Security through obscurity is fine if it's an additional layer in a well thought out security implementation. I've build a bespoke Node.js site/service where I sometimes have to kick out clients due to various reasons. I sometimes fear reprisal and have to consider a targeted attack on my infrastructure. And indeed I do get the occasional hack attempt with for instance hand crafted sql injection attempts (I receive an instant notification when this happens). The best approach in hardening your infrastructure I think is trying to hack your own service by trying a plethora of methods like sql injection attacks or denial of service attacks on your public api's.
Readit Newscersa8 commented on Security through obscurity is underrated (2020) utkusen.com/blog/security... · Posted by u/metadat
cersa8 commented on Project Wisdom for Red Hat Ansible research.ibm.com/blog/ai-... · Posted by u/tosh
Wisdom for ansible would be to ditch the dsl and expose a pure python declarative api, with imperative escape hatches and a set of best practices + conventions encouraged by templates anf linters.
Instead, we get a terrible dsl baked in a bad markup language that is hard to write, painful to debug and impossible to maintain.
That you have to come up with concepts like an inventory, fact and magic variables should have been your first clue that they were reinventing badly what any language ecosystems provides for free.
And the worst is, ansible is probably one if the best deployment systems at our disposal.
Pulumi could have filled this nicely but only supports a few cloud providers.
Canceled my PayPal account none the less.
cersa8 commented on $570M worth of Binance’s BNB token stolen cnbc.com/2022/10/07/more-... · Posted by u/labarilem
These bridges seem to be the weakest links in crypto.
cersa8 commented on You can't recover your Google account if you lose your 2FA device · Posted by u/arbuge
cersa8 commented on TypeScript is now the most-used language by CircleCI users techradar.com/news/javasc... · Posted by u/isaacfrond
I don't agree with OP, there's nothing wrong with JS but I think the reason langs like JS and Typescript always top these lists of popular languages is they're the only viable options right now for client side web development.
I disagree. My entire backend is written in Typescript and maintenance and feature development pace is incredible. It's been this way for years now and I cannot see myself switching to Go or Java anytime soon.
cersa8 commented on Citibank may lock bank accounts for 45 days if breach suspected twitter.com/saletan/statu... · Posted by u/moonka
> Accounts are so trivial to open and manage nowadays.
They are not. When you come back from work after a 12-hour night shift the last thing you want to do is managing your bank accounts. You just want one account to work, and to work well, if possible without the bank screwing you too much.
Opening an N26, Revolut or Bunq account (in Europe) can be done from the couch. Maybe this is much different in the US.
I use GraphQL (postgraphile) for my admin backend crud. This allowed me to do some incredible fast development with only minimal customisation (couple of PostgreSQL functions). Anything outside the happy path is handled by a REST API. Maybe we shouldn't think in absolutes, eg: only use GraphQL. For the same reasons I use an ORM, and raw queries where it matters most. The cliché holds true: use the right tool for the job.
cersa8 commented on My worst tech decision: A G Suite account for personal use androidauthority.com/g-su... · Posted by u/SethMurphy
Swpapped my G suite custom domain accounts for mailcow and never looked back. Luckily I never used these accounts for paid apps or other Google specific services.