> I see, this sheds some new light on your initial concerns. I'm aware an attacker can keep pretending to be inside an environment once they've seen it. I wasn't accounting for a scenario where an attacker has a huge database for queries like coords -> list of wifi networks
I think this is the issue, is these datasets are out there and at least big tech companies have them since they're used to assist with GPS. I was about to post the same thing as above but saw vessenes beat me to it.
Without thinking about it too hard, the two directions I see are either making observations of the environment in real-time that is only relevant at that time (IE sniffing actual wireless frames, even if they're encrypted and making observations on them, however, most devices won't let you go into promiscuous mode and do this) or encrypting the messages in flight so only participants can decrypt them (IE a model like the signal protocol with E2E message encryption).
Anyways, this is a cool approach, but that risk occurred to me as well about the ability to just brute force the entire dataset to decode every location.
I'm not as sure and would want to consider the angles a bit more.
I ponder how effective this would be against an adversary sufficiently motivated to look like they're not using a VPN. And then does it result in a false sense of trust, since a user thinks the system more reliably detects a VPN then it does. Or an adversary who has bypassed the system to then point to it to build additional trust.
I'm with you, I think most people might think they don't need this reliability, until they do. I'm sure there is some subset of clusters where the claim is correct.
But from the article, turning off fsync and expecting to only lose a few ms of updates. I've tried to recover etcd on volumes that lied about fsync and experienced a power outage, and I don't think we managed to recover it. There might be more options now to recover and ignore corrupted WAL entries, but at that time it was very difficult and I think we ended up just reinstalling from scratch. For clusters where this doesn't matter or the SLOs for recovery account for this, I'm totally onboard, but only if you know what you're doing.
And similar the point from the article that "full control plane data loss isn’t catastrophic in some environments" is correct, in the sense of what the author means by some environments. Because I don't think it's limited to those that are management by gitops as suggested, but where there is enough resiliency and time to redeploy and do all the cleanup.
Anyways, like much advice on the internet, it's not good or bad, just highly situational, and some of the suggestions should only be applied if the implications are fully understood.
Yup, even for smaller business stuff. For a non-profit I'm on the board of, the staff wanted a more useful printer/copy machine than just a store bought thing, it's a small office, so I said sure find something and let us know.
So I get a contract and am told it's been vetted and I should sign it. What I found was outrageous.
- If we cancelled for any reason, including if they just didn't do any of there terms in the contract, we owed the full price of the remaining contract immediately.
- The way they structured it was also as a rental, so we were paying full price for purchase of the equipment embedded into the term of the contract, but it was the vendors equipment, so if we cancelled we still paid them full price for the equipment, and they got to keep it.
- If there were any legal disputes, no matter which party was at fault, my side would pay for all the lawyers.
I said nope, can't do it. And my staff were pissed at me for like a year because everyone just signs those things.
I’m also on a nonprofit board. They have an independent LLC and an independent nonprofit which signs contracts for various services like that, and then contracts with the “real” nonprofit to actually use the services. Was advised to set it up this way by an experienced nonprofit consultant.
We had to shred a bad contract (oddly enough, also for a printer / copier) and simply abandoned the LLC and declared it defunct. The service provider never has even showed up to pick up the printer. It was a pay per page contract where they unilaterally raised the price about 200% for no reason.
We also abandoned a water cooler and water cooler service after the vendor simply refused to answer our requests to end the service. (It’s $20 a month. There was no long term contract signed.) Apparently nonprofits are a target for this sort of thing, so we now don’t even mention we are a nonprofit and handle business relationships via the LLC.
How are you setting up LLCs nowadays? I set one up through legalzoom and get charged an increasing amount each year (it increased $100) this year and I can't cancel / dissolve the charges via the UI. Even though I signed up online, I have to contact the state to dissolve the LLC then show legalzoom proof in order to cancel their yearly fee. Its pretty crazy.
Are there other better vendors for this kind of work out there?
I form them myself, which takes about 5 minutes on the Secretary of State's website. The only fee to the state is a one time formation fee. This is true in a variety of states.
I got this advice to do so from (a) the aforementioned nonprofit consultant and (b) an actual attorney, who does serve as a registered agent, for no fee. He is glad to do so since in the very rare event of a lawsuit, he'll be the one representing us. However, you could also just be your own registered agent if you have an office where people regularly work.
Note that I am not going out of my way to conceal the identity of the nonprofit board members / members of the LLC.
