Hacker Newsnew | past | comments | ask | show | jobs | submit | service_bus's commentslogin

Traditional virtualization still requires you to pay for your own power, cooling, redundancy, SAN, backup, network, etc.

Not every company has the need to staff all of these specialists.


It appears your organization left an elasticsearch database exposed to the internet. This happens frequently due to poor configuration.

You're either going to have logs pointing to an IP that the individual used to siphon your data, or nothing.

With an exposed elasticsearch database, you possibly had the data being siphoned by many parties, and are only aware now because of this particular incident.

If you have any operations regarding customers in Europe, you need to notify your relevant Data Protection Authority

https://edpb.europa.eu/about-edpb/board/members_en

You should also sign your engineers up for this course:

https://www.elastic.co/training/specializations/elastic-stac...


> It appears your organization left an elasticsearch database exposed to the internet. This happens frequently due to poor configuration.

sigh

Why is everything being deployed publicly accessible? If one is relying on their database configuration as their only protection, they are one fuckup away from disaster.

Layers, people, layers. If this is on a cloud provider, put it on a private VPC/subnet. Add a load balancer or similar serving traffic only to the instances you need traffic routed to(which are unlikely to be databases themselves, more likely web servers). Configure firewalls accordingly. And of course, configure the servers properly.


> If you have any operations regarding customers in Europe, you need to notify your relevant Data Protection Authority

The entire company is in the EU. The need to reach out to their DPA ASAP.


As of this writing, I don't think it's been determined yet whose organization this data came from, has it? All we have so far is a similarity in data format/structure.


Almost all their employees have their emails in the breach :

https://covve.com/about

email format is <first_character_firstname>.<lastname>@covve.com


Hetzner is great until you have some sort of issue.

They seem to either not have much in the way of internal procedures or just ignore them if they exist.

As long as you're prepared for all of your data and backups to just disappear, it's a great low-cost environment.

If you expect their operational team to not accidentally delete your environment, it just hasn't happened to you yet.


The person you are responding to is suggesting a scenario like the movie 'contagion' where people marked clean are given a wristband or pass of some kind.

In reality testing can be used as an effective tool regardless of whether or not people can be 'certified'


The OP never said their example wasn't an outlier, they were just making a point that these things happen.

Regardless, you can't just respond to a specific example with broad generalizations. It's textbook 'whataboutism'.


OP recommended avoiding an entire asset class based on the example, so I think OP was guilty of generalizing here. The child comment also generalized about PE and its practitioners, which I agree was not a strong argument, but I don't think invalidates the entire post.


Since when is "whataboutism" forbidden and who cares? It is just a stupid Internet meme to shut down discussions.


NY subway averages almost 2 billion riders annually.

SF averages 50 million.

If SF had a subway system that handled 40x the amount of people you could start to draw some comparisons.


42% of respondents of an app.

Looking at their app, I'm surprised their audience didnt score higher.


I think the math problem could help, but you also need to ask yourself if you're just going to keep bypassing it anyway.. in which case software is unlikely to help much.

For you I would recommend the book: The Willpower Instinct by Kelly McGonigal. (audiobook is also well narrated)

It's well written and full of great methods for gaining your self control back.


It's a good story, and I'm sure similar mistakes happen, but this particular event is a work of fiction.


It's "silent" because people weren't getting diagnosed properly before.

Why would you check for pneumonia in a guy that comes in presenting stab wounds and reports no difficulty breathing?

Only now because with increased testing and experience are doctors realizing that many people have a pneumonia that doesn't present like pneumonia.


Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: