int0x2e (u/int0x2e) - Readit News

int0x2e commented on UniFi 5G blog.ui.com/article/intro... · Posted by u/janandonly

SkyPuncher · 20 days ago

Unifi is a bit different than Apple to me.

Ubiquiti is one of the few companies doing prosumer hardware - and doing it extremely well. They give you access to advanced, raw configurations without necessarily having to go "full enterprise" deployment. They also have solutions for just about everything.

That being said, I generally have moved towards other Wifi solutions as I've grown weary of tweaking Ubiquiti all of the time. I found that I could get better top-end performance out of Ubiquiti gear, but really struggled to hammer out poor performance in edge cases. Particularly, with jitter and random latency spikes.

My consumer mesh wifi system gets nowhere near it's advertised performance, with little way for me to tweak it. However, I rarely need "full performance" and it doesn't suffer from the same random glitches.

int0x2e · 20 days ago

I used to think the same way, and I loved UBNT. Sadly, after 2 different more advanced configs I had caused wild stability issues - affecting APs, a USG and the controller itself to the point of making them less reliable than a random TP-Link router, plus an ERL randomly dying on me without warning and never booting again - I decided to pull UBNT from anything and anywhere.

I now exclusively use open-source projects with a strong history and community - or used high-end enterprise gear that I pick up when it reaches EOL so it's dirt cheap. Stability has been so much better, even with the most advanced configs I ever created.

int0x2e commented on Uranium demand hits decade high as nuclear renaissance gains traction oilprice.com/The-Environm... · Posted by u/PaulHoule

bruce511 · 2 years ago

It will solve itself. But I don't think the solution is nuclear. The solution will be storage.

Again, the issue is cost, and externalities. On the one hand the cost of nuclear electricity is low, but the externalities are extremely high. Time, public opinion, and long-term liability are all against it (and that's assuming it goes as planned.)

Sure, optimal storage has yet to be figured out. Batteries and pumped-water-schemes are working in some cases, but are not necessarily grid-scalable [1]. But work in this area has potential, and we've not reached any maxima here yet.

Technologies like compressed air, hydrogen and so on are sll in their infancy.

I should note that I am pro-nuclear. It's a lot cleaner than coal or gas. I'm just not sure it'll ever be economically attractive.

[1] on a household level, batteries that can store over-night amounts of power exist, send are easily available. This provides a cap on how expensive night electricity can be.

int0x2e · 2 years ago

Storage will never work. Quote me on this. Nuclear or a mix of nuclear and renewables will be the only way to seriously get away from fossil fuels. Also, even if storage works some day, hoping we manage to discover how, scale and implement it across human civilization in time is a crazy bet to make. Even if we seriously go all in on nuclear and renewables tomorrow - it might already be too late, so betting on some miracle tech to be found, scaled and implemented in time is not only unwise, it would require several miracles to have any hope.

int0x2e commented on Uranium demand hits decade high as nuclear renaissance gains traction oilprice.com/The-Environm... · Posted by u/PaulHoule

bruce511 · 2 years ago

The problem with nuclear is that while we need base-load, base-load doesn't pay.

Let's say I have a $billion to invest. My goal is return on investment. Why would I pick nuclear over solar?

Solar is cheap, quick to build, low maintainence, requires a small amount of "cheap" labor, and "worst case" stops working.

Nuclear takes 15 years of planning, costs a fortune just to get started, will guarantee endless fights with pretty much everyone, has long-term clean up questions, requires lots of very expensive engineers to keep running. (And worst case is pretty much as bad as you can imagine).

Oh right, nuclear makes electricity at night. When it's cheapest.

I get that we -need- electricity at night. But frankly, there is zero incentive for me to put my billion there. Its high risk with no reward.

int0x2e · 2 years ago

This is more of an argument for how pure economic thinking and the current constraints/processes have poor correlation to actual impact and desired outcomes. It's similar to how Enron would make the most money when California had rolling blackouts - by operating right at the edge of the network crashing, they would make the most money because reserves were low, so they intentionally shut power stations down and caused small grid crashes.

If you really believe in renewables, if anything, we need to go all in on nuclear for the base load, but no one seems to be headed in that direction other than China and India, because the don't have the same market failures we do.

int0x2e commented on Data accidentally exposed by Microsoft AI researchers wiz.io/blog/38-terabytes-... · Posted by u/deepersprout

buro9 · 2 years ago

Part of me thought "this is fine as very few could actually download 38TB".

But that's not true as it's just so cheap to spin up a machine and some storage on a Cloud provider and deal with it later.

It's also not true as I've got a 1Gbps internet connection and 112TB usable in my local NAS.

All of a sudden (over a decade) all the numbers got big and massive data exfiltration just looks to be trivial.

I mean, obviously that's the sales pitch... you need this vendor's monitoring and security, but that's not a bad sales pitch as you need to be able to imagine and think of the risk to monitor for it and most engineers aren't thinking that way.

int0x2e · 2 years ago

It's much worse - if the data isn't just a ton of tiny files, and you're able to spin up a bunch of workers for parallelism, you can get up to 120 Gbps per storage account (without going to the extreme of requiring a special quota increase).

That means in a little bit over 5 minutes, the data could have been downloaded by someone. Even most well run security teams won't be able to respond quickly enough for that type of event.

int0x2e commented on Stupid alloc – What if memory allocation was annoying github.com/shadyfennec/st... · Posted by u/jmmv

VWWHFSfQ · 2 years ago

I love Rust. But it seems like there's some kind of religion about allocations.

