, and more. While i fully believe that other players should be expected to contribute monetarily or with code, I also don’t believe that you should fundamentally change the relationship between the project and the consumer because the consumer has built a product on or with your project. They chose to build that product based on the license you provided them. If you didn’t want to license it that way then don’t do so from the beginning and you probably won’t get as many of the aforementioned benefits.

If I choose to open source something it’s because it’s either a passion project or it solves a problem that myself and others struggled to solve. I don’t open source it under the expectation of eventual profit. In fact, i hope by putting it out there it might become better as others improve upon it and we all benefit.
voidwtf
·2 năm trước·discuss
Bug bounties are always in relation to severity, number of users potentially at risk, and market cap. A browser operating at a deficit from a small company with a small market share cannot pay 100k even if they wanted to.

If you and a couple friends released an app that had 50k users and you’d not even broken even, can I claim my 100k by finding a critical RCE?
voidwtf
·2 năm trước·discuss
I think we need a structure to allow LEOs to request and enforce a legal hold on data without having access to the data. Something that would allow a lower bar for the request, preserve any potential evidence, and allow the owner of the data to respond. We're entering an age of constant, massive, data collection. Video, audio, text, metadata, locations, and more being collected by every device we own and every device around us.

Law enforcement should have to constrain the request for information and the information provided to them should only be required to meet those constraints.
voidwtf
·2 năm trước·discuss
The first example in the original SF Chronicle report it seems like they did very little to get in contact with the owner, someone staying in the very hotel the vehicle was parked in. The owner only happened to catch them in the act of trying to tow his vehicle and volunteered the video.

Nothing in the report appears to indicate that they made any effort to have the owner(s) in the first two examples volunteer the information at all.

This is no different than police attempting collecting cellphones from bystanders at the scene of a crime/disturbance as evidence. I'd be happy to provide law enforcement with any evidence relevant to the crime that may have occurred which I have, I'll be damned if they're just going to take my phone/vehicle and rip the entire device. I know what the information they collect looks like, and how that information is ingested. Your contacts, text messages, photos, etc are all going to end up in a database and potentially cross-referenced with any other ongoing cases.
voidwtf
·2 năm trước·discuss
My camera is not your camera. Just because I recorded something doesn't make you entitled to just take it. No LEA should be able to requisition my recordings as part of a fishing expedition. If you have evidence of a crime and that evidence indicates that my camera likely recorded it, you can ask me for that information and/or get a court order.
voidwtf
·2 năm trước·discuss
We're in the same boat. We have two /24 (/23) that we advertise through our ISP(s) and we've been hesitant to sign an LSA/RSA because it seems to put us in a position where we may be held to standard and fees that we weren't previously held to.

If there was an easy and straightforward path to onboarding that would go a long way, but every time we look into it the process seems convoluted and unclear with too many options and potential foot guns.
voidwtf
·2 năm trước·discuss
I am conflicted. I love Valve, but 30% seems like a lot. On the other hand, I doubt the developers are being charged for the bandwidth or for Steam platform integration. Which means that long after the developer has walked away with their money for the sale Steam is still providing licensing management, platform integration in the form of user management, and the bandwidth for every time the user redownloads the game at 0 cost to the user.

While that fee may seem high, the developers are in someways subsidizing other developers that could never afford to build and maintain that infrastructure. They're also reducing the friction and on-ramping of new players/users. They are also providing the payment processing and handling billing/chargeback resolution.

Just the merchant fees alone would be would be 2-4% of revenue (not including losses to chargebacks and fraud/risk controls). The raw cost of bandwidth usage would be ~2 cents per 12GB game download (not including infrastructure to host/facilitate the amount of simultaneous downloads). The staff to manage billing issues/refunds. The raw amounts are small, but not insignificant considering that for every $20 they collect on a AAA title there are several indie games getting all the same functionality which only nets Valve $2.

Valve, Epic, Playstation, Xbox. The platforms are providing the ecosystem and platform that has allowed gaming to flourish at incredible rates, outpacing the motion picture industry and the sport industry.
voidwtf
·2 năm trước·discuss
Does OpenSignal have details explaining how they collected this data? Could there be differences in the way these networks manage cellular connections, such as not utilizing 5G when 4G would save battery and/or provide a better signal.

I've noticed my device, an iPhone 13 Pro Max, will stay on LTE until I start downloading or streaming something. Then it will switch to 5g ultra wideband.