It’s a security-as-a-service platform that monitors whatever clouds or systems you plug into it for security vulnerabilities, but is built specifically for public cloud service providers and their workloads. I quite liked the product, as it would notify my team of erroneous configurations, outdated AMIs, exposed ports, vulnerable workloads, and whatever custom policies we setup (e.g., SSH open between VPCs in AWS, rather than via a Jumpbox).
I loved the product when I used it (huge improvement over Nessus), and am immensely disappointed Google owns it as it means I’ll have to find something else going forward. This is the sort of acquisition a regulator should block, because Wiz really is best-in-class at what they do for every cloud they support, and customers benefit more from it being agnostic.
It is a very legitimate tool. It identifies misconfigurations and vulnerabilities in cloud deployments. Anything from a container with a known-vulnerable package in the manifest to a workload with improper firewall rules.
I understand those (I haven’t used them) to primarily be about software composition analysis. Wiz does that, but they are mainly known for Cloud Security Posture Management (the “you have an exposed S3 bucket”, “you have a workload with no inbound firewall”, “etc.”) and integrating things like SCA to increase alert fidelity (do you care as much that a workload has an inbound ACL allowing MongoDB connections from the Internet if the workload isn’t running MongoDB?)
Wiz is closer to the CNAPP field instead of the software composition analysis tools you mention, Snyk would fit here for SCA.
Sysdig, Palo Alto's Prisma Cloud, or a few others compete with Wiz's CNAPP offering. Wiz also strays into some SCA and SCA-alike tooling for containers, code or XDR with their CDR/XDR products log ingest and agents available for response/quarantine.
Basically give it read access to your cloud account, and it will scan all of the resources to identify potential miss-configurations. Identifying CVE in software is one thing, but it's identifying incorrectly configured resources that would otherwise be secure can dramatically reduce the risk surface.
A lot of cloud providers already have little hints like "hey - did you mean to create this account in God mode?" or "It is recommended not to create this god mode json key file" - Wiz is taking this to the next level of detail
Would also be interested in this. I don't know anyone who uses Wiz. Google says they had 350 million in revenue last year, aiming for 1 billion this year. So 100x revenue TTM. Crazy stuff.
That's because A) big companies that use it don't really like bragging about their security tooling, lest it be used to better profile their infrastructure by attackers, and B) it's basically enterprise-only and insanely expensive.
Source: worked for a large enterprise company that used it, and I loved it. Phenomenal tool, will be a shame to see it die (or at least its non-GCP aspects wither and die) under Alphabet's ownership.
They were the one's to first report on DeepSeek's recent data leak, and they've found a few others.
One exploit I remember Wiz finding was "ChaosDB". A flaw in Microsoft's Cosmos DB allowed anyone to use the default-enabled Jupyter Notebook to basically dump and modify anyone's databases, without authentication. Full admin access.
My last company used it to complement other cloud security scanning products. It’s probably a bit of an understatement to call it a scanning tool. It was easy to integrate with our other systems so we could assign vulns to different teams.
It’s too slow at that scale, pg_squeeze works wonders though.
I only “need” that because one of my table requires batch deletion, and I want to reclaim the space. I need to refactor that part.
Otherwise nothing like that would be required.
If it’s anything like Safari’s declarative blocklists:
Ad blocking on Youtube.
Youtube-blocking Safari extensions “solve” Youtube blocking by using non-declarative APIs that need full access to Youtube. Apple seems ok with that so far, but the APIs are not as goods, so their success rate is limited.
Whether Google will allow new extensions that block Youtube remains to be seen.
> uBlock Origin Lite blocks all ads on YouTube for me.
Someone else is saying uBlock Origin Lite leaves a "skippable blank" where the ad used to be, while I know for a fact uBlock Origin completely and transparently skipped over the ad.
I can recommend Wipr 2 - excellent blocker from a great developer. I've now switched to Safari for all my YouTube watching. Universal purchase works on macOS, ipadOS and iOS.
It works way better for Youtube than the one I had, and after some more testing I don't need the additional annoyance blockers I had. I might just go back to Safari!
