Posts by Claptrap314

Re: repeat after me

You must trust someone. The problem is that few people even have the education to even understand WHY they should not trust themselves. (Most can be browbeaten into submission, but that's a separate matter.)

I was just talking about this to a friend. There are probably about 3000 people in the world today who I would trust to write a crypto library. I'm arrogant enough to include myself in that list. But because I _am_ properly trained, I also know that it would take me FAR longer to convince myself that I had not messed something up than would be worth it.

Re: I'm curious

It's $200/mo for something that their competition does for free. You attacked their business model over this. And I'm doubling down here--you're demonstrating an utter lack of proper prioritization on this point.

You know (apparently first hand) that the monthly cost of building a resilient app runs at least 6 figures a year. Against that level of spending, you're going to weigh $2500 priced as an addon? What if the cost of the base contract is $5000 less?

Look, if you just don't like them, that's fine. But any evaluation of a solution has to be based on total cost, and you're talking about a rounding error.

Re: Hmm

"safely" "connected network"--I'm not certain that you fully understand each of these terms...

Re: I was gifted a K8s admin course

I AM THE MANAGER<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>A DEVELOPER!

But I prefer to call myself a SWE.

Sure, your average dev hasn't had to think about anything below level 7 since that lecture he slept through back in school. I'm not suggesting that such a person has any business in this space.

Tracking the missiles, not the targets...

Re: "You realize, of course.."

That would require that American foreign policy be coherent. A major weakness of popular governments is that their policies are subject to 180 degree changes at the drop of a ballot.

Still, there has been a consistent signal of weakness that defies logic associated mostly with D presidents, (but also pre-9/11 Bush 43).

Re: Investors or gamblers?

VERY few games are only played for one round. In fact, there are a lot of schemes out there where you must gamble for a significant number of rounds.

But yeah, in no case is the house ever on your side. And the folks making the rules are smarter than you, with faster computers.

Re: N95 masks

Please don't put "surgical" masks at the same level as the KN95s. KN95s are WAY more effective.

Re: "Quite an expensive misconfiguration"

I think you have misaprehended what exactly can be meaningfully done in a multi-tenant environment. Let's go down before we go up. Microprocessors can operate in different modes. For simplicity, let's call them, "privileged" (P) and "not privileged" (NP). It comes a surprise to many people, but when you sudo su - root, you are still running NP. The entire concept of "users" is an OS-level concept, and the root user is simply the one that the OS is happy to grant full access to the system.

There is a HUGE effort that goes into making sure that code running in NP does not get access to P resources, but none of that matter if the OS gets it wrong. Security is a "shared responsibility" between the processor and the OS. I'm no great student of processor designs, but I have a hard time imagining a system in which the processor managed thousands of security realms. It doesn't really make sense.

It is the job of the processor to provide the facilities to the OS to restrict access to general hardware resources. The actual management rests entirely on the OS. That includes the network card, and whatever is on the other side.

Now, suppose you have two computers connected via network cards. Each has their own OS, and each OS is responsible to decide what gets to the other computer, and what to do with what comes from the other computer. I hope you don't have a problem with the processor doing nothing but preventing NP access to the network card.

Hypervisors bring a new player to the table. Now, the hypervisor runs (often) in P mode, and the OS is kept in NP. In practice, of course, modern processors support three modes, H, P, and NP, but in the end, only the most-privileged mode get access to the network card, so for this discussion, it's accurate to consider the OS as just another NP process that the hypervisor gives special treatment to in the same way that the OS favors processes running as root.

So I ask: "What business is it of the hypervisor as to which users requests have been forwarded to it by the OS?"

Is not that AWS's IAM is a lousy model--it's that AWS is in no position to extend the OS-level concept of user (and remember, they are happy to run Windows, Mac, and a dozen distributions of Linux) to their hypervisors. A Lambda or EC2 instance is designed to be running a single (primary) application. Security groups and IAM roles are supposed to lock down everything not needed by that application or its helpers.

