Hacker News: grumpyinfosec

New comment by grumpyinfosec in "Framework Desktop is a mash-up of a regular desktop PC and the Mac Studio"

grumpyinfosec — Thu, 07 Aug 2025 19:58:02 +0000

i don't really get the point of this? Its a ITX motherboard with a moible chip. I could buy a itx board and a desktop chip for less. Or get a miniPC with the same chip for even less.

They are trying to disrupt building a PC, which was already modular and easy to upgrade, with a 1000+$ motherboard with soldered RAM?

New comment by grumpyinfosec in "Cloudflare Starts Blocking Pirate Sites for UK Users"

grumpyinfosec — Tue, 15 Jul 2025 15:22:32 +0000

realistically blocking low cost personal VPNs / proxies is pretty easy. Any new servers they stand up are gonna get picked up by commercial threat intel services with an hour and then just blocked. Especially if the CDNs are working with the government.

You could roll your own but wireguard/openvpn going to random hosting provider is gonna achieve the same thing if they are playing hardball.

New comment by grumpyinfosec in "'Humans need solitude': How being alone can make you happier"

grumpyinfosec — Wed, 11 Jun 2025 13:49:30 +0000

ya it does seem that way. But, there is a pretty big cohort of people that are like this and they click on stuff to. So i'd guess it's more marketing to sad grind-set loners than deliberate propaganda.

New comment by grumpyinfosec in "VC money is fueling a global boom in worker surveillance tech"

grumpyinfosec — Thu, 05 Jun 2025 15:29:43 +0000

i always think about e911 calling for enterprise VoIP software phones. In order to make sure the calls go the right 911 local call center it is required to have the user enter the address they are using the computer at. It's the law and the fines for routing to the 911 center of last resort aren't cheap. And thats just the tip of iceberg if required employer surveillance just to follow the damn law.

https://www.fcc.gov/sites/default/files/voip_and_911_service...

New comment by grumpyinfosec in "OpenAI slams court order to save all ChatGPT logs, including deleted chats"

grumpyinfosec — Thu, 05 Jun 2025 15:04:55 +0000

You sue them and win damages? Courts tend to uphold contracts at face value.

New comment by grumpyinfosec in "Europe launches program to lure scientists away from the US"

grumpyinfosec — Fri, 09 May 2025 18:15:03 +0000

ya it does seem like a good opportunity for US and Asian companies to get public sector research without even having to pay taxes for it. Europe really needs to build out the theory > applied science > product development > actually adding some value pipeline to make this have some impact longer term.

New comment by grumpyinfosec in "DigitalOcean blocks SMTP ports 465 and 587 since last month"

grumpyinfosec — Tue, 08 Apr 2025 16:15:20 +0000

This makes alot of business sense, most orgs know better than to homebrew their mail env on (lets be honest here) "basement hosting LLC". So that leaves the people that are spamming/phishing as the core SMTP customer here.

We lost the personal self hosting fight long ago. I used to do it, but now i pay protonmail to do it for me and even that is losing its luster since proton technology IP blocks are pretty radioactive at this point. Some day will have join the outlook or gmail gang which makes me sad; but setting here in my chair staring at my orgs email firewalls and seeing 80+% inbound volume being auto-blocked as spam, bulk or phishing it make me wonder if anything of value was lost.

New comment by grumpyinfosec in "Ask HN: Are you crosssing the Amazon picket line? If no, where are you shopping?"

grumpyinfosec — Mon, 23 Dec 2024 20:04:37 +0000

go to the IRL hardware / grocery store? I still get out of my chair to go the Costco, Ace hardware, Microcenter and REI's of the world. But short of that target, walmart, home depot have really stepped up their (fast/free) shipping game in the past few years.

New comment by grumpyinfosec in "White House says no need to restrict 'open-source' AI at least for now"

grumpyinfosec — Tue, 30 Jul 2024 18:11:04 +0000

Its possible to restrict DIY building of pretty much anything if your end goal was to stop people from doing something outside of their basement with it. I can't build my own open source coal fired power plant and except to sell power without the EPA coming to kill me. Same would be if i used a open source AI that violated some new consumer protection / anti fraud law if i choose to use it over the public internet / build it into a product. Hell you could probably go after the devs for being accessory if you really wanted to.

The license really does nothing to protect your project from regulation its just that the government doesn't care about open source yet.

New comment by grumpyinfosec in "Steps to Becoming a Cybersecurity Expert"

grumpyinfosec — Tue, 09 Jul 2024 17:03:55 +0000

sounds about right, but I'd up #1 from "basic computer knowledge" to "sysadmin level enterprise system experience" if you want to truly be an expert. Success in cybersecurity on the blueteam side to me is more being a really good sysadmin that is paid to only think about security. I've seen people that just jumped into the field with just their fancy cybersecurity degree and by god they can tell me exactly what part of MITRE this control handles (in painful detail) but when rubber meets the road they don't really know how domain controllers work. It sometimes doesn't inspire confidence and since we need main IT to listen to us as security "experts" that really can be a issue if they think we can do anything practical. (they don't let us touch their toys) Im a computer janitor and i know it, just a fancy one with security written on my door.

