OWASP's Amass Project. I'm not quite sure what it does based on the docs, so I thought if I posted then a kindly soul might enlighten me.
From the docs:
> OWASP Amass is an open-source, versatile attack surface intelligence framework designed to comprehensively map an organization’s footprint. Built for flexibility and depth, Amass combines advanced data collection, network mapping, and OSINT capabilities to deliver detailed insights into physical and digital assets.
I had the same issue. It does not immediately suggest it is an agentic based framework, which is odd to me considering all the recent breakthroughs in security are coming from llms.
> In Rust, however, you're forced to reason about the "seriousness" of calling .unwrap() as it could terminate your program. In TS you're not faced with the same consequences.
I keep wondering about a type system where you can say something like "A number greater than 4" or "A string of length greater than 0" or "A number greater than the value of $othernum". If you could do that, you could push so much of this "coping" logic to only the very edge of your application that validates inputs, and then proceed with lovely typesafe values.
There is some ceremony around it, but when you do the basic plumbing it's invaluable to import NonEmptyString100 schema to define a string between 1 and 100 chars, and have parsing and error handling for free anywhere, from your APIs to your forms.
This also implies that you cannot pass any string to an API expecting NonEmptyString100, it has to be that exact thing.
Or in e-commerce where we have complex pricing formulas (items like showers that need to be custom built for the customer) need to be configured and priced with some very complex formulas, often market dependent, and types just sing and avoid you multiplying a generic number (which will need to be a positive € schema) with a swiss VAT rate or to do really any operation if the API requires the branded version.
Typescript is an incredibly powerful language, it is kinda limited by its verbose syntax and JS compatibility but the things that you can express in Typescript I haven't seen in any other language.
while this is nice, the type itself doesn't encode the logic (unlike refinement type)
i think this would be really nice if validation libraries like zod returned branded types when they are validating non-comp-time types (like z.ipv4() should return some IPv4 branded type)
The type encodes the logic in the schema, it is absolutely a refinement as every parser is. Maybe you meant a comparison with dependent types?
Now every time you will have to use a NonEmptyString255 as a type it has to be branded by passing through the constructor, so you can't pass a normal string to an API expecting it, and you get the error at type level. The logic is encoded in the schema itself, which you can click.
And it also provided the decoder (parser) and encoder (constructor). So you use the parser in a form or whatever and get parsing and precise errors (for it being too long, too short, not a string). And you can annotate the errors in any language you want too (German, Spanish, etc, English is the default)
Essentially this approach is similar to using some class NonEmptyString without using a class and while keeping the information at type level.
It's practical and the ceremony goes as far as copy pasting or providing a different refinement, besides, AI can write those with ease and you don't need to do it frequently, but it's nice in many places not mixing UserIDs with ProductID or any other string makes codebases much easier to follow and provides lots of invariants.
there’s problem with branded types this way now that i think of it
string
type nonEmptyStr = string & NonEmpty
type ipv4Str = string & IPv4
it’s not obvious how you’d automatically determine ipv4Str is also a nonEmptyStr, since the types themselves are just labels, they don’t store the refinements at type level
> and those systems go out to tens of millions from day 1
I like GDS (I even interviewed with them once and saw their dev process etc) but this isn't a great example. Technically GDS services have millions of users across decades, but people e.g. aren't constantly applying for new passports every day.
A much better example I think is Facebook's rollout of Messenger, which scaled to billions of actual users on day 1 with no issues. They did it by shipping the code early in the Facebook app, and getting it to send test messages to other apps until the infra held, and then they released Messenger after that. Great test strategy.
If they ship, say 20m laptops a year that's $800k. I can't imagine what cars their executives are dinging if their repair is orders of magnitude more than that. How many orders is it?
And if you've made $50 on each, that's literally a BILLION dollars in profit, and if their financials are true, that would be 1/22nd of their FY2024 profits. So you would be responsible for the bottom line going down by 0.0036%.
I don't know why you're saying this. Doesn't seem related. The point is that if the price goes up now then it can go up again, and where does it end? This process is how prices are kept in check, and is why laptops don't cost $1m each.
They like it enough that they bought this business from Samsung, who previously developed and supported it through their subsidiary, Joyent. I worked for Joyent for a few years but left before the transition to mnx.
