The discussion is a bit dated, docker now supports user namespaces such that apps can run as root inside a container, but are not root outside of the container.
I'm really confused why this creates an IPsec server AND an wireguard server, or do I read that wrong? Managing two server which basically do the same thing seems to double the attack surface without any gains. One…
As long as you have a passphrase and don't actually circumvent it (by e.g. an agent) you basically already have 2FA (you need access to the key (on your laptop/pc) and you need access to the passphrase (in your head)).…
Are you disagreeing with the "secure alternative" or the "same outcome"? I thought the difference between ProxyJump and agent forwarding is the following: Agent forwarding forwards the agent socket to the proxy server.…
What is hole punching and how would it have helped against the attack? I only know the term for UDP firewall transversal.
Responsible disclosure is about not enabling third parties to leverage the disclosure to gain access. In this case the hacker did not disclose the security holes before they were closed for third parties (i.e. the…
ProxyJump uses the keys from the original host, not the proxy host.
fzf [0] has a history mode included and integrates nicely with fish. You just need to enable the fzf bindings [1], then CTRL-r will give you a (fzf) history searcher. [0] https://wiki.archlinux.org/index.php/Fzf#fish…
The discussion is a bit dated, docker now supports user namespaces such that apps can run as root inside a container, but are not root outside of the container.
I'm really confused why this creates an IPsec server AND an wireguard server, or do I read that wrong? Managing two server which basically do the same thing seems to double the attack surface without any gains. One…
As long as you have a passphrase and don't actually circumvent it (by e.g. an agent) you basically already have 2FA (you need access to the key (on your laptop/pc) and you need access to the passphrase (in your head)).…
Are you disagreeing with the "secure alternative" or the "same outcome"? I thought the difference between ProxyJump and agent forwarding is the following: Agent forwarding forwards the agent socket to the proxy server.…
What is hole punching and how would it have helped against the attack? I only know the term for UDP firewall transversal.
Responsible disclosure is about not enabling third parties to leverage the disclosure to gain access. In this case the hacker did not disclose the security holes before they were closed for third parties (i.e. the…
ProxyJump uses the keys from the original host, not the proxy host.
fzf [0] has a history mode included and integrates nicely with fish. You just need to enable the fzf bindings [1], then CTRL-r will give you a (fzf) history searcher. [0] https://wiki.archlinux.org/index.php/Fzf#fish…