Since this is just sending out DISCOVERs and never REQUESTs on any OFFERs that come back, servers can technically reuse IPS from outstanding offers: https://tools.ietf.org/html/rfc2131#page-31 Because the servers have…
Way back in the 90's my CRT monitor went out. Money was tight so I had to wait a couple of weeks before I could replace it. I went to a local computer repair shop (as in, actual repair, like replacing blown capacitors…
You put together a really awesome project! Kudos on that and for sharing it first and foremost!! I speak regex pretty fluently, and I may very well have reached for sed/perl -ne there as well, depending on mood. I guess…
I get the impression that most violent terrorist groups are rather low-tech and are not using _any_ server hardware. If you're aware of terrorists routinely operating DCs or co-locating servers, feel free to correct my…
The regexp must have taken some time to write and debug: s/^."n":"(.+)","i":"(.+)","p":\[([\d\.\-]+),([\d\.\-]+)],"s":"(\w+)","c":"(.+)".$/\1,\2,\3,\4,\5/;
GDB uses a system call(s) to attach to the running process[1], and python exposes an API that lets you evaluate code in the current VM context[2]. Specifically,…
> Based on my data, they're not 1:1 native performance. I suggest you consider the data before dismissing it. I think you're conflating his separate points: "What you -are- benchmarking is namespaces, cgroups, CoW…
INAL (but I play on one daytime TV): Their whole claim aginst TOR amounts to: pp. 2-3 "According to its website, TOR "was originally designed, implemented, and deployed as a third-generation onion routing project of the…
Can you parse HTML with regex? http://stackoverflow.com/a/1732454
Brute force is infeasible if you get random heap data along with key fragments. Based on the way the exploit works[0], my amateur guess would be they sent small payloads and actually did get SSLv3 records, because they…
Probably less of a downside than not being able to move your lower body at all, but yeah.
What if it was a donation to Americans United or Planned Parenthood? There are people who earnestly believe that AU hates religions and-or religious people, or that PP hates traditional family structure. What if he…
> an opinion people shouldn't be held to account for... I believe people should be held publicly accountable for their actions, not their thoughts/opinions, no matter how strongly I may disagree with their ideas. I…
https://defuse.ca/audits/encfs.htm https://defuse.ca/audits/ecryptfs.htm Probably better to use ecryptfs or dm-crypt.
curl -s https://raw.github.com/bluedragonz/bad-bot-blocker/master/.h... | awk -F\" '/SetEnvIfNoCase/ {pattern = pattern $2 "|"} END {print "if ($http_user_agent ~ (" substr(pattern, 0, length(pattern)-1) ")) { return…
Should you judged by the views and actions of others who self-identify as "hackers"? If the label includes people with a wide range of fundamentally incompatible views, it's not very useful to use as a yard stick. It…
Agreed. I wasn't defending DO's professionalism there, just saying that from my experience creating base images for a (different) cloud provider, it looks like an artifact of image creation rather than a real cause for…
To be honest, this looks like an artifact of the base image creation process. "This file is used to clean up traces from DigitalOcean images before being published." I don't think someone actually logged in and ran…
> Or, that our policy on not doing a secure delete by default isn't something you agree with? This one. Choosing insecure defaults for a virtualization API is a Bad Idea. As a rule of thumb (to put it bluntly), people…
Looking at their pricing page, it looks like an instance with 512MB RAM comes with a 20GB disk. Depending on host load, IO and process niceness etc, I can see a `dd if=/dev/zero of=...` taking ~10 minutes easily.
I think he's showing that the data is not "destroyed" in the sense it still exists. Destroy in a virt context doesn't necessarily mean "destroy all the resources associated with a VM"--I don't know about DO's product…
DO is essentially saying they're using insecure defaults by design, which is a Really Bad Idea, even if it prima facie saves time/money. It's relatively easy for them to post a point in a FAQ about why you're billed for…
If you make an API call that asks for your data NOT to be scrubbed, then it's not a leak that your data isn't scrubbed--you asked for it. If you haven't read the docs, you might not be aware that you're asking for it.…
I don't really see how this is leaking data. I can use the dropbox API to make a bunch of files with private data shared with the world. But dropbox isn't "leaking" my data, I'm using the API in such a way that makes my…
Also, even if they zero the primary block device, what about swap if it's provided as a separate block device?
Since this is just sending out DISCOVERs and never REQUESTs on any OFFERs that come back, servers can technically reuse IPS from outstanding offers: https://tools.ietf.org/html/rfc2131#page-31 Because the servers have…
Way back in the 90's my CRT monitor went out. Money was tight so I had to wait a couple of weeks before I could replace it. I went to a local computer repair shop (as in, actual repair, like replacing blown capacitors…
You put together a really awesome project! Kudos on that and for sharing it first and foremost!! I speak regex pretty fluently, and I may very well have reached for sed/perl -ne there as well, depending on mood. I guess…
I get the impression that most violent terrorist groups are rather low-tech and are not using _any_ server hardware. If you're aware of terrorists routinely operating DCs or co-locating servers, feel free to correct my…
The regexp must have taken some time to write and debug: s/^."n":"(.+)","i":"(.+)","p":\[([\d\.\-]+),([\d\.\-]+)],"s":"(\w+)","c":"(.+)".$/\1,\2,\3,\4,\5/;
GDB uses a system call(s) to attach to the running process[1], and python exposes an API that lets you evaluate code in the current VM context[2]. Specifically,…
> Based on my data, they're not 1:1 native performance. I suggest you consider the data before dismissing it. I think you're conflating his separate points: "What you -are- benchmarking is namespaces, cgroups, CoW…
INAL (but I play on one daytime TV): Their whole claim aginst TOR amounts to: pp. 2-3 "According to its website, TOR "was originally designed, implemented, and deployed as a third-generation onion routing project of the…
Can you parse HTML with regex? http://stackoverflow.com/a/1732454
Brute force is infeasible if you get random heap data along with key fragments. Based on the way the exploit works[0], my amateur guess would be they sent small payloads and actually did get SSLv3 records, because they…
Probably less of a downside than not being able to move your lower body at all, but yeah.
What if it was a donation to Americans United or Planned Parenthood? There are people who earnestly believe that AU hates religions and-or religious people, or that PP hates traditional family structure. What if he…
> an opinion people shouldn't be held to account for... I believe people should be held publicly accountable for their actions, not their thoughts/opinions, no matter how strongly I may disagree with their ideas. I…
https://defuse.ca/audits/encfs.htm https://defuse.ca/audits/ecryptfs.htm Probably better to use ecryptfs or dm-crypt.
curl -s https://raw.github.com/bluedragonz/bad-bot-blocker/master/.h... | awk -F\" '/SetEnvIfNoCase/ {pattern = pattern $2 "|"} END {print "if ($http_user_agent ~ (" substr(pattern, 0, length(pattern)-1) ")) { return…
Should you judged by the views and actions of others who self-identify as "hackers"? If the label includes people with a wide range of fundamentally incompatible views, it's not very useful to use as a yard stick. It…
Agreed. I wasn't defending DO's professionalism there, just saying that from my experience creating base images for a (different) cloud provider, it looks like an artifact of image creation rather than a real cause for…
To be honest, this looks like an artifact of the base image creation process. "This file is used to clean up traces from DigitalOcean images before being published." I don't think someone actually logged in and ran…
> Or, that our policy on not doing a secure delete by default isn't something you agree with? This one. Choosing insecure defaults for a virtualization API is a Bad Idea. As a rule of thumb (to put it bluntly), people…
Looking at their pricing page, it looks like an instance with 512MB RAM comes with a 20GB disk. Depending on host load, IO and process niceness etc, I can see a `dd if=/dev/zero of=...` taking ~10 minutes easily.
I think he's showing that the data is not "destroyed" in the sense it still exists. Destroy in a virt context doesn't necessarily mean "destroy all the resources associated with a VM"--I don't know about DO's product…
DO is essentially saying they're using insecure defaults by design, which is a Really Bad Idea, even if it prima facie saves time/money. It's relatively easy for them to post a point in a FAQ about why you're billed for…
If you make an API call that asks for your data NOT to be scrubbed, then it's not a leak that your data isn't scrubbed--you asked for it. If you haven't read the docs, you might not be aware that you're asking for it.…
I don't really see how this is leaking data. I can use the dropbox API to make a bunch of files with private data shared with the world. But dropbox isn't "leaking" my data, I'm using the API in such a way that makes my…
Also, even if they zero the primary block device, what about swap if it's provided as a separate block device?