That's good to hear. It sounds really cool, but also as though you need some potentially hard to come by skills to make it work (e.g. someone who used to work at Sun might find it much easier!)
I don’t think that having worked at Sun gives you much of a leg up on Triton (cloud platform). Running Triton does require specialized knowledge, but there are decent docs, IRC, and commercial support available.
Triton uses SmartOS as the operating system on compute nodes. Familiarity with Solaris/illumos is helpful at that layer. If you are
Using it to run Linux VMs, the amount of Solaris wizardry needed should be minimal.
> Some shows and movies seem harmless, initially, but then we noticed in so many kids movies (e.g., Zootopia, Sing), they're always yelling at each other, expressing anger, frustration, and hostility towards one another.
My kids are similar. Years ago I actually just unplugged the TV and put it behind some furniture for 3 months because I was so fed up. It calmed them down a lot (this was after Covid lockdowns, when we'd just given them too much TV) but still - it flares up.
I do think a lot of kids tv is either straight addictive (e.g. Cocomelon) or depicts how kids would like to behave, e.g. in how they talk to adults rudely (e.g. how they talk to the dad in Peppa Pig), or they're always right and the adults are wrong (too may examples to name). Bluey is the saving grace there, as it depicts healthy and respectful relationships, but it's very unusual.
The TL;DW is that Bluey is a kids show that not only recognizes that the parents will likely be in the room while the show is on and therefore will occasionally have lines that are meant for them, but will actually tackle tough topics that children and their families may be dealing with. For example, in one episode, Bluey's mom is despairing because Bluey isn't reaching development milestones when he should be, she's blaming herself, and another character comes to console her, and the character looks directly towards the viewer and says "You're doing great!"
I'm almost tempted to actually watch the show even though I don't have kids.
> Bluey isn't reaching development milestones when he should be
She should be. Bluey and Bingo are sisters.
The show is extremely good, and when my kids were around that age, we all watched together. Hard to explain to your 6 year old why you are bawling your eyes out, but it does lead to some important conversations. It’s also an inspiration to be a better parent, particularly for Dads. Thank you Bandit.
I don’t know if any of this stuff will hit if you aren’t a parent. It hits right into the heart of all those things people tell you “you can’t understand if you don’t have kids”.
It’s an objectively good show though, I found myself watching it even when the kids weren’t around. There are still some episodes I can’t watch; but you’d need to have had those experiences to understand.
Dr Angela Collier just did a video on children's tv. She has some good recommendations. Evidently before she became an astrophysicist she got a degree in education. Who knew?
Don't forget that in most shows where kids are the main-characters, adults in general (and particularly parents) are either absent or less mature than the kids. This is the easiest way to make the kids shine, but certainly communicates a particular message. I really respected Netflix's The Baby Sitters Club for not falling into that trap.
As always, the home model is what has greater influence than any tv show. If parents are also behaving as in the TV shows then the shows simply serve as confirmation bias to what the children observe.
I noticed that when I adopted a loving, quieter tone, and truly focused on do as i do vs do as i say attitudes, my children began to reject the "norms" shown on the tv shows. Today my children remark about how their friends act at their homes and towards their parents, and we have discussions about it.
That said, I definitely had the problem you describe, but it was resolved by focusing on consequences of actions and being ready to follow through on punishments (much like you did). Combined with the do as i do attitude, those punishments were ultimately punishments for me as well. You are being a terorrizing little bad ass? ok no TV. But then this means I can't watch TV because then they might watch TV while in the same room as me. Mutual pain.
Peppa Pig is at least funny. The one that pushed me over the edge wrt to behavior modeling was Caillou. My god people have some self respect as parents. You have to have to create some boundaries for children, not just knee-jerk syrupy-sweet coddling from dawn til dusk.
I find Peppa Pig has multiple layers and the stereotypes of the pig parents are actually targeted to entertain the human parents when they join watching.
Now you're in a car that the US car industry doesn't want to sell, and thus you don't exist.
Do we need self-darkening HUDs? Like an LCD overlay that specifically mutes the intensity of these improperly engineered cars? Seems dumb, but it might happen.
I wonder if we'll just move to using IR for the really high beams? That probably doesn't do anything good to the human eye at high intensities, but if you could augment the driver's vision and not blind everyone at the same time that would be nice? Let's bring back the Cadillac Deville!
