WingNews logo WingNews GitHub [2]

nullpage's comments

nullpage | 5 years ago | on: Cloudcraft – Architect and budget cloud infrastructure

I've enjoyed playing around with this product, but I wish there was a tier between free and pro that added infinite drawing without such a steep price. I'm not really interested in the sync stuff, but would happily pay a little to add infinite grid to the features otherwise included in the free tier.

nullpage | 5 years ago | on: SpaceX Starlink is now its own ASN and present at the Seattle Internet Exchange

From what sparse info I can find, it appears ground > sat > ground comms will be encrypted in some fashion so listening with an SDR and doing anything meaningful with the data might be hard, but I'm curious if there will be opportunities for it to be abused for anonymous downlink connections like the Turla spyware group used to do (https://arstechnica.com/information-technology/2015/09/how-h...)

nullpage | 6 years ago | on: Ask HN: What projects are you working on now?

Mostly just a toy to learn some AWS/Serverless and security stuff, but a tool similar to burp collaborator for dns / http canaries tied into a slack bot. Essentially request a new canary url, you get back a unique endpoint such as 123456789abcd.detect.domain.com, and any time there is a DNS request or http request of any kind to that canary url it sends a message to a slack bot with relevant info, and includes some geoip data and a static map image of IP locations (via mapbox static image api). Considering doing my own plugin for mitmproxy (similar to burp collaborator everywhere) that can be useful in looking for ssrf vulnerabilities. A couple tools out there that do this, kind of just wanted to build one myself for the learning experience.

nullpage | 6 years ago | on: Security Architecture Anti-Patterns

While 10./192. private addresses in IPv4 were in largely designed to help deal with address space exhaustion, they also are important because organizations can use them without having to own the addresses or register them in any way with IANA (or equivalent) since they are not publicly routable. IPv6 still maintains this feature with unique local addresses, and the entire fc00::/7 address range in IPv6 is allocated to private networks and is not routable on the public internet (not that AWS uses these, any IPv6 address they assign to you is a globally routable address). A lot of stuff just still doesn't support IPv6 yet (RDS for example https://aws.amazon.com/premiumsupport/knowledge-center/rds-i...) so you're options are to either give that endpoint a public address and manage your security groups well, or give it only a private address which gives you the added benefit of the endpoint not being publicly routable (which is a nice second layer of security beyond security groups), downside being the things that need to talk to it must now also live in your private subnet, hence Lambda launching in a VPC.

nullpage | 8 years ago | on: iMac Pro Available Now

Sorry I didn't intend it to be a gatekeeping thing or trying to define who isn't or is a professional. I apologize it was poorly worded.

I think a diagram better explains what I'm trying to say.

What I feel like Apple's target audience was in the past with their 'Pro' lines:

https://imgur.com/a/ydLdE

What I feel like Apple's target audience is now with their 'Pro' lines:

https://imgur.com/a/dGI9R

It still meets the requirements of a lot of professionals, and a lot of professionals are still going to use them. I'm not trying to say 'whether or not you are a professional is directly related to whether or not you use a macbook pro'. It is just that apple seems to be slowly targeting their "pro" lines more towards the consumer who like pro stuff side to capture more of that market than they are trying to move toward the professional side to capture more of that market. Instead of getting more ports and longer battery life at the sacrifice of weight, we get things like the touchbar and ever thinner machines that have trouble living upto the battery expectations. For a bunch of professionals that doesn't matter, it isn't what makes a macbook pro fit their requirements. But there seems to be a very vocal segment of professionals who sit on that left most edge concerned that what apple calls 'pro' is moving further away from meeting their requirements than closer.

Edit: it might be more clear to say the green circle is people who find a macbook pro to meet their requirements.

nullpage | 8 years ago | on: iMac Pro Available Now

I'm not in any way saying that a macbook pro (or any 'pro' thing) can't/shouldn't be used by professionals, or that people that use them are not professionals. It is just that I find more often than not when 'Pro' is used to market something, the primary audience appears to be consumers that want have a pro feeling, regardless of whether or not it was designed primarily for the requirements of a professional. If you are a professional and a Macbook Pro fits your requirements, great! It just feels lately that the 'Pro' moniker doesn't mean it is specifically designed with professionals in mind as the primary audience.

nullpage | 8 years ago | on: iMac Pro Available Now

My rule of thumb lately has been that if something is marketed as 'Pro', it is usually intended for average joe who wants to feel pro, not to meet the requirements of people that are actually professionals.

nullpage | 8 years ago | on: 465k patients told to visit doctor to patch critical pacemaker vulnerability

"The critical firmware flaws came to light last year in an advisory that was sponsored by an investment that was betting against the stock of St. Jude, which was formally acquired by Abbott Laboratories in January. In the two days following the disclosure by investment firm Muddy Waters, St. Jude's stock price fell 12 percent. At the time, St. Jude issued a statement saying the Muddy Waters report was "false and misleading.""

This reminds me of the plot of Casino Royal where the villains short the stock of an airline / airplane manufacturer, then attempt to blow up the plane they are showing off to force the stock to sink. That is some questionable ethics, then again the investment firm is called "Muddy Waters" haha.

nullpage | 8 years ago | on: Detecting Chrome headless

Curious about your home setup, what ISP are you using at home that lets you have essentially a /25 block of public IPs, let alone 40GbE of bandwidth? Especially if this is costing you $500/month.

nullpage | 9 years ago | on: The Jet Engines with 'Digital Twins'

It is some tech out of GE Digital that, from what I understand, uses sensor data + machine learning against a digital representation of the system to predict failures and tune performance. A friend of mine just recently took a job at a start-up using this technology (https://veerum.com/about/), however I haven't had a chance to catch up with him and really understand how this stuff works.

There is some more information here: https://www.ge.com/digital/power-digital-twin

https://www.ge.com/digital/blog/rise-digital-twins

nullpage | 9 years ago | on: Trump’s F.C.C. Pick Quickly Targets Net Neutrality Rules

Totally, but they could just spin it to the consumer like TV cable packages. "Get our Internet 'Social Media Plus' plan for $100 / month, featuring blazing fast speed to our premium partners Facebook, Twitter, and Reddit! Use a corporate VPN from home? For an extra $10/month add on our VPN Pro PLUS package to get ultra fast connection back to your office!

terms and conditions apply, all other internet traffic is at speeds of up to 1mb/s"

It is far fetched sure, but I honestly wouldn't put it past some ISPs to attempt something super lame like this.

nullpage | 9 years ago | on: Trump’s F.C.C. Pick Quickly Targets Net Neutrality Rules

> home ISP, who only gets to see an encrypted pipe

Until your home ISP that doesn't care about net neutrality just decides to throttle your OpenVPN encrypted pipe and make it useless, they don't need to see what is inside of the encrypted pipe to fingerprint it as a VPN tunnel.

page 1
more