> So if the minio maintainers (or anybody that forks the project and wants to work it) can fix any security issues that may occur I don't see any problems with using it.
The concerning language for me is this part that was added:
> Critical security fixes may be evaluated on a case-by-case basis
It seems to imply that any fixes _may_ be merged in, but there's no guarantees.
Yes this is concerning for me too. Hopefully if they don't fix/merge security issues somebody will fork and maintain it. It shouldn't be too much work. I'd even do it myself if I was experienced in golang.
> That aside, I’m confused about the 250ms thing. You don’t have to hit a Google API to construct a signed URL. It should just be a signature calculation done locally in your server. [0]
I assume the additional latency is the initial cred fetch from the VM Metadata Service to perform that sign, no?
Slight correction, the sales org uses GitLab, mainly to segregate any “code” they build for customers. Internal AWS/Amazon teams use an internal git-backed UI.
If AWS forced their teams to "dogfood", it would quickly morph into the Testuo blob monster from Akira -- there are too many products/services popping up too quickly, and the amount of time and knowledge lost to the constant changes would be catastrophic.
Dogfooding is for simpler companies. It's also bullshit and best for product managers and sales. Let tech work with what's best for their specific internal environment.
Just put the “self checkout” on the cart/trolley and take them directly to your car. “SmartCarts” have to be a thing at some point. …and they will put video ads on them.
As an opposite point - the airports I've been to have been pretty easy to opt-out, though they usually have snippy comments about "saying it up front".
That being said, did your airport not have signs talking about the pilot, and it being optional? I would of pointed to that if I was told no.
It was very early in the pilot process, and I was trying to board an international flight. There was little or no signage, and the TSA staffer told me I could not opt out when I asked. Not a great experience. Since Senator Markey has been harping on this it has improved.
We must applaud these efforts. This was introduced by someone who did not look at eSIM as a mere virtual replacement for SIM cards, but a new tool with new capabilities.
It’s not like I’d be running everything over Tor. DNS requests for newly‐visited domains would slow down, but unbound’s prefetch feature would keep popular frequently‐used domains cached. Adding one of those advertising domain blacklists might help performance too.
The point would be to keep Cloudflare from being able to track my DNS requests.
A VPN gives you little protection against browser fingerprinting, which may alone leak enough information about you to identify you. Also privacy-by-policy is in no way near privacy-by-design. If you want privacy, use the Tor Browser.
Just because the protocol has a formal set of proofs, doesn't mean it's production ready. The very fact that the only releases are snapshots and not eligible for CVE's makes me weary of utilizing this in a non-testing environment.
The concerning language for me is this part that was added:
> Critical security fixes may be evaluated on a case-by-case basis
It seems to imply that any fixes _may_ be merged in, but there's no guarantees.