What does SSBC mean in this context?
Sorry, it was meant to be USSR (Union of Soviet Socialist Republics).
Readit NewsDethNinja commented on Don't Take VC Funding – It Will Destroy Your Company eidel.io/2023/07/09/vc-fu... · Posted by u/olieidel
DethNinja commented on Don't Take VC Funding – It Will Destroy Your Company eidel.io/2023/07/09/vc-fu... · Posted by u/olieidel
> On the other hand, my first self-funded startup got destroyed by a VC funded venture. They had a worse product but far better marketing and they used every dirty trick in book to tarnish my company’s reputation.
Would you be willing to give a few more details about what happened? I'm not interested in the identities of the companies or people, just interested in a high level overview of what happened. We don't hear these stories often.
- Hired a journalist on some mid-size news company to tarnish the company’s reputation. I never imagined they would bother to do this, but I was wrong.
- Used an APT for hire but I don’t believe they did succeed , still it is quite insane. I was lucky enough to catch a targeted rootkit but issue was quickly remediated. I’ll eventually find a consultant to analyse the Win 11 rootkit. They were definitely not script kiddies.
- Some black hat SEO and shills for hire, but that is expected.
I’m really surprised by hired journalist / APT aspect. Something I never imagined would happen, but apparently it does happen.
DethNinja commented on Don't Take VC Funding – It Will Destroy Your Company eidel.io/2023/07/09/vc-fu... · Posted by u/olieidel
On the other hand, my first self-funded startup got destroyed by a VC funded venture. They had a worse product but far better marketing and they used every dirty trick in book to tarnish my company’s reputation.
There is no way I’ll start another startup unless I receive backing from a huge VC company.
Current economic paradigm is more similar to centralised/controlled economies of USSR. Thus if you want to succeed, you will need friends with connections to central banks.
DethNinja commented on Tell HN: Interview take home assessments without feedback are frustrating · Posted by u/shakes_mcjunkie
I had a company ask me to put together a performance improvement plan involving proposed changes, instrumentation and engineering changes. They expected me to look at all their existing code, talk with engineering and other employees and put together this plan in 6-7 hours, an already ridiculously large time frame. I told them that allotted time was way too small for what they wanted and withdrew my application. It felt like they wanted me to put together a plan they could implement without paying or hiring me. Worse, I'd be working around their schedules to have these conversations so it wasn't really a take home assignment.
I wish I had saved a copy of the assignment. It was ridiculous.
So was the company the best in their field? I sometimes see small / badly managed companies pull such interview processes and it is ridiculous. You would expect they would hire 100x engineers with these tasks but I wonder what they are exactly looking for.
DethNinja commented on Emerging architectures for LLM applications a16z.com/2023/06/20/emerg... · Posted by u/makaimc
Do a16z invest in small scale AI companies? Or are they only doing series B+ investments?
DethNinja commented on Ask HN: What are some of the most elegant codebases in your favorite language? · Posted by u/debanjan16
C++ - Botan
C - Redis
DethNinja commented on Desktop Linux Hardening (2022) privsec.dev/posts/linux/d... · Posted by u/pabs3
How does re-installing the OS from scratch every 6 months "eliminate most of the advanced threats"? The malware has up to 6 months to do its work. OS re-install may delete the malware, but the next visit to bad link may re-install the malware as well.
It is just a precaution measure, some of the malware like DDOS Bots might persist more than 6 months.
Honestly, an immutable OS would be more ideal but it isn’t very realistic. If you are adventurous, it would also be possible to setup a system where host image gets rebuild every night and persistent data gets pulled from a git repo.
DethNinja commented on Desktop Linux Hardening (2022) privsec.dev/posts/linux/d... · Posted by u/pabs3
This is a pretty good guide.
I also recommend manually reading/checking the the BIOS EEPROM and re-installing the OS from scratch at least every 6 months. This should mostly eliminate most of the advanced threats.
You can setup an ansible script to re-install everything so it can automated.
However, sometimes programmers forget to remove the debug symbols from the final binaries of the game. Programmers are humans, and humans make mistakes.
Executables/libraries on disk file size will increase with debug symbols. The kernel and loader will look at binary headers and load only what is needed for execution into main-memory. Kernel and loader will not load the debug symbols at runtime, they are useless for them. The debugger will look also at the headers and use them to load the debug symbols, which are need for backtraces. Therefore initial file read from disk will take a little more time but the execution is not affected. Startup speed is usually influenced by loading of further resources, initialization and checks. So you will get a lot for some bytes on the disk.
https://stackoverflow.com/questions/24117063/is-a-program-co...
https://stackoverflow.com/questions/39222698/does-compiling-....
Some people still argue that security by obscurity works and hide everything. I doubt that.
You should absolutely never release a commercial binary to public with debug symbols.
There are ways to convert symbol names on the crash report server, so the claim that you can get better crash report with debug symbols is not correct.
Why you shouldn’t release debug symbols:
* It helps patent/copyright trolls litigate you easier.
* Makes it easier to reverse engineer your binaries, which will help malicious actors and competitors.
* You might lose some trade secrets.
If you are a startup owner, please ensure to never release commercial/close-source binaries with debug symbols. You can thank me later.