Dran_Arcana
@Dran_Arcana@lemmy.world
- Comment on D-Link refuses to patch yet another security flaw, suggests users just buy new routers — D-Link told users to replace NAS last week 8 hours ago:
Idk, this was kind of a rare combination of “write secure function; proceed to ignore secure function and rawdog strings instead” + “it can be exploited by entering a string with a semicolon”. Neither of those are anything near as egregious as a use after free or buffer overflow. I get programming is hard but like, yikes.
- Comment on D-Link refuses to patch yet another security flaw, suggests users just buy new routers — D-Link told users to replace NAS last week 9 hours ago:
Because that bug was so egregious, it demonstrates a rare level of incompetence.
- Comment on Paralyzed Man Unable to Walk After Maker of His Powered Exoskeleton Tells Him It's Now Obsolete 1 month ago:
I don’t think anyone should expect a battery replacement to be free after 10 years, but it shouldn’t cost $100,000
- Comment on Hacking Kia: Remotely Controlling Cars With Just a License Plate. 1 month ago:
Just because you can’t use it doesn’t mean a hacker can’t. If someone discovered a vulnerability in the 3g handshake or encryption protocol, it could be an avenue for an RCE.
- Comment on Nginx in LXC/Proxmox...how to Fail2ban? 2 months ago:
Fail2ban and containers can be tricky, because under the hood, you’ll often have container policies automatically inserting themselves above host policies in iptables. The docker documentation has a good write-up on how to solve it for their implementation
docs.docker.com/…/packet-filtering-firewalls/
For your usecase specifically: If you’re using VMs only, you could run it within any VM that is exposing traffic, but for containers you’ll have to run fail2ban on the host itself. I’m not sure how LXC handles this, but I assume it’s probably similar to docker.
The simplest solution would be to just put something between your hypervisor and the Internet physically (a raspberry-pi-based firewall, etc)
- Comment on The Irony of 'You Wouldn't Download a Car' Making a Comeback in AI Debates 2 months ago:
Devil’s Advocate:
How do we know that our brains don’t work the same way?
Why would it matter that we learn differently than a program learns?
Suppose someone has a photographic memory, should it be illegal for them to consume copyrighted works?
- Comment on Taco Bell Programming 2 months ago:
It’s fuckin’ art tho
- Comment on Firefox rolls out Total Cookie Protection by default to all desktop users worldwide | It is Firefox’s strongest privacy protection to date, confining cookies to the site where they were created 2 months ago:
Oracle, SAP, Redhat, all of their customer portals require it for SSO. I’m not saying it should be that way, but it is.
- Comment on Justice Department considering push for historic break up of Google after landmark antitrust ruling: report 3 months ago:
I think you go about it the other way: break data analytics and advertising off from everything else. If every unit has to be self-sufficient without reliance on data collection and first-party advertising I think you fix most of the major issues.
- Comment on Server Monitoring software recommendations 3 months ago:
+1 for cmk. Been using it at work for an entire data center + thousands of endpoints and I also use it for my 3 server homelab. It scales beautifully at any size.
- Comment on CrowdStrike Isn't the Real Problem 3 months ago:
Yes and no. In the best case, endpoints have enough cached data to get us through that process. In the worst case, that’s still a considerably smaller footprint to fix by hand before the rest of the infrastructure can fix itself.
- Comment on CrowdStrike Isn't the Real Problem 3 months ago:
With enough ~autism~ in your overlay configs, sure, but in my environment tat leakage is still encrypted. It’s far simpler to just accept leakage and encrypt the OS partition with a key that’s never stored anywhere. If it gets lost, you rebuild the system from pxe. (Which is fine, because it only takes about 20 minutes and no data we care about exists there) If it’s working correctly, the OS partition is still encrypted and protects any inadvertent data leakage from offline attacks.
- Comment on CrowdStrike Isn't the Real Problem 3 months ago:
We do this in a lot of areas with fslogix where there is heavy persistent data, it just never felt necessary to do that for endpoints where the persistent data partition is not much more than user settings and caches of convenience. Anything that is important is never stored solely on the endpoints, but it is nice to be able to reboot those servers without affecting downstream endpoints. If we had everything locally dependant on fslogix, I’d have to schedule building-wide outages for patching.
- Comment on CrowdStrike Isn't the Real Problem 3 months ago:
Separate persistent data and operating system partitions, ensure that every local network has small pxe servers, vpned (wireguard, etc) to a cdn with your base OS deployment images, that validate images based on CA and checksum before delivering, and give every user the ability to pxe boot and redeploy the non-data partition.
Bitlocker keys for the OS partition are irrelevant, and keys for the data partition can be stored and passed via AD after the redeploy. If someone somehow deploys an image that isn’t ours, it won’t have keys to the data partition because it won’t have a trust relationship with AD.
(This is actually what I do at work)
- Comment on Google Maps tests new pop-up ads that give you an unnecessary detour 4 months ago:
Same, I wonder if there would be any way to report it to the state AG, maybe some pressure to ban it could hit google
- Comment on Meta is connecting Threads more deeply with the fediverse 4 months ago:
Yes you are correct, I had the two reversed in my head.
- Comment on Meta is connecting Threads more deeply with the fediverse 4 months ago:
Hangouts was built on xmpp, and used to allow federation. Yes xmpp still exists but it’s functionally dead.
- Comment on Meta is connecting Threads more deeply with the fediverse 4 months ago:
I believe google hangouts and xmpp would like to have a word with you. There was probably a universe where federated xmpp was as ubiquitous as sms, but in this universe, google federated, brought users over with cool features, and then defederated when they had all the users.
If you want another example from the same company in modern times, look at chrome and http/css/js. Google’s chokehold on the web ecosystem with chrome means that whatever they do, everyone else has to follow suit or not be compatible with the browser that something like ~75-90% of users use
- Comment on Hello GPT-4o 6 months ago:
I have this running at home. oobabooga/automatic1111 for LLM/SD backends, vosk + mimic3 for tts/stt. A little bit of custom python to tie it all together. I certainly don’t have latency as low as theirs, but it’s definitely conversational when my sentences are short enough.
- Comment on Mozilla to protect Firefox users from bounce trackers - Stack Diary 6 months ago:
It’s like grifting, but also a pyramid scheme.
- Comment on Dead Games News: Response from UK Government 6 months ago:
TL/DW for those of us who don’t learn well from video content?
- Comment on ByteDance prefers TikTok shutdown in US if legal options fail, sources say 6 months ago:
Small fediverse lol
- Comment on TikTok's CEO is feeling the pressure and users are freaking out 6 months ago:
I would guess that it goes off of the lowest common denominator between IP address geo-location & billing address. If either of those say US, google/apple would probably be required not to distribute it.
- Comment on ByteDance prefers TikTok shutdown in US if legal options fail, sources say 6 months ago:
It is possible to both be anti-chinese government and also want comprehensive privacy laws in the US. Like, I absolutely buy that the Chinese government has access to tiktok data. I, however, don’t think forcing a sale is the right way to deal with any of this. Comprehensive privacy and data collection laws would go much farther towards making it so it doesn’t really matter who owns what.
- Comment on TikTok's CEO is feeling the pressure and users are freaking out 6 months ago:
Not sure if you could get updates to the app over VPN though, that depends on how the stores handle regions.
Specifically, app stores would be required not to host it, so you’d likely have to do updates through some sort of side-loading
- Comment on TikTok's CEO is feeling the pressure and users are freaking out 6 months ago:
unless the bill has changed since the last time I read it, there were fines for hosting the service in US datacenters, and fines for companies allowing US data to exist in non-us datacenters. I don’t think you could interpret the bill as imposing a civil penalty to a user using a vpn and accessing it.
- Comment on Goatse, like Michelangelo's David, should be an exception to normal rules of censorship, due to its status as part of our shared cultural heritage. 6 months ago:
I think most of us blocked it out
- Comment on Spotify CEO Daniel Ek surprised at negative impact of laying off 1,500 Spotify employees 6 months ago:
costs only an email address and a promise to sign up for a 37% APY credit card.
- Comment on Should I or should I not use a VLAN? I have trouble understanding the benefits for home use 6 months ago:
You would expose a single port to multiple vlans, and then bind multiple addresses to that single physical interface. Each service would then bind itself to the appropriate address, rather than “*”
- Comment on He's the full text of the “PROTECTING AMERICANS’ DATA FROM FOREIGN ADVERSARIES ACT OF 2024” currently in in the resolving difference phase before the POTUS signs it. 6 months ago:
I thought tiktok came out of music.ly. I didn’t think it had roots in vine.