aviditas (u/aviditas)

aviditas commented on Spacetop, a radical laptop with no screen pcworld.com/article/19193... · Posted by u/advance512

Fascinating. Hard to know if it's worth it at this stage due to the 1080p per-eye resolution, but the second incarnation of this product ought to be a real game-changer.

Also, I noted this passage:

even with a very odd prescription (one eye is near-sighted, and one far-sighted) the default corrective lenses Sightful had available worked well.

I've never encountered another person with this same eye disorder... It can be a real nuisance in certain cases. Nice to see this specifically addressed :)

aviditas · 3 years ago

There are dozens of us! My glasses and contact RXs always got a comment. Mine are on the extreme side in difference too, plus astigmatism in one eye and not the other. When contacts were finally available for me, I had to relearn how to live in a 3d space.

I'm definitely going to follow the development of this as attention to edge cases and details like this are a good indicator of quality. It definitely has beta version battery life which I'd hope they'd address in a v2 as well.

aviditas commented on The Women who left their jobs to code bbc.com/news/technology-6... · Posted by u/adrian_mrd

badrabbit · 3 years ago

My frank experience with women in tech is that I see absolutley no difference with men except women tend to be more organized (I am a mess so what do I know).

But a pattern I keep seeing is women become unhappy in roles that are not very socially engaging. And this isn't because they are women but because of social expectations and upbringing. Women who just do the job because they like it just like male counterparts do great (or not). My point is that even though there are many women interested in STEM at the outset, how they see themselves matters a lot when talking about job satisfaction.

I've met multiple women over my career that were just brilliant but they set themselves up to be in management or other roles that aren't very technical but require social skills and all the while I want to ask them why they want to do that when they can just be a rockstar in technical roles and this is the only explanation I have.

Just to be clear, I am only talking about the majority I have seen. Perhaps everyone just leans into their strength and it is easier for women to be socially succesful? I feel like in tech at least, there is a competition to get women working in your team and management wins a lot.

aviditas · 3 years ago

As someone with excellent social skills in a technical field, I constantly get pushed towards management. In terms of upward salary momentum, I understand why a lot of women go that route. Investment of time to return is high if you are successful there. If you are constantly being told that you'd be a good fit for management, it makes sense that most people would gravitate towards it as a career.

I like to say that I am happy to be a leader in a technical role but have zero desire to be 'in management'. Interfacing with other teams and departments is critical for the long-term success of my work, but the bulk of my time is spent on heads down technical stuff. I wish there were more opportunities for everyone to try out having direct reports without it being a path of no return (or path of difficult to turn back). My experience with being a supervisor 10+ years ago was very valuable in that I found that while I was moderately good at it, the constant required social interaction for 90% of the day was massively draining and left me a blob after work.

aviditas commented on Kali Linux 2023.1 introduces 'Purple' distro for defensive security gitlab.com/kalilinux/kali... · Posted by u/favourable

cjbprime · 3 years ago

This looks good! What do people use for fast indexed search of pcaps? (Contents, not metadata.)

aviditas · 3 years ago

I like Arkime (used to be called Moloch). My only pet peeve is that the documentation for the search bar is not separated from the tool. Their site docs tell you to go to the tool instead of just having the information mirrored. But for large scale pcap analysis that still lets me look at individual packet data.. it's my first choice.

aviditas commented on Ask HN: Laid off folks, are you getting hired? · Posted by u/bosch_mind

jonnycoder · 3 years ago

Can you give some examples of bad format?

aviditas · 3 years ago

9/10 resumes I have been seeing are the default auto generated ones from LinkedIn. Sometimes those look alright but the rest are 5+ page monstrosities.

aviditas commented on Capsaicin is a psychoactive substance p.migdal.pl/blog/2022/10/... · Posted by u/stared

jackvalentine · 3 years ago

My mother in law experiences mild ‘spices’ like oregano or yellow mustard as too spicy and burning.

Genetics? Who knows but they’re out there.

aviditas · 3 years ago

Maybe a mild food allergy? I know someone who has that reaction to rosemary and another friend who has it from tomatoes. A simple skin test showed both to be an allergy vs palate issue. Could just be sensitive to spices but it is a fun thing to figure out.

