Show more

Why is it that the best minds in our industry seem unable to improve security without creating products that coincidentally give their employer more control over people and their data? Vendor lock-in is preventing real innovation in infosec.

Show thread

Ask yourself why all these companies are fighting each other to be your default DNS provider. Why do their "privacy" solutions always give them your data instead? It's valuable data and it's easy to control it yourself. linuxjournal.com/content/own-y

Show thread

Disappointed that Firefox is giving Cloudflare user DNS resolution data by default via DoH. I trust my ISP but if I didn't, I'd use a trusted VPN to protect *all* my traffic. DoH is just a DNS-only VPN. What's worse, if you do use a VPN for FF will still leak your DNS data to Cloudflare by default. blog.mozilla.org/futurerelease

"The researchers have named their attack NetCAT, short for Network Cache ATtack"

Seriously, netcat? I guess what they say about the two hardest problems in computer science is true... arstechnica.com/information-te

Marshmallow technique is important. Crisp, toasted (not burnt) outside, melted inside.

The insult "ten miles of bad road" is much more devastating now that I've just driven ten miles of bad road.

Check out my new pocket computer! Ok not exactly new, it's a Tasco Pocket Arithometer from the '40s.

ElasticCo made Elasticsearch an product w/ basic security features in a proprietary plugin.

Search Guard made basic ES security features an open core product w/ enterprise auth as a proprietary plugin.

ElasticCo freed code for security plugin recently and now accuses Search Guard of copying both proprietary and code.
elastic.co/blog/dear-search-gu

There are three main categories of authentication:
Something you know
Something you have
Something you leave copies of everywhere you go.

I hope the hard seltzer trend means craft brewers will go back to making beer-flavored beer, but I fear it means they'll just add more soda flavors to IPAs.

Wow, Huawei just accused the US govt of launching cyberattacks to infiltrate its intranet and internal information systems: huawei.com/en/facts/voices-of- (h/t @Viss and campuscodi)

I've always had very short fingernails but I'm learning classical guitar so I've grown the fingernails on my right hand out a tiny bit. I have a renewed respect for those of you who type every day with long fingernails.

Musical Instruments To Be Exempt From Restrictions On Heavily Trafficked Rosewood n.pr/2ZkHlX4

This article does a good job on presenting the many different ways that data about your credit card purchases are shared without your knowledge or permission: washingtonpost.com/technology/

This is why attending a Battlebots event is risky--future generations might view it like we view the Roman Colosseum. I'm already going to have a hard enough time explaining my Roomba to future generations. independent.co.uk/life-style/g

"Users who decline to share footage through the app may have police showing up at their door asking them to share in person if online requests don't work out. Law enforcement can also go to Amazon directly with a valid legal demand and bypass the user's consent to access the footage entirely." arstechnica.com/tech-policy/20

The main difference between the Webmin RCE and similar build infrastructure attacks in proprietary tools is that since Webmin is FOSS, it has the opportunity to use Reproducible Builds so we all can detect this kind of attack in the future.

virtualmin.com/node/66890

Show more
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml