RonSijm

joined 1 year ago
[–] RonSijm 2 points 4 months ago

Like feathering somebody after tar pitting. I dont know what that would’ve meant. Maybe servers ridiculing an attacker or something

Could be a feature where servers would add your IP to a list, and send it to the clients (like a list somewhere in case of a website)

Then clients would start sending random metasploit-esk requests to those IPS

[–] RonSijm 2 points 4 months ago (1 children)

I guess cloud big boys would be using key management systems to move the key off the local instance

Yes, AWS uses KMS - by default everything like RDS is encrypted at rest through the AWS default KMS key (default for your account, not globally default). I'm still not entirely sure what the point is, since once you login to the AWS console, or connect to the database, everything is decrypted by default anyways. So I suppose the main thing it protects from is physical access.

You can make it more complicated by having more complicated KMS schemes, for example, see Demystifying KMS keys operations - That has a pretty good explanation of what KMS is, and the point of encrypted at rest (at AWS).

A reason customers could ask for encryption at rest could be that they want to be in control of the decryption key. Then at any point that would give them the ability to revoke the decryption key, and practically revoke your access to their data

But as @recursive_recursion mentioned, you should probably ask the stakeholder what the point is. 90% of the time the point is just some checkbox on a ISO27001 or SOC2 form. And "really providing any extra security" is not

[–] RonSijm 5 points 4 months ago

https://www.consilium.europa.eu/en/meetings/jha/2024/06/13/

In public session, the presidency will inform ministers about the state of play of a legislative proposal to combat child sexual abuse. The proposed EU law would make it mandatory for internet companies to alert the authorities about online child sexual abuse on their platforms.

[...]

eff.org

The Belgian proposal was debated behind closed doors, and civil society groups have only recently been able to even evaluate and discuss the proposal after it was leaked to the press.

A bit of a discrepancy here between how it's framed, "we're having public discussions" vs getting information from a leaked document marked as "Classification: Top Secret – For official use only" - I wonder who's telling the truth here, the EFF, or a Council of EU governments that secretly want to implement mass surveillance.

Also funny how it's always the same playbook. "Lets do this under the under the guise of combating child sexual abuse."

[–] RonSijm 5 points 4 months ago (1 children)

The amount of times I’ve been alerted in the middle of the night because CPU was running high for 5 minutes is too damn high.

I'd suggest to just set up automatons to fix those things automatically. Lets say 80% CPU for 5 minutes it too high. Ok, add an auto-scale rule at 65% CPU for 3 minutes to add an extra node to the cluster to load balance the CPU load

It’s like we’re trying to prevent outages by monitoring for potential issues rather than actually making our system more robust and automate-able.

Like it sounds like you're saying the issues are caused by systems not being robust and lack of automation... If they're this scared of outages and breaking SLA, they should work on having less outages, or having fall-backs when they occur.

But it could get pretty difficult to get management to do this kinda things from random suggestions from some SRE. I'd probably talk with the team-lead about this, and other people in your team, cause you're probably not the only one with these issues. And then have a meeting with the entire dev/SRE team and management to point out it's not sustainable the way it's going, and with suggestions to improve it

[–] RonSijm 3 points 4 months ago

Hmm, as a programmer the game looks pretty fun.

But I checked the steam store, and it's still in early access, but there are a bunch of different editions, and a couple of (paid) DLCs already. I'm a bit confused on what "edition" to even get - And it doesn't really bode well for the future if every small extra thing is going to be a DLC

[–] RonSijm 1 points 5 months ago* (last edited 5 months ago)

I'm not completely sure which classes you're talking about - but it sounds like the Business Process Layer

I would call them “services” but I’m looking for a less overloaded term. Maybe capabilities? Controllers?

"Controllers" (in dotnet at least) is usually reserved for the class that initially intakes the http request after middleware (auth, modelbinding etc)

It's probably easier with a concrete example, so lets say the action is "Create User"

It depends on the rest of your architecture, but I usually start with a UserController - that takes all user related requests.

To make sure the Controller doesn't get super big with logic, it sends it though mediatr to a CreateUserCommandHandler

But it's a big vague which parts you're asking about..

"there is a class of … classes/modules that does the needful.".

Everything else you've described

"API resources, queue workers, repositories, clients" and serializers

Is "cross-cutting", "Data Access Layer", and "Service Agent Layer" maybe a bit "Anti-corruption Layer" - but there's a lot of other things in between that "do the needful"

[–] RonSijm 2 points 5 months ago

Well to be clear, this was not supposed to be a jab at gitflow, or me complaining specifically about gitflow. I merely used "gitflow" as an example of a set of conventions and standardizations that comes nicely packaged as one big set of conventions.

But there's nothing wrong with gitflow. I was just saying - it are not set in stone rules you must follow religiously. If you're using it and it seems more practical to adapt the flow for your own use-case, don't worry it'd be considered wrong to not stick strictly to it

[–] RonSijm 18 points 5 months ago (5 children)

I think a common misconception is that there's a "right way to do git" - for example: "we must use Gitflow, that's the way to do it".

There are no strict rules for how you should use git, it's just a tool, with some guidelines what would probably work best in certain scenarios. And it's fine diverge from those guidelines, add or remove some extra steps depending on what kinda project or team-structure you're working in.

If you're new to Git, you probably shouldn't just lookup Gitflow, structure your branches like that, and stick strictly to it. It's gonna be a bit of trial-and-error and altering the flow to create a setup that works best

[–] RonSijm 36 points 5 months ago

It would be easy for Google to remove the guardrails from WebAssembly in some sort of public testing version of Chromium

Google is not the authority on WASM, W3C is. Google diverging from the standards and removing any guardrails would result in "This page only works in Chrome" kinda bullshit we've seen before

[–] RonSijm 1 points 5 months ago (1 children)

It's not a big red flag, but it indicates that the product is not fully open source. You can get the full community edition from Github, but for the Self-hosted Enterprise version you have to contact sales.

So all the Enterprise features are most likely closed source, and when you buy/license it, you'll just get the compiled version. And since their Cloud hosting model has a "Per 1,000 sessions/mo" model, their Enterprise self hosted model might have that as well. So it'll have some kinda DRM/License managing, and maybe a "call home" to check your license or usage every once in a while

[–] RonSijm 4 points 5 months ago

myStr.IsNullOrEmpty() feels a bit weird to me, because you have to know that it's an extension method.

Otherwise it kinda looks like you might be trying to run a method of something that's possibly null

That's the same design principle of why ArgumentNullException.ThrowIfNull(myStr) is not an extension method

[–] RonSijm 17 points 5 months ago

Just wait until she learns child processes get aborted

view more: ‹ prev next ›