Posts by sheogorath@microblog.shivering-isles.com
(DIR) Post #9otOZyT5QQvWvMPpoW by sheogorath@microblog.shivering-isles.com
2019-11-12T17:21:36Z
0 likes, 0 repeats
@Wolf480pl Well, for case A, DoH makes sure that even when you set your DNS Server intentionally, that the Network admin won't ignore your settings with port redirects. (yes, DoT would solve this problem as well)For case B, yes, that's exactly what you want. TRR, Trusted Recursive Resolver is basically the question: Do you want to trust the resolve in my network?And the best answer to this, when you have no idea about it, is no. It's the same as with self-signed certificates.
(DIR) Post #9otcjCiXDPgL57w8q8 by sheogorath@microblog.shivering-isles.com
2019-11-12T19:28:47Z
0 likes, 2 repeats
Oh awesome, RedHat has open sourced quay!https://www.redhat.com/en/blog/red-hat-introduces-open-source-project-quay-container-registryThis is awesome, because it comes along with a decent web UI and nice features like integrated container scanning and alike.If you selfhost a container registry, it's definitely worth a look.#RedHat #Quay #container #docker #linux
(DIR) Post #9otj5wGP9hCeR90Fpw by sheogorath@microblog.shivering-isles.com
2019-11-12T20:16:45Z
0 likes, 1 repeats
Want to tame Firefox and make sure it follows your organization's regulations?Here is my little write up on how you can do this on Fedora:https://shivering-isles.com/Manage-Firefox-on-FedoraIt'll explain how to generate a policy to enforce your DoH settings and also provide a very basic RPM spec file on how to deploy such a policy to your systems.#Firefox #DoH #Fedora #Linux
(DIR) Post #9oxv3mUMVGVPcj6o2S by sheogorath@microblog.shivering-isles.com
2019-11-14T21:44:19Z
0 likes, 0 repeats
@kev I think mstdn.io wrote a bookmark feature as alternative to favorites, this was then pushed upstream and now mastodon.social is experimenting with it.Main difference to existing favorites: You don't notify the original author.Useful? I don't think so, but who am I to decide this?@codesections @tariquesani @mastohost
(DIR) Post #9oxvBQgTSLpwJYQAj2 by sheogorath@microblog.shivering-isles.com
2019-11-14T21:45:43Z
0 likes, 0 repeats
@kev Wait, wasn't your journey Wordpress -> Ghost -> Hugo(?) -> grav -> Ghost (-> Wordpress?)@markosaric
(DIR) Post #9oxx5kGvuoKTEitMPI by sheogorath@microblog.shivering-isles.com
2019-11-14T22:07:24Z
0 likes, 0 repeats
@codesections That's how I use favorites as well, but for bookmarks, I simply use the bookmark feature of my browser :D🤷 Might be too complicated for people to use.@kev @tariquesani @mastohost
(DIR) Post #9oy2q1GfYc112VeYDY by sheogorath@microblog.shivering-isles.com
2019-11-14T23:11:32Z
0 likes, 0 repeats
@kev I mean, I know Distrohopping, but you do CMS hopping :D@markosaric
(DIR) Post #9oy4PXEEosUwFn0yp6 by sheogorath@microblog.shivering-isles.com
2019-11-14T23:29:10Z
0 likes, 0 repeats
@kev I'm so happy that I just go with jekyll and my CI pipeline :D It keeps things really easy for everyone :D@markosaric
(DIR) Post #9oyrSMygHgT95FifNQ by sheogorath@microblog.shivering-isles.com
2019-11-15T08:35:48Z
1 likes, 0 repeats
I really hat pages with wrong claims.Please note: This is exactly how the page opened in my browser with the "Do-Not-Track"-Header enabled. I didn't change any setting.I consider starting a domain blacklist with bad privacy settings and potentially illegal privacy defaults. I get really annoyed by this stuff.
(DIR) Post #9p1WNHX3aWOjBRPXRg by sheogorath@microblog.shivering-isles.com
2019-11-16T15:26:15Z
0 likes, 0 repeats
@sir But every TLS certificate expiration date is planned obsolescence, I'm quite sure you mean the right thing, but please be careful with such wishes, they may have unintended side effects.
(DIR) Post #9p1X4NLlph1dgCgFou by sheogorath@microblog.shivering-isles.com
2019-11-16T15:34:08Z
0 likes, 0 repeats
@sir > Planned obsolescence, or built-in obsolescence, in industrial design and economics is a policy of planning or designing a product with an artificially limited useful life, so that it becomes obsolete (i.e., unfashionable, or no longer functional) after a certain period of time.Which describes pretty much every certificate we use in cryptography. Just wanted to show the other side ;)But I'm sure you had very different things in mind your mind when making the statement.
