Amen.
And adding mandatory, recorded, voice commands for a subset of functionality.
You can avoid this issue through significant domain experience. Knowledge != smart. I find your assertions regarding assurance and networked computing disturbingly naive. If this 'fix' was simply altruism and a crying…
This is an abuse issue at the DNS level, not a problem suitable for end user cosmetic witchery in the browser. Fix DNS abuse.
In this vein consider the robo and spam calls you receive.
Another product stream and company (and hype) I was never a fan of. Best thing they did was to rip off FreeBSD and the worst was break *nix compliant userspace + influence design UX and UI patterns for a new generation.
Never used it. Thought it was complete vanity and laziness as is much of social media.
Seemed lackluster to me. Adding code in a literally defined data structure failed to complete anything. with open() as f: ll = [f.(no help from here on out)]
Who says the struct has no other value? An ADT is the only place this approach makes any sense and these are not typically comprised of two values/references alone. A interface devised just to unwind information from a…
I do exactly this. Granted I only have 50 chassis to deal with and can emergency boot to rescue via PXE. After 1st generation ILO and the enforced insecurity of vendor KVM options I saw the light.
Or someone can simply own your key holding device as you sip your beverage at the local hotspot or home wifi. Simpler to go after the secret privileged client than the server.
Right. But only bring up your jump server when needed from a CSP. The rest of the time unseen and mostly unknown.
Add a TLS auth channel to the portknock with a wait window and OTP and you are really in business with this approach.
So standardize on a non-standard port, document it and when you do have ssh probes assume it's targeted rather than just another l33t child running du-jour crack(x). Moving to non-standard means more sophisticated…
You control what fail2ban does with said log data and what actually gets logged. There are better ways than fail2ban of course but it's not the worst solution on the planet.
This is a silly opinion. Of course it's helpful and very useful when used in conjunction with other hardening measures.
Interesting you bring this up. Regardless of the provenance of packages and facility for installation you seem to be hinting that there should be a method to install specific service/feature sets to a system securely…
Sure, especially when you VPN into a sacrificial subnet and need MFA to continue elsewhere into locked down application domains. OTOH I would leave ssh listening on a non-descript high port with MFA (key and OTP)…
It's probably not safe to fork() from most frameworks threads (OpenMP) and is hard to make safe for complicated parallel processing. But if you control the flow of execution and minimize mutex and critical section(s) it…
You cannot serve the whole internet without cloud scale resources anyway. So what does it matter if your application is 10K/s less capable than an optimized version? You pay for another instance. For 5k more time and…
You can prefork. That is a tried and true method. And why do you need to create so many connections? Certainly you can architect the solution better than that.
Every open office plan or cowork office I've been in has made it almost impossible (coming from WFH) to concentrate and get things done. Having people visit to natter over things and the potential for shoulder surfing,…
Oh, I don't know. Gluing the programs together using RPC and REST seems to be working so well for everyone else. Why do you even need a shell or unix style pipelines, right?
Return status and data is a great argument for multiple value returns but it's simple enough to do in C. You just need an ADT and interface. Who hasn't done OO in C with mixed results?
Google and Mozilla at the forefront of C opposition. Instead we get walled gardens and unicorn solutions: every genius for himself.
Amen.
And adding mandatory, recorded, voice commands for a subset of functionality.
You can avoid this issue through significant domain experience. Knowledge != smart. I find your assertions regarding assurance and networked computing disturbingly naive. If this 'fix' was simply altruism and a crying…
This is an abuse issue at the DNS level, not a problem suitable for end user cosmetic witchery in the browser. Fix DNS abuse.
In this vein consider the robo and spam calls you receive.
Another product stream and company (and hype) I was never a fan of. Best thing they did was to rip off FreeBSD and the worst was break *nix compliant userspace + influence design UX and UI patterns for a new generation.
Never used it. Thought it was complete vanity and laziness as is much of social media.
Seemed lackluster to me. Adding code in a literally defined data structure failed to complete anything. with open() as f: ll = [f.(no help from here on out)]
Who says the struct has no other value? An ADT is the only place this approach makes any sense and these are not typically comprised of two values/references alone. A interface devised just to unwind information from a…
I do exactly this. Granted I only have 50 chassis to deal with and can emergency boot to rescue via PXE. After 1st generation ILO and the enforced insecurity of vendor KVM options I saw the light.
Or someone can simply own your key holding device as you sip your beverage at the local hotspot or home wifi. Simpler to go after the secret privileged client than the server.
Right. But only bring up your jump server when needed from a CSP. The rest of the time unseen and mostly unknown.
Add a TLS auth channel to the portknock with a wait window and OTP and you are really in business with this approach.
So standardize on a non-standard port, document it and when you do have ssh probes assume it's targeted rather than just another l33t child running du-jour crack(x). Moving to non-standard means more sophisticated…
You control what fail2ban does with said log data and what actually gets logged. There are better ways than fail2ban of course but it's not the worst solution on the planet.
This is a silly opinion. Of course it's helpful and very useful when used in conjunction with other hardening measures.
Interesting you bring this up. Regardless of the provenance of packages and facility for installation you seem to be hinting that there should be a method to install specific service/feature sets to a system securely…
Sure, especially when you VPN into a sacrificial subnet and need MFA to continue elsewhere into locked down application domains. OTOH I would leave ssh listening on a non-descript high port with MFA (key and OTP)…
It's probably not safe to fork() from most frameworks threads (OpenMP) and is hard to make safe for complicated parallel processing. But if you control the flow of execution and minimize mutex and critical section(s) it…
You cannot serve the whole internet without cloud scale resources anyway. So what does it matter if your application is 10K/s less capable than an optimized version? You pay for another instance. For 5k more time and…
You can prefork. That is a tried and true method. And why do you need to create so many connections? Certainly you can architect the solution better than that.
Every open office plan or cowork office I've been in has made it almost impossible (coming from WFH) to concentrate and get things done. Having people visit to natter over things and the potential for shoulder surfing,…
Oh, I don't know. Gluing the programs together using RPC and REST seems to be working so well for everyone else. Why do you even need a shell or unix style pipelines, right?
Return status and data is a great argument for multiple value returns but it's simple enough to do in C. You just need an ADT and interface. Who hasn't done OO in C with mixed results?
Google and Mozilla at the forefront of C opposition. Instead we get walled gardens and unicorn solutions: every genius for himself.