Language:
switch to room list switch to menu My folders
Go to page: First ... 10 11 12 13 [14] 15 16
[#] Mon Nov 29 2021 12:05:57 EST from Nurb432

Subject: Re: mysterium

[Reply] [ReplyQuoted] [Headers] [Print]

Ya that is why i came back a few mins later myself and said to ignore it :)

It started out ok, but got bad , quick as i kept reading.  No, i'm not going to be running a *mandatory* out-proxy, or *have* to pay to use another person's proxy.   

 

IPFS is still a better idea.

 

 

Sun Nov 28 2021 08:54:05 AM EST from zelgomer Subject: Re: mysterium
As soon as I notice the website of a project has been designed by one

of those UX masturbation morons, I send the project to /dev/null.


Thanks. I did the same thing but I didn't want to come across as rude or stupid. I gave it an honest five minutes trying to figure out what it was. All I learned was that it was an "ecosystem," so I guess it's a bundle of several technologies that they're trying to sell (maybe figuratively or maybe not, I'm not sure) as a package.

Five minutes isn't very much time, but it seems like after five minutes I should at least know what I'm getting into. Imagine taking five minutes to read the abstract of a paper and still not knowing what topic the paper is going to cover.

Slight tangent, but I got the same sense from Matrix. It looks interesting to me, but it's way too hard to get to the meat. And once I did get to the meat, it looked a little too "webbish" for me. I don't get why everything has to be so over-built. What ever happened to KISS?

 



[#] Mon Nov 29 2021 12:07:28 EST from Nurb432

Subject: Re: mysterium

[Reply] [ReplyQuoted] [Headers] [Print]

Freenet, tho it seems they have gotten 'pretty' too, at least does explain why they are there upfront. 

Mon Nov 29 2021 10:35:00 AM EST from darknetuser Subject: Re: mysterium
The Tor website used to be much better. Back then the logo was an actual onion, instead of an abstrabt representation of an onion, they explained the core ideas and why it was sueful pretty much in the homepage.

The i2pd website at least tries to explain what i2pd and i2p are. It is not super helpful but at least they don't hide behind a shitload of corporate marketing.

Same thing with the official java I2P implementation, really.

 



[#] Thu Dec 02 2021 10:14:35 EST from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

Well, to be fair, I think it is pretty easy today. Everything about my

experience that wasn't easy was self-inflicted because of my own
neuroticism.

That's because you used the .deb package, which will eventually go away because we're not maintaining it.

[#] Thu Dec 02 2021 10:21:49 EST from IGnatius T Foobar

Subject: Re: mysterium

[Reply] [ReplyQuoted] [Headers] [Print]

Ran across this by random.   Seems interesting. But its not well
known. Any opinions?  https://www.mysterium.network/

After looking through their glossy website, I'm having trouble understanding why one wouldn't simply choose to use I2P and/or Tor instead of getting involved in something new. This seems like another I2P except with someone