mbag's comments

It was probably done using RFDs (Requests for discussion),. You can read more on the process here [1].

But someone from Oxide would need to tell you exactly how many RFDs took to desing and implement Hubris.

[1] https://oxide.computer/blog/rfd-1-requests-for-discussion

Another win is for the local economy, where remote workers will spend their money.

Glad to see this is being updated. I have used Beej's Guide to learn network programming back in 2013 or 2014, and it was such a great resource.

Yes, if you have packages on the artifactory the `index-url` is always a way to go. However, if you forget to specify `no-index`, you might not get what you wanted, see [1] for how packages are found. And it's easy to make such mistake when using local resources (you forget to set proxy or internal DNS, new developer is not familiar with the setup and does plain `pip install`, internal server is temporarily unreachable).

>It just pollutes PyPi and a nuisance to others. I agree, but so are the packages that are no longer maintained. You also reserve pakcage name if you decide to opensource it. Furthermore, by creating package you are leaking metadata about your organization, i.e. some functionality can be inferred from package names.

And sure you can train and try to enforce security awareness, but your people need to be right 100% of the time, while attackers need them to make only one mistake. Similar with namesquatting of the popular packages.

https://pip.pypa.io/en/stable/reference/pip_install/#finding...

To mitigate this kind of supply chain attacks for python, we have created following tool [1], that will check python packages on Artifactory instance you specify and create packages with the same name on the PyPi.

[1] https://github.com/pan-net-security/artifactory-pypi-scanner

Here is one interesting project that lets you see in almost real time leaked secrets (or suscpected secrets there might be fasle positives) across Github, Gists, Gitlab, and Bitbucket: https://www.shhgit.com/

You can also run your own instance: https://github.com/eth0izzle/shhgit/

you could add those checks to pre-commit hooks. However, the problem with those hooks is that they need to be added locally by user. There are already modules/libraries with sets of regexes that are able to perform filtering you are suggesting.

Another option is to use pipeline to perform those checks. Sure, by the time pipeline runs, the secrets are already in the repository, but at least you caught them early. However, in this case you should definitively do secrets replacement.

Thanks. Too bad Ansible playbooks are not public. To be clear I'm not defending Hashicorp, as I have played quite a bit with their tools (only opensource versions) and getting deployments production ready, can be painful, especially setting up security correctly, with so many moving parts.

I know about Helm chart for Vault (btw also created and maintained by Hashicorp). It's quite handy for quick deployments, but getting it to production will require changes, as most security things are disabled. All Helm chart does, it gets Vault up and running, unsealing has to be done either manually or via third party (cool thing, if your use-case allows storing such secret on third party HW). Not to mention, that if you want to use Consul as storage backend, you will have to deal with that using separate chart.

Without knowledge what Ansible playbook does, it's hard to compare the two. If ansible is configuring host OS from scratch (updates/tools installation etc) then yes, it might take much longer, then deploying to fully managed K8s cluster.

Can you please share a link to ansible playbook and Kubernetes manifest for comaprison?

Thanks for the links, those projects look cool. I'm not a beekeeper, but one day I would like to become one. For now I'm just reading on the subject And of course I stmbled up on the mite problem.

Do you by any chance know of anyone doing something similar to this article [1] It's noted as WIP, but I didn't manage to find any follow up papers, or some open source projects doing something similar. apic.ai looks similar but I don't think it's using lasers to remove mites from them.

[1] https://www.researchgate.net/publication/313808393_Basic_alg...

This spooked me as well. I never used any of the Samsung apps on my phone and never created the Samsung account. Since apps come pre-installed, it was in the back of my head that Samsung could access the data anyway, but I dismissed it as company suicide to do something like this.

Since so many people received notification, it could be that some "Samsung God mode" exists.

hi, I'm one of the contributors to this plugin. Thanks for the feedback, I'll try to make README more clear to people landing to this repo without prior knowledge of the ACME DNS or certbot plugin system.

For more on ACME DNS server the source repo can be found here [1]. The link you pasted to wiki seems to be a kubenetes how-to guide. I'll add direct link to ACME DNS repo to README as well.

[1] https://github.com/joohoi/acme-dns

As a former physicist it also made me angry that they used geometry, when teaching us about multi-dimensional algebra. Professor would tell us that vectors are orthogonal to each other, but not telling us what it actually means is, that changing one of them doesn't affect other. I mean, yes, in hindsight, this information was there, however, when you are just starting to learn something, you have a problem filtering, what is really important and what not.

And for example, a real revelation with regard to infinity came, when I read (or heard somewhere, it was long time ago) that infinity can sometimes be few millimeters or even micrometers. Up until then I always imagined some really large number, but at that point I realized, you need to put problem before you need to put problem before you into perspective.

This happened almost through all my formal education. The knowledge was just presented, as something that was obvious. There was very little discussion of motivation, or what problems was person/people trying to solve. I understand that there is so much knowledge to cover during high school and college, but IMHO, this causes students to develop mindset, that you either see solution instantly, or you are just not smart enough to crack the problem.

I see that authors are from Stanford University. Can someone from the US clarify if this will be in public domain/knowledge, or is it possible some drug company will patent this later on?

What I found about Vim is that it requires a bit of mind shift, compared to other IDEs. I came to the game very late, but yeah, I've been editing with Vim for the past 6-7 years. My primary motivation when moving to Vim, was that I didn't like using mouse and then running back to the keyboard to write text. Now, it might not seem like much time is wasted during this shift, but imagine doing this many time during work day and it adds up. Furthermore, I did a lot of editing on remote systems, which were headless, so you didn't get graphical editors.

When learning Vim it's not wise to learn about everything at once. start slow at first, lear a few commands, then when you find you are doing something many times, try to find way to optimize it. Try not to use mouse for highlighting, use different visual modes instead (visual line, visual block are great).

Here is article be the Vim author which can give you some hints on how to edit files: http://moolenaar.net/habits.html

And as he mentions there, it can be applied to making your editing more efficient with other editors as well, so it's not a waste of time :)

I see, I thought he had problem with counting line numbers to delete :)

Or switch to Visual Line mode (<shift>+v) to select desired lines and you don't need to count how many lines to delete/yank.

Another useful visual mode is Visual Block (<ctrl>+v), for deleting/yanking, replacing block across multiple lines.

I'm interested to see how this plays out. Some cities have opposite approach. These are older articles, but it might be a reason why Berlin decided to try new approach: https://www.theguardian.com/society/2014/jan/31/inside-londo... https://www.theguardian.com/uk-news/2015/jan/25/its-like-a-g...

From what I understood, they were using methane in internal combustion engines, so they are not releasing methane into atmosphere, rather burning it and producing CO2. I would assume that some of the methane is going to end up in atmosphere (engine efficiency, leaking from gas tank), but compare that to untreated pig manure, which would produce said methane anyhow.