University of Twente in the Netherlands has a great websdr[1] running some custom hardware that can tune into pretty much the entire shortwave spectrum. I've spent countless hours tuning in to various European radio stations and broadcasts (you can even pick up the odd number station if you are on the right frequency and get lucky with timing).
This link is pretty famous in some “conspiracy theorist” circles, specifically those interested in “Skyking”.
Skyking is a military radio transmission protocol, believed to be command-and-control in nature. Some believe there to be a correlation between the length of the encoded message/how many times the operator says “Skyking” and the DEFCON level/how close the US is to blowing shit up.
I've enjoyed playing around with this product, but I wish there was a tier between free and pro that added infinite drawing without such a steep price. I'm not really interested in the sync stuff, but would happily pay a little to add infinite grid to the features otherwise included in the free tier.
From what sparse info I can find, it appears ground > sat > ground comms will be encrypted in some fashion so listening with an SDR and doing anything meaningful with the data might be hard, but I'm curious if there will be opportunities for it to be abused for anonymous downlink connections like the Turla spyware group used to do (https://arstechnica.com/information-technology/2015/09/how-h...)
Mostly just a toy to learn some AWS/Serverless and security stuff, but a tool similar to burp collaborator for dns / http canaries tied into a slack bot. Essentially request a new canary url, you get back a unique endpoint such as 123456789abcd.detect.domain.com, and any time there is a DNS request or http request of any kind to that canary url it sends a message to a slack bot with relevant info, and includes some geoip data and a static map image of IP locations (via mapbox static image api). Considering doing my own plugin for mitmproxy (similar to burp collaborator everywhere) that can be useful in looking for ssrf vulnerabilities. A couple tools out there that do this, kind of just wanted to build one myself for the learning experience.
While 10./192. private addresses in IPv4 were in largely designed to help deal with address space exhaustion, they also are important because organizations can use them without having to own the addresses or register them in any way with IANA (or equivalent) since they are not publicly routable. IPv6 still maintains this feature with unique local addresses, and the entire fc00::/7 address range in IPv6 is allocated to private networks and is not routable on the public internet (not that AWS uses these, any IPv6 address they assign to you is a globally routable address). A lot of stuff just still doesn't support IPv6 yet (RDS for example https://aws.amazon.com/premiumsupport/knowledge-center/rds-i...) so you're options are to either give that endpoint a public address and manage your security groups well, or give it only a private address which gives you the added benefit of the endpoint not being publicly routable (which is a nice second layer of security beyond security groups), downside being the things that need to talk to it must now also live in your private subnet, hence Lambda launching in a VPC.
> A lot of stuff still doesn't support IPv6 yet (RDS for example)
Almost all software (OS's, browsers, databases, load balancers, etc.) supports IPv6.
Some third-party services don't. But that's usually irrelevant to my point. For example, RDS allocates public IPv4 address at no extra cost. In any case, my point is that cloud providers are unwisely shoehorning NAT into everything; citing AWS as a contributing factor just reinforces that.
---
There's no longer any need for local IPs, except so that we can still design 90s-style networks.g
My rule of thumb lately has been that if something is marketed as 'Pro', it is usually intended for average joe who wants to feel pro, not to meet the requirements of people that are actually professionals.
My favorite thing about coming into these threads is constantly being told that I'm "not actually a professional" because I'm able to use a Macbook Pro for my job.
I'm not in any way saying that a macbook pro (or any 'pro' thing) can't/shouldn't be used by professionals, or that people that use them are not professionals. It is just that I find more often than not when 'Pro' is used to market something, the primary audience appears to be consumers that want have a pro feeling, regardless of whether or not it was designed primarily for the requirements of a professional. If you are a professional and a Macbook Pro fits your requirements, great! It just feels lately that the 'Pro' moniker doesn't mean it is specifically designed with professionals in mind as the primary audience.
"Being able to use a tool" does not mean that it's the best choice for you.
People here are saying that these new "Pro" computers are actually really bad choices for Professional, mainly because of the lack of modularity and high price.
If you feel offended by those comment, that's on you, no one is actually judging you.
Most corporate computers are never upgraded. In part because computers are just not nearly as expensive as people seem to think.
So, modularity is useful just not not as important as people assume. Computers are also not getting faster as quickly so using the same computer for ~4 years is now completely reasonable. Spread out of that period these start at ~80$ a month. You might drop that price some, but not as much as you probably assume without sacrificing.
