The Talso blog post is opaque: they present no evidence that root servers for top level domains, such as.AM were compromised. They say it was possible, but a registrar != a registry, nor does that mean they masqueraded as the tech contact listed at IANA. IANA would have the history of any changes.
Notably, the threat actors were able to gain access to registrars that manage ccTLDs for Amnic, which is listed as the technical contact on IANA for the ccTLD.am. Obtaining access to this ccTLD registrars would have allowed attackers to hijack any domain that used those ccTLDs.
Every admin reads email. Which BOFH doesn't have that t-shirt?
Use GPG or host your own with TLS. And even then, the other party must admin their own email with TLS, then you need Dnssec and other measures to prevent downgrade attacks.
Only safe way is encryption. And self hosting when you can't. And don't send anything important over email.
Technically correct, which is the best kind of correct!
1, 7, 23, who cares. Still a "microphone" for the purpose of recording, and has been recording for awhile. Google didn't use the source audio, but everyone else did.
So did classic PalmOS. Not the same "store front" like the walled gardens have today, but it was pretty easy to add "apps" to any of the robust early devices of the turn of the century.
I have a MacBook pro laptop, 2x Linux desktops (work + home) and Android phone.
I have never signed in to icloud or itunes, but use gapps for personal calendar. I run my own mail sever (linux, hosted). Rsync runs on all platforms.
Thus, all my shit works, with browsers or apps (oss preferred). It is seamless and not painful. I might be missing out on features (that I blissfully don't know exist).
I recommend people buy platforms if they need them. If you want to be self reliant and secure, it's easy, but takes time to learn. Up you you.
(I don't have time to fuss with things, I have a great job and family, but the basics are truly easy with only an up-front investment in time, if you care to learn.)
Agreed that NPM never needs root, just like Java never needs root. Install in/opt/npm.version (with symlink of/opt/npm => npm.version). Add/opt/npm/stuff to your $PATH and then you get whatever latest installed version, with an easy way to try different versions by altering the symlink.
And of course, JS applications or your own developed applications, will stay inside containers for any NPM stuff. But global/opt/npm is handy for various command line tools.
Can you run multiple dockerized chromiums in parallel? And they play nice with X? And can you copy/paste between host and container? Can you access via mount a restricted part of your host filesystem? Would chromium be better as a "snap" or self managed in docker?
Absolutely. Whether a workstation or server, this applies.
No one should know the root password; but it should be stored somewhere accessible with some effort and oversight.
If you allow remote access, via SSH or similar, you should never allow root. Always access a system with low privileges and escalate with authentication (pass,key,etc) and authorization (allowed to do X).
Sudo can easily limit commands, and log them. "sudo su..." should not be allowed either, with possible exception to either a single-user device or a limited administrator account that's not a regular login.
It's not possible with Web Extensions. Tabs, in a tree on the side/top/bottom, are the only sensible way to browse on a desktop.
Staying on ESR until finally moving to Vivaldi, unless a new form of XUL-style extensions is enabled. Web Extensions cannot modify the UI, thus Chrome and FF are now the same.
Guess I'll move to Vivaldi, the only modern browser that shows tabs on the side (hopefully in an awesome tree) that old XUL Firefox extensions used to allow.
For many versions, Chrome even had a built-in tabs-on-side feature, but they removed it ages ago.
The only sensible way to manage many tabs is on the side! Or multiple rows on top/bottom if you are in portrait mode!
Sad that WebExtensions can no longer modify the user interface.
Slashdot Mirror
The Wired article is terrible - the author didn't understand the Talos blog.
https://blog.talosintelligence...
The Talso blog post is opaque: they present no evidence that root servers for top level domains, such as .AM were compromised. They say it was possible, but a registrar != a registry, nor does that mean they masqueraded as the tech contact listed at IANA. IANA would have the history of any changes.
Notably, the threat actors were able to gain access to registrars that manage ccTLDs for Amnic, which is listed as the technical contact on IANA for the ccTLD .am. Obtaining access to this ccTLD registrars would have allowed attackers to hijack any domain that used those ccTLDs.
Perhaps you can explore the history here:
https://tldmon.dns-oarc.net/na...
Every admin reads email. Which BOFH doesn't have that t-shirt?
Use GPG or host your own with TLS. And even then, the other party must admin their own email with TLS, then you need Dnssec and other measures to prevent downgrade attacks.
Only safe way is encryption. And self hosting when you can't. And don't send anything important over email.
Hah, that line was the trigger to enter the comments section.
That *is* how you profit. By not letting others profit off you.
(Can insert requisite "..." step if you wish.)
Do humans monitor anything? I thought with everyone touting meh neural networks as "AI", that humans are out of the picture.
The primary article on Techcrunch said
DNSSEC adoption is currently at about 20 percent.
Except that is totally wrong: .com, it's less than 1%
Only 4% of domains are signed across all TLDs: http://rick.eng.br/dnssecstat/
And for
1M signed (https://scoreboard.verisignlabs.com/) 140M .com (http://research.domaintools.com/statistics/tld-counts/) = 0.7%
Technically correct, which is the best kind of correct!
1, 7, 23, who cares. Still a "microphone" for the purpose of recording, and has been recording for awhile. Google didn't use the source audio, but everyone else did.
There are 53,161 citizens of the Republic of the Marshall Islands who will seeded 10% of the money supply at launch
So is the population *seeding* the supply from their own sovereign funds, or will they *be* seeded 10% of the ICO?
Inquiring minds want to know!
But their arguments would need to be financial instead of ethical. If Google grows in China, shareholders are happy.
Of course every password is unique, but now me, the site I want to sign up, and some untrusted 3rd party all have my password.
I guess the answer is multi factor auth everywhere.
So they will send my plain text or unsalted & hashed password over the TLS-wire to the "trusted" pwned DB for a match?
No thanks!
Another great reason why walled garden stores are not a true marketplace.
"The radio plays what they want you to hear."
Perhaps I'm nieve, but I trust the F-Droid marketplace much more than official Google Play.
You get what you pay for, in freedom or beer.
So did classic PalmOS. Not the same "store front" like the walled gardens have today, but it was pretty easy to add "apps" to any of the robust early devices of the turn of the century.
Isn't a To Do list the de facto example for learning a new programming language?
If you need more than paper (post-it notes) then roll your own.
I have a MacBook pro laptop, 2x Linux desktops (work + home) and Android phone.
I have never signed in to icloud or itunes, but use gapps for personal calendar. I run my own mail sever (linux, hosted). Rsync runs on all platforms.
Thus, all my shit works, with browsers or apps (oss preferred). It is seamless and not painful. I might be missing out on features (that I blissfully don't know exist).
I recommend people buy platforms if they need them. If you want to be self reliant and secure, it's easy, but takes time to learn. Up you you.
(I don't have time to fuss with things, I have a great job and family, but the basics are truly easy with only an up-front investment in time, if you care to learn.)
Agreed that NPM never needs root, just like Java never needs root. Install in /opt/npm.version (with symlink of /opt/npm => npm.version). Add /opt/npm/stuff to your $PATH and then you get whatever latest installed version, with an easy way to try different versions by altering the symlink.
And of course, JS applications or your own developed applications, will stay inside containers for any NPM stuff. But global /opt/npm is handy for various command line tools.
Can you run multiple dockerized chromiums in parallel? And they play nice with X? And can you copy/paste between host and container? Can you access via mount a restricted part of your host filesystem? Would chromium be better as a "snap" or self managed in docker?
Thanks!
Absolutely. Whether a workstation or server, this applies.
No one should know the root password; but it should be stored somewhere accessible with some effort and oversight.
If you allow remote access, via SSH or similar, you should never allow root. Always access a system with low privileges and escalate with authentication (pass,key,etc) and authorization (allowed to do X).
Sudo can easily limit commands, and log them. "sudo su ..." should not be allowed either, with possible exception to either a single-user device or a limited administrator account that's not a regular login.
Automate as much as possible.
Why can't a geek, posting to slashdot, learn how to configure their IOS keyboard to not send unicode, but send ascii quote and double-quote?
Many other comments make it appear to be simple to configure.
Yes, it's annoying, but the site code is not actively maintained; so we have to live with it.
Yup, that's exactly where all the action is!
It's not possible with Web Extensions. Tabs, in a tree on the side/top/bottom, are the only sensible way to browse on a desktop.
Staying on ESR until finally moving to Vivaldi, unless a new form of XUL-style extensions is enabled. Web Extensions cannot modify the UI, thus Chrome and FF are now the same.
So use Chrome *only* for specific sites, using private mode every time.
Use Firefox with your remaining favorite extensions until it eventually turns into Chrome.
At least you can help protect your privacy for another year or two.
Guess I'll move to Vivaldi, the only modern browser that shows tabs on the side (hopefully in an awesome tree) that old XUL Firefox extensions used to allow.
For many versions, Chrome even had a built-in tabs-on-side feature, but they removed it ages ago.
The only sensible way to manage many tabs is on the side! Or multiple rows on top/bottom if you are in portrait mode!
Sad that WebExtensions can no longer modify the user interface.
R.I.P. power-browsing the web.
I try to avoid my problems, so I prefer all my daemons to be headless so we can't have any conversations.
Was not aware we could set custom scaling ratios with xrandr, and keep playing with them based on varying hardware.
Only helpful post in this thread, thanks!