Shouldn't matter what you have as a bootloader, by my understanding it should be communicating with the UEFI directly to pull it off and going over any bootloader's head.
It was also in a time where not everything got recorded. You have to think that having cameras everywhere and much more complex package tracking systems like we do now would have made staying hidden quite a bit harder.
lol, those videos of the NYPD ‘searching’ Central Park look like my kids looking for a homework assignment they don’t want to turn in. Until the FBI got involved I thought he was pretty much off the hook.
I find adding dynamic dns entries to my firewalls much more efficient and to have a more meaningful protection value.
A timed job that checks the up of your clients and updates the firewall every 30 seconds seems a much more secure method than having a magic sequence of ports that can be captured in the wild.
It’s hard to spoof a full tcp connection (with a key) needed to update your ddns.
Best part is you can leave your ddns to a separate box or service which complicates the compromise of a single host
I’m going through this right now, I used to be a carpenter and a farmer.
About 15 years ago, I went into tech to pay for kids in the city.
To some extent most of the jobs I find in tech seem to me to be societal busy work. And the people that make those jobs seem to take themselves a bit too seriously.
I’m considering moving back to trades work instead of finding another infra job.
I’ve had time to get my stuff sorted and looking at journey man level salaries I’m not making too much more in tech any more.
I’m not really sure I want to keep going in tech at this point.
> To some extent most of the jobs I find in tech seem to me to be societal busy work. And the people that make those jobs seem to take themselves a bit too seriously.
I’m not sure if this is what you’re talking about, but people outside of the technical roles in this industry rarely seem to have the same curiosity and passion developers do. Is it easy to name other industries where this is true? CS is vast and young, and I’ve always found that exciting. The potential for new frontiers, even at lowly engineering applications like ours, made me want to do this work. Yet lots of managers lack even basic curiosity and sometimes make silly, bad decisions as a result. It can be hard to work alongside that.
Not entirely, what I mean is more that a lot of companies, even ‘disrupters’, are really just figuring out how to be a middle man of something that is already happening and taking a cut.
A lot of the products genuinely kinda suck, and it just feels like busy work to me sometimes.
I don’t think most of that comes out of tech, it’s product and business picking these directions and features but it’s pretty disheartening none the less.
You're spot on, but it's worse the closer you are to "scene" Valley/startup flavor companies, and much better in boring old profitable businesses. Unfortunately the former are more fun to work for (before they drive you insane).
I had a period in the early 10's where I worked with a lot of startups and it made me very cynical (though it could be said that that's more or less my default anyway); it was clear to me early on that most of them were just a retread of someone else's big idea (social network site for animators back when MySpace was fading and Facebook was booming is one that comes to mind that I actually encountered, though I tend to abbreviate this sort of thing as "Uber for dog massages" after someone's sarcastic comment I read). The goal seemed to be for founders to live the startup lifestyle by siphoning money from some VC or other. Obviously the money was a big motivater, but I also got the sense that a lot of it was a sort of status game - people wanted to be viewed as the visionary leader and be showered with attention for it, but they just didn't have real breakthroughs to bring to the table.
One thing that I often see when I look at these companies is that we’ve reached a point where we don’t really need everyone to work 40+ per week.
But, the people with money are willing to spend a mint to make sure that the most capable are working 50-60+ and that it looks like we are at full employment.
It’s not any one person, it systemic. But it’s a whole farse where programmers are so efficient that rich people are using them to suck value out of the economy in a way that returns very little value.
On the other hand there’s systems control programming and stuff that interacts with the physical world that returns incredible value, but there really aren’t enough of those jobs for the programmers we have and they don’t rent to pay big tech salaries.
> To some extent most of the jobs I find in tech seem to me to be societal busy work. And the people that make those jobs seem to take themselves a bit too seriously.
Thanks. You're putting in words something that was bothering me but didn't manage to name.
Yes, lots of busy work at various levels, from switching to the latest framework to redecorating the website because we can, to actually many companies selling nothing meaningful.
And the more vacuous the work is, the more it starts to feel like a cult. You MUST use framework X or pattern Y or clean/agile/... practice du jour, otherwise you're not one of us.
I live with physical disability, so my options are a bit limited. In theory a hip replacement might actually resolve that, but I don't know about working a trade with a joint replacement. I'm a competent carpenter, having learned from my father (my brother is one of the best I know, but got out of trades because the pay benefits were poor). I'd probably look at electrical or HVAC myself, but the thought of working summers in South Texas is also pretty daunting. Basically, there's no free lunch ;)
Of course lots of office jobs are busywork by comparison to carpentry and farming.
I'd guess farmers also aren't playing politics, and gaming metrics, for promotions.
Farmers also reap what they sow, to so speak. And don't plan to job hop before the chickens come home to roost, on resume-driven-farming technology choices.
My assumption is that when you have graceful failure for something like this, you risk a situation where someone figures out how to make it gracefully fail, so no it's disabled on this huge fleet.
It's likely that there have been multiple discussions about graceful failure at the load stage and decided against for 'security' reasons.
If the threat model includes "someone can feed corrupted files to us" then I would definitely want more robustness and verification, not less.
It's perfectly okay to make the protected services unavailable for security reasons, but still a management API should be available, and periodically the device should query whatever source of truth about the "imminent dangers". And as the uncertainty decreases the service can be made available again.
(Sure, then there's the argument against complexity in the kernel ... true, but that simply means that they need to have all this complexity upstream, testing/QA/etc. And apparently what they had was not sufficient.)
As far as I'm concerned, I use setuid/sudo for auditing. At this point, I don't really do multi-user/multi service boxes. Almost everything I have that's multi-tenant at this point is k8s and you can just use kubectl endpoint instead of ssh. But if you're allowed to log in, you're allowed to setuid to root. So for a k8s box, that's the platform infra team and access to the services on top is through the k8s permissions provider.
For the platform infra teams, if you just need something like metrics and logs, that's already off box. If you need to trigger some job or workflow, you can use the pipeline.
But when someone does log in and do root stuff, I want to have an audit log.
I actually can't think of a single box I own where someone with a login doesn't also have root for everything.
Obviously, I understand the services doing setuid thing, but in the case of services, you generally have systemd doing setuid to drop permissions instead of the other way around.
In that case, you can usually set the boot order with bootctl and reboot.
reply