(DIR) Post #9p7xffYCtDf4bChVDM by sheogorath@microblog.shivering-isles.com
2019-11-19T18:01:02Z
0 likes, 0 repeats
@codesections Maybe this is helpful?https://scotthelme.co.uk/lets-encrypt-is-only-a-click-away/
(DIR) Post #9pC6IX71m1VbzGs0lk by sheogorath@microblog.shivering-isles.com
2019-11-21T17:54:25Z
0 likes, 0 repeats
I just checked my monitoring for DNS that I setup at the beginning of the month after reading this article shared by @jpmens:https://00f.net/2019/11/03/stop-using-low-dns-ttls/What all 3 visible domains have a TTL of 1 day. This are 700000 requests within 18 days. I don't want to know what this would look like with the TTLs I used before (1 hour to 2 minutes)I wonder how much bandwidth we waste with low TTLs, because this is already a massive number.#DNS #monitoring #thoughts
(DIR) Post #9pMS8xPxlHYvyFDyz2 by sheogorath@microblog.shivering-isles.com
2019-11-26T15:53:16Z
0 likes, 0 repeats
It's concerning and funny at the same time. My banking apps are the least secure apps on my smartphone, because they refuse to provide them outside of the Google Play store and you have to install them using an extra app (which is thankfully available on @fdroidorg) because they use split-apk setups.What a mess… Please don't follow my example here. Maybe just get another phone for banking…
(DIR) Post #9pNZjvXZejSx5740R6 by sheogorath@microblog.shivering-isles.com
2019-11-26T22:59:53Z
0 likes, 2 repeats
Please keep in mind that polls on ActivityPub services are not anonymous. Server admins of the instance that created the poll can see who voted for what. Don't use this to elect anything or fall for an illusion due to a missing UI.#ActivityPub #Mastodon #Fediverse #Poll #polls #privacy
(DIR) Post #9pX1uJGzMujaYHcvWy by sheogorath@microblog.shivering-isles.com
2019-12-01T14:27:23Z
0 likes, 1 repeats
@hyperjinx Wann es wohl öffentlich-rechtliche Peertube instanzen geben wird?Alle sprechen von der europäischen "Supermediathek" aber keiner sieht, dass es dank Peertube schon alles gibt was es dafür braucht, abgesehen von viel mehr Inhalt. Noch dazu aus einer europäischen Softwareschmiede.🤷 Was will man machen… Es ist fanzinierend wie Ignorant europäische Institutionen gegenüber europäischer Software sind.
(DIR) Post #9phAMnb1xvbh9hLow4 by sheogorath@microblog.shivering-isles.com
2019-12-06T17:09:00Z
0 likes, 1 repeats
There is a good reason to have offsite backups and multi-cloud deployments.Keep in mind that you can't enforce security policies on external providers. This means you have to expect that they might break. So when you start using a new service, ask yourself: "What do I do, if this service loses all my data (as in can not recover)?"Same goes for each of your devices: "What do I do when this device loses all my data?"The answer should be: "Then I can recover from" or "Then I have to redo…"
(DIR) Post #9piGAlyCynRHWInhnU by sheogorath@microblog.shivering-isles.com
2019-12-06T20:52:30Z
0 likes, 1 repeats
Awesome, just configured the Firefox addon "Temporary Containers" to open every non "always open in"-tab as temporary tab.This prevents a lot of CSRF attacks, even when websites themselves didn't implement proper measures.To implement it I use those two addons:https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/and:https://addons.mozilla.org/en-US/firefox/addon/temporary-containers/#firefox #containers #infosec #security
(DIR) Post #9pkjFCazDN0SF6K5T6 by sheogorath@microblog.shivering-isles.com
2019-12-08T10:52:40Z
0 likes, 0 repeats
@kev @seb I have similar concerns but at least for some uses I would consider them fine.For example I can imagine biometrics to be an improvement over the regular PIN+action button (or action button only) that the Yubikey Bio provides.Important is of course that it's not used stand alone, but always as second factor.Similar for some new credit cards that have fingerprint scanners integrated. Those are good improvements over PINs.
(DIR) Post #9pn1IUsjrzkXJgGd9s by sheogorath@microblog.shivering-isles.com
2019-12-09T13:06:04Z
0 likes, 0 repeats
⚠️ Keep an eye on your :nextcloud: Nextcloud configs. Just had to discover that Nextcloud Talk adds a chat window to all publicly shared links.This chat global for this file, which means when you share the file with different share links, for example with competing companies, they might end up have a nice little chat, in your shared file.This is a default settings you have explicitly to opt out from.#infosec #security #nextcloud