mspencer712

joined 3 years ago
[–] mspencer712@programming.dev 2 points 4 months ago (1 children)

There’s a lot of “And then for some reason we did this, and it was more complexity” in this paper. I think that’s missing the point of languages, as a conversion layer between machine code and weird, squishy human brains. We think better, hold abstractions in our minds better, when the language maps more closely with how we’re structuring the problem in our minds.

Not sure if you were even looking for paper reviews.

[–] mspencer712@programming.dev 8 points 4 months ago (1 children)

Buying the company usually means buying all of their user information as well. Other companies can change their policies too. I think you should judge them by their actions, and give them a chance to answer your questions before you condemn them.

(Did you try asking them about your concerns?)

[–] mspencer712@programming.dev 15 points 4 months ago

I’m with you, stuck at a billion dollar software company with an AI fetish. It’s a great search tool, can write some decent unit tests. But God help you if you let it write production code, for any of the “you won’t find this on stackexchange” stuff we all work on.

[–] mspencer712@programming.dev 17 points 4 months ago

Traffic shapers can prioritize connections or streams differently, even if they can’t see inside them. Higher priority for quick connections, like interactive web page views, diminished priority for “oops that’s actually a bulk download it seems”.

[–] mspencer712@programming.dev 9 points 6 months ago

This, 100%. Use whatever language you’re fast and fluent with. If you don’t have any of those yet, C is a good choice. Get books and tutorials from the 90s or 2000s and OpenGL is a great place to start.

The most limited resource that you have to manage would be your own energy and passion. Don’t go out and seek that domaine hit of validation from others until you’ve built something. “I want to build something” is OK, but “I’ve started building something, it runs somewhat, here’s a repo, I’m stuck, HAAAALP!” is way more compelling.

[–] mspencer712@programming.dev 48 points 6 months ago (1 children)

Different domains need different authentication flows. If the provided email ends in a domain they recognize, instead of prompting for a password you’d be sent to another auth provider to authenticate there.

[–] mspencer712@programming.dev 3 points 6 months ago

As a Sennheiser HMDC 27 user, unsure if top left or top right. I’ll be playfully attacked enough for both I guess :-)

[–] mspencer712@programming.dev 9 points 7 months ago (1 children)

How old is that game? Are there other people in your demographic who also play the game, and then searched for the same thing?

[–] mspencer712@programming.dev 3 points 7 months ago* (last edited 7 months ago) (3 children)

Agreed, I have one of the last “good” HP Color LaserJets from a tech recycler and last time I checked it was two model revisions old. This one still has a config option to allow unofficial toner, so I pay like $120 for a set of all four high capacity cartridges now, I think 5k pages black and 3k pages C Y and M. (It’s a MFP m477fdw I think) I think the next model was the first one that took the option away.

You can still use third party toner with some of the later models, but those are more expensive and come with some kind of jig for transplanting an HP chip into their cartridge.

I will never buy another HP product again (apart from replacement parts for my current printer), and will jealously guard this one and nurse this one along until it dies.

But in a general sense, being able to completely ignore the printer for literally months, and then turn it on and get a perfect print, and then ignore it again… really nice. That’s all laser printers. Never buy HP.

[–] mspencer712@programming.dev 1 points 8 months ago (1 children)

To add to Onomatopoeia’s excellent post, separate devices also limit the blast radius of any compromise. Attackers pivot when they compromise a system. They use one system to talk to others and attack them from inside your network. So you don’t want everything on the same OS kernel.

Unfortunately I don’t feel like I’m qualified to say what works well yet, not until I have the pieces of my site put together and working, and vetted by whatever security professionals I can get to look at it and tell me what I did wrong.

But right now I think that looks like every service VM on its own VLAN on a /30 net, and ideally the service VM and firewall/router VM serving it on different physical hardware joined by a managed switch. That managed switch shouldn’t let either VM host touch its management VLAN, and (I think, I don’t do this yet) should send monitor traffic to yet another physical host for analysis.

(“I can see why you’re not done yet” - yeah I know.)

[–] mspencer712@programming.dev 1 points 8 months ago

Regarding the Lone SME thing, my wife has already told me if something happens to me, all my server stuff is getting donated. I should not expect her to maintain it after I’m gone. And I don’t. That’s entirely reasonable. If it lives on after I’m gone it’ll be because the recipe thing was useful enough for others to maintain. My specific server and domain kinda don’t matter.

[–] mspencer712@programming.dev 3 points 8 months ago* (last edited 8 months ago) (7 children)

This is my dream as well, but for security I feel like you need multiple independent systems. I’m doing mine with power-hungry recycled 2012-vintage server hardware (Xeon E5-1620s and 2620s and Opteron 6276s, bought for $100 each several years ago, plus a few hundred more to their maximum amounts of DDR3 ECC) but this hypothetical box could easily have raspberry pis or something similar. Public services can become compromised and you’ll only want certain hardware to be trusted to do certain things.

My plan is a terrible one and I’m taking way too long to do it. I really want someone else to build this better and faster, but if my crappy plan ends up being the first usable version of this, that will suck but at least it’s available.

I had a dumb personal domain from June of 2000, tried to make it a public internet site, offered services to people on IRC for internet social points, but after a few years it got ahead of me and I let it die. (I’ve been paying for the same business internet ever since, though, and I still have the same static IPs as from back then.) Time passed, got married, got a computer science degree and a development job with a billion dollar SAAS company.

I can see how they do big public internet hosting. I want everyone to be able to do this, too. Been trying to build the same kinds of architecture with open source tools at home. Struggling, I keep over designing it and getting stuck and frustrated. It takes me a month to do what a competent ops person from work does in a couple days.

OnceI have this working for me, I can share it, because it’s my own work product. It’ll be a guide, a recipe to follow, for creating the kind of secure and isolated web application and general VM hosting environment I see us use at work. This stuff is the difference between “I’m hosting one thing and if it gets hacked, everything is owned” and “I’m hosting a hundred things, all different, and if one gets hacked that will suck - but the other 99 things will stay safe.”

Biggest problem I think with creating this with open-source is just picking a direction for everything and getting the internet to not pitch a fit. “Why did you use postfix?” “I hate Greenbone / GSA and refuse to use it.” “Hardware is expensive, you say I need a jump box for this AND for this, and dedicated hardware for a firewall here AND here? Each of those could clearly be a VM. Your project wastes hardware and I’m not doing it this way.”

Sure, once this is done these decisions are pretty much baked in and I won’t have the energy to redo them yet again. But getting the architecture perfectly designed for your exact scenario … that takes a ton of work. Big companies pay a ton of money in just payroll hours to build this kind of thing bespoke for their needs. I’ll be giving away my version, and I’m afraid the internet won’t care.

But I think we need to keep this ability alive, that private citizens can set up their own DIY hosting that can stand up to hostile internet actors decently well. They can pay (I’ll grant) exploitative rates for business internet connections so they can have static IPs at home as well. If we all stop, we all just decide all hosting should be done by big cloud service companies or big enterprises, we lose a crucial bit of internet freedom. Someone needs to say “yeah this is kinda dumb but I’m doing it anyway.”

And if they could do it with a box you just plug in, instead of my (likely) month-long two hundred step recipe, and still have it stand up to attacks and “Internet background radiation” and stuff, that would be epic. I kind of don’t want my thing to be the way that self-hosting-public-web-services is done.

view more: ‹ prev next ›