If you mix applications on a single instance, I submit that you are almost certainly doing it wrong.

If you create long-running processes which are accessing segmented data according to external input, (also know as a web server) you better not have a Bobby Tables problem--or any other.

In the cloud, YOU ARE NOT ROOT. You have to design your processes to account for this, not demand that you get a bespoke security model.

And IAM roles are enough of a pain as it is--I would argue that adding yet another layer of complexity to them would likely reduce end security. People seem to have enough trouble with the concept of "private" verses "public" on S3 buckets...

Re: The real issue

Is or was? Pascal was a Christian, and he argued that the creator (God), being good, would not create the evil of a non-existent consciousness.

For those who consider Christian belief to be beyond the range of polite conversation, such arguments are utter nonsense. Among Christians themselves, and Pascal was part of a society dominated by such thought, this is a meaningful argument.

Of course, you can attack _any_ truth claim by deconstructing each word in it. (To quote a not-to-distant president, "It depends on what the meaning of the word 'is' is.") But that is almost a sign that you are wanting to avoid dealing with the substance of the claim.

Re: Bandwagon

I'm pretty certain that's what Dogecoin was supposed to be...

Re: "they also add new potential attack surfaces"

They exist. These pages covered a story about it.

It is not clear to me who would execute such an attack. Perhaps an oppressive regime attempting to punish opponents?

Re: Eve Online

Nation-state actors (except for the Norks) rarely bother with ransomware, for two reasons. 1) They take all they want from their subjects already. 2) The transaction provides a level of traceability that they actors don't want.

Re: Who'd a thought Windows had security problems?

In other news, I heard somewhere that the Pope is Catholic.

"Computer!"

a wide-mouthed frog mounting a toad mounting a frog eating a worm mounting a horned toad mounting...

Re: Oracle and MySQL

I remember talking to an EA hiring rep at an event around 2010. She said they were thinking about Mongo. I told her they were WAY too big to be thinking about MySQL or Mongo at the time. I did not know then how badly folks wanted to avoid Oracle, or why. Still don't think I was wrong.

MySQL in 2010 was fine for a lot SMBs. Not fine for big businesses, which is why Bezos went with Oracle before he had the chops to build his own.

Re: I'm sorry

The big deal about REST was that it allowed a standardized way to organize an API. Without REST (as I am #*$(&@@ experiencing RIGHT NOW), the entire API document has to be carefully studied to understand what a particular call does. With REST, you can feel your way through, and scan most of the document.

Of course, REST led to OpenAPI & Swagger, which means that you often DON'T have to read the API documentation at all!

What was (and is) obnoxious about REST is that there are classes of interactions that don't fit the REST paradigm, and, so far as I see, there is no clean way to handle those cases.

Re: Oh, now sites are responsible for what's posted on them?

In a word, yes, to pretty much all of it.

Right now, posting to sm is posting globally. That feels cool, but it has global effect. Because these companies have chosen to make it a global effect.

Innovation is cool until it becomes innovative ways to break laws all over the world.

Suppose I (a natural US person) decide that I've had it with the current government of India. I learn Hindi (stay with me). I start stirring up the Muslim population. Just how far can I go before the government of India takes an interest?

One post.

Actual news organizations have had to deal with this forever. You go into a country, you abide by their laws.

The hard-won free speech rights supposedly enjoyed by US persons have never been global in scope--until Zuckerberg figured out how to make a mint off it. NO country is obligated to respect his business model. Or, the US version of Freedom of Speech.

I keep getting downvoted for this, but if you operate in country X, you must abide by the laws of country X. That applies to Facebook. That applies to me if I attempt to influence the affairs of another country.

Re: "patches to fix patches seem to be becoming a little too common"

They are called "users". Have been for the last... > 30 years.

You're half way there. In truth, we would be free to make posts like "Four legs good, two legs better."