aviditas commented on Ask HN: What is the most impactful thing you've built? · Posted by u/rafiki6

aviditas · 3 years ago

I wrote a data integration between two internal, siloed tools at a major ISP. This let me build security alerting on social engineering attempts and successful compromises. These se campaigns were using information from other corporate and gov data breaches to access accounts that had not been setup with pins/passphrases, and going for quantity over quality for targets. Anyone was fair game to them and if they couldn't steal money then they'd resell the access and PII to even more unsavory types for identity theft. At the time, if a caller had the account holder's PII, they'd be able make limited changes to the account. Unfortunately, those 'limited' changes were things like forwarding phone or email service. They did pool the data eventually and the alerts continue to be used today to identify compromise and lock email/phone to prevent them from being used for bank fraud. The reduction of financial fraud on normal people was significant. My work kicked off a ton of other initiatives to prevent other avenues of compromise as well. I went from working customer compromise investigations in the scale of thousands a year to a few hundred after implementation. Having clear data of malicious access that couldn't be ignored prompted those initiatives to be seriously funded and maintained. Moving from reactive to proactive on these was very satisfying.

aviditas commented on Malicious update/malware by a semi-advanced adversary axelp.io/UltimateUpdate... · Posted by u/CuckooExe

batch12 · 3 years ago

I've seen this. This is the same basic payload/TTP from the regional news sites that were compromised (via shared scripts hosted by McClatchy and MediaNews) a few years ago (2019). Op needs to hit the site with a new IP and with a 'referer' to get the second stage. There is also some JS fingerprinting, like checking GPU model, to ensure a plausible client visit. This was a fun piece of malware to dissect.

I believe Symantec classified it as SocGholish.

Edited: clarity, details

aviditas · 3 years ago

The last batch of SocGholish I encountered had virtualization checks on each stage and required user interaction to run/open the payload. Used iframes or modified google analytics on the compromised site and used webpress plugins vulns to get access. The sandboxing checks were crazy good. I ended up getting an old laptop to do the analysis as it detected every other security sandbox tool. The only positive is that the payload (6 months back) itself is easily detected by most edr. Defender caught it on download.

+1 to the enjoyable dissection. Rooting out the underlying infra was also very fun.

aviditas commented on Splunk IP suit against Cribl splunk.com/en_us/blog/bul... · Posted by u/2close4comfort

jcims · 3 years ago

>There’s no better SIEM alternative that deals with logs at scale.

I think folks that use Splunk for basic search just don't fully comprehend how capable the product is for hunt-type operations when someone fluent in SPL is at the helm.

aviditas · 3 years ago

I can't agree more. I've used every main 'competitor' now and nothing can compare to splunk for hunting across massive logging pools. It genuinely feels like magic with advanced SPL and solid regex.

My frustrations with Splunk have been around their certification and training changes over the years. Used to be able to get a solid tool certificate and decent training materials all for free. It only hurts Splunk though as less people have experience with the tool it lessens their advantage. Makes me disappointed as I really do like the tools itself but literally everything else is terrible. I'd much rather deal with Elastic or go open source with Security Onion.

aviditas commented on Why do all these 20-somethings have closed captions turned on? wsj.com/articles/why-do-a... · Posted by u/malshe

eyelidlessness · 3 years ago

I have auditory processing difficulties. Among many other sensory challenges. Sitting at a table in a restaurant, I struggle to understand what my friends are saying to me over the din of background chatter, a bartender shaking a drink, back of the house clinking a pan.

I similarly struggle to understand what actors are saying when they’re backed by theme music or other physical things going on as part of (or behind) the story. Captions help me actually consume video rather than feel lost in it. Without text I pretty much would stop consuming video entirely.

Granted, I’m 40 so I can’t speak for the youngs. And I hear just fine in that the sounds are all present in my ears and my brain. They just get jumbled and being able to catch up with text helps immensely.

aviditas · 3 years ago

As one of the younger but not young crowd, I have a form of auditory dyslexia which is why I've used CC and subtitles most of my life. Good sound mixing and actor enunciation helps to a small degree, but my brain garbles the first part of conversation starts and when dialog happens without visual cues.

My hearing is good, but the delays in processing dialog to content make watching movies or tv very frustrating when I can't see the actor's face to lip read or don't have CC to catch what I miss.

On the other side of things, I have a very high level of internal voice so when I am reading text I can 'hear' the dialog in my head. I can listen to the first 20 minutes of a movie or episode or two of a tv show, then watch it muted with subtitles and will hear the actor's voices. It's nice because I can watch shows with my own background music or without disturbing anyone with the audio.

aviditas commented on Three Caffeine Alternatives and the Science Behind Them scitechdaily.com/three-am... · Posted by u/gz5

plmpsu · 3 years ago

How are you preparing it?

aviditas · 3 years ago

About a half cup of hot almond milk + a gram of the chocamine. Fits into a small teacup perfectly and swapping the almond milk for water is alright but I like the hot chocolate style drink. I add a little dash cinnamon but it's got a nice flavor ok its own.