New comment by grumpyinfosec in "U.S. sues Apple, accusing it of maintaining an iPhone monopoly"

grumpyinfosec — Thu, 21 Mar 2024 23:56:06 +0000

or you could enable ios lockdown mode in one click if you feel like going full "im a targeted individual". I'm more talking appsec here. Even from the personal non-enterprise security angle android has the sideloaded boyfriend stalkerware issue and the flavor of the week banking Trojan PDF readers on google play issue. Apple just seems to stay out the news on the app store security front.

New comment by grumpyinfosec in "U.S. sues Apple, accusing it of maintaining an iPhone monopoly"

grumpyinfosec — Thu, 21 Mar 2024 23:44:01 +0000

i wouldn't put much stake a zerodium numbers as the benchmark of platform security. People who sell these kind of gray market mobile zero days for big bucks aren't going public about it. Mostly because the only buyers that aren't the OEM are nation states, maybe the top end of criminal land and of course the NSO group. Plus android's at least 10x the market when you start talking IOT and point sale etc.

New comment by grumpyinfosec in "U.S. sues Apple, accusing it of maintaining an iPhone monopoly"

grumpyinfosec — Thu, 21 Mar 2024 20:29:47 +0000

I don't even let my users have browser extensions without them going through the formal review process. Managing the proliferation of PWAs (potentially unwanted apps) is one of the most unsolvable issues in security. iOS is the gold standard for secure mobile computing due to inability to support alot of these risky use causes.

New comment by grumpyinfosec in "The rise and fall of a Halifax man's illegal TV streaming empire"

grumpyinfosec — Tue, 19 Mar 2024 17:57:08 +0000

But like stealing from people just because you don't like them doesn't really change the moral calculus. I'd imagine most people that steal anything don't like the victim very much. Do what you want (or what you can get away with) but the "moral" thing would be abstain from consuming the products entirely or buy them according the terms of the seller.

New comment by grumpyinfosec in "ExxonMobil is suing investors who want tougher action on climate change"

grumpyinfosec — Thu, 29 Feb 2024 21:20:55 +0000

It my very well be possible that its not currently impacting them in any meaningful way. Its one of those things that you can ignore until you can't. It still is a step in the right direction cuz at least people don't really flat out deny it's happening anymore, just debate how much we should care.

New comment by grumpyinfosec in "NIST Releases Version 2.0 of Landmark Cybersecurity Framework"

grumpyinfosec — Thu, 29 Feb 2024 20:16:34 +0000

GRC non-sense like this is really the cornerstone of cybersecurity. It seems like dumb boxchecking but these domains are the tools that we use to define, measure and most importantly sell security to management / main IT / users. The technical side is more sexy but then you discover that wack-a-moling the hot sploit of the week didn't really build your posture beyond the low hanging fruit.

New comment by grumpyinfosec in "Two trends help make millennials seem lazy to their elders"

grumpyinfosec — Thu, 29 Feb 2024 18:48:52 +0000

i'm not sure many people would deny themselves the self-actualization / biological urge of becoming a parent for something as nebulous as sticking it to the man. People certainly didn't stop having children when we all where subsistence farmers or worked in glided aged era sweatshops to save them from the burden of being alive under the boot of capitalism.

New comment by grumpyinfosec in "Two trends help make millennials seem lazy to their elders"

grumpyinfosec — Thu, 29 Feb 2024 18:08:06 +0000

Depends on the person. Alot of people don't really care about the macro. They go to work to add value, seek the admiration of their peers, not get fired (etc) and then go home and do something else. Living your entire life without really worrying about geopolitical bullshit that you have no agency over may very well be the optimal strategy. We have people for that.

New comment by grumpyinfosec in "Heat Pumps Take on Cold Climates"

grumpyinfosec — Tue, 27 Feb 2024 17:24:17 +0000

seems pretty comparable to the other colder parts of the country. (besides the east coast) The warmer parts of the US i'd imagine are less sensitive to residential gas prices.

New comment by grumpyinfosec in "Heat Pumps Take on Cold Climates"

grumpyinfosec — Tue, 27 Feb 2024 16:35:40 +0000

Thats kind of high. I only pay $0.78 a therm here in Wisconsin. 1 therm is around 30kwh so im paying like 2.5c a kwh vs 17c for electricity. So unless I can get a CoP of 700% from a air source heatpump im literally lighting money on fire. That really is the main issue, as much as I care about emissions I don't care enough to spend money on a heat pump to then spend more money on utilities. And the calculus gets worse and worse when your poorer.