Why do you need a "vendor" at all? Do the paperwork yourself and pay the $100 fee (or whatever it is in your chosen state), and Bob's yer uncle. At worst add in a one-time cost of $40 or so to buy a book like Nolo's LLC Handbook[1].
Not everyone wants to have their location publicly available for the world to see. If you can be served a lawsuit, people can "serve" you a bunch of other things too.
You might want to use a registered agent rather than blasting someone's home address into all kinds of public records, or using an attorney who starts the billing clock to receive spam. And when you go for the more reasonably priced registered agents, it feels like a ticking clock until they start to enshittify.
I get why your staff would be pissed because dealing with a crappy printer/scanner is the bane of a lot of office workers' existence... but they must have been able to find a better vendor or something off the shelf which supported the features they needed right? What special feature could they possibly offer to make them brave enough to put all those terms in their contract?
I don’t know about node but a fun abuse of this is background tasks can still sometimes run on a busy lambda as the same process will unsuspend and resuspend the same process. So you can abuse this sometimes for non essential background tasks and to keep things like caches in process. You just cant rely on this since the runtime instead might just cycle out the suspended lambda.
Absolutely, I do this at $dayjob to update feature flags and refresh config. Your code just needs to understand that such execution is not guaranteed to happened, and in-flight requests may get interrupted and should be retried.
TiTiler does exactly that. Geospatial rasters are stored in S3, and the lambda retains a cache in memory of loaded data from S3. So if the same lambda execution is used it can return cached data without hitting S3.
My ISP does this as well, provides Huawei modems with hardcoded backdoor passwords that can easily be found online. So yup, I've got a dedicated firewall between my networks and the modem. With slow updates and backdoors, I'd include any ISP modem and networks as part of my personal threat model.
I kind of like what the folks in British Columbia are doing for their EV prototypes for Semi Trucks (technically a hybrid, EV with onboard generator): https://www.edisonmotors.ca/topsy
I don't know if the point should be that people won't use a startup bank, just that the assets being directed to the startups/disruptors are not presently threatening to the big banks. I would suspect this is currently the case with WealthSimple here in Canada as well. WealthSimple is at something like $50 billion assets under management [1].
Vanguard asset allocation ETFs are at like $1.3T [2]. 4 Of Canada's Big banks appear to add up to just over 2T Assets under management based on what Google just gave me as summary. So while I think this is a great outcome for a startup (even with Power backing them), to me it seems in a similar space as the above article that we're still talking a relatively small market share, and likely still closer to early adopter status.
I don't think the total assets under management is the correct indicator. Vanguard, Big 5 Canadian banks, and even Power Corp cater not only to consumers but also to institutional investors and ultra high net worth individuals. Wealthsimple, to the best of my knowledge, is purely consumer-facing. It is not competing for the same markets as the other ones. Its parent company Power Corp, which is competing in the same area, has an AUM that is comparable to the Big 5 banks. I wonder if there is enough public data to compare consumer products in isolation.
+1 on recommending the Mom Test, it's one of the most important books I've read.
I'd say in addition to entrepreneurs, it's an important book for product teams / product engineers to understand what the Mom Test teaches, and tune the filter on asking the right questions to get the highest signal, and ensure the solution closely matches the value prop for the customer. Then sales and marketing get a whole lot easier when you've asked the right questions and solved the right problems.
Yea, thinking about it for a minute I would expect limited threat models this tool would help with. I think for broad attacks, this would only be somewhat effective if deployed on tens of millions of hosts so it becomes impractical because the adversary is just finding and interacting with the honeypots.
If you are specifically getting targeted, there might be a slight delay by having the adversary try and exploit the honeypot ports, but if you're running a vulnerable service you still get exploited.
Also if you're a vendor, when prospective customers security teams scan you, you'll have some very annoying security questionnaires to answer.
I think this is the issue, is these datasets are out there and at least big tech companies have them since they're used to assist with GPS. I was about to post the same thing as above but saw vessenes beat me to it.
Without thinking about it too hard, the two directions I see are either making observations of the environment in real-time that is only relevant at that time (IE sniffing actual wireless frames, even if they're encrypted and making observations on them, however, most devices won't let you go into promiscuous mode and do this) or encrypting the messages in flight so only participants can decrypt them (IE a model like the signal protocol with E2E message encryption).
Anyways, this is a cool approach, but that risk occurred to me as well about the ability to just brute force the entire dataset to decode every location.