More

calvins · on Sept 21, 2024

The paper itself: https://bmcmedicine.biomedcentral.com/articles/10.1186/s1291...

calvins · on June 3, 2017

What do you mean by 'out of the box'? jsonschema needs to be installed. It's not in the stdlib.

calvins · on April 1, 2017

It seems no security audit has been performed, but they plan on it at some point: https://discussion.enpass.io/index.php?/topic/404-security-a...

Their responses in that thread do not inspire confidence in the product for me, to put it mildly.

noja · on April 3, 2017

That was scary. I'm not going to be recommending Enpass.

calvins · on Jan 2, 2017

I think you should put the disclaimer at the top of the github page, and clearly state that it is not secure.

The disclaimer currently is near the end of the document and says only "Purely experimental project. Designed for learning purposes not production use.".

Some people will miss that at the bottom of the page (after how to install, how to use, etc.), or might not realize that textbook RSA is insecure (https://crypto.stanford.edu/~dabo/courses/cs255_winter00/RSA...).

calvins · on Jan 2, 2017

https.cio.gov SSL Labs test result: https://www.ssllabs.com/ssltest/analyze.html?d=https.cio.gov

Of note is that they're using a Let's Encrypt cert and running in AWS.

calvins · on Dec 3, 2016

Not the OP, but I'd really like to be able to run containers with all unnecessary capabilities dropped:

https://github.com/aws/amazon-ecs-agent/issues/223

calvins · on Sept 12, 2016

But doing a 360 doesn't mean doing a 180, and then sometime much later, doing another 180.

kbenson · on Sept 12, 2016

I think it's a matter of context and time-frame. If the end up pointing the same way they started, that's 360 degrees. That might entail two 180 flips at different points, and if talking about one of those specifically, it would be appropriate to say they did a 180 when referring to that specific situation.

calvins · on July 30, 2016

Pip has a constraints file now. Running

  $ pip freeze -r requirements.txt > constraints.txt

after you've installed all your packages gives you a constraints file that can be used to reinstall exactly the same versions:

  $ pip install -r requirements.txt -c constraints.txt

jbbarth · on July 30, 2016

Didn't know that option thanks. Better than nothing, but unfortunately your environment is still subject to the remarks in my second paragraph. So pip-tools is still required if you want more guarantees.

calvins · on May 28, 2016

It's easier to disambiguate shapes and colors than just shapes or just colors -- something like a checkmark of one color, and an X of a different color.

i386 · on May 28, 2016

FWIW We've got colored indicators that have appropriate iconography for these kinds of users.

calvins · on May 26, 2016

> if it's _truly_ agent-less why do they care about the python version on the target, I feel that python target code is the agent?

"Agentless" means that it works by pushing to the machine and that there isn't an agent process already running on the target. It doesn't mean that there aren't any requirements on what needs to be installed on the target already.