Turns out EarthLink is a broadband reseller.
Just saw a post about potato cannons. I once drove from Detroit to Atlanta along I-75. Somewhere in North Georgia, I guess, was a few people in an open top Jeep. The passenger had a potato gun and was firing it from the car into the median.
It’s really quite memorable because that was the morning of September 11th, 2001. An hour or so before the world went to hell.
As Snyk becomes more popular I hope that cheat sheets like https://snyk.io/blog/10-docker-image-security-best-practices/ are gaining traction as well.
In case it’s not obvious, the building appears to be a large EarthLink office. I thought they had been out of business for years.
By the way, the $1200 aeron chair is totally worth it, in my experience so far. Really happy with it.
@jerry oh absolutely agreed on the pandemic levels.
In a way it's just another facet of run-away computational capacity. It's *easier* to include more tools (or make a protocol/format/tool more computationally complex) than it is to minimize that capacity/power/complexity.
@jerry I had a quite elaborated debate about minimal images a while ago: https://microblog.shivering-isles.com/@sheogorath/108237365488173785
I'm still looking for any quantitative research regarding the impact of minimal images, but not much success in this space.
I have noticed a concerning trend with software that increasingly distributed as a virtual appliance, or more often a container image. Those images are usually Linux distros with some extra software and configuration installed. But the Linux OS isn’t stripped down, and so the image is subject to all manner of vulnerabilities in components that the application doesn’t use. Then, because it’s a software product, end users have to wait until the vendor releases a fix. But the vendors declare “yes, it has that vulnerability, but we’re not fixing it because it doesn’t impact our product”.
I think that’s the wrong way to look at things. If a baddie is able to find some way in, why are we leaving helpful tools for them all over the place? Yes, they may still be able to install their own, but that’s like saying “I’m not going to lock my door because someone can just break a window if they wanted to get in”.
I think we need to get better and minimizing the attack surface by removing stuff we don’t need AND fixing (or removing) vulnerabilities we don’t think impacts us, but are still there.
The latest update excluded my location. Sigh. I was looking forward to some space junk.
Looks like I’m in the path for the rocket crash landing tomorrow. Hopefully my insurance will cover this: https://aerospace.org/reentries/cz-5b-rb-id-53240
...He’d shut down Reality Labs and admit the Meta thing was a huge, stupid mistake, perhaps spinning out Oculus again. Whatever nebulous growth metrics suggest this company is a suggest fail to evaluate exactly how lifeless it is and how far it has strayed from making products that people actually enjoy.”
Source: Ed Zitron - https://ez.substack.com/p/the-fall-of-facebook
We're hiring for a vulnerability analyst! Full time remote (US only), you'll be responsible for our PCI/ASV clients and other compliance frameworks.
You'll be on the same team as me (yay!) and work on verification of pentest findings too.
I know most people hate Scott Adams now, and for good reason, but when I entered the corp world about 30 years ago, I found the Dilbert books and really loved them. One of the cartoons that sticks with me to this day is a strip where the office team has to compliment each other. I think it was Wally who said to Dilbert “I admire your ability to get paid for that kind of work”. Still makes me giggle.
That at the idea of turning unused cubicles into overflow prison cells.
A Mastodon instance for info/cyber security-minded people.