- Container break outs are rare and they typically require the attacker being able to control either the container creation parameters and/or the actual image being run. If you control those things and apply process isolation best practices (seccomp, cap drops, etc) then you are in pretty good shape.
Source: ran a container based RCE service that ran millions of arbitrary workloads per month. We had sophisticated network and system anomaly detection, high priced pentesters etc and never had a breakout.
- In MA you are paying through the nose on labor to install though. That rebate evaporates pretty quickly, still a 5 figure job.
- I just looked at the Chicago to Boston train and it's 22 hours long? That seems...lengthy?
- I live on a very busy road that sees >15,000 vehicles/day, including 18 wheelers, dump trucks, busses, tankers etc. It is noisy (nevermind the air pollution) from 5:30 AM to 10:30 PM and I don't think local officials really appreciate it. I'd like to capture data, I'd even pay for it, but all of the "sound level" measuring devices are all junky and don't give accurate readings and don't store the data really well. I'm happy to pay for the right device or even better some certified service that can take measurements and create reports but I'm lost here. Any advice?
- How is atheism not a positive belief system? And why is a positive belief system the answer?
- Based on my evaluation that Trump only does things to further his agenda of sowing distrust in institutions and not out of any sense of justice or progress, here is my take:
He is forcing Assange to say "I will not reveal my sources as I am a journalist". Trump then gets to say he tried. The "media", especially any real journalists that take their profession seriously, will provide analysis that Assange is right for refusing. This gives Trump another opening to smear the media by portraying them as pro Assange, pro hacking and anti DNC.
- Kelsey Hightower tweeted about it. https://twitter.com/kelseyhightower/status/12812095507170713...
- Immigration is good for innovation, the H1B system is not. This administrations rollout of the suspension is cruel, which is the point. H1B Reform/Replacement is needed, the status quo is not.
- Yes those salary survey's are just a way for businesses to enhance the information asymmetry in negotiations.
I think if software engineers ever decide to collectively bargain, and they want to include comp as an area to bargain on, the easiest thing to do is buy these same datasets and share with members.
- It's not about where you live. It's supply and demand. Those companies artificially limited their supply and provided a ton of demand within their narrow market. They are now opening up to new markets and spreading out the demand accordingly.
Forced analogy time: It's like if I decide I'll only buy peaches from the organic farm down the road. They charge $20/lb. I calculate that I get $21/lb worth of utility. The Farmer is happy.
A few years later I decide that purchasing organic peaches online for $15/lb fits the bill, and utility dropped slightly to $19/lb but still better in comparison. The farmer is no longer happy.
- This is really well done. Really appreciate the Pulumi output option.
If we wanted to support vpc peering between accounts, is it a matter of copy paste?
- I had a neighbor in Boston a few years ago that was in the inner circle of the Lyman family. They had "real" jobs, etc but still definitely operated on the outskirts of society and the law. Didn't make great neighbors...
- Isn't prometheus an implementation and not an interface? I have "prometheus" running in my cluster, if it's not cortex, what implementation am I using?
- Ah ok. I don't write Rust either but maybe it'd look like:
impl State<Running> { pub fn next(self, Trigger<Hibernate>) -> State<Hibernate> { State { _inner: Hibernate {} } } pub fn next(self, Trigger<Terminate>) -> State<Terminate> { State { _inner: Terminate {} } } } - Sure but how does that work with the provided implementation where all states can only transition to a single state, this is ensured at compile time. What does the code look like that allows a state to transition to one of several other states?
- Noob question but what about state machines where a given state could transition to more than one other state depending on some outside factors? Or is that no longer considered a state machine?
For a relevant to me example, a VM state. A VM in running state could be transitioned to terminated or stopped or hibernating depending on an admins action.
- I'm looking for information for those that provide patient care to covid patients. Infection rate, best practices, transmission to family (I live with a doctor providing care to covid patients...), etc. I've seen some anecdotes and single case reports that are concerning, but anything that is data driven like this will be helpful.
Also, where is non denatured ethanol readily available?
- What does "blacklist" mean in this context?
- What is the end game with this strategy? If you sell the puts today to capture the profits, do you also sell your equities? If you don't sell your equities isn't there a chance the slide further? If you hold the puts to maturity why buy them at all?
- It's the same price as EKS... https://aws.amazon.com/eks/pricing/
- I agree the rollout is a little bumpy but I'm curious what workloads you are using k8s for where a $74/mo (or $300/mo) bill isn't a rounding error in your capex?
- Since I follow paulg on twitter I don't have to read the article to know where this is going. On twitter paulg is a "capitalist idealogue" (a term someone else used to describe him which I thought fit very well). and that comes with all sorts of controversial points of view.
The most entertaining/snarky way I can describe it is he is a try hard auditioning for the role of Peter Thiel's best friend.
It's a little disappointing considering the regard I held for him for so long. I try to separate the essays from the twitter account.
- This becomes less of an issue once you realize everyone is pretty much mediocre.
- I think it's a great example. It boils down to simple code that may not be obvious how it behaves within a degraded network. Your dev/QA could even have the thought and actually test it but it work under ideal circumstances giving them false confidence.
I'll go out on a limb and say it is nearly impossible to design and build a test environment that can simulate all network conditions, so that even in trivial cases where a dev might know for a fact that there is an issue, it'll be incredibly hard to reproduce it.
Maybe put another way, formal methods give cover to dev/QA to avoid shipping known but hard to prove buggy code. Bugs they will ultimately be held responsible for.
- > I guess what I'm saying is that if you need TLA+ you are very likely doing it wrong.
Agree to disagree. If your system is distributed it requires you to share data and act concurrently. Otherwise it isn't a distributed system. No amount of retries will cover all of the screwed up things that can happen on an unreliable network.
- I think the argument is if you've been around distributed systems long enough you will encounter race conditions. Sure, it's ok to say "Well, the testing infrastructure isn't up to snuff, so we just need to fix it" but at scale this is impractical.
Check out the fallacies of distributed computing[0]. If your testing system can simulate all of those edge cases, it probably looks a lot like TLA+.
[0] https://en.wikipedia.org/wiki/Fallacies_of_distributed_compu...
- I get that but, how much money do angel investors have? How long before the 95% failure rate drains their capital?
You'd need at least 20 investments to even think about maybe beating that 95% failure rate, that seems like a very high number of investments for one person to find, evaluate, fund and wait before the 95% catches up to you.
We found that privileged is a pretty big hammer and thought we needed it too but we found ways to give us the functionality we needed without all the extra stuff we didn't need the privileged brings in.