derek

@derek@infosec.pub

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Do bots/scrapers check uncommon ports?⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:
Absolutely. VMs and Containers are the wise sysadmin’s friends. Instead of rolling my own ip blocker I use Fail2Ban on public-facing machines. It’s invaluable.
⁨Comment⁩ on ⁨Do bots/scrapers check uncommon ports?⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:
That sounds pretty good to me for self-hosted services you’re running just for you and yours. The only addition I have on the DR front is implementing an off-site backup as well. I prefer restic for file-level backups, Proxmox Backup Server for image backups (clonezilla works in a pinch), and Backblaze B2 for off-site storage. They’re reliable and reasonably priced. If a third party service isn’t in the cards then get a second SSD and put it in a safety deposit box or bury it on the other side of town or something. Swap the two backup disks once a month.

The point is to make sure you’re following the 3-2-1 principal. Three copies of your data. Two different storage mediums. One remote location (at least). If disaster strikes and your home disappears you want something to restore from rather than losing absolutely everything.

Extending your current set up to ship the external SSD’s contents out to B2 would likely just be pointing rsync at your B2 bucket and scheduling a cron or systemd timer to run it.

After that if you’re itching for more I’d suggest reading/watching some Red Team content like the stuff at hacker101 dot com and sans dot org. OWASP dot org is also building some neat educational tools. Getting a better understanding of the what and why around internet background noise and threat actor patterns is powerful.

You could also play around with Wazuh if you want to launch straight into the Blue Team weeds. Education of the attacking side is essential for us to be effective as defenders but deeper learning anywhere across the spectrum is always a good thing. Standing up a full blown SIEM XDR, for free, offers a lot of education.

P. S. I realize this is all tangential to your OP. I don’t care for the grizzled killjoys who chime in with “that’s dumb don’t do that” or similar, offer little helpful insight, and trot off arrogantly over the horizon on their high horse. I wanted to be sure I offered actionable suggestions for improvement and was tangibly helpful.
⁨Comment⁩ on ⁨Do bots/scrapers check uncommon ports?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
You can meaningfully portscan the entire internet in a trivial amount of time. Security by obscurity doesn’t work. You just get blindsided. Switching to a non-standard port cleans the logs up because most of the background noise targets standard ports.

It sounds like you’re doing alright so far. Trying not to get got is only part of the puzzle though. You also ought to have a backup and recovery strategy (one tactic is not a strategy). Figuring out how to turn worst-case scenarios into solvable annoyances instead of apocalypse is another (and almost equally as important). If you’re trying to increase your resiliency, and if your Disaster Recovery isn’t fully baked yet, then I’d toss effort that way.
⁨Comment⁩ on ⁨Massive Leak Shows How a Chinese Company Is Exporting the Great Firewall to the World⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
That makes sense. Not a misconfiguration on the site’s end then. Thanks for the clarification.
⁨Comment⁩ on ⁨Massive Leak Shows How a Chinese Company Is Exporting the Great Firewall to the World⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Weird. I’ve tested on a desktop and mobile device. Both loaded the archive.is link via Tor Browser (no extensions) without a problem in both “Normal” and “Safer” modes. “Safest” mode fails at the CAPTCHA page but that’s expected.

Maybe the node(s) you were connected to were having issues with that domain at the time.
⁨Comment⁩ on ⁨Massive Leak Shows How a Chinese Company Is Exporting the Great Firewall to the World⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
What browser are you using and with what plugins?
⁨Comment⁩ on ⁨YSK about 15 bean soup.⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
Looking for Rock records amidst a trial pile?
⁨Comment⁩ on ⁨We keep the entomologists in the basement.⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
This is true! Saying figs is wasps is silly in the same way that saying plants are dirt is silly. Like… Kind of? From a certain odd perspective, “sure” with caveats. It’s a reductive understanding that’s neither literally nor technically true but who am I a botanist? No. I’m not. I do know a lot happens between pollination and the fruit we might eat though and most fig varieties we grow for food or buy from stores aren’t the kind pollinated by wasps anyway.

I found a decent write up with more detail here: www.treehugger.com/are-figs-vegan-5203202

Dirt is the byproduct of life after its been on a planet for a while. Plants figured out how to recycle life and death’s leftovers. Then mushrooms came along and filled the gaps in weird ways. Animals eat the plants and fungi. Other animals eat those animals. Siiiimbaaaa, right?

We typically don’t think we’re eating our ancestors when having a salad. We aren’t beholden to the idea that we’re eating wasps when munching figs either. Even in the odd case where we’re eating those specific kinds of figs.
⁨Comment⁩ on ⁨Neil Young Leaves Facebook & Instagram Over “Unconscionable” Policies for AI Chatbot Conversations With Children⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
It’s a practice at least as old as type itself. It seems the attention Trump garnered, and the highlighting of his stereotypical Boomer typing, have merged the two in some people’s minds.

We’re at a unique crossroad where Gen X and Y grew up with their grandparents mostly refusing to use cell phones and their parents mostly fumbling with them. Now Gen Z and “Alpha” are growing up with grandparents who have mostly been shamed into acceptable text etiquette, and parents who are mostly as tech savvy as the next parent and who were there when the deep magic was written (so to speak).

Mango Mussolini’s narcissism is as pervasive as his parasitism so it’s no wonder the lecherous rapist’s sins against modern digital convention survived along with him. Some spin that as brilliant tactics but I’m not so sure. I’d wager it’s a coincidence he leaned into because it garnered attention.

