It’s really not bad, you just have to rememb
Segmentation Fault - Core Dumped
It’s really not bad, you just have to rememb
Segmentation Fault - Core Dumped
Durov gets arrested in france and suddenly the telegram slander kicks into high gear. It gets a hit piece every once in a while for sure, but the last few days have been on a different level.
You know who else uses telegram? My family, to send vacation pics to each other.
You know what other technology bad guys use? Email.
2014 impreza. No screen at all. I bought a phone mount that shows waze and charges my phone.
I have cruise control and heated seats. And I can operate both with gloves on!
Don’t need a backup cam because my windows and mirrors are good.
I will drive this car until it dies, and then I’ll replace the head gaskets and drive it until it dies again. And then I will replace the cvt and drive it until it dies a third time.
Unfortunately there’s nothing you can do about the NY road salt. The frame will be left, flake by flake, in the gutters of 490. It’s the only thing that can take this car from me, and it is its inevitable fate.
Did you know that in the first version of php, each function name would be hashed to lookup the code to run it? And the hashing algorithm was: the first letter. So all the functions started with a different letter.
Veilidchat mentioned!
I wanted a countertop dishwasher. Home depot doesn’t have them in stores, it was online only. I figured it would probably make me make an account in order to check out. I said nah.
It’s an open source linux graphics driver.
It is very widespread, despite being quite slow, because it works. It ships by default with almost everything, and is the fallback when card-specific drivers fail
Edit: what Max_P said
Anything exposed to the internet will be found by the scanners. Moving ssh off of port 22 doesn’t do anything except make it less convenient for you to use. The scanners will find it, and when they do, they will try to log in.
(It’s actually pretty easy to write a little script to listen on port 20 (telnet) and collect the default login creds that the worms so kindly share)
The thing that protects you is strong authentication. Turn off password auth entirely, and generate a long keypair. Disable root login entirely.
Most self-hosted software is built by hobbyists with some goal, and rock solid authentication is generally not that goal. You should, if you can, put most things behind some reverse-proxy with a strong auth layer, like Teleport.
You will get lots of advice to hide things behind a vpn. A vpn provides centralized strong authentication. It’s a good idea, but decreases accessibility (which is part of security) - so there’s a value judgement here between the strength of a vpn and your accessibility goals.
Some of my services (ssh, wg, nginx) are open to the internet. Some are behind a reverse proxy. Some require a vpn connection, even within my own house. It depends on who it’s for - just me, technical friends, the world, or my technically-challenged parents trying to type something with a roku remote.
After strong auth, you want to think about software vulnerabilities - and you don’t have to think much, because there’s only one answer: keep your stuff up to date.
All of the above covers the P in PICERL (pick-uh-rel) for Prepare. I stands for Identify, and this is tricky. In an ideal world, you get a real-time notification (on your phone if possible) when any of these things happen:
That list could be much longer, but that’s a good start.
After Identification, there’s Contain + Eradicate. In a homelab context, that’s probably a fresh re-install of the OS. Attacker persistence mechanisms are insane - once they’re in, they’re in. Reformat the disk.
R is for recover or remediate depending on who you ask. If you reformatted your disks, it stands for “rebuild”. Combine this with L (lessons learned) to rebuild differently than before.
To close out this essay though, I want to reiterate Strong Auth. If you’ve got strong auth and keep things up to date, a breach should never happen. A lot of people work very hard every day to keep the strong auth strong ;)
Crowdstrike is big, but not that big.
About half of my clients use them; and of those, about a third are halfway through ripping them out in favor of MS defender.
(MS is definitely “that big”)
I want to spin up a separate thread here if that’s okay.
Please give me an example of any EDR solution produced through “public ownership structures”. I don’t think such a thing exists, but I welcome being proven wrong.
Private ownership and investment of capital created Crowdstrike as a profit-seeking venture. It also created MS Defender, SentinelOne, trellix, carbon black, etc. Competition in the marketplace (and there was/is lots of competition) forced these products to be as good as they could, and or self-stratify into pricing tiers. Crowdstrike, being the best (and most expensive) is the most widely-used. Note that not every enterprise requires that level of security, and so while CS is widely used, it is not ubiquitous. This outage could have been significantly worse.
Wiz scans clouds for “vulnerabilities”, and sometimes provides remediation advice. For example, if a vm’s kernel is outdated, it might recommend “sudo dnf remove —purge kernel”. And yeah, there sure won’t be any vulnerabilities after that.
It also complains about anything internet facing - including intentionally internet facing services - but that’s another rant for another time.
It’s not rocket appliances
Something something candlemaker’s petition
I can’t get the title to work.
It says 6 lanes in each direction, but I only see four, and can get to five if I count on/off ramps.
It says 8 feeder lanes, but 8 + 12 main lanes is only 20, not 26. Unless it means 8 per side, which would add up to 28.
Regardless, the best I can do is the off ramp in the top left. It has three “main” lanes and two left turn lanes, for a total of five. If I count the ramp next to it in addition to the four core lanes on that side of the median, we get ten lanes flowing from top to bottom - still 3 short of 13, which we’d then have to match on the other side to get 26.
I would call this 8 lanes; 4 in each direction. You can fudge the numbers by counting ramps, but even if you count parallel roads too, I don’t see anywhere close to 26.
If I count the roads off the sides, on ramps and off ramps, etc, the highest I can get is 18 lanes. Is this the photo of where it’s 26 wide? I can’t seem to find it.
The Taos might be the play - I am very nearly in love with the Golf, and even though I love a small car, it’s just slightly too small. I want to fit at least a hiking backpack in the trunk.
Top shelf? Disrupted my circadian rhythm
Big fan of the IRC team. They invited me to Ghana. I did not take them up on it (no passport yet). They’ve got some incredible stories.