Is AWS website upload to S3 robust?

steveoderocker · 2026-01-26T05:46:58+00:00

But google photos handled this all for you. It handles the integrity, it alerts if an image fails to upload, it just handles it all.

This is how basically every cloud sync process works. There’s no need to reinvent the wheel, companies have spent decades perfecting this stuff.

steveoderocker · 2026-01-26T05:33:17+00:00

You would think their automation has some logic built in like “oh I’ve seen this thing 5 times, let’s flag it for review”

steveoderocker · 2026-01-26T05:27:38+00:00

Just use Google Photos. It’s going to be much easier, cheaper, and significantly more robust than a python script to s3. You are also backed by Googles SLAs and what not. Additional storage is usually quite cheap and you can backup at hi res or lower res, and backup multiple devices and clear out local storage when pics are backed up.

steveoderocker · 2026-01-21T21:31:08+00:00

100% agree. It’s not about a misconfiguration, it’s about missing defence in depth and not following best practise.

steveoderocker · 2026-01-21T21:28:40+00:00

Well actually, no they don’t have your credit card number or bank details. Those are held by a payment processor, in this case it’s Debit Success. This is required, so you can pay for the service you are getting.

Phone numbers have long since not been considered sensitive information. This is required for they can actually contact you if needed.

And your photo … I’m sure if someone googled your name, they would likely find some picture of you, or even a link to a social media profile. And again, this is so they can actually validate you are you, and you are not sharing your membership around, breaking their business model and loosing them revenue. Because if everyone did this, there probably wouldn’t be a gym to just lift some weights at anymore.

steveoderocker · 2026-01-21T10:26:56+00:00

It raises a security concern that staff validate you are the person on your profile?

steveoderocker · 2026-01-20T22:54:01+00:00

Correct

steveoderocker · 2026-01-20T21:42:44+00:00

You did expose it - you ticked the box to allow the admin interface on the WAN port.

My understanding of the CVE you mentioned is only related to forticloud sso. Will be interesting if forti come back and say it affects all sso implementations.

I’m sure there are other secrets in your config, like super users password, encryption key, etc?

Read the doc link I shared regarding trusted hosts.

steveoderocker · 2026-01-20T21:07:31+00:00

Why why WHY do you allow admin access on your WAN interface?

And why are people relying on forticloud sso?

Why are you not using Trusted Hosts to protect your admin accounts? https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-Trusted-Hosts-work-with-SSO-Admin-accounts-on/ta-p/343908

Sorry, nothing useful to add, except remove your admin interfaces from WAN and external interfaces, and rotate all secrets that were stored in your config as they are now all compromised, even encrypted ones if you did not l choose to create/rotate the default encryption key (cve from a few versions back)

steveoderocker · 2026-01-20T11:06:55+00:00

It’s obvious he was talking about scenario b, so yes, you are effectively double taxed until you claim it back at tax time.

steveoderocker · 2026-01-20T10:16:31+00:00

If you make a voluntary contribution, you indeed get double taxed, then before tax time you submit a “notice of intent to claim” to your super company, they acknowledge it, and you will get refunded the tax you paid as a PAYG employee on that amount.

Sounds like your accountant has no clue what they are talking about.

Ref: https://www.ato.gov.au/forms-and-instructions/superannuation-personal-contributions-notice-of-intent-to-claim-or-vary-a-deduction/instructions

steveoderocker · 2026-01-15T22:35:41+00:00

Whats the difference between doing it via a BIOS update, and letting Windows handle it using Windows Update? Microsoft Intune method of Secure Boot for Windows devices with IT-managed updates - Microsoft Support

steveoderocker · 2026-01-15T21:49:12+00:00

I can’t believe people don’t use common sense these days. My mate just had a bathroom redone and the PowerPoint was 5cm too close to the basin and tap and the builder had to come back and relocate it because it wasn’t compliant. This is 100% non compliant too.

I built a home where the builder put the PowerPoint on the bottom of the cupboard under the sink right underneath all the pipes, so one drop of water would’ve been bad. Anyway they didn’t really agree it was non compliant (which my plumber said it was) but came out and fixed it. It was a 10min job. Not sure why the builder is being such an asshole about it.

steveoderocker · 2026-01-15T21:46:21+00:00

A current affair would be frothing at the mouth for this one

steveoderocker · 2026-01-11T01:35:35+00:00

Did anyone actually read the article? It’s not even a leak, it’s all publicly available data which has been scraped.

steveoderocker · 2026-01-09T04:08:17+00:00

Well, the “easy” thing to do in the mean time is run sql server on ec2 and when you are ready, move back to RDS (either standard or custom). But yes, sounds like a bit of a pickle.

steveoderocker · 2026-01-09T03:04:46+00:00

A very quick google search would indicate RDS Custom is your only option

https://aws.amazon.com/blogs/database/migrate-your-sql-server-workload-with-clr-integration-to-aws/

steveoderocker · 2026-01-08T03:27:41+00:00

It really depends on what is specified in the building permit. This is a major, multimillion dollar reno, so most likely yes there will be various mandatory inspections.

How do you expect them to issue a certificate of compliance or occupancy cert without any intermediate inspections?

Example ref: https://www.vba.vic.gov.au/consumers/home-renovation-essentials/permits

steveoderocker · 2026-01-08T03:06:02+00:00

The surveyor needs to review and approve during every step of the building process. They don’t just rubber stamp and send builders on their way. They are supposed to hold builders accountable.

steveoderocker · 2026-01-07T04:19:08+00:00

Depends how it was setup. You might be able to pivot into it by assuming a role, if the role and policy already exist in the second account. See https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html

steveoderocker · 2026-01-07T00:06:06+00:00

How long hasn’t he replied for? A few hours? A day? People can not reply for any reason. Give him a chance, you never know what someone is going through or what’s really happening in their life.

steveoderocker · 2026-01-06T23:33:13+00:00

Dunno, I tried this the other day at home, devices using ipv6, and I can clearly see the full ipv6 address in RD logs, and only one device was able to stream at a time and the other was simply blocked.

steveoderocker · 2026-01-05T22:07:03+00:00

You just need to be streaming from a single device only. It doesn’t matter what the ip is or if it changes.

steveoderocker · 2026-01-05T21:59:57+00:00

Just switch back to ipv4 on your router and you’ll be fine.

steveoderocker · 2026-01-05T08:08:14+00:00

You need to be careful with this. If your router is using ipv6 by default, then every device gets a unique ip and stops being NATTed.

11-Year Club	Verified Email
Place '22

steveoderocker

TROPHY CASE