AWS and Azure stress on spending limits you can set for each card... in their documentation !
Some gen AI and ML folks seem to see a way out to make things without reading any doc or scientific literature. Gen AI is a pretty clever bit of computing, but not witchcraft yet
It all comes down to where the boundary for data access is implemented, and how strictly.
If your webapp has unfettered database access then don't be surprised if it is hacked and someone can do `select * from users` and then posts that dump somewhere.
The attack surface changes if your webapp can only do a REST call to pull a single user record at a time. That way you can put some auditing in, you can put rate limiting in to detect that, etc.
Obviously the user record REST api endpoint is still vulnerable, but it's a much smaller attack surface, easier to audit, and can be monitored a lot more closely.
Yes, ultimately, there will still be a set of vulnerable humans that have access to the database servers themselves and they can always walk out of the place with an SD card hidden in a Rubik's cube but there has to be an element of trust somewhere.
The problem is that too many people put that trust boundary way too far out into the big bad Internet. Or don't even consider it at all and just rely on the fact that other targets are more appealing.
Plus addressing (or movable periods in gmail addresses, etc) is increasingly pointless for a whole host of reasons.
It may keep out the bottom x% of spammers/hackers but it doesn't do much for the increasingly sophisticated scams that are appearing.
If the bit before the + ends up in your inbox anyway then it'll just get stripped off and used. Spammers seeing this kind of thing across several breach dumps:
and will leverage that to target spam at you for other sites, or just email bob@example.com as there's a good chance that'll get through.
Years ago I did a test with my own domain where I created who unique aliases with plus addresses, e.g. steve.smith+iawer@example.com, bob.jones+wpoqe@example.com
It didn't take long for emails to start arriving to steve.smith@example.com and bob.jones@example.com even though that email address had never been used anywhere ever before.
As others have said, you're better off just creating unique emails with `pwgen -s 16` such as wmR5pNhGI8yidU7N@example.com and storing that in your password manager alongside a similarly random password. (Yes, this is roughly what those unique email address services provide.)
Also many services/sites/providers simply assume the username is immutable. $DEITY forbid you might have to change your email address at some point in the future.
Can confirm it's free. I tried it based on the GP comment. There are various ways to prove it is your domain: token sent to one of a small number of email addresses like {admin,security,webmaster}@, DNS TXT record, place a small file in the root of the website, etc.
The only extra bits I saw for the other emails on my domain was a plus address I'd used for last.fm which had been leaked. None of the other emails (wife, kid, family, etc) appear in any breach.
I'm slowly moving away from using my own personal domain as it's becoming an ever increasing burden. I'm also concerned that my wife/kid will be left with something they may not have access to, or would stop working at some point, if I suddenly dropped dead.
Someone in the house pressed the button to update the printer (Brother DCP-L3550CDW) firmware and the CSV page that was the basis for an existing Prometheus exporter (drum/toner lifespan, page counts, etc) stopped being a thing. Instead there was an HTML page with all of the information buried in various divs/etc.
I'd planned on writing something myself to parse the HTML and write a suitable exporter but I thought I'd give Claude a chance.
In a sandboxed VM I gave Claude a single static HTML file of the status page from the printer, also in the directory was the equivalent of "hello world" in Go, literally just the minimum needed to do `fmt.Printf("OK\n")`. The directory was called `brother-exporter`. That was it. No other instructions or information. I hadn't told it what it needed to write. I hadn't said what it should do. I hand't told it what language it was supposed to use.
Just by doing a `/init` in that directory Claude decided that it needed to write a Prometheus exporter in Go that would fetch and parse the HTML file from a printer (defaulting to 192.168.1.1) and then present the associated metrics in a way that they could be scraped by Prometheus.
It did this flawlessly in about 10 minutes.
I could have done it in several hours but this was definitely an "oh shit" moment for me. I think the biggest thing was the fact that it guess/assumed so much (correctly) from so little information in the beginning.
For my own 10G homelab network I jumped the gun and got a couple of Intel X540-T1 cards for my two servers and balked at the cost of the RJ45-SFP+ transceivers (Unifi's version is ~USD60). (I'm sure there are cheaper options for the "not hot" flavour transceivers but I didn't want to have to gamble again.)
In the end I just replaced each X540-T1 with a X520-DA2 which are pretty much the same price on eBay (under USD20) and then I can just use a DAC that's a fraction of the cost of the RJ45-SFP+ transceivers.
Yeah its better to avoid rj45 entire for 10gig if one can. It's unavoidable though for some places. e.g. A lot of consumer boards have a spare X1 PCIE slot...which is enough for 10gig if its gen4.
...but all the 1X cards I've seen are rj45 and didn't want to take a chance on seeing if a X4 sfp card can run in a 1X at full 10gig
My wife is trying to sort something with a famous Irish airline who are well known for messing people around. She has LPA/POA for her mother but rather than the airline accepting the VCode (this is the UK) the airline are requesting to see the original POA certificate which is just ridiculous. They seem to be moving a little quicker now there is solicitor involved.
Given how much back and forth there has been it's probably cost the airline more than just refunding the amount at the first request. We'll keep going to prove a point.
The "Sasha" section brought back a load of memories from my childhood. As an Alex growing up in Western Europe with no connections to anything East it was just my Russophile father that used to call me Sandy or Sasha some of the time.
The robot decided to spin up an expensive setup prior to getting access, so the setup was sitting there costing money whilst it did nothing.
If it had designed the setup but not spun it up until it had authorisation to join the network then it would have been much less costly an exercise.
reply