Readit News logoReadit News
mrktf commented on Enterprise security can be messy: Building a Security-Aware Culture    · Posted by u/rezliant
necovek · 19 days ago
It happens because cybersecurity teams do not design for efficiency and believe that security trumps everything else. If they understood that security, just like anything else, is there to drive the business, they'd perhaps sit down with people doing the work. And then figure out how hard it is to share a simple file or a photo, take it to the print shop as one can't plug in their private USB stick, or how annoying it is to develop Linux IoT firmware on WSL, or how annoying it is to get logged out every 2h.

Because unless you do, people will adopt behaviour that makes them productive, and instead of increasing security, your policies will drive it down.

This is not a result of "bad employees": this is a result of bad security policies.

mrktf · 19 days ago
Yes, i couldn't agree more with this. The problem these "bad employees" earns wage by getting results and not entering multiple times mfa codes during day or repeating same logins. And talking from experience: these secure practices starting to approach at least hour of productive time everyday, which is literally robbing time
mrktf commented on Cloudflare Global Network experiencing issues   cloudflarestatus.com/inci... · Posted by u/imdsm
powerpixel · a month ago
> here is no network protocol for a host to control traffic filtering on upstream providers (deny traffic from certain subnets or countries).

There is no network protocol per se, but there is commercial solutions like fortinet that can block countries iirc, but to note that it's only ip range based so it's not worth a lot

mrktf · a month ago
I think parent means: there no network protocol which can propagate blocking in sane manner between providers (something like bgp for firewalls)

edit: yes, you can you bgp to blockhole subnet traffic - the standard doesn't play well if you want blackhole unrelated subnets from upstream network

mrktf commented on X.org Security Advisory: multiple security issues X.Org X server and Xwayland   lists.x.org/archives/xorg... · Posted by u/birdculture
jeroenhd · a month ago
There are plenty of setups where the X server runs at higher privileges/on a different host than the (partially trusted) application that might exploit the X server. This is a classic elevation of privileges vulnerability in those setups.

X11's practical absence of any security mechanisms for user sessions means you should probably not run any kind of low-trust UI program anyway, as there is no prevention of keystroke injection or screen recording, but that's a design flaw that will never be solved. That doesn't mean that EoP style attacks like these should be ignored or underestimated, though.

mrktf · a month ago
Digging deeper there are mechanisms for long time on internal X side (see https://www.x.org/releases/X11R7.6/doc/xorg-docs/specs/Xserv... ) - granted never seen it practically implemented.

And going to rabbit hole there are even proof of concept security implementation named Xnamespace for Xorg fork (needs polishing and much more patches but looks doable. see wip documentation: https://raw.githubusercontent.com/X11Libre/xserver/d2b60a3d6... )

mrktf commented on AWS to bare metal two years later: Answering your questions about leaving AWS   oneuptime.com/blog/post/2... · Posted by u/ndhandala
ghaff · 2 months ago
Working around official IT was certainly a significant factor early on. I'm less convinced it is nearly as big a driver (or a downside depending on your perspective) today.
mrktf · 2 months ago
It depends on organization size, just my anecdotal example, I would say the moment IT department becomes own island (for example: can totally ignore requests, with excuses staff overbooked/we need extra planning/6 months extra meetings. Or even worse - process request,but up to point where it can show for upper management and blame you for wasting resources) - you can go full cloud, at least there it is possible get something working in reasonable time.
mrktf commented on Ask HN: Our AWS account got compromised after their outage    · Posted by u/kinj28
WesleyJohnson · 2 months ago
Our Alexa had a random person "drop in" yesterday. We could hear a child talking on the other end, but no idea who it was. It may just be a coincidence, but it's never happened before so it's easy to imagine it might be related to the AWS issues.
mrktf · 2 months ago
More on technical side I'm interesting what is plausible explanation for this type "glitches"?: it inconsistent backend router state between processing nodes, processing application restart and screw up in shared memory segment (i can imagine to decrease load times - use "persistent" shared memory block for outstanding data), or just plain hash table collision and lack of empty slots (i mean: https://en.wikipedia.org/wiki/Hash_collision).
mrktf commented on AWS multiple services outage in us-east-1   health.aws.amazon.com/hea... · Posted by u/kondro
babarjaana · 2 months ago
Dumb question but what's the difference between the two? If the underlying config is broken then DNS resolution would fail, and that's basically the only way resolution fails, no?
mrktf · 2 months ago
My speculation: 1st one - it just DNS fails and you can repeat later. second one - you need working DNS to update your DNS servers with new configuration endpoints where DynamoDB fetches its config (classical case of circular dependencies - i even managed get similar problem with two small dns servers...)
mrktf commented on Bcachefs removed from the mainline kernel   lwn.net/Articles/1040120/... · Posted by u/Bogdanp
akimbostrawman · 3 months ago
He justified breaking the guidelines to address critical issues. one can hope these kind of problems would not happen that frequently in a stable project, besides it is still experimental.
mrktf · 3 months ago
As for occasional follower, my opinion is that: Kent overdid with bending rules until Linus & co got fed up.
mrktf commented on Permeable materials in homes act as sponges for harmful chemicals: study   news.uci.edu/2025/09/22/i... · Posted by u/XzetaU8
b112 · 3 months ago
Get a heat recovery exchanger.

https://natural-resources.canada.ca/stories/spotlight-energy...

mrktf · 3 months ago
It is called recuperator. If it is possible to retrofit i suggest to use mounted in attic (it will be silent). Otherwise, if you want higher quality not and these `breathing` types the box will have similar size like air conditioner (search: mitsubishi vl-100eu5-e)
mrktf commented on Alibaba's new AI chip: Key specifications comparable to H20   news.futunn.com/en/post/6... · Posted by u/dworks
smokefoot · 3 months ago
I mean, I don’t know how long the NVIDIA moats can hold. With this much money at stake, others will challenge their dominance especially in a market as diverse and fragmented as advanced semiconductors.

That’s not to say I’m brave enough to short NVDA.

mrktf · 3 months ago
As long as only TMSC is only top performance chip producer and it is possible to reserve all it manufacturing capacity for one two clients the NVIDIA will hold without problem...

My opinion, the problems for NVIDIA will start when China ramp up internal chip manufacturing performance enough to be in same order of magnitude as TMSC.

mrktf commented on Germany is not supporting ChatControl – blocking minority secured   digitalcourage.social/@ec... · Posted by u/xyzal
ManBeardPc · 3 months ago
Glad we could delay it for now. It will come back again and again with that high of support though. Also the German Bundestag is already discussing a compromise: https://www.bundestag.de/presse/hib/kurzmeldungen-1108356. They are only unhappy with certain points like breaking encryption. They still want to destroy privacy and cut back our rights in the name of "safety", just a little less.
mrktf · 3 months ago
Yes, sad part it will be implemented and I betting even in worse form than it is proposed... And worst part of it "safety" it for current governing party to destroy any opposition.

My wild guess it will voted for with overwhelming majority using "times changed" argument.

m

u/mrktf

KarmaCake day77November 4, 2022View Original