Hacker Newsnew | past | comments | ask | show | jobs | submit | fuzzy2's commentslogin

I think there’s still quite a bit: font size, regional settings (language etc), software versions, browser extensions, adblockers…

Reliable (consistent) quality, yes. Quality? Debatable. But it definitely keeps driving, no dangerous situations so far.


Or no number even. Sucks to be missing out, but I won’t budge on this.


Doesn't Vagrant spin up full VMs? Incus/LXD/LXC is about system containers. So like Docker, but with a full distro including init system running inside the container. They are much faster to spin up and have the best resource sharing possible.


Vagrant has a provider plugin for lxc. Please check my reply to the parent commenter for more explanation.


Actual computers? People don't have those any more. Not even laptops. They have smartphones and they may have tablets.

I'm over-generalizing of course, but that's the vibe I get. It's because many, both older and younger, entirely skipped the whole personal computing thing.


And when was that ever a thing on Windows?


I don't know. Was it?


No, that's kind of the point. It's not something Windows XP/Vista/whatever made worse by hiding it or even taking it away. It simply is not available.

macOS works like this though, IIRC, and no other way.


I'm not really exploring the origin of the problem; I'm just saying it's dumb and a pain in the ass.


> now that they have multiplied many times in resolution

Did they though? Quite a few laptops barely have 720 pixels in (scaled) height. That's less than your CRT with 1024x768, back in the days.


What inheritance chain? I'd say I'm quite proficient with Azure RBAC and I cannot understand what you're describing.



These don't clarify your situation, sorry. They're also referring to two distinct scenarios.

Especially regarding the SO question, I get the feeling that author is misunderstanding something.

Where exactly are you seeing what exactly that might imply some kind of inheritance chain?


i get the sense that you're not trying to help but instead argue about it. i already described as much as i want to detail: https://news.ycombinator.com/item?id=44445382


Okay. Then I'll lay it out: there is no inheritance at all. An identity does not inherit roles and it certainly does not inherit other identities. You are misinterpreting something you saw. However, without further details, a more targeted answer is not possible. I did not want to write a blanket statement like that because it is very condescending and hostile. Sorry about that.

You may have seen the identity's IAM page. It does not show roles assigned to the identity.


from the docs:

> Lower levels inherit role permissions from higher levels...When you assign a role at a parent scope, those permissions are inherited to the child scopes

https://learn.microsoft.com/en-us/azure/role-based-access-co...

so i guess this what you said is confidently wrong lmao like you couldn't even be more wrong:

> Then I'll lay it out: there is no inheritance at all. An identity does not inherit roles and it certainly does not inherit other identities.

i misspoke calling it "identity inheritance" and not "scope inheritance" tho my first comment said "role inheritance" but the fact that there is any sort of inheritance involved at all with my rbac roles is very poor design decision. and the fact that i can misunderstand this and spend hours of company time trying to understand it, and still failing....when this should be an intuitive, 101-level thing for cloud design. but nah i gotta spend time going through like ten different docs piecing together knowledge and pentest my own work and also argue with some guy on the internet who called himself adept at azure and doesn't know this either (which further proves my point!)


The so-called "lower levels" inherit role permissions (or role assignments, if you will), which is something else entirely. Furthermore I'd say this is both expected and necessary to effectively administer permissions in organizations. Assigning permissions (via roles or otherwise) on every single object is not feasible. Inheritance is required. It works similarly to NTFS ACLs.

What I wrote is, in fact, accurate. An identity cannot inherit a role. It is simply impossible. What would it inherit from? The identity does not actually exist where it appears in the control plane (ie. in a resource group). It exists in Entra ID (formerly Azure AD).

There is but one possibility for a newly created identity to actually have roles assignments: Automation via policy. Now that I think about it, there might be another: assigning roles to special groups like "Authenticated users".


ok so now it's a semantic debate. love that... i hope this knowledge that i shared is useful to you in the future, so you can avoid dumb ass RBAC inheritance footguns


I think this confusion is exactly the problem. “Roles inherit” is one of those Azure things that looks simple in docs but ends up creating hidden privilege sprawl in real environments. I’ve seen teams argue for hours about what gets inherited, what doesn’t, and who has access to what, just because a single assignment at the wrong scope can fan out across everything.


> I think this confusion is exactly the problem.

yes, exactly!


Do we know by now whether this was an Office 365 enterprise account or a regular "Hotmail" (Outlook.com) account?


Everything OTel I ever did was fully active. So I wouldn't say this is very noteworthy. Instead it is wrong/incomplete information.


we use k8s + otel filelog receiver. in this case you don't have to connect to the clickhouse instance to collect what it's writing to stdout/stderr, just tail /var/log/pods/*/*/*.log.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: