Depending on how much you went into, aside from HODL, that's called YOLO. In general, people spread their assets. So for example, you could speculate some on the stock market, some in cryptocurrencies, etc. If you put all your savings in, and it goes to zero, I feel sorry for your children. Cause there goes their scholarship.
Childless and European here :). But I put like 3 months of salary there. Really nothing that could financially ruin me. I went YOLO on housing though... That shit is expensive.
> In general, people spread their assets. So for example, you could speculate some on the stock market, some in cryptocurrencies, etc.
I find this funny, my tech stocks portfolio has gone down 10% since the beginning of the year. I do monthly investing, so that's a loss compared to my average price over time.
In contrast, I bought ETH at around $20 USD, and it being at $2000 is still quite a good outcome for me.
You can't know what happens when the cryptocurrency ETH was at $20. You still don't know what happens. In contrast, with companies, we can take some things for granted, as they have to be open about it to e.g. SEC. With regards to the $20, I knew about Bitcoin when it was a couple of USD (during the Occupy Wallstreet movement, IIRC). I liked the idea, back then. But I didn't end up buying any because to me money is a tool, not a speculative asset. And, as tool, Bitcoin was not very useful then (it still isn't, IMO). Yes, I could've bought it back then. I almost did. But we don't know what the future holds, and for every person with my story there's only a few who did buy it in large enough quantities and exfiltrated their profits at a margin of 10000% like yours. The amount of people who lost money from Bitcoin speculation is also applicable, but you don't hear about the losers. As long as you HODL, all those who HODL win (at least on paper), but as soon as large amounts get exfiltrated, the supply goes up, and value goes down. So it is very important for those who hold the asset to share the HODL mindset (as cultish as it might be).
Desperate people will do whatever they can to improve themselves. Imagine you have neurogenerative disease and in few years you will be stuck to wheelchair forever.
You would still need to spend a lot of energy for the process, which brings us to the beginning. This could maybe be used when we have fully renewable enegry in excess to pull some carbon out of atmosphere.
Are you using Safari by any chance? I used to get a lot of these on Safari, but issue is almost gone on Firefox. I think it's connected to how Safari handles cookies.
I already pay over 100$ a month for subscriptions I rarely use. If we get alternative to Google that is simply on par or slightly better, 10$ is nobrainer just for the de-googlification. For something significantly better - like option of paying some extra cash for more processing power - 20$.
Yes, Sony has this set up the right way, the headphones simply stop working when charging. They also have some pretty good undervoltage protection in there that keeps the batteries at a safe voltage until they are charged again.
That said: it is still body worn lithium ion tech and you should definitely be careful with them, especially if you ever suspect they may have become damaged (from dropping or impact). Be nice to your headphones. And never ever leave them hooked up to the charger once they are charged and if you can only charge to 90% or so.
For company I am working at, it is acceptable to pay more for even long term consultanst, than to pay market price for experienced developers. The reason explained was, that it is different budget line - HR does not want to "overpay" for emplyees, so consultancy is the only option.
Having used vault quite a lot, I'm not really sold on it. Do you see any value in this tool? I've done the whole sidecar mess, middle of the night three keys unlock like we're arming a nuclear weapon and everything, and most of the time it's just been a total faff and imo security theatre vs actual security.
End of the day, the secrets are being written to a .properties file or /proc/<pid>/env somewhere anyway and can be read by whomever has the permissions or the shellcode to do so..
If you're just storing secrets as static key/value, sure.
Vault's real value is in rotating credentials automatically. Some of that value has eroded over time, e.g. Kubernetes now having IAM Roles for Service Accounts. But Vault handles it for databases, and there are a variety of plugins to handle it for other usecases as well, e.g. https://github.com/martinbaillie/vault-plugin-secrets-github
I have been curious about this, too. I think I'd want something like vault to issue OTPs that can be exchanged for secrets over a socket to a sidecar, where the OTP is made available as an environment variable set by the orchestrator (eg k8s). If the token is used twice, lock it all down. If it's read but not confirmed to have been received by the service (through some method... dunno), lock it down.
If you don’t need the Shamir part of Vault, create fewer key shares.
If you integrate properly throughout the stack (i.e “not being negligent”) then secrets will not hit properties files, rotation will happen correctly, and you will be able to audit everything.
You can also do this using a native secret management system if you’re in a a public cloud, but Vault is, for the most part, just better.
What do you suggest? That is, what is proper? I haven't found a good example showing how to use it without environment variables, files*, or http interfaces with shared secrets, but it has been a while since I dug in and I could have missed something obvious.
Obviously if your app is compromised all its secrets are too. Hopefully one doesn’t pull the entire secrets backend to a single app and has audit logs to assess the actual impact and what else needs to be rotated. Also Vault is not just about kv secrets, there’s also pki, ssh and more
This is one example we put out https://github.com/avantoss/vault-infra for vault that supports auto-unlock and other DR hosting features. Once you set it up you remove access to buckets, keys, and ssh and it runs pretty self contained. Upgrades are pretty seamless. One of the most stable and reliable pieces of our infrastructure. Relies on AWS but could be supported with most cloud platforms
Set to autouseal with a transit or cloud (or hms if you pay them $$$) and you don’t need to use sss unless to recover root token (or if somebody leaves)
