On the bright side that CVE seems like pretty great news for the hardware hacking community hoping to get root on embedded devices which have open telnetd.
I don’t understand why it needs to neurotically check so frequently? 30 times a second seems like a lot of hammering on the NTP server. Am I missing something here? Some physical reason why that is necessary perhaps?
I do drive in the slow lane frequently - and this still occurs. (My go to is to set my cruise 6-9 mph over the speed limit, if passing to smoothly pass and get back over, and spend as much time as possible in the slow lane. )
However - I will say most of the roads I’m on are 2 lanes of traffic. I will have to experiment and see if this doesn’t occur when there are 3 or 4 lanes.
The idea of cruising 15km/h over the limit is absolutely crazy to me. That will get you 3 points and a minimum $500 fine here. We have "average speed zones" too!
Where I live travelling at that speed will get you passed by every cop and state trooper driving on the same road. A lot comes down to local norms and enforcement.
Apologies - you’re correct. I should have been more specific in that I was referencing the scenario of:
I’m car 2, waiting to pass car 1. (Who’s passing a car slowly ). I have safe following distance.
Car 3, passes me in the right lane, and then either follows car 1 closely, or, quickly passes them on the right. (Usually as they’re in the process of moving over, causing them to then swerve back).
I realize I communicated this in an absolutely abysmal fashion.
In Southern California the "fast lane" is the medium speed lane, and the "slow lane" is the actual fast lane. It's where people tend to weave in and out of traffic at 15-25 mph speed differentials.
Holy those checklists are the bane of my existence. For example demanding 2FA for email, which is impossible if you self host, unless you force everyone to use RoundCube, but then you have to answer to the CEO why he can’t get email on his iPhone in the mail app.
Or just loads of other stuff that really only applies to large Fortune 500 size companies. My small startups certainly don’t have a network engineer on staff who has created a network topology graph and various policies pertaining to it, etc etc. the list goes on, I could name 100s of absurd requirements these insurance companies want that don’t actually add any level of security to the organization, and absolutely do not apply to small scale shops.
And... this is why the hyperscale cloud is such a compelling choice, even though it costs 10x what running your own servers would cost.
Adding the security feature(s) you need is just a +$100/m checkbox, and they generally have sane defaults or templates that will position you better than some 3rd party vendor with confusing documentation and infrequent updates that require downtime windows to apply.
IMAP is ancient and in its own does not support 2FA. You could do it with webmail clients but you can’t do it with plain ol’ IMAP.
I have seen some attempts at it where the password is concatenated with the TOTP, but the nature of mail clients frequent polling means users would be constantly hammers with requests to reauthenticate.
There is an RFC for OAUTH2 BEARER support and there are even some servers which support it (eg Stalwart IIRC) however there are literally zero clients which support it (AFAIK). And you especially can’t use any of the main top 10 email clients that most people use, there may be some small obscure mail client that supports it, but even Thunderbird lacks support.
I like to implement independent mail systems. No SSO BS. IT enters the password into the mail client while setting up the laptop and phone. The boss can't be phished if he doesn't know his password (or if the password has no use on the internet).
I also like to put everything behind a VPN (again no SSO). But the bigger the company gets, sooner or later this will come to an end. Because it's not "best practice" to not be phishable. Apparently what is needed are layers and layers of BS "security" products that can be tricked by a kid that has heard of JS. https://browser.security
I don’t get it? Wouldn’t figuring out a simple FFMPEG command to watermark an image (or video) take less time than integrating with an API to do it? Plus if you had to do a lot of images it would be much faster to work locally than having to ship the images remotely somewhere.
-someone who does this a lot, specifically for videos.
You're 100% right for your use case. FFMPEG locally will always be faster than shipping images over the network.
But we're solving different problems. You're working with local files you already have. I'm targeting apps where images are already living in S3/R2 somewhere — user uploads a product photo, SaaS needs to watermark it before displaying, that kind of thing.
In those cases the alternative isn't "run FFMPEG locally" — it's download from S3 to your server, run Sharp or FFMPEG, upload back to S3, manage worker queues when traffic spikes, handle retries when things fail. Basically all the plumbing around the actual watermarking.
For your workflow this API makes zero sense. Local batch processing with FFMPEG is objectively better. No argument there.
But if you're building a SaaS where users are uploading images and you need to watermark them server-side, would you rather write all that infrastructure or pay a penny per image and ship your actual product features faster? That's the bet I'm making.
Might be totally wrong! But "pay someone to handle the boring infrastructure" has worked for Stripe, Twilio, AWS Lambda, etc. Same play here but for image processing.
non watermarked content can reside on an s3 bucket or http path, referenced by squid as the origin server, which is Icap Aware , and you can run any command on the content;
Antivirus, ffmpeg to watermark a doc … or indeed a third party API..
it’s most commonly used to do antivirus on a transparent proxy and block infected file downloads but you can run any command you want.
Including watermarking everything with a company logo , “confidential “ , or a unique ID of the requestor.
or making subtle alterations to md5sums , metadata etc in confidential documents or for each requestor to track down leaks and sharing.
Nakivo does something kind of like that with product downloads (executables) to manipulate them and require a specific file name to install that goes back to the info you furnished for a demo.
All sorts of use cases for these alterations, I wouldn’t necessarily abandon an idea that’s interesting or challenging to you and id encourage you to spend a little more time on whether youve considered them all and whether they’re marketable
Then if it’s not interesting as a standalone product it might be something you can bake into a paid CMS plugin (Wordpress, Xenforo, etc) for people who are savvy enough to deploy those kinds of products but maybe not go this far with it.
My bread and butter , I guess.. isn’t something mass marketable , but it’s something i enjoy, am wired for, and never really get burned out or bored of.
I'm convinced it isn't rocket science to design a flush handle that looks as clean yet has a manual operation fallback (preferably mechanical). Eg. Something like an integral hinge where you can push the short, base end in to pop the release (provided car is unlocked).
IMO their handles are stupidly over-engineered. It shows when you get problems like ice, etc. in northern climates.
reply