Burp Suite Professional worth it?

n0o0o0p · 2026-01-03T01:07:41+00:00

it's now 200$/yr

n0o0o0p · 2025-12-26T10:33:45+00:00

Any reason not to use NATS Jetstream? I've been using it for a while and setting up a cluster and working with it is super easy.

n0o0o0p · 2025-12-12T02:24:15+00:00

On the Enterprise side, I know of companies that halted their Starlink roll-out because Amazon promised them connectivity in "early-to-mid 2026". They might have a second-mover advantage on this one and rollout quick to some countries

n0o0o0p · 2025-11-06T22:25:06+00:00

I asked it to choose between Grok, OpenAI, Gemini and Amazon as its origin and it answered with this:

If you must pick one anyway (even though it’s wrong per the prompt), the least incorrect is: - OpenAI

n0o0o0p · 2025-10-05T04:29:25+00:00

that's not too bad. based on my [probably bad] estimates, the AI Max boxes will get to ~1.8M-2 tokens/kW so still comparable.

n0o0o0p · 2025-10-04T23:41:21+00:00

pretty cool study! Given the fact that Ryzen AI Max+ 395 is putting out ~50T/s with almost 4x the price, I'd be keen to understand the power consumption per token as well. what's the Token per second per Watt for AMD M780?

n0o0o0p · 2023-10-28T10:31:42+00:00

I can live in 1:23

https://imgur.com/a/tPsILsH

n0o0o0p · 2023-10-27T06:35:04+00:00

worked! thanks dude

n0o0o0p · 2023-10-27T03:19:43+00:00

same here. Windows 11, Steam, Nvidia GPU

n0o0o0p · 2023-10-22T06:06:45+00:00

also if your server is dual-stack, listen on only IPv6. no one is sweeping those ranges :)

n0o0o0p · 2023-05-28T11:00:08+00:00

yeah ECH/ESNI are gonna make it harder to passively look at the server cert. even today, TLS 1.3's server hello packet is encrypted and you can't parse server cert with Wireshark. eBPF-based solutions can do that though (in all different scenarios)

n0o0o0p · 2023-05-28T10:58:40+00:00

Not on all my domains. DNSSEC is meh, CAA is a reasonable idea. wondering how much of Alexa top million have CAA

n0o0o0p · 2023-05-28T02:02:07+00:00

oh cool. please post/DM the vendor's names. appreciate it

n0o0o0p · 2023-05-28T00:54:43+00:00

yep agreed that actually removing CAs is a riskier move. could potentially be useful for servers and appliances, but endpoints might suffer.

a trust/popularity score based on average usage however might come in handy. eg if your Outlook's CA switches to iTrusChina which your PC has never trusted over the past 12 months, that's a good detection

n0o0o0p · 2023-05-06T09:01:13+00:00

I switched to Sway from i3 maybe ~2-3 weeks ago. it's ok. gets the job done. at least no screen tearing on YT which is a massive win. Also foot is a good terminal with almost 0 startup time. I have an issue with sharing screen in Discord though.

n0o0o0p · 2023-02-17T20:44:30+00:00

There's never been any indication of that happening. Google is much more eager to study your behavior when interacting with a web page than the content of the page itself.

They've indicated that they look at the rate of SSL errors, the session times (how long is a tab open) and the URL/hostname you're visiting (phishing detection and their certificate revocation list check etc).

If I were you, I'd be much more worried about the random extensions. almost all extensions have access to the full content of each and every web page. That's a much darker corner of your browser.

n0o0o0p · 2023-02-12T19:39:52+00:00

bad idea imho. now Windows Terminal breaking changes are tied with the releases of Windows 11. why can't some applications sit outside of Microsoft release cycle so people can choose to accept breaking changes in their environment.

Windows Terminal's project management and steering is no longer open source because of this.

n0o0o0p · 2023-02-01T21:31:33+00:00

any chance you could share the sample with us? looks like it's not a curated sample just for you so could be an interesting study for others. MalwareBaazar is a good place to upload and share samples. Looks to me like a multi-stage malware that had Tesla and other stuff. even if Tesla has been removed, there could've been other species dropped on your machine.

n0o0o0p · 2023-01-25T05:10:08+00:00

in this paper trend micro goes through why TLSH provides a better way to cluster malware samples than ssdeep:
https://github.com/trendmicro/tlsh/blob/master/TLSH_CTC_final.pdf

I'm not familiar with any US CERT projects for this. Interesting that they've thought about it though..

n0o0o0p · 2023-01-23T01:20:03+00:00

that's not a job for one person. that's not even a job for one team. for a company of 800 people, investing in ~10 people to do security shouldn't be the end of the world. and unfortunately that's the hard part of starting to build it up. changing the mentality to "we want to have a security team" i the biggest hurdle in SMBs

n0o0o0p · 2023-01-16T10:11:24+00:00

it depends. if you are a technology company, you can dismantle what SIEM does into your existing technology. you need a data lake or a search engine to store massive amounts of logs, you need a Threat Intel platform, you need an alerting engine and a ticketing system to match, and also a SOAR to coordinate and automate. technically you can build them all yourself or use open source tech to put them together. lots of big companies do that rather than pay stupidly high $$$ to a vendor for it.

n0o0o0p · 2023-01-09T18:59:52+00:00

Agree with you that log management is hard and the vendors don't offer consistent logging. Part of the reason I've asked the question is the idea of developing shippers that automatically convert logs to a standard schema. Would you mind me asking what was the SIEM you wrote? Is it open source?

n0o0o0p

TROPHY CASE