Most of those now driving online discourse hadn’t had the same exposure to that style of texting prior to the 2016 US Presidential election cycle as preceding generations. So it seems novel to them. It’s history and perspective bring formed in real time.
⁨Comment⁩ on ⁨Me too.⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Weird flex but… Ok.
⁨Comment⁩ on ⁨Me too.⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
That makes more sense. Thanks for the response! I’m not sure if can agree with your conclusions. It may be that I’m still missing context you’re working within. My best guess is you’re assume some axioms that I am not. That doesn’t necessarily mean I think you’re incorrect. We might just be operating with different frameworks.

I agree that strong emergemce and weak emergence seem different by your definitions. I’m not convinced strong emergemce is a thing. Is there a compelling argument that the perception of strong emergence is actually a more complex weak emergence that the observers have not fully understood?

Something something Occam’s Razor / god of the gaps something. I find these sorts of discussions quite compelling. Thanks again for engaging. :)
⁨Comment⁩ on ⁨Me too.⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
I don’t see how either sentence follows. Rephrasing your comment and supplementing it with context to explain your reasoning may better communicate your point.
⁨Comment⁩ on ⁨shrooms⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Well, two, actually.
⁨Comment⁩ on ⁨YSK about the GI Rights Hotline⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
All people are born ignorant to their material circumstances and the conditions necessary for them. Disadvantaged folk often have a more difficult path out of that ignorance. Maslow’s hierarchy of needs provides some insight into why: one rarely has capacity for deep introspection when they’ve been deprived of basic needs.

The US Military (among others) purposefully recruit more heavily in economically depressed areas. This has been true for decades. These two facts are correlated. Couple this with American Exceptionalist propaganda which created the myth and social elevation of the American Soldier as the ultimate freedom fighter / patriot and maybe you can sympathize with those who enlist.

My point is not that individuals should be excused from being taken to task for their actions. Nor is it that all those who enlist are duped into it. It’s this: people are rarely lost causes, are often unguided and live unexamined lives, and their personal context matters. When I’m struggling to find empathy I look to Daryl Davis. When we encounter ignorance, hate, and bigotry, we are right to oppose it. Always. How we do so should be conditioned, and possibly tempered, by the fact that we ourselves are ignorant to the context of the neighbors assigned to oppress us.

Do not dismiss out of hand the power of speaking to reason and empathy in the face of violence and hate. Take them to task with the intention of educating a lost comrade. We must defend ourselves when the need arises but, prior to that Rubicon, we ought to acknowledge that were it not for circumstances outside our control so too could we have remained ignorant and been persuaded toward hate.

There is no more stalwart an ally than one who has been given the tools to free themselves from chains they were sold as armor.
⁨Comment⁩ on ⁨Valve ban advertising-based business models on Steam, no forced adverts like in mobile games⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:
Lootboxes.

Players have a random chance of getting crate while playing the game. Each crate is a pool of item cosmetics with various levels of rarity. To acquire one of them the player must purchase a one-use key with real money. Expending the key on a crate initiates a die roll that determines which cosmetic is unlocked.

That’s the gambling they’re responsible for. What gambling players may of afterward is not the same conversation.
⁨Comment⁩ on ⁨Another of God's cruel tricks.⁩ ⁨⁨10⁩ ⁨months⁩ ago⁩:
Make a container out of isomalt. Shatter it. Eat the pieces. Laugh in god’s face.
⁨Comment⁩ on ⁨M4 Mac Mini Power Button Has New Bottom Location⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:
laughs in home lab

Not that I’d buy it but, if I did, that power button might get used twice a year. Likely less since I wouldn’t be able to upgrade or maintenance its hardware.
⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:
That’s a problem. Absolutely. It’s not the problem though. I’m not sure the problem can be summarized so succinctly. This is the way I’ve been putting it:

These are the top reasons humanity needs successful, decentralized, open social media platforms:
1. Collecting and selling user’s private data is dangerous and unethical.
2. Using that data to intentionally and directly manipulate user’s thinking is even worse.
3. All of the major centralized social media companies have been proven to either allow these illicit information campaigns or coordinate them directly. TikTok is the focus right now but Sophie Zhang exposed Facebook for doing exactly what TikTok has been exposed for recently. Can you recall any meaningful consequences for Facebook? Do you think Facebook is now safe to use?
4. It’s clear that most political leaders are either too ignorant, too corrupt, or too inept to meaningfully legislate against these problems.
5. The concerned public can’t shut Pandora’s box. No one is coming to save us from big tech or the monied interests and nation-states that wield it.
6. The concerned public can’t easily and legally audit the platforms big tech builds because they are closed and proprietary.
7. Personal choice is not enough. Not using centralized social media increases personal safety but does little to curb its influence otherwise.
These are listed by order of intuitive acceptance rather than importance. I find it aids the conversation.

The best reasonable answer to these problems I’ve seen proposed is for the public to create an open and decentralized alternative that’s easier to use and provides a better user experience.

Will that kind of alternative be a force for pure good? I’m not sure. To your point: I’m not convinced social media of any kind can be more than self-medication to cope with modernity. Then again I’ve had incredible and meaningful conversations with close friends after passing the bong around and spent time on Facebook/Reddit, and now Mastodon/Lemmy/etc, doing the same. Those interactions were uplifting and humanizing in ways that unified and encouraged all involved.

I think the truth lies somewhere in the middle. We need to take care of each other, refuse pure hedonism, and protect the vulnerable (and we’re all varying degrees of vulnerable). At the same time: humans aren’t happy in sterile viceless productivity prisons. Creating spaces for leisure which do no harm in the course of their use isn’t just a nice idea… It’s necessary for a functional and happy society.