My ISP does this as well, provides Huawei modems with hardcoded backdoor passwords that can easily be found online. So yup, I've got a dedicated firewall between my networks and the modem. With slow updates and backdoors, I'd include any ISP modem and networks as part of my personal threat model.
Readit Newskevin_nisbet commented on Avoid ISP Routers (2024) routersecurity.org/ISProu... · Posted by u/dp-hackernews
kevin_nisbet commented on EV maker Canoo, once worth $2.4B, files for bankruptcy sfgate.com/tech/article/c... · Posted by u/bane
> looked like an eraser on wheels
Have they seen any vehicle newer than, I dunno... 2010? Everything is a nondescript blob car these days.
I kind of like what the folks in British Columbia are doing for their EV prototypes for Semi Trucks (technically a hybrid, EV with onboard generator): https://www.edisonmotors.ca/topsy
kevin_nisbet commented on No one is disrupting banks – at least not the big ones popularfintech.com/p/no-o... · Posted by u/kazanins
Interesting. I did not know that. But not surprising in retrospect.
But I think the point still stands. WealthSimple is probably not perceived by the median customer as a traditional bank. So people using it is a counter-example to GGP's point that people won't use "startup" banks.
I don't know if the point should be that people won't use a startup bank, just that the assets being directed to the startups/disruptors are not presently threatening to the big banks. I would suspect this is currently the case with WealthSimple here in Canada as well. WealthSimple is at something like $50 billion assets under management [1].
Vanguard asset allocation ETFs are at like $1.3T [2]. 4 Of Canada's Big banks appear to add up to just over 2T Assets under management based on what Google just gave me as summary. So while I think this is a great outcome for a startup (even with Power backing them), to me it seems in a similar space as the above article that we're still talking a relatively small market share, and likely still closer to early adopter status.
[1] - https://en.wikipedia.org/wiki/Wealthsimple#:~:text=As%20of%2... [2] - https://www.vanguard.ca/en/product/investment-capabilities/a...
kevin_nisbet commented on Ask HN: How to learn marketing and sales as a solo entrepreneur? · Posted by u/yu3zhou4
If you only have a vague idea of what the product will be (or at least what the real problem to solve is) and you don't have any potential buyers to talk to then you really shouldn't be writing a single line of code at all. You should be building your network and experience so that you do understand those things, then you go and build an MVP. So many developers fall into this trap.
I always recommend the book The Mom Test to would-be entrepreneurs. It goes into more detail on why asking people if they will buy something is worthless (as you mentioned), and how you can ask much better questions to find and validate problems worth solving.
+1 on recommending the Mom Test, it's one of the most important books I've read.
I'd say in addition to entrepreneurs, it's an important book for product teams / product engineers to understand what the Mom Test teaches, and tune the filter on asking the right questions to get the highest signal, and ensure the solution closely matches the value prop for the customer. Then sales and marketing get a whole lot easier when you've asked the right questions and solved the right problems.
kevin_nisbet commented on Portspoof: Emulate a valid service on all 65535 TCP ports github.com/drk1wi/portspo... · Posted by u/nateb2022
Wouldn't that inevitably end up with your server being more closely inspected (or at least more heavily trafficked) by hackers/bots?
I doubt that most script kiddies are filtering out potential honeypots/things like this from their tools.
Yea, thinking about it for a minute I would expect limited threat models this tool would help with. I think for broad attacks, this would only be somewhat effective if deployed on tens of millions of hosts so it becomes impractical because the adversary is just finding and interacting with the honeypots.
If you are specifically getting targeted, there might be a slight delay by having the adversary try and exploit the honeypot ports, but if you're running a vulnerable service you still get exploited.
Also if you're a vendor, when prospective customers security teams scan you, you'll have some very annoying security questionnaires to answer.
This is only somewhat related but this post got me wondering.
Can wireguard be used for a multi-wan setup/speed aggregation?
Probably. I'm not sure what you have in mind, but WireGuard would just be an intermediate network layer, so it would be up to however you're configuring multi-wan routing would still be apply/available.
I’m constantly amazed by how much the crypto community thinks they understand fractional reserve banking while getting it so completely wrong.
In fractional reserve banking, money that is loaned out is accounted for as liabilities. These liabilities subtract from the overall balance stored (reserved) at the bank. The bank is not printing money new money, no matter how many times this idea gets repeated by people who are, ironically, pumping crypto coins that were printed out of thin air.
I think it’s incredible that cryptocurrencies were literally manifested out of bits, but the same people try to criticize banks for doing this same thing (which they don’t).
This is a good explanation, I've had to explain this topic a few times as well, it seems like it's one of those topics that is very missunderstood.
To just expand a bit, I believe some of the confusion around printing of money comes from the way some economics reports are built. As a micro example, Assume a 10% required reserve, If Alice deposits $100 and the bank lends $90 to Bob. Alice ($100 deposits) + Bob ($90 cash) think they have $190 in total.
This is mainly useful for economists to understand, study, and report on. However, when the reports get distributed to the public, it looks like the banks printed their own money, as we now see $190 on the report when there is only $100 of cash in our example system.
Whether the system should work on a fractional reserve is it's own debate, but we need to know what it is to debate the merits and risks of the system.
kevin_nisbet commented on This Pull Request was generated automatically using cover-agent github.com/huggingface/py... · Posted by u/gronky_
Okay, but what do these tests mean? It's easy to add tests that are meaningless and either test the obvious or are just for coverage.
But some of the buggiest stuff I've dealt with were in codebases that had full coverage. Because none of the tests were designed to test the original intent of the designed code.
I suspect there is also another angle, which is are the tests maintainable as well? Like you said, if you're not testing intent, this might be one more thing to maintain.
In another view, this might just be a fancy way of doing snapshot testing, use AI to generate all the inputs to produce a robust snapshot, but realize the output isn't unit tests, it's snapshots that report changes in outputs that devs will just rubber stamp.
Vaguely related anecdote:
30 years ago or so I worked at a tiny networking company where several coworkers came from a small company (call it C) that made AppleTalk routers. They recounted being puzzled that their competitor (company S) had a reputation for having a rock-solid product, but when they got it into the lab they found their competitor's product crashed maybe 10 times more often than their own.
It turned out that the competing device could reboot faster than the end-to-end connection timeout in the higher-level protocol, so in practice failures were invisible. Their router, on the other hand, took long enough to reboot that your print job or file server copy would fail. It was as simple as that, and in practice the other product was rock-solid and theirs wasn't.
(This is a fairly accurate summary of what I was told, but there's a chance my coworkers were totally wrong. The conclusion still stands, I think - fast restarts can save your ass.)
This is along the lines of how one of the wireless telecom products I really liked worked.
Each running process had a backup on another blade in the chassis. All internal state was replicated. And the process was written in a crash only fashion, anything unexpected happened and the process would just minicore and exit.
One day I think I noticed that we had over a hundred thousand crashes in the previous 24 hours, but no one complained and we just sent over the minicores to the devs and got them fixed. In theory some users would be impacted that were triggering the crashes, their devices might have a glitch and need to re-associate with the network, but the crashes caused no widespread impacts in that case.
To this day I'm a fan of crash only software as a philosophy, even though I haven't had the opportunity to implement it in the software I work on.
> It emits an event, then immediately returns a response — meaning it always reports success (201), regardless of whether the downstream email handler succeeds or fails.
It should be understood that after Lambda returns a response the MicroVM is suspending, interrupting your background HTTP request. There is zero guarantee that the request would succeed.
1: https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtime-...