
Ooops
@Ooops@feddit.org
- Comment on Google pays $250K for Linux vulnerability allowing guest VM escapes 13 hours ago:
Nobody is saying “Linux is obscure”
How about scrolling up to the exact comment I anwered to? Or -as you seem to be on the exceptional dense side- let me do it for you…
Linux’s “security through obscurity” was never going to last.
As already explained above I did not expect that statement to use the common “long-standing industry term” because -again- it would be utterly insane to claim security through obscurity for something open source.
- Comment on Google pays $250K for Linux vulnerability allowing guest VM escapes 21 hours ago:
Yes, please do.
The actual notion of “security through obscurity” (that will surely come up on Google if their AI bullshittery hasn’t screwed up completely…) for Linux is insane because open source is the polar opposite. The often more unprecise and colloquial usage I thus assumed you were using doesn’t apply either, for the reasons I summarised.
So which imaginary definition of “security through obscurity” are you using when none of the real ones makes any sense?
- Comment on Google pays $250K for Linux vulnerability allowing guest VM escapes 1 day ago:
You are right. I don’t know what your personal definition of “security through obscurity” is as it’s very obviously not matching actual reality.
- Comment on Google pays $250K for Linux vulnerability allowing guest VM escapes 1 day ago:
There was never an actual notion of “security through obscurity”. LInux runs the complete Internet and most coporate server infrastructure. That’s where the actual money is.
People hallucinating that Linux is something obscure simply have no clue and confused their home desktop for real computing. Windows desktops are constantly targeted not because they are -unlike Linux- so wide-spread but because they are already insanely insecure. They are the low hanging fruit where you can cobble together some cheap shit and will still find million of PCs vulnerable. If you want to find a Linux comparison it’s definitely not server or desktops but cheap IoT devices not having seen an update (or any security to speak of) for many years.
- Comment on Keep Android Open (Stop Google from limiting APK file usage) 2 days ago:
Petitions are useless
Protests are useless
Governments and corporations conspire to implement surveilance knowing what comes next
<-- we are here
Actual resistence
- Comment on How my AI Agent views and maintains "our" homelab 2 weeks ago:
the agent is a tool you used
My hammer is also a tool. But if I start using (and talking about) it to wash my cloth and do my dishes I would really hope to get called out for being stupid.
- Comment on Selfhosted birthday calendar for the whole family? 2 weeks ago:
I’m using the default calendar app that a long time ago came with that lineageos install.
Should be this one iirc…
- Comment on Selfhosted birthday calendar for the whole family? 2 weeks ago:
Don’t host the calendar, just host some WebDAV/CalDAV. That format is support by basically all apps of every platform (usually including the default app on most phones), so everyone can pick what they want.
- Comment on Radicale: Can someone please offer any guidance on usage and security. Om abit lost 4 weeks ago:
While you are right in general, you are creating a file with a <user>:<hased password> line. Have fun searching the world for where I might have actually used it.
- Comment on Radicale: Can someone please offer any guidance on usage and security. Om abit lost 4 weeks ago:
The option to password protect it are in the (usually
/etc/radicale/)configfile und[auth].For proper security you could use
type = htpasswdhtpasswd_filename = /etc/radicale/usershtpasswd_encryption = bcryptthen create a users file with apache tools (
htpasswd -c -B users User1) or one of the million online htpasswd file creators. - Comment on 18% of people running Nextcloud don't know what database they are using 10 months ago:
So one in five doesn’t do proper backups. That’s much better than expected… 😅
- Comment on 18% of people running Nextcloud don't know what database they are using 10 months ago:
Isn’t that the whole point of containerised solutions? Having some pre-setup, auto-updating solution with very little requirement to dive into the details like what your database is and which dependencies you need to manage…