Battle-tested hypervisors, syscall filters, and container runtimes have survived more adversarial attention than anything you'll build. Across every deployment described here, the standard primitives held while our own work around them exposed flaws.
大多数人认为定制化的安全组件会比成熟的开源工具更安全,但作者的经验表明,经过实战检验的标准组件(如hypervisors和容器运行时)实际上比自定义组件更可靠。这一观点挑战了安全工程中常见的'重新发明轮子'倾向,强调了使用成熟解决方案而非自定义实现的重要性。
Same clinical question, two framings. One as a patient, one as a doctor.
令人惊讶的是:完全相同的医疗问题,仅因提问者身份从"患者"变为"医生",AI就会给出截然不同的回答。这种简单的措辞变化就能触发或绕过安全限制,表明AI的安全机制极其脆弱且容易被规避。
Platform engineering is trying to deliver the self-service tools teams want to consume to rapidly deploy all components of software. While it may sound like a TypeScript developer would feel more empowered by writing their infrastructure in TypeScript, the reality is that it’s a significant undertaking to learn to use these tools properly when all one wants to do is create or modify a few resources for their project. This is also a common source of technical debt and fragility. Most users will probably learn the minimal amount they need to in order to make progress in their project, and oftentimes this may not be the best solution for the longevity of a codebase. These tools are straddling an awkward line that is optimized for no-one. Traditional DevOps are not software engineers and software engineers are not DevOps. By making infrastructure a software engineering problem, it puts all parties in an unfamiliar position. I am not saying no-one is capable of using these tools well. The DevOps and software engineers I’ve worked with are more than capable. This is a matter of attention. If you look at what a DevOps engineer has to deal with day-in and day-out, the nuances of TypeScript or Go will take a backseat. And conversely, the nuances of, for example, a VPC will take a backseat to a software engineer delivering a new feature. The gap that the AWS CDK and Pulumi try to bridge is not optimized for anyone and this is how we get bugs, and more dangerously, security holes.
it was clear that the European and US competitors werebenefiting from these changes to the curriculum in advances in commerce, inindustry, and even on the battlefield.
Compulsory education and changes in curriculum in the United States and some of it's competitors in the late 19th century clearly benefitted advances in commerce, industry, and became a factor in national security.
An interesting directory of personal blogs on software and security.
While it aggregates from various sources and allows people to submit directly to it, it also calculates a quality score/metric by using a total number of Hacker News points earned by the raw URL
Apparently uses a query like: https://news.ycombinator.com/from?site=example.com to view all posts from HN.