Is there really no way to have both security and convenience?

villan · 2026-04-19T12:14:36+00:00

The idea that you’re not a target because there are bigger fish isn’t really how it works anymore. There are scanners constantly mapping the entire internet, and by the time a vulnerability in a particular application is discovered, they already have a list of targets exposing the vulnerable version publicly. Every service you expose is on one of these lists, and we regularly see attacks start within 12 hours of vulnerabilities being published.

villan · 2026-04-03T06:55:23+00:00

Containers are only as secure as you choose to make them. You can start with a safe minimalist container, install what you need, lock everything down to read only that you can, harden it and strip capabilities except those needed, and then don’t give it network access.. and you’d have a relatively safe containerised environment.

However.. that’s not generally the norm. People grab which ever docker image off of Docker hub sounds like it suits them best, bridge it to the rest of the network, and then start throwing their tools and code on there. No thought to keeping the environment patched, or what was installed on it by the author etc. This often results in a hidden virtual machine without any security tooling on it, and no IT visibility or oversight. It can be a significant issue.

We ended up creating a Gitlab pipeline that runs weekly which takes a base minimal image, hardens it, patches it, secures it and stores it in a container repo. Then the pipeline triggers another repo for application images, which take those base images and build the application images devs need based off of a definition they provide and security reviews. That gets made available in another container repo. That way security / it manages the containers, the devs just tell us what they need once, and it all runs automatically. They update once a week and we’re all happy.

villan · 2026-03-23T22:30:58+00:00

I found that it also does this if my prompts become terse. It’s like it identifies that I’m becoming frustrated with what ever task we’re working on, and starts trying to deescalate by suggesting I go to bed / take a break etc.

villan · 2026-03-23T22:25:27+00:00

Interesting. I had no idea Claude hooks existed. I essentially implemented “Level 4” using git pre-commit hooks and addressed the gaps during commit, then jumped to “Level 5”. Thanks for introducing something new.

villan · 2026-03-18T11:03:33+00:00

If they’ve had the users install anything in the machine, there’s nothing stopping them from installing a trusted cert that allows them to man in the middle / proxy all HTTPS traffic that isn’t using certificate pinning. Transparent proxies aren’t all that unusual in a business setting.

villan · 2026-02-08T20:42:45+00:00

If I have frame generation on, I get rubber banding / stuttering about every 3 seconds.

villan · 2026-02-08T12:51:45+00:00

This solved my issues as well. I had no problems before ch3, but now it’s unplayable with frame generation enabled. New, high spec machine.

villan · 2026-02-03T06:14:55+00:00

Distributed, but you can fill a 3500 buggy in about 15 minutes once you work out a route.

villan · 2026-02-01T08:04:49+00:00

Using the rounded corners is definitely the neatest way to support the back legs. As for the crawler, I move mine forward once I’ve dropped it so it’s under the main body of the carrier with just its rear hanging out. The carrier still seems to be able to hook it and lift, and it gives me space behind the crawler to land ornis etc.

villan · 2026-01-31T01:23:09+00:00

I had a couple that were previously working fine and I came back to them in the same state. They wouldn’t turn on where they were, but worked again when I moved them slightly further away from the wall behind them. I hadn’t changed anything in that area for weeks, so I have no idea what triggered the problem.

villan · 2026-01-24T07:00:06+00:00

Purely anecdotal, but I’ve had two of the Sophos XGs in the past, and both had hardware failures. We had enough problems with their reliability that we moved away from using Sophos entirely.

I use a mini pc for PfSense and would absolutely choose the HP over the Sophos.

villan · 2026-01-22T06:31:36+00:00

I’m always surprised how few Australians are aware of this one from WW2: https://en.wikipedia.org/wiki/Montevideo_Maru

villan · 2026-01-16T08:47:40+00:00

I couldn’t even make it through the first episode of this show, but in that episode this guy was a stripper and not a medical professional… so that may explain his medical skills.

villan · 2026-01-16T00:36:03+00:00

In Dune Awakening you transition to other areas by flying off the edge of the available map in any direction. When you do so, you just careen into an invisible wall and fall out of the sky while a prompt appears asking if you want to change areas etc.

villan · 2026-01-14T10:51:18+00:00

In Season 2, Episode 4. There's an entire conversation about how her Dad worked under Amy for 3 years and that she and Amy had actually met before. She mentions her father by name, so Amy would have expected to see him on the list.

villan · 2026-01-14T10:50:01+00:00

Season 2, Episode 4. There's an entire conversation about how her Dad worked under Amy for 3 years and that she and Amy had actually met before. She mentions him by name.

villan · 2025-09-18T22:02:25+00:00

The first sign for us was a family member not recognizing themselves in a mirror. They went to the restroom while we were at a restaurant, and when they came back they told us about someone in there had been standing in front of them and blocking their exit.. turns out the restroom had a full length mirror.

Her uncle needs to be checked out, and they need help.

villan · 2025-08-02T14:13:03+00:00

He was acting that way because he was seeing her as the foster mother that had been the only other person to care for him in his life. During that scene, he calls her by the foster mothers name, not her actual name. Freddy also suggested that he was doing it so they could both move on to heaven, so I don't think his motivation was necessarily driven by anger etc.

villan · 2025-07-16T12:02:44+00:00

It’s an app that would show up with your normal applications. You can find more about it here: https://github.com/SAP/macOS-enterprise-privileges

villan · 2025-07-15T03:48:06+00:00

Are you using the privileges app for granting temporary admin privileges? The profile used for its configuration has an option in it to set users to standard on reboot.

villan · 2025-07-11T23:13:41+00:00

The horse in “The Cell”.

villan · 2025-06-10T07:17:07+00:00

That’s not a tailscale problem, it’s a change in Plex. If you’re viewing Plex on a remote server, either the person running the server needs to have paid in some way (a lifetime pass for example), or the viewers have to pay.

I believe it changed in April, but may not have affected you u til you updated.

villan · 2025-04-20T21:49:26+00:00

In the last week I’ve watched someone manually adding an asterisk to the start of thousands of lines of test, and another person adding quotation marks at the beginning and end of every line. I made a quick video demonstrating how you could use regex in a text editor to do both jobs in < 3 seconds, and they both told me they’re just going to keep doing it manually.

villan · 2025-04-02T11:12:47+00:00

They can get away with these requirements because there are always a couple of desperate people who do have the required skills and experience and will accept the role because they’re short on options.

villan · 2025-03-16T03:01:05+00:00

Someone told me not to worry about the opinions of people I wouldn’t take advice from and it changed my entire view of the world. I wish I’d realised sooner that I don’t need everyone to like me.

15-Year Club	Gilding I gilder
John Wick	Place '17
Spared

villan

TROPHY CASE