I'm not surprised in the least, they have a Bugcrowd program and I've submitted atleast one P2 that took months to fix, and best of all - they don't pay bounties! what a joke if you ask me.
Doh.. this guy recently came to me and swooped an up .io I owned. I gave it to him for what I paid for it thinking it was just an individual, should of asked for more lol.
Migrated a complex Jenkins setup to Deploybot in 2015, saves our company a ton of time managing deploys. I'd highly recommend deploybot to anyone.
If I could critique even just one thing it would probably be its pricing structure for personal use, I can't justify $15/m just for deployments. I'd love if they had some kind of personal "developer" tier with support for more repos. On the business side, $15/m is ridiculously cheap for what service we're getting.
I think more cloud providers should do something like what Google Compute Cloud does, they have SSHGuard on their images by default so IPs get blocked after too many failed attempts.
Typical MySQL replication works when slave is listening to changes on master's binlog. Which, essentially, is a log of all operations performed on the dataset. I did some quick googling and apparently it can be accessed quite easily: http://dev.mysql.com/doc/refman/5.7/en/mysqlbinlog.html so I'd assume that this is how they are doing the replication, or something very similar.
As for migration, don't know, you could export the database and listen to binlog but that will lock table for a bit, depending on the database size. But maybe that's acceptable.
Would be curious to hear from folks with more DBA experience :)
Its funny the author mentions all the Google Play stuff about installing apps to users phones without them ever even knowing.. I actually found a company exploiting this in the wild using browser extensions, I wrote about it on this blog:
Oddly enough I submitted a bug report to google telling them they should set a content-security-policy on play.google.com, and was basically told "wont-fix" so the vulnerability to play store still exists.
I've had a few emails about our Enterprise offering but I have not had to the time to really land the sales. I know there are alot of people on HN looking to acquire projects, if someone is interested in the project, you can contact me at contact@extensiondefender.com
Would it be possible to constantly scan the DOM for new iframes and add the attribute with JS? Seems like there might be a small window of opportunity though for bad things to happen, if it would even work.
First thing that comes to mind is having more control of which version of *BSD you want to be based on. With pfsense you're on whichever version of FreeBSD they've worked up to.
That said I roll pfsense on a thin mini-itx intel board and its great.
