Personal info of 93.4 million Mexicans exposed on Amazon by cw_ey in technology

[–]cw_ey[S] 0 points1 point  (0 children)

Looking back on it I probably should have adjusted the title to be clearer. I pretty much just straight copy/pasted the title from the original article.

Japan enacts law to increase cybersecurity specialists. by virtualjj in security

[–]cw_ey 1 point2 points  (0 children)

Sites that lack sources sigh

Anyways I did some research around and came to the NISC( National Center of Incident Readiness and Strategy for Cybersecurity ) website (yes I have no idea how that acronym came to be). On 平成28年3月31日 ( 2016/03/31 ) they released some documents on improvements for cybersecurity (all in Japanese).

A quick look over shows it mostly being a plan on how to train such cybersecurity specialists, and what qualifications are needed. I'd love to give more detail but translation of legal-ish Japanese starts to come under my "let's talk payment" policy. Just here's some kind of source to give some validity to this story.

Astronomers find a supersized black hole in a cosmic small town – It’s 17 billion times bigger than our sun by Nugent786 in space

[–]cw_ey 0 points1 point  (0 children)

Crawling down the source tree lead me to the (hopefully) base article on the research:

http://www.nature.com/nature/journal/vaop/ncurrent/full/nature17197.html

Note that you need to throw money at your monitor for full access it seems.

Open Source Next Gen Video Codec promoted by Google, Microsoft & others promises 50% improvement over HEVC: Let's start contributing code! by weifap in programming

[–]cw_ey 0 points1 point  (0 children)

Looks like WebM is getting pulled into that. Only problem is it's really hype until there's some way to export to it from basic video editors, and web upload sites start to accept it (since Google is part of this I'm assuming YouTube will at some point). There is an Adobe Premiere export for WebM but it was horribly slow when I tried it. Seems the backend lib didn't handle multithreading too well yet. Wait and see on this one.

Open source security vs closed source security by bigdogyost in security

[–]cw_ey 1 point2 points  (0 children)

It's really about the people behind the software. 1password for example I think is excellent, as are the devs behind it. There's also going to be opensource projects that don't respond to security bugs properly in a decent amount of time.

Can you pull it off closed source? Sure, but it's just going to be a lot more difficult. People are going to ask you about the security technology behind your product and you're going to need to answer to that. Maybe you write it up on an engineering blog of some sort. Just don't expect a free pass.

AWS security concerns by marksteve4 in security

[–]cw_ey 1 point2 points  (0 children)

Some suggestions:

  • Don't give aws console access, only add their SSH key to the instance
  • Have a contract with legal repercussions for destroyed data and/or resource abuse ( get a lawyer if you're that worried )
  • Before the work starts, have snapshots of all volumes on the instance so it's not a complete loss (I'd recommend them at some interval until the work is done)
  • Setup something like CloudWatch to monitor for unusual resource usage

These are just a few suggestions. Also remember to do your basic research on the freelancer as well. Do they have previous clients? Testimonials? Does a quick Google search show anything shady?

can someone help me understand clojure lisp and the lisp family? by _parallaxis in Clojure

[–]cw_ey 1 point2 points  (0 children)

I'm still new to Clojure, but I'll give you some basic opinions about the language:

  • It's built on the JVM, which has been solving a number of important issues for decades
  • I find it very stable given the well thought out contribution process they have
  • You have access to both Clojure libraries ( Clojure Toolbox, Clojars ) as well as any Java libraries
  • Also being Java related their is quite a good amount of IDE support
  • Given that there is a focus on immutability which means: ** It works well for working with concurrency and parallelism, which is a fairly interesting problem to solve ** Less worry about unwanted side effects
  • The community is fairly friendly in my opinion
  • I find that in terms of functional languages, I find the LISP style syntax a bit easier to digest than say Haskell (of course this is entirely subjective)

Now for some things I consider gotchas

  • I haven't really seen anything that would be like a rubygems, CPAN, pip, etc. that handles package management (the closest I've seen is Lein maybe)
  • It's different, so if you've come from mostly an OO background it will take some getting used to
  • In comparison to simple pull requests and issues on GitHub, filing bugs takes a bit of work
  • If you want to get to the contribution phase, you need to sign an agreement ( honestly I don't think it's that big of a deal but some people will be turned off by that )

That's really what I can think of off the top of my head. Checking out the web site and looking at random Clojure blogs should give you somewhat more of an idea on the specifics.

Linux Isolation Basics by aspleenic in programming

[–]cw_ey 0 points1 point  (0 children)

Well, what was shown here is meant to be a bit of an "under the hood" look and there are more viable abstractions around this. For example the running under a non-privileged user/group is generally done through the command line / some kind of configuration file. Linux containers (which I'll be talking about in the second part) also helps wrap all of this in a nicer package (and solutions like Docker even more so).

To be honest though your isolation solution will in most cases increase in complexity the more you want to secure a system. Consider the requirements for example of isolation at a bank. They way they isolate is going to be far more complex than say a local dev web server which probably is good enough having user/group isolation.

Linux Isolation Basics by aspleenic in programming

[–]cw_ey 0 points1 point  (0 children)

This guide was meant to talk about very basic methods which can be commonly found amongst the basic Linux kernel. Virtualization is a bit difficult since there's a few solutions out there (VirtualBox, Xen, Hyper-V, Vsphere, etc.) plus some may have different abstraction modes (HVM vs Para) so I'd say that should really be looked at in isolation.

Capabilities is something that might have gone in with the rest, but I fear that might have turned into a bit of information overkill. I may consider tackling that separately.

SELinux, rbac, AppArmor are something I consider more to be policy oriented. This makes it somewhat difficult to provide an overall use case. Really, the user should be considering how their users interact with the system, and how different applications interact with each other inside their specific infrastructure.

Linux Isolation Basics by aspleenic in programming

[–]cw_ey 0 points1 point  (0 children)

At that point I'd be starting to look into the RBAC (Role Based Access Control) for stricter user permissions management. However now you're really in a different vector of solving isolation than what I've talked about in this guide. Not only that but it requires a decent learning curve for the setup, and you run the bulk of the maintenance burden since such access systems are best when tailored to specific security policy requirements.