They might not be optimal, but it's a reasonable option.
I disagree. The idea that a Macbook Pro does "not... meet the requirements of people that are actually professionals" inherently says "if you're a professional, you don't use a Mac", and inversely, "if you use a Mac, you're not a professional". There is no reason to make that statement unless you are looking to strictly define who is and who is not considered a professional in your opinion, and that definition most certainly leaves a lot of people out in the cold.
Now it might be a true statement that "if you're a professional video editor working with lots of files and 4k video, the Mac Pro doesn't meet your needs" or "if you're a professional data scientist working on cutting-edge machine learning with CUDA, the Mac Pro doesn't meet your needs".
But "professional" is a broad term. Very broad. It's hard to imagine a broader term. Even if we restricted that to "IT professional" or "professional programmer", it's still a very broad range of needs within that statement. And the Mac Pro lacks a very specific set of things that "professionals" may need, depending on their profession.
I'm willing to bet the number of professionals who need a Unix machine with a nice GUI that's well-supported by major software vendors and also well-supported by the manufacturer with retail stores (including tech support) in every city of any size far outweighs the number of professionals who need anything specific the Macbook Pro or Mac Pro are missing. Why, then, are they not considered "professionals"? And what other machine meets those very broadly applicable requirements?
Or how about this one? I need a Unix machine with a serial port and an Ethernet port for my job, and I also need the machine to be lightweight because I travel constantly, it needs to be able to be held with one hand as I'm standing in a datacenter, and I need long battery life because I can't carry a ton of cables through the datacenter as I'm moving around. What meets my needs as a professional? Sure, my needs are very specific... so are the needs of this hypothetical gold standard "professional" who needs what the Mac Pro doesn't have. I certainly don't need a powerful video card. Guess I'm not a professional, then?
It's the constant gatekeeping of "Mac(book) Pro computers aren't made for professionals because I made up my own definition of professional and you're not in it" that really grinds me the wrong way. I don't need to upgrade my RAM because by the time I need more, my work will just buy me a new one. Guess that means I'm not a professional?
It still meets the requirements of a lot of professionals, and a lot of professionals are still going to use them. I'm not trying to say 'whether or not you are a professional is directly related to whether or not you use a macbook pro'. It is just that apple seems to be slowly targeting their "pro" lines more towards the consumer who like pro stuff side to capture more of that market than they are trying to move toward the professional side to capture more of that market. Instead of getting more ports and longer battery life at the sacrifice of weight, we get things like the touchbar and ever thinner machines that have trouble living upto the battery expectations. For a bunch of professionals that doesn't matter, it isn't what makes a macbook pro fit their requirements. But there seems to be a very vocal segment of professionals who sit on that left most edge concerned that what apple calls 'pro' is moving further away from meeting their requirements than closer.
Edit: it might be more clear to say the green circle is people who find a macbook pro to meet their requirements.
"The critical firmware flaws came to light last year in an advisory that was sponsored by an investment that was betting against the stock of St. Jude, which was formally acquired by Abbott Laboratories in January. In the two days following the disclosure by investment firm Muddy Waters, St. Jude's stock price fell 12 percent. At the time, St. Jude issued a statement saying the Muddy Waters report was "false and misleading.""
This reminds me of the plot of Casino Royal where the villains short the stock of an airline / airplane manufacturer, then attempt to blow up the plane they are showing off to force the stock to sink. That is some questionable ethics, then again the investment firm is called "Muddy Waters" haha.
Muddy Waters is a famous research shop that specializes in exposing fraud or fishy accounting. They can spend years on a single thesis. They have tanked many companies who went out of their way to mislead investors.
I wonder if there is a movie where a medical device company sells hundreds of thousands of remotely accessible life critical devices but doesn't really give a shit about security.
Would love more details, since shorting a stock when you know about a critical product vulnerability sounds like "material nonpublic information" to me which would make this insider trading.
I wonder if this is more along the line of finding an exposed database in the wild, or tracking down OEM suppliers and buying samples.
It's hard to love people doing this, because they could have disclosed this privately, but I think it _is_ fair to impose a high cost on not ensuring security, and this is one way of doing that.
1. https://www.youtube.com/@landgrenwilliam 2. https://www.youtube.com/@IanHubert2