Hacker News: igama

New comment by igama in "Apple introduces new AirTag with longer range and improved findability"

igama — Mon, 26 Jan 2026 15:54:11 +0000

Yes

New comment by igama in "The worst programmer I know"

igama — Sat, 02 Sep 2023 21:11:49 +0000

"Tim wasn’t delivering software; Tim was delivering a team that was delivering software. The entire team became more effective, more productive, more aligned, more idiomatic, more fun, because Tim was in the team." - This happened years ago to me, with a manager pulling me aside and asking why my Tickets resolved were so low... They only cared about the number of tickets worked on...

New comment by igama in "Why Data Breaches Don’t Hurt Stock Prices (2015)"

igama — Fri, 16 Sep 2022 10:59:18 +0000

Because most people don't care about it and forget about it in the long term?

New comment by igama in "Music for Programming"

igama — Thu, 07 Jul 2022 08:43:39 +0000

Same for me. I find it boggling people that can listen to audiobooks, podcasts, to shows while working/coding.

New comment by igama in "Check if your IP is exposing any ports. If you see 404 page, nothing is exposed"

igama — Tue, 22 Sep 2020 18:03:30 +0000

Check the timestamp of the results ;)

New comment by igama in "Check if your IP is exposing any ports. If you see 404 page, nothing is exposed"

igama — Tue, 22 Sep 2020 18:01:43 +0000

The free page securityrating.io from BinaryEdge also provides that information.

For more complex queries about what is being exposed on IPs worldwide (IPV4 and IPV6) You can register a free account on app.binaryedge.io.

(Disclaimer: I'm part of the BinaryEdge team)

New comment by igama in "Zoom says it won’t encrypt free calls so it can work more with law enforcement"

igama — Wed, 03 Jun 2020 08:10:26 +0000

Reply by Alex Stamos:

https://twitter.com/alexstamos/status/1268062452123496450

New comment by igama in "Guide to running Elasticsearch in production"

igama — Wed, 26 Feb 2020 08:38:28 +0000

No one can answer that for you, you need to test it out your self. Depends on size of documents, number of keys, volume of reads, etc etc. Spin up 1 instance and test it out ;)

New comment by igama in "Guide to running Elasticsearch in production"

igama — Wed, 26 Feb 2020 08:34:22 +0000

One way for example would be store all events you want to write to ElasticSearch to a Queue (like rabbit, Kafka, etc) then have a set of workers/importers (this can even be logstash with input from queue and output ES) that read the events from that queue and store them in ES.

This way your system becomes a sync, and your system above is not affected if ES becomes slow writing or goes down for a reason. Your events will remain stored in the queue waiting to be processed.

New comment by igama in "Ask HN: What are your arguments in favor of end-to-end encryption?"

igama — Fri, 04 Oct 2019 14:44:35 +0000

"If the Police have a legit reason to access a property they go to court and get a warrent, and if they need to they'll kick the door in to get in." That's what currently takes, place, Government doesn't have the keys, they have to use force to get in, or other methods. (However there are physical limits to materials, so there is usually a way to break in)

But, by having a special key that opens all the doors, anyone could copy it - yes rules can put in place to who as access, etc, etc, but by knowing there is a "hole" in each device, every possible malicious agent will try and break it as soon as possible. Then what?

We have seen examples by Law Enforcement officers using accesses to gather data that would required a court order, but they didn't have one, and it was for personal reasons. So, how does that work out?

New comment by igama in "Security for Elasticsearch is now free"

igama — Mon, 20 May 2019 22:08:29 +0000

Same feeling...

New comment by igama in "Security for Elasticsearch is now free"

igama — Mon, 20 May 2019 21:30:52 +0000

Opendistro was announced by AWS a few weeks ago. It’s their fork of ES with security features and some of the XPack functionality included.

New comment by igama in "I scanned Austria"

igama — Sat, 09 Feb 2019 13:24:20 +0000

Exposed (Open/NoAuth) Databases in Austria: MongoDB: 26 ElasticSearch: 14 Memcached: 4 Redis: 6

Others: Synology DiskStation NAS ftpd: 299

RSync the old is still new – Exposed Files and Backups

igama — Sat, 22 Dec 2018 15:16:40 +0000

Article URL: https://blog.binaryedge.io/2018/12/22/rsync-the-old-is-still-new/

Comments URL: https://news.ycombinator.com/item?id=18740881

Points: 5

# Comments: 0

Publicly accessible .ENV files exposing Keys/Tokens

igama — Wed, 19 Dec 2018 13:50:23 +0000

Article URL: https://blog.binaryedge.io/2018/12/19/publicly-accessible-env-files/

Comments URL: https://news.ycombinator.com/item?id=18715544

Points: 8

# Comments: 0

New comment by igama in "Kubernetes clusters being hijacked to mine cryptocurrencies"

igama — Fri, 07 Dec 2018 09:25:52 +0000

CTO Binaryedge here. For those wondering, We have detected more than 15k Kubernetes APIs with Auth. This post focuses on ~1.5k found without Auth, that are fully open.

It's not just a Kubernetes Problem. Like many have posted, many databases, other types of clusters, shares, are accessible without Auth for those that know how to look for them (not that hard now days), mainly malicious actors.

New comment by igama in "Kubernetes clusters being hijacked to mine cryptocurrencies"

igama — Fri, 07 Dec 2018 08:48:06 +0000

Exactly, the main story is Kubernetes being exploited in the wild and in large numbers, Crypto mining is just one of the "attacks" tacking place.

Kubernetes clusters being hijacked to mine cryptocurrencies

igama — Thu, 06 Dec 2018 20:49:00 +0000

Article URL: https://blog.binaryedge.io/2018/12/06/kubernetes-being-hijacked-worldwide/

Comments URL: https://news.ycombinator.com/item?id=18622062

Points: 183

# Comments: 64

New comment by igama in "[dead]"

igama — Fri, 23 Nov 2018 10:02:06 +0000

We scan the entire internet space and create real-time threat intelligence streams and reports that show what is exposed on the internet. Our objective is to help you answer questions like: - What services is your organization exposing? - How many IOT devices are accessible? - How many services/databases are miss-configured? - What DataLeaks have affected a specific e-Mail?

New comment by igama in "A hash table re-hash"

igama — Tue, 31 Jul 2018 10:25:45 +0000

I've updated the link.