Please tell us more about the actual security problems!
- 16 Posts
- 55 Comments
Joined 2 years ago
Cake day: June 20th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
A gap in the pdf or actually a gap because you took years to figure it out? Both interpretations are funny.
1·1 month agoIs that security update thing an issue for GrapheneOS though? It is supposed to replace the Fairphone Android, no? Then again, I’m not familiar with the weirdness of the Android an embedded ecosystem.
I can’t tell you the details but for some good reasons, GrapheneOS don’t support Fairphone hardware. They somehow fuck things up in the security domain.
You might be right. I can only report from my experience. I can’t say I saw people being not nice to women because of their gender. But you don’t see many things when you’re a tourist.
People are also extremely welcoming. It’s almost too much :)
1·2 months agoAgreed!
Be sure to use a passphrase
I don’t agree about the point concerning cost. You have additional training, update, maintenance and config burden. This on top of the burdon of using the VPN on top of ssh.
Ok, fair point. But why stop at one vpn? I choose to trust OpenSSH, but I agree that adding a secondary layer of security actually helps here. You basically multiply two very low probabilities to get an even lower one. The trade-off is that you add complexity. You now need to keep two services up to date, and correctly configured and access/key material distributed.
I’d only recommend this setup for projects with special security requirements.
And why exactly is that more secure?
Welcome to the internet! Your system will get probed. Make sure you run as little as possible services on open ports and only high quality ones such as OpenSSH. Don’t freak out because of your logs. You’re fine as long as your system is up to date and password login disabled! Don’t listen to the fail2ban or VPN crowd. Those are only snake oil.
A VPN is probably just as (in)secure as OpenSSH. There is no gain in complicating things. OpenSSH is probably one of the most well tested code for security around.
Public ssh is completely fine as long as you use key based auth only and keep your sshd up to date. Stop spreading bullshit.
Came to day this :D
Interesting. Where do you take your knowledge from?
1·2 months agoCookie banners are not mandated by GDPR. It’s an unrelated piece of law.
Nice idea! Will try it out!
4·2 months agoTotally agree. This is a legitimate reason to chop the axis. There should be a law requiring schools to put a lot of time in teaching kids to read news and especially graphs.
No, I rarely read the code of software I use, especially crypto code since thant’s not my thing. But good to know that you did. Thanks for your opinion.