Some high-end cars use banks of lights all pointing in slightly different directions, and they autodim the lights pointing directly at headlights coming the other way.
EDIT - also:
> Now you're in a car that the US car industry doesn't want to sell, and thus you don't exist.
To be fair, this is related to the cars people want to buy. Everyone's making SUVs because they sell like hot cakes.
Edit: sorry, I shouldn't post US rules on a UK topic. For penance, a fact about lighting in the UK, reverse lights weren't required until 2009!
There are rules. FMVSS [1] says lower beam headlamps must be mounted between 55.9 cm and 137.2 cm above the ground, and upper beam headlamps must be mounted not less than 22 inches nor more than 54 inches. The height ranges match, but are specified in different units
But that's a big range.
These rules end up being the stick used to regulate vehicle lifts and lowering; you could lift a vehicle higher, or drop it lower but very few people will do the work to relocate the lights.
this is also my understanding. The range is large because it caters to passenger cars, lorries and construction equipment. Construction equipment is seen are more rugged (it often is) and this is now projected as a desirable trait for SUVs and pickup trucks.
The irony is that SUVs and pickup trucks do not need lights 137 cm above ground, but that height is perfectly legal in too many countries. These vehicles are a menace and should be legislated out of existence.
I will always champion the compact pickup truck. A 1980s S-10 or Toyota Truck (HiLux) can do light truck things, is relatively economical, and doesn't have a large footprint. Alas, nobody makes similar vehicles for US/Europe anymore --- kei trucks are still made for Japan, and less developed economies can get simple small trucks. Maybe some of the EV compact trucks will actually be made.
Another one of those quirks of law that appears to be there to help avoid burdening the legendary smallholding farmer whose teenagers are hardworking farmhands towing around 8 head of cattle in the work truck, but which mostly just enables a bunch of idiots driving around surburbs in gleaming-clean four-door pickups that have never carried anything in the bed but a couple bikes or a little camping gear.
I'd be all for exemptions to any rules for anyone who proves ownership of a working farm or ranch but you can bet that no regulation of any kind will ever be enacted to curb the disaster that CAFE rules caused to "car" size.
I came from exactly that sort of community. The fact of the matter is that teen would have driven that truck regardless of the law permitting it.
IMO, this sort of thing should work more like the way fair use works. A cop could pull you over for a traffic violation, ticket you, and then when you go to court you push the defense of "I'm a farmer and I was doing farm work" to get the missing license charge dropped (but you'll still likely end up with a traffic ticket to pay).
Generally speaking, cops aren't patrolling farming roads anyways so you'd really not need almost any exemption in place.
Farmer's kids are already exempt from 99% of road and licensing requirements if they are on farm business. I was 12 years old driving around in an old truck without a license plate or license, sometimes hauling massive loads, and it was 100% legal because it was for the farm and my parents were farmers. And honestly there were far more dangerous tasks done on the farm than that so I don't see a real problem with it.
> you can bet that no regulation of any kind will ever be enacted to curb the disaster that CAFE rules caused to "car" size.
I'm not a big EV person, but afaik EVs don't have efficiency standards and so they don't have to conform to CAFE footprints, so we can get compact vehicles again, hopefully. Up to manufacturers to put them for sale, and people to actually buy them, of course.
Sure. But unfortunately the effect of stupid CAFE on the whole fleet nationwide has been so extreme that the 85% of cars that are still gas have grown to be enormous, so understandably no one feels safe driving a little Civic if they can afford at least a CR-V and ideally a 3-row SUV.
Plus, giant EVs have more room for batteries and most Americans think 300 miles of range is necessary even if they drive 20 miles a day and even if they can charge at home!
This is a huge hole in the regulatory regime. It doesn't make sense to be as wasteful with electrons as we are with hydrocarbons. Sure the electron can be generated cleanly or with higher efficiency, but that doesn't negate the pursuit of encouraging increased utility.
No? You can just make a 2 ton massive EV with a massive battery to get more range, ruining the roads more, using more resources to make that battery. Basically the Rivian model.
From the docs:
> OWASP Amass is an open-source, versatile attack surface intelligence framework designed to comprehensively map an organization’s footprint. Built for flexibility and depth, Amass combines advanced data collection, network mapping, and OSINT capabilities to deliver detailed insights into physical and digital assets.
reply