Posts by cynicalsecurity@bsd.network
(DIR) Post #9oVvucJrss7qTIQTxI by cynicalsecurity@bsd.network
2019-11-01T06:16:31Z
0 likes, 0 repeats
@phessler I know, I have been privately thanked by so many people I was amazed.To be honest, as someone who well remembers downloading HOSTS.TXT, I find the whole DoH argument totally unacceptable and a clear misrepresentation of facts under the guise of protecting “people at risk”. As if a Saudi prince & friends of similar inclinations are going to be put off by DoH…
(DIR) Post #9oVvudOrrlidp5lzO4 by cynicalsecurity@bsd.network
2019-11-01T07:36:04Z
0 likes, 0 repeats
@niconiconi @phessler This is a profound misconception.Privacy is not something you obtain /only/ via encryption, similarly with anonymity. Let’s forget the US for a second which, by several standards, is between feudalism and fascism. Consider Europe and consider your ISP logging your DNS queries: if it did so without notification and without consent it would open itself to major fines under the GDPR (and even under the older Privacy Directive from 1996). Europe does not have FISA courts, …
(DIR) Post #9oVvudjQdKAKqrOPR2 by cynicalsecurity@bsd.network
2019-11-01T07:39:21Z
0 likes, 0 repeats
@niconiconi @phessler if there is a mandate then, and only then, will you be monitored. There was a case in Italy where Telecom Italia’s Tiger Team started intercepting phone calls and reselling the info outside the judicial system. They were caught and went down hard, very hard, proper jail sentences and all. Why would an ISP do it on DNS for relatively low-value data (which, unlike the US, they cannot resell)?Not only, if you want anonymity you need to lose yourself in the masses: do you…
(DIR) Post #9oVvueJEUCo0du90F6 by cynicalsecurity@bsd.network
2019-11-01T07:42:08Z
0 likes, 0 repeats
@niconiconi @phessler think Mossad operatives on a mission use custom Android phones with a secure OS? Of course not: they go naked in naked out, buy everything local to blend in (in cash).With DNS your queries at an ISP are lost in the masses: your local resolver caches responses (the router, for example) ensuring that data within the TTL is not transparent on the wire, the ISP’s resolvers do the same for masses of queries, all of this loses you in the midst.DoH creates a unique 1-1 map…
(DIR) Post #9oVvuep8ZaKIEr4TyK by cynicalsecurity@bsd.network
2019-11-01T07:44:15Z
0 likes, 0 repeats
@niconiconi @phessler between a specific user of a specific browser on a specific machine to the DNS queries being made, it creates a complete record and mapping of a user’s behaviour which /cannot/ be lost in the midst of anything ‘cos “one browser one DoH channel”.This is *terrifying*.Never mind the transparent subversion possibilities it creates and all the associated technical weaknesses.Resist! Resist! Resist!Ⓐ
(DIR) Post #9oVvugfzgYCVz4oCzw by cynicalsecurity@bsd.network
2019-11-01T08:27:04Z
0 likes, 0 repeats
@h3artbl33d @niconiconi @phessler the one single fact that each DoH connection provides a 1-1 mapping between a single browser user and their DNS traffic is sufficient to declare it a folly which must be stopped. Everything else is just icing on the cake.
(DIR) Post #9p7jhuZgbTuWPpZFmi by cynicalsecurity@bsd.network
2019-11-19T15:04:50Z
0 likes, 0 repeats
The more I think about it the more I think that modern “safe” languages such as Rust are a damnation because, rather than teaching defensive programming, they suggest to the programmer that the language will save them.
(DIR) Post #9p7jhv1gvMJPogfcR6 by cynicalsecurity@bsd.network
2019-11-19T15:22:06Z
0 likes, 0 repeats
@phessler That statement is what actually terrifies me because we assume that is what is going to happen whereas it is going to be “monkeys on the keyboard assuming the language will save us”.Yes, I am cynical but I have seen too many magic bullets killing everyone but the target.
(DIR) Post #9pM9HbT2qLnRN14jGS by cynicalsecurity@bsd.network
2019-11-26T06:43:30Z
1 likes, 0 repeats
A beautiful Autumn dawn over Geneva.
(DIR) Post #9pgrnPsqL3XkIkf3q4 by cynicalsecurity@bsd.network
2019-12-06T13:55:34Z
1 likes, 0 repeats
The OpenBSD AUTH issue in OpenSMTPd has now become security theatre: Mimecast is blocking any OpenBSD mail server from connecting “because sekurity”.I don’t even run OpenSMTPd and don’t allow relaying via AUTH on the mail server farm I maintain for a client!Who let these people run email???:flan_cleaver:“Threat intelligence”… right.
