Tuesday, November 30, 2021
New top story on Hacker News: DESQview/X: The forgotten mid-1990s OS from the future
DESQview/X: The forgotten mid-1990s OS from the future
12 by WoodenChair | 2 comments on Hacker News.
12 by WoodenChair | 2 comments on Hacker News.
Monday, November 29, 2021
Sunday, November 28, 2021
New top story on Hacker News: Ask HN: What's the best way to secure your workstation?
Ask HN: What's the best way to secure your workstation?
16 by bccdee | 11 comments on Hacker News.
Here's a very plausible threat: Some developer with a left-pad package, some dependency-of-a-dependency, injects malware into their library. A developer (who is broadly trustworthy) updates their package's dependencies without auditing them properly, and the malware ends up in a VSCode plugin that you use. You open VSCode, your system is infected. We know this sort of malware is making its way onto package repositories [1]. We know people are falling for these attacks. How do we protect ourselves against this family of threats? [1]: https://ift.tt/3eIvIio We could trust nothing beyond our base system and our browser, and refuse to use any code we don't fully audit, but this would be an impossibly austere way to live. I expect most of us, when pressed, would admit that we're trusting much more code than we would like to. The alternative is sandboxing, using a lightweight option like firejail (which I use) or a totalizing system like QubesOS. But these systems are awkward to use, and have their own drawbacks. What's the bar for reasonable security, in your opinion? How do you secure your workstation without living like a monk?
16 by bccdee | 11 comments on Hacker News.
Here's a very plausible threat: Some developer with a left-pad package, some dependency-of-a-dependency, injects malware into their library. A developer (who is broadly trustworthy) updates their package's dependencies without auditing them properly, and the malware ends up in a VSCode plugin that you use. You open VSCode, your system is infected. We know this sort of malware is making its way onto package repositories [1]. We know people are falling for these attacks. How do we protect ourselves against this family of threats? [1]: https://ift.tt/3eIvIio We could trust nothing beyond our base system and our browser, and refuse to use any code we don't fully audit, but this would be an impossibly austere way to live. I expect most of us, when pressed, would admit that we're trusting much more code than we would like to. The alternative is sandboxing, using a lightweight option like firejail (which I use) or a totalizing system like QubesOS. But these systems are awkward to use, and have their own drawbacks. What's the bar for reasonable security, in your opinion? How do you secure your workstation without living like a monk?
Saturday, November 27, 2021
New top story on Hacker News: Tell HN: GitHub is down again
Tell HN: GitHub is down again
315 by pupdogg | 171 comments on Hacker News.
Yet somehow https://ift.tt/2rzqrAY is ALL GREEN! smh
315 by pupdogg | 171 comments on Hacker News.
Yet somehow https://ift.tt/2rzqrAY is ALL GREEN! smh
New top story on Hacker News: 2021 Tesla Model Y review: Nearly great, critically flawed
2021 Tesla Model Y review: Nearly great, critically flawed
5 by unclebucknasty | 1 comments on Hacker News.
5 by unclebucknasty | 1 comments on Hacker News.
Democrats Struggle to Energize Their Base as Frustrations Mount
By BY LISA LERER, ASTEAD W. HERNDON, NICK CORASANITI AND JENNIFER MEDINA from NYT U.S. https://ift.tt/3FJXoP8
via IFTTT
Subscribe to:
Posts (Atom)