HackerTrans
热门最新趋势评论往期问答秀出招聘

noinsight

no profile record

评论

noinsight
·12天前·讨论
If you’re at all serious about security and not user convenience, you deploy BitLocker with a PIN instead of TPM only. And then a whole class of vulnerabilities goes away.
noinsight
·5个月前·讨论
> Put the phone in their pocket and it felt a press and went into edit mode and edited the lock screen.

This is why I hate the flashlight and camera buttons on the lock screen - which you can activate without unlocking. When you have your hands in your pockets during cold weather you’ll suddenly be ”filming”… I never use the camera on my phone anyway. Thankfully at some point they added support for removing them.
noinsight
·5个月前·讨论
> Kate

So install Kate? There's a Windows build.
noinsight
·5个月前·讨论
It is preinstalled. Server 2025 (even Core Edition) and Windows 11 24H2 (or 25H2, not sure)...
noinsight
·5个月前·讨论
> EDIT.COM becoming the new Notepad.

edit.exe[1,2] actually. And it runs on Linux too! Linux had a real lack of good text editors.

[1] https://github.com/microsoft/edit

[2] https://learn.microsoft.com/en-us/windows/edit/
noinsight
·7个月前·讨论
> bypasses the TPM check

The caveat with this is that it will fail the check on subsequent version upgrades too and will refuse to upgrade.

Non-Enterprise editions are only supported for 2 years so your 25H2 (or whatever it is) installation will go sour in 2027.
noinsight
·7个月前·讨论
This was probably added by/for Tuxera to increase Tuxera Fusion SMB performance.
noinsight
·8个月前·讨论
Windows is not limited to accessing partitions through drive letters either, it's just the existing convention.

You can mount partitions under directories just like you can in Linux/Unix.

PowerShell has Add-PartitionAccessPath for this:

> mkdir C:\Disk

> Add-PartitionAccessPath -DiskNumber 1 -PartitionNumber 2 -AccessPath "C:\Disk"

> ls C:\Disk

It will persist through reboots too.
noinsight
·11个月前·讨论
> We are also entering the age of "hey AI, take this repo, reimplement the same functionality".

Wouldn't you do this just against the/an API documentation? Interesting thought.
noinsight
·11个月前·讨论
You can just use Unbound for DNS.
noinsight
·12个月前·讨论
Bamboo isn’t even wood, it’s grass.
noinsight
·去年·讨论
RIP Beefy Miracle...

https://beefymiracle.org/
noinsight
·去年·讨论
Amazon/AWS Registrar. They're a reseller for Gandi, but of course everything is managed through AWS and the pricing is at-cost instead of the rip-off that Gandi is now.
noinsight
·去年·讨论
Orchestrate the renewal with Ansible - renew on the "master" server remotely but pull the new key material to your orchestrator and then push them to your server fleet. That's what I do. It's not "clean" or "ideal" to my tastes, but it works.

It also occurred to me that there's nothing(?) preventing you from concurrently having n valid certificates for a particular hostname, so you could just enroll distinct certificates for each host. Provided the validation could be handled somehow.

The other option would maybe be doing DNS-based validation from a single orchestrator and then pushing that result onto the entire fleet.
noinsight
·去年·讨论
> allow better network management

Yeah, this would definitely block that.

DNS-based (hostname) allowlisting is just starting to hit the market (see: Microsoft's "Zero Trust DNS" [1]) and this would kill that. Even traditional proxy-based access control is neutered by this and the nice thing about that is that it can be done without TLS interception.

If you're left with only path-based rules you're back to TLS interception if you want to control network access.

[1] https://techcommunity.microsoft.com/blog/networkingblog/anno...
noinsight
·去年·讨论
> non US citizens whose data is stored in the US

They don't even care where it's stored...

See: CLOUD Act [1]

[1] https://en.wikipedia.org/wiki/CLOUD_Act
noinsight
·去年·讨论
How do you make the Win7 binary run? Last I tried it doesn’t run if you just have the .exe?
noinsight
·2年前·讨论
No, you are right. On Linux you can look at AUID. To be fair, I have no idea about others than Linux.
noinsight
·2年前·讨论
> Unix was very much made for multi user environments. ... The biggest security concern was making sure that everyone who was logged in was billed correctly.

I don't know about that... It doesn't even support multiple administrators. And you can't even distinguish between actions performed by the system itself and the administrative user.

Yes I know about sudo.

What do you need to do and what do the (even audit) logs say about who performed an activity whenever administrative activity happens?
noinsight
·2年前·讨论
Finland did cross the old borders in parts, but we specifically didn’t participate in the Siege of Leningrad and refused all German demands for assistance.