(DIR) Post #9r0BANuVVvqKZ5kuq8 by cynicalsecurity@bsd.network
2020-01-14T19:37:32Z
0 likes, 0 repeats
@PINE64 could you please explain the difference between an "ISO" and ”ASCII" keyboard?
(DIR) Post #9r0CzyxtbaNgD8VZR2 by cynicalsecurity@bsd.network
2020-01-14T19:57:26Z
0 likes, 0 repeats
@duponin @PINE64 sorry, I am not pretending to be thick, just trying to understand - what letter does ISO have on top??
(DIR) Post #9r2CEs71edjNfBEb4K by cynicalsecurity@bsd.network
2020-01-15T18:34:26Z
0 likes, 0 repeats
How’s #FreeBSD on @PINE64 doing these days?#NetBSD continue working well, #OpenBSD I haven’t had time to try but I still need #FreeBSD for ZFS as the fileserver for my CluserBoard...
(DIR) Post #9r2CR0cvp64tXtwhCi by cynicalsecurity@bsd.network
2020-01-15T19:02:35Z
0 likes, 0 repeats
@ParadeGrotesque @PINE64 It is definitely an interesting option which I had completely overlooked!
(DIR) Post #9sIRteF9DmOZmL5o1I by cynicalsecurity@bsd.network
2019-06-13T03:50:30Z
0 likes, 0 repeats
Just discovered that @PINE64 is on Mastodon!
(DIR) Post #9ulWdeCEFtl80VbIxc by cynicalsecurity@bsd.network
2020-05-06T09:26:05Z
0 likes, 1 repeats
Fed up of having grub mess up my “vm console” on bhyve so I decided to figure out how to run OpenBSD in “uefi” as opposed to “grub”.What you do is you create a hybrid configuration file:# Use GRUB when booting from an installation medium#loader="grub"# Use UEFI when booting from a diskloader=“uefi"disk0_type="virtio-blk"disk0_name="disk0.img"grub_install0="kopenbsd -h com0 /6.6/amd64/bsd.rd"grub_run0="kopenbsd -h com0 -r sd0a /bsd"bhyve_options="-w"
(DIR) Post #9v8oLbKuKzk2jDgPPk by cynicalsecurity@bsd.network
2020-05-17T15:02:27Z
0 likes, 1 repeats
Looking at the upgrade instructions between #OpenBSD 6.6 and 6.7 I cannot but be impressed by how little is required these days.Simplicity is always a good sign.Thank you all for keeping #OpenBSD sane, keeping me sane since 2.3 :)
(DIR) Post #9v9g8KFzvBpRWCVNlw by cynicalsecurity@bsd.network
2020-05-17T19:48:31Z
1 likes, 0 repeats
Had this weird dream that I was running #OpenBSD on a Raptor Systems POWER10 workstation with 1TB of RAM with multiple vmm VMs and ZFS on a gigantic Clariion disk array. :flan_laugh:All I had was a late coffee at 23:00 and worked on upgrading machines from 6.5 to 6.6 until 02:00 this morning.
(DIR) Post #9yDVAtR0p5YttNEPqa by cynicalsecurity@bsd.network
2020-08-17T10:14:17Z
0 likes, 1 repeats
Intel publishes yet another security extension, this time it is called “TDX” for “Trust Domain Extensions” and, in Intel’s own words, "introducing new, architectural elements to deploy hardware-isolated, virtual machines (VMs) called trust domains (TDs). Intel TDX is designed to isolate VMs from the virtual-machine manager (VMM)/hypervisor and any other non-TD software on the platform to protect TDs from a broad range of software.”It is clearly aimed at “the cloud” to try and address…
(DIR) Post #9yDVBCp6jj7q1beQXg by cynicalsecurity@bsd.network
2020-08-17T10:18:55Z
0 likes, 1 repeats
concerns regarding the fact that, ultimately, anything running on a hypervisor is at the mercy of the hypervisor.This was addressed back in the ‘60s by IBM’s LPARs on mainframes where the hardware-based virtualisation ensured that each LPAR not only felt like a separate machine but actually was from a hardware isolation perspective.I tried hacking LPARs for years and failed, I count it as one of my most important failures because of all the techniques I learned while failing:flan_greybeard: