What is “colorless” suppose to mean? This is the first time I’ve seen it used.
I think it's a reference to this blog post https://journal.stuffwithstuff.com/2015/02/01/what-color-is-...
Readit Newsvmarquet commented on Async Ruby brunosutic.com/blog/async... · Posted by u/brunosutic
vmarquet commented on Double Blind Passwords a.k.a. Horcruxing kaizoku.dev/double-blind-... · Posted by u/astroanax
I saw this post a while ago in a different forum. My note for it hasn't changed: This is called peppering[0]. It's a counterpart to salting, in that you add a random value to a password to make it harder to reverse the password hash, but unlike the salt, it's not stored in the password database.
I think the term "peppering" is mostly used for server side manipulation of the password, which the user is unaware of.
It would be very confusing to reuse this term for what is described in this article, so a new term like "Horcruxing" can be relevant. I like it.
vmarquet commented on Ask HN: Freelancer? Seeking Freelancer? (October 2019) · Posted by u/whoishiring
SEEKING WORK | Full Stack Engineer specialized in Ruby on Rails and InfoSec | Paris or remote
I have 5+ years of experience with Ruby on Rails. I also have a diploma and work experience in Information Security (but I am completely open about working in other fields). Strong entrepreneurial mindset and happy to participate to my client/employer company at every level, not just technical.
I have experience in refactoring apps for easier maintenance and evolution, and in upgrading legacy apps (I have migrated an app from Rails 2 to Rails 5 without issues). I take extra care for UX and design when implementing new features, and try to maximise developer happiness by using the most efficient tools available (exemple: static type-checking with TypeScript instead of JS, etc).
Stack:
* Backend: Ruby on Rails, Python
* Frontend: ReactJS with TypeScript or JavaScript
* Mobile: React-Native
* Also: good knowledge of SQL, Bash, C, Electron, ..., and willing to learn Elixir
Contact:
* Email: vincent.marquet1 [at] gmail.com
* Github: https://github.com/vmarquet
* Stack Overflow: https://stackoverflow.com/users/3486743/vmarquet
vmarquet commented on Google shuttering domain fronting, Signal moving to souqcdn.com github.com/signalapp/Sign... · Posted by u/hapnin
Note that domain fronting is not only usefull to circumvent Internet censorship, it's also used by malware.
With domain fronting, you can exfiltrate data from a company by making the connection appear to go to a legitimate google service (ex: drive.google.com), whereas it actually is going to a server hosted on google cloud services and controlled by an attacker.
lemonde.fr published an article [1] yesterday, in which they debunk this news. A seismologist at Southampton University says [2] that it's unrelated to the rifting.
[1] https://www.youtube.com/watch?v=4QJ8MmbAC_o (in French)
[2] https://twitter.com/seismo_steve/status/977258571716091904
For a quick reference of the Dex file format, Ange Albertini (known for PoC||GTFO) made a poster: https://github.com/corkami/pics/blob/master/binary/DalvikEXe...
All his posters are pretty amazing: https://github.com/corkami/pics/blob/master/binary/README.md
vmarquet commented on Ask HN: Who is the target audience for ~$1000 software? · Posted by u/earenndil
$1000 is the purchasing limit in most large enterprises - anything over $1000 needs specific authorization. Buying a product at $999 is completely frictionless, while buying a product for $1001 involves multiple meetings and reams of paperwork. In enterprise purchasing logic, $999 is indistinguishable from free and $1001 might as well be $50,000.
Clever software marketers have realized that a $999/mo SaaS product fits under that limit just as well as a $999 boxed product.
This. For more information, see this post https://training.kalzumeus.com/newsletters/archive/enterpris... by patio11.
In addition to the "minimalist" aspect, this image seems to offer better practices on a security level than official Debian images. From their README: "The images are built daily and have the security release enabled, so will contain any security updates released more than 24 hours ago."
A recent analysis showed that the debian:latest image is "updated roughly every month" https://anchore.com/blog/look-often-docker-images-updated/
vmarquet commented on Sockey – A P2P multiplayer soccer game based on WebRTC sockey.eu/... · Posted by u/MagicNumber
There is a button to select the input keys when logging in.
Oh you're right! I searched for something after the login screen but I missed this before. Thank you.