If you blindly TOFU ssh sessions, those can be pwned easily in many common use cases. Legacy software configurations like NFS with IP authentication will be bypassed. Realistically the most likely scenario is using your home as a VPN, or a DDOS node.
AFAIK Lambda and everything else will use micro-VMs. No serious company would use a shared kernel design for workloads in different security contexts. (Personally I wouldn't even use the same hardware host, but sometimes sacrifices have to be made)
And how many of those actions do uncached downloads instead of building self-contained offline images... Speaking of which, I wonder if GitHub has implemented any HTTP interception for common mirror sites, like used by apt, etc.
Many downloads now go over https. Intercepting them would require having certificate for those domains. IIRC on the clouds the standard images do have a sources list that points to mirrors on the cloud’s network. I would only presume Github Actions runners have the same.
Not sure if something similar exists for NPM which is big for all things JS.
Other CI/CD platforms usually push you towards using self-hosted mirrors for downloading large chunks of data (often aggressively so) but github is pretty hands off when it comes to actions. It is interesting to consider whether managing that traffic might be overwhelming them and if this can be traced back to a lack of forethought when it came to building out those tools.
This bit me as well, FYI Zyxel switches seem to be among the few that do this properly, even on cheapest models. On the other hand their web interface cannot be used over SSH or other tunnels... The software side of network equipment is in a sad state, no wonder the hyperscalers moved to whitebox switches
I strongly suspected that there was some pre/postprocessing going on when trying to get it to output rot13("uryyb, jbyeq"), but it's probably just due to massively biased token probabilities. Still, it creates some hilarious output, even when you clearly point out the error:
Hmm, but wait — the original you gave was jbyeq not jbeyq:
j→w, b→o, y→l, e→r, q→d = world
So the final answer is still hello, world. You're right that I was misreading the input. The result stands.
I see this point a lot but it never really made sense to me. What exactly does IPv6 bring to the table that makes it unnecessary to remember IP addresses? Especially for anything more advanced than just looking up a hostname.
IPv6 addresses can be plenty memorable. Mine starts with 2a10:3781:xxxx, and the rest of the address is whatever I want it to be. About as recognizable as my IPv4 address.
If I wanted to memorize the addresses for some reason (maybe I broke DNS or something?), I'd just start numbering devices at 1 and keep going up.
I break my DNS very often, or at least, often enough that it'd become nuisance that I can't instantly recall IP address of every machine in any of my 5 VLANs, AND type it in manually within 3 seconds.
With IPv6, I'd have to drop whatever I'm doing and fix my DNS first.
If you use SLAAC and don't use mDNS, I suppose, maybe? But if you break DNS often enough that you need to remember IP addresses, you can just do DHCPv6 if you want IPv4-like address allocation.
It'll be even easier because you can use numbers greater than 254 for your local devices, or l33t-style hex addresses, without setting up routed subnets when you exceed your /24 like on IPv4.
reply