OK. Just saw someone posting "8 Character Passwords are Dead"
To support this they say how a 2080Ti GPU has passed 100 Billion guesses per second and how that means in 2.5 hours they can try every single possible password.
*Except*
That's in the case of NTLM hash. A notoriously bad hash that has *no* *salt*. Even more ridiculous, because the NTLM hash is just as good as having the password. You don't need to crack the hash.
Yes, 8 character passwords should be dead, but this is bogus.
Mind blown: #git reset --hard @{u} resets your workdir to the recorded state at the tracked upstream branch.
Privilege Escalation in Ubuntu (CVE-2019-7304):
https://shenaniganslabs.io/2019/02/13/Dirty-Sock.html
– there are multiple methods to obtain root
– affects Ubuntu 18.10, 18.04 LTS, 16.04 LTS, 14.04 LTS
– update snapd according to https://usn.ubuntu.com/3887-1/
runc container breakout PoC
https://github.com/feexd/pocs/blob/master/CVE-2019-5736/exploit.c
(via Frank Denis on birdsite)
Did you know that #Fedilab has a feature that allows to don't take care about text length. It will automatically split the message in replies and add mentions in each messages. Thus it also works with private messages.
To enable it, just go in your settings.
I created a GoFundMe for helping me to buy the computer at https://www.gofundme.com/for-buying-a-new-computer-for-developing-fedilab
It's for a Librem 15 version 4 (Only if I get enough funds otherwise, any other ideas are welcomed). Thanks.
@bortzmeyer
@x_cli
Unfortunately many use cases require some kind of privileges inside the container, starting with privilege drop itself when running a daemon that requires different levels of privilege for listening on a port, writing to logs or serving requests.
User namespaces offer useful features and can hopefully be combined with fine-tuned caps and seccomp to "safely" offer "root" inside the container.
Major container vuln leading to container escape:
#CVE-2019-5736: #runc #container breakout (all versions)
https://www.openwall.com/lists/oss-security/2019/02/11/2
Les trottinettes Bird sont piratables avec un tournevis et 30 € (et la startup n’aime pas qu’on en parle) - Tech - Numerama
[Enquête Numerama] Détourner une trottinette Bird avec un simple kit à 30 dollars ? C'est possible. Parce qu'elle utilise des véhicules Xiaomi M365 standards très populaires, l'entreprise est plus ciblée que d'autres par des usagers mal intentionnés. Et ça l'empêche de trouver des solutions efficaces pour lutter contre ces pratiques.
Dear @acebit, using AES-ECB is 𝘯𝘰𝘵 "Best possible encryption" - it's pretty broken encryption actually. Maybe you should change the way you describe #PasswordDepot? For reference: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_Codebook_(ECB) 1/5
@maxeddy
Do you have an entity number for "privacy signal messenger, llc"?
And what exactly is the legal personality of "Open Whisper Systems", which appears on the github repo as the copyright holder for 2013-2017 and to whom (since January 2016) contributors assign copyright according to https://signal.org/cla/?
@maxeddy
What I am pointing out is that the public statements do not square with the facts. Why are they being obtuse as to who is behind it? Open Whisper Systems doesn't exist, as we have seen. It's not even declared as a DBA name for the company that they started earlier this year. Back when you could still see owner information in whois, the domain records for signal.org led to a block of flats in the canary islands, etc.
Too much trust too little verification going on.
So I looked up #wire, a messenger that supports video/voice calls.
Sadly, it has built-in tracking and a number of proprietary dependencies, which is why it's not on #fdroid yet. https://gitlab.com/fdroid/rfp/issues/108
That said, the developers seem very frank when talking about their software and open to cooperation and constructive criticism. They deserve credit for that.
@diggity @philippemargery @Purism
Just for the record.
* First things first, the #wikipedia advertised “Open Whisper Systems” does not actually exist. Prove me wrong with an official incorporation document.
* The also #wikihyped “Signal Foundation”, AFAICT does not exist either, according to people who should know, namely https://www.irs.gov/charities-non-profits/tax-exempt-organization-search
See next message for what *does* exist…
Mastodon 2.7.0 introduced an opt-in directory per instance, making it easier to find interesting profiles on the instance:
To join, go to "settings" → "edit profile" and check "List this account on the directory".
Help others to find interesting profiles.