That’s big news. #OpenSSH adds support for Fido/U2F tokens. https://www.zdnet.com/article/openssh-adds-support-for-fidou2f-security-keys/
I wrote a blog post on how to use KMS key policies to act as a separate access control for data in Amazon S3. https://aws.amazon.com/blogs/security/how-to-use-kms-and-iam-to-enable-independent-security-controls-for-encrypted-data-in-s3/
I see a lot of articles say things like "They now run this service in the cloud—which brings its own set of security challenges." I wish they would equivalently write "They run their IT in their own data centres—which brings its own set of security challenges."
DIY infrastructure? Oh that's obviously secure. Professionally-run commercial clouds? Whoa, they're risky.
The physical affects the virtual affects the physical. Performance artist creates virtual traffic jams by pulling a wagon full of second-hand phones all using Google maps app. http://www.simonweckert.com/googlemapshacks.html
Why do #infosec people go around insulting everyone? Everyone who uses the cloud "blindly trust the cloud providers"? Nobody is doing due diligence? Nobody has a long list of security risks they track and controls and mitigations, huh? And they want to "disprove the assumption that cloud infrastructures are secure". Because the existence of one bug means what? It's "insecure"? The research is legit, but the preamble is garbage from an out-of-touch techie. https://research.checkpoint.com/2020/remote-cloud-execution-critical-vulnerabilities-in-azure-cloud-infrastructure-part-i/
Is it really better that FB has three incompatible msging apps they now have to wrangle into one new proprietary protocol? In the 20 year fight to own the market, all we have to show for it are mountains of abandoned proprietary code, dead networks, wasted efforts.
Strange event on my house WiFi. A new station joins (associations goes up by 1. Someone opened a macbook air's lid) then all WiFi traffic goes to 0 (sev1 ticket: "daaaaad! The WiFi is broken!") Not sure what the deal is. OpenWRT is usually pretty robust, but this is not the first time I've seen this behaviour, but it's the first time I've captured it in the graph and gotten some data.
This is a good way to think about autonomous cars and the trolley problem and so on. https://www.theguardian.com/technology/2015/dec/23/the-problem-with-self-driving-cars-who-controls-the-code
What's hot: Online, publicly-accessible, scanned-in library archives.
What's not: Pinhole viewers which wad a really shitty UI/UX between the reader and the actual fucking text.
IA's BookReader is actually one of the best reading software available, online or off. Just fucking _use_ it already.
No, I don't want to be looking at your shitty webpage when I'm trying to read a document I WANT TO READ THE FUCKING DOCUMENT.
Hi, I'm The_Gibson. Digital Warlord of Hackers.town, an instance in the Fediverse that focuses on infosec and hacking... and community building. We are a bunch of technomancers adrift in the fediverse working to restore the timeline to the future we were promised at the dawn of the public internet.
Hack The Planet!
Replugging this here for visibility:
Some projects i worked on in the last year, that you might find interesting:
Koios - a universal database-free file tagger
Zhmenu - a robust featureful dmenu-like replacement and input method
Wisp - A fast, smart, lispy HTML output language
SpotifyC (WIP) - C Interface to the Spotify Web API and Spotify command line client
Boosts would be deeply appreciated as more users = less bugs.
Anybody I know want to host a box on the internet basically free? I work with an “internet co-op” where we have a ghetto server room, 100M internet connection. A couple of /24s and basically freedom to do an awful lot of whatever you want. It’s totally DIY, though. We just provide power, connectivity, cooling, and pretty minimal security. It’s old school internet. The way it was back in the day. Location is in Fairfax, VA, near DC. PM me if you’re interested.