Don't use String you fool, you want &str!

Don't use Vec you fool, use &[]!

It really puts people off. Because now they have to learn all about lifetimes and that's a fucking nightmare. My advice: Use String. Use Vec. Use Hashmaps. It's all still going to be a million time faster than whatever you were doing in Python, or Java, or Go, or Javascript, or whatever.

int0x2e · 2 years ago

That works for some types of code and fails for other types. If you have very long lived but memory heavy apps, allocations really matter...

int0x2e commented on The Code Review Pyramid (2022) morling.dev/blog/the-code... · Posted by u/rainhacker

barbariangrunge · 2 years ago

Is this just a way of saying, “stop wasting all your review time on the style guide and look at the system design”?

Although, the style guide should just be followed and fixed before you get to code review phase. That’s just a matter of professionalism

int0x2e · 2 years ago

At a former team, we went from spending quite a bit of time on code style comments and disagreements to spending no time at all on it, with the simple act of making the code linter a breaking step in our CI build, and deciding no review will start until the build is green.

We had to adjust our linter settings here and there - but it was still super efficient for everyone's time compared to what we had before...

I can't recommend this more.

int0x2e commented on Why there are so many cybersecurity vendors and where do we go from here ventureinsecurity.net/p/w... · Posted by u/jc_811

mikewarot · 2 years ago

>Where do we go from here?

Take a step back, and look at history. It should be unsurprising that the problem was encountered, studied[0] and solved, decades ago.

During the Viet Nam conflict, the Air Force needed to plan missions with multiple levels of classified data. This couldn't be done with the systems of that era. This resulted in research and development of multi-level security, the Bell-LaPadula model[2], and capability based security[1].

Conceptually, it's elegant, and requires almost no changes in user behavior while solving entire classes of problems with minimal code changes. It's a matter of changing the default from all access to no access, all the way down to the kernel.

Life without it, is like trying to run a modern electrical grid without any circuit breakers, anywhere, ever.

Getting rid of virus scanners alone should be worth the platform switching costs, at least in terms of performance for most users.

[0] https://csrc.nist.rip/publications/history/ande72.pdf

[1] https://en.wikipedia.org/wiki/Capability-based_security

[2] https://en.wikipedia.org/wiki/Bell%E2%80%93LaPadula_model

int0x2e · 2 years ago

The difference between theory and practice, is that in theory there is no difference, but in practice - there is.

So far, every "provably secure design" I've seen ended up being insecure in practice due to the things people abstract away.

I'm not saying it's impossible, but I have not seen it done perfectly thus far.

We've seen more success by having many many iterations and widespread usage of common designs and patterns. These are not perfectly secure by any means, but they are secure enough against common threats to make it functionally equivalent until we figure it out.

int0x2e commented on Why there are so many cybersecurity vendors and where do we go from here ventureinsecurity.net/p/w... · Posted by u/jc_811

calvinmorrison · 2 years ago

Too many people do too much. I would rather pay 10 vendors a few K per year than get sucked into one vendor one tool suite. Let people focus dammit.

int0x2e · 2 years ago

For enterprises, it's hard to have a ton of different tools. I worked at a very large software company, and our security tech stack was so big and convoluted, that just maintaining a compliant CI/CD pipeline was a 5 person job, because there are ~20 different tools to integrate and debug, and each of those changes every year or two, so you're constantly re-learning, re-integrating, debugging,etc. Having a single (or just a couple) vendor(s) sounds like a dream!

int0x2e commented on Why there are so many cybersecurity vendors and where do we go from here ventureinsecurity.net/p/w... · Posted by u/jc_811

sylens · 2 years ago

Tools like Nessus and Burpsuite Pro are not the ones I'm talking about.

Go take a look at the CSPM or CASB or CNAPP space and check the costs on some of these tools.

int0x2e · 2 years ago

Those aren't cheap, but rolling your own usually isn't any cheaper. Even huge enterprises usually buy instead of build because it's cheaper in both the short and long run.

Think about most managed cloud services - you could deploy your own SQL servers on EC2, configure replication, fail-over, backups, security patching, log collection, observability, etc. - but you'll end up paying a lot for engineers to build, maintain and monitor that solution compared to just spinning up one of the ready made offerings by AWS. It might be cheaper to do if you have a ton of RDS, but it really has to be a huge huge volume, and even then, AWS will probably find a way to discount your bills to make it still better...

int0x2e commented on Why there are so many cybersecurity vendors and where do we go from here ventureinsecurity.net/p/w... · Posted by u/jc_811

alephnerd · 2 years ago

It's all checkbox driven development. I'm a PM in the space and it's all snake oil. At least we have amazing ACVs compared to other B2B sectors and a captive market.

F** Gartner and Forrester for forcing us to concentrate on this instead of actually solving problems

int0x2e · 2 years ago

I work at one vendor currently and have worked at a few prior. The difference is astounding - my previous gigs, including one of the biggest vendors ever was exactly as you said. My current gig is exactly the opposite - strong focus on real security insights and value, none of the box-ticking bs, and a great roadmap. It is rare, but when everyone at the org, and especially the product side really know how attacks play out - you can make a real impact on the world.