As long as I have an alternative I would never choose the ad blocker that doesn’t let me block the elements I want.
For most websites I don’t care but there are many websites that I visit very often and removing annoying or useless elements and padding is practically mandatory at this point - I wouldn’t want to go back to not being able to do it.
So, answering your question, yes, “useless” was hyperbole.
also you'd think that the pushers of this agenda would get real-time updates to things like block lists metadata. God knows they do it themselves several times a day...
I'm not an expert on either of those, but this is my take anyway:
Citus is distributed and afaik just eventually consistent, for a lot of folks that's simply not an option as their application relies on ACID compliance.
As far as I understand Hyda + DuckDB it is a higher level add-on onto postgres than timescale is. This is on the one hand nice since you can just put it into an existing database without any migration effort whatsoever.
But this also means they likely don't really interact with systems like the storage engine. For example Timescales deeper integration allows us to actually store the data differently on disk which allows for saving space via compression.
It works fine, you just have to manually align it, like any other Qi charger.
I half suspect you're trolling based on this and your other comments under this post, but in case you're not, the Magsafe charger specs state they are Qi compatible.
> The MagSafe Charger is compatible with Qi2 and Qi charging, so it can be used to
> wirelessly charge your iPhone 8 or later, as well as AirPods models with a wireless
> charging case, as you would with any Qi2 or Qi-certified charger.
PS: What MagSafe charger cost you $150? The regular Apple charger costs $39.
Not OP but I have the Anker 3-in-1 Cube and it was $150 when I bought it a year or two ago. It charges a phone, watch, and airpods at the same time, and sparks joy for me.
I got a Belkin one 5 years ago for about the same price. Charges my phone and watch! Awesome. Then the next year I got a 13 Pro Max, and the charging coils didn't line up. Phone won't charge. I swore to never buy $150 chargers ever again.
I paid $25 for something from China. It took a month to arrive, but it works great.
Just as well as any of the other ones for Android phones. Heck, you can even buy adhesive magnet rings to stick directly to any case or phone back, as long as you align them properly.
Well I have an ancient wireless charger (power unknown) that doubles as a stand that I got for free as swag from some conference. I just keep my magsafe supporting phone on it when I'm not using it and done.
Literally just replaced the flimsy clip-on vent mount charger in my car with a ProClip custom fit mount and a Qi2 charger that ran me ~$115 all-in. I wanted longevity with this solution.
Fidelity's "Zero" funds are great, but only for specific scenarios IMO. They can't be held outside Fidelity accounts, so what happens if you get caught up in some KYC nonsense and Fidelity closes your account? Are you forced to liquidate and incur capital gains? There are also some embedded tax efficiencies inherent to ETFs, like 351 exchanges, which aren't popular now, but may become popular in the future. TBH, this mainly applies to taxable accounts. For nontaxable accounts, Zero funds don't have much downside.
> They can't be held outside Fidelity accounts, so what happens if you get caught up in some KYC nonsense and Fidelity closes your account?
This literally happened to me. I'm banned from Fidelity for some unknown (AML presumably) reason but have no other issues with any brokerage, bank, or exchange.
Fortunately I just held a bunch of ETFs, so it was straightforward. But it does happen.
The zero fund I am familiar with (FZILX) has a once-a-year dividend schedule which I'm sure nets them a lot of money, vs paying out more frequently. If you want to unload, you can only do it once a year without throwing away your earned dividend.
You have to hold the fund on the ex-dividend date...
Pays out once in Dec. If you buy in Feb and sell in Oct, you're not getting your dividend although you earned most of it... If you had VTI, you'd get 3 of them.
I'd also thought your idea sounded like it made sense, sort of like how a trader can attempt dividend stripping, but looks like the user baking cleared that up.
They raise a good point, which I've never considered before. This could be considered a form of dividend arbitrage based on the difference in scheduling between the component dividends vs the fund dividends, based on the knowledge that a non-zero amount of fund holders will exit the fund before the once a year dividend date, but not before the fund earned dividends based on the fund components.
- Right-side USB-C
- Slightly brighter display
- Slightly wider hinge angle
- Option for nano-texture display, just like the MBP
- WiFi 7