So a documented core aspect of the tool is a leak. Impressive research
gencha
joined 2 years ago
I really hate it when people call for impromptu meetings and are completely oblivious to what you mention. People are absolutely incapable of bridging mental gaps. Nobody explains common vocabulary. Nobody explains the expected goal of conversation. Nobody evens the playing field. Instead, you watch people confused and asking stupid questions, before they arrive at a constructive mental place, right before the meeting is over.
Communication is art and a skill. Just because someone is talking a lot, doesn't mean they communicate well.
If you can efficiently enable a group of people to arrive in a mental context where they can contribute value to a decision or process, you are a valuable team member.
IMHO this always requires preparation. You can't expect to have a valuable exchange if you yourself can't fully imagine the mental context the other people are in. At every moment you have to understand what might be keeping them from understanding you, and then approaching the specific conflict. "Why don't you understand me?" is something you should never have to ask yourself.
Also, yes, build more prototypes and actually watch some shit go instead of talking so fucking much. Pictures are a thousand words and a real thing is like thousands of pictures. Stop talking already!
Respect the Accept header from the client. If they need JSON, send JSON, otherwise don't.
Repeating an HTTP status code in the body is redundant and error prone. Never do it.
Error codes are great. Ensure to prefix yours and keep them unique.
Error messages can be helpful, but often lead developers to just display them in the frontend, breaking i18n. Some people supply error messages in multiple languages, depending on the Accept-Language header.
There are many ways your real IP can leak, even if you are currently using Tor somehow. If I control the DNS infrastructure of a domain, I can create an arbitrary name in that domain. Like artemis.phishinsite.org, nobody in the world will know that this name exists, the DNS service has never seen a query asking for the IP of that name. Now I send you any link including that domain. You click the link and your OS will query that name through it's network stack. If your network stack is not configured to handle DNS anonymously, this query will leak your real IP, or that of your DNS resolver, which might be your ISP.
Going further, don't deliver an A record on that name. Only deliver a AAAA to force the client down an IPv6 path, revealing a potentially local address.
Just some thoughts. Not sure any of this was applicable to the case.
There are many ways to set up something that could lead to information leakage and people are rarely prepared for it.
5 nines imply a downtime of 6 minutes a year, or every 100,000th operation failing. That's not great for a file system. I assume you picked the number arbitrarily, but still think about it.
And has been for so long, they already went through it once
Numbers give the wrong impression that one version follows another. Debian release channels exit alongside each other individually. Giving the release channels names helps to make that distinction. It also makes for an easy layout of packages in APT repositories.
Sid is and always has been Sid. If you were to assign numbers, what number should replace that name? There are perfectly working labels for release channels and there is no reasonable replacement.
Google already has a fleet of "Hello Google" enabled devices that do listen all the time. Some phones surely also support always-on for this. My TV supports it. Users are already deliberately enabling this. There is no need for shady tactics.
Sounds a lot more expensive than regular prostitutes
Can't blame the kid. The parents however...
So you fucked everyone because of a beef you had with AWS. Go fuck yourselves. Moving people off Elastic products is the right move either way. Don't look back.