Just make two plans and switch, when one of them is exhausted.
Not sure where gp lives. But most banks here restrict you to 4 digits as the password. So basically a PIN. If you are lucky, you get 6 digits or even letters. But be careful: if you use “fancy letters” (symbols,…
If you have the time, could you please post the list of plugins you are using?
That’s true. On the other hand, Apple isn’t some kind of Borg like swarm intelligence. While Apple’s upper management doesn’t want back doors in their products, someone in middle management might have come to a…
That’s a good start. In the long run probably three things are necessary: 1) wiring critical software in a language that protects better against such exploits. Might be Rust, Go, perhaps also C# and Nim. 2) Making…
You are right, it took quite some time. On the other hand, it looks like the legitimate part of contributing to xz was only a part time job for the attacker. The rest of the time, they either worked on the exploits, or…
Expecting liability coverage for source code people publish for free on their own time has very strong implications on free speech, freedom of arts, and freedom of science. I don’t think this is possible in a liberal…
I think there were some open PRs from that account, that got scrubbed from the account after the back door in xz was discovered. But probably nothing got merged.
My suggestion: Put your SSH behind WireGuard and/or behind a jump host (with only port forwarding allowed, no shell). If you don’t have a separate host, use a Docker container. If you use a jump host, consider a…
Using a jump host could help, only allowing port forwarding. Ideally it would be heavily monitored and create a new instance for every connection (e.g., inside a container). The attacker would then be stuck inside the…
Actually you have a point. A collection of shell scripts (like the classical init systems) have obviously a smaller attack surface. In this case the attacker used some integration code with systemd to attack the ssh…
Unix pipes have built in back pressure. A very simplified view, assuming blocking calls and single threads: if the process on the left side of the pipe produces data too fast and fills up the buffer, the operating…
From the screenshots it looks like there is an activation limit, with a maximum of four devices. Reading the license, I could not confirm this. Is there a limit, and if, what is the maximum?
While you are here: the Node.js syntax highlights on you QuickStart docs seems to be broken. Tested with Safari and Chrome on a recent macOS. That’s not a huge issue, but makes it a bit harder to grasp what’s going on…
> But I have been told “video off” is passive aggressive so I don’t know how much longer I can pull this off. “Video off” is often necessary, because your laptop runs low on battery, or has run too hot. Sometimes your…
> Pension: Germany has a pyramid scheme and it collapsed a while back. The system did just fine, but was plundered by politics. During the German reunification, the people from the former Eastern Germany were added to…
The blog post you mentions brings two arguments: first the database would require looking. Second the database would need tradeoffs between reading (polling) and writing (adding and removing to the queue). The original…
To my understanding this plan should include the spouse and any number of kids up to the age of of 23 (age limit for the kids, not for the spouse of course). Dental care and eye care might be a bit limited in these…
In the Cassandra case, you would not write the persistent data in the Docker image (that's the part of the file system mounted as a layered file system, using AUFS or OverlayFS). Instead, you would write it in a volume.…
There is no blame on you. There is no way you can provide a configuration that will be secure on every server. My recommendation: add a big warning message that there is at least one known security hole and many unknown…
Just make two plans and switch, when one of them is exhausted.
Not sure where gp lives. But most banks here restrict you to 4 digits as the password. So basically a PIN. If you are lucky, you get 6 digits or even letters. But be careful: if you use “fancy letters” (symbols,…
If you have the time, could you please post the list of plugins you are using?
That’s true. On the other hand, Apple isn’t some kind of Borg like swarm intelligence. While Apple’s upper management doesn’t want back doors in their products, someone in middle management might have come to a…
That’s a good start. In the long run probably three things are necessary: 1) wiring critical software in a language that protects better against such exploits. Might be Rust, Go, perhaps also C# and Nim. 2) Making…
You are right, it took quite some time. On the other hand, it looks like the legitimate part of contributing to xz was only a part time job for the attacker. The rest of the time, they either worked on the exploits, or…
Expecting liability coverage for source code people publish for free on their own time has very strong implications on free speech, freedom of arts, and freedom of science. I don’t think this is possible in a liberal…
I think there were some open PRs from that account, that got scrubbed from the account after the back door in xz was discovered. But probably nothing got merged.
My suggestion: Put your SSH behind WireGuard and/or behind a jump host (with only port forwarding allowed, no shell). If you don’t have a separate host, use a Docker container. If you use a jump host, consider a…
Using a jump host could help, only allowing port forwarding. Ideally it would be heavily monitored and create a new instance for every connection (e.g., inside a container). The attacker would then be stuck inside the…
Actually you have a point. A collection of shell scripts (like the classical init systems) have obviously a smaller attack surface. In this case the attacker used some integration code with systemd to attack the ssh…
Unix pipes have built in back pressure. A very simplified view, assuming blocking calls and single threads: if the process on the left side of the pipe produces data too fast and fills up the buffer, the operating…
From the screenshots it looks like there is an activation limit, with a maximum of four devices. Reading the license, I could not confirm this. Is there a limit, and if, what is the maximum?
While you are here: the Node.js syntax highlights on you QuickStart docs seems to be broken. Tested with Safari and Chrome on a recent macOS. That’s not a huge issue, but makes it a bit harder to grasp what’s going on…
> But I have been told “video off” is passive aggressive so I don’t know how much longer I can pull this off. “Video off” is often necessary, because your laptop runs low on battery, or has run too hot. Sometimes your…
> Pension: Germany has a pyramid scheme and it collapsed a while back. The system did just fine, but was plundered by politics. During the German reunification, the people from the former Eastern Germany were added to…
The blog post you mentions brings two arguments: first the database would require looking. Second the database would need tradeoffs between reading (polling) and writing (adding and removing to the queue). The original…
To my understanding this plan should include the spouse and any number of kids up to the age of of 23 (age limit for the kids, not for the spouse of course). Dental care and eye care might be a bit limited in these…
In the Cassandra case, you would not write the persistent data in the Docker image (that's the part of the file system mounted as a layered file system, using AUFS or OverlayFS). Instead, you would write it in a volume.…
There is no blame on you. There is no way you can provide a configuration that will be secure on every server. My recommendation: add a big warning message that there is at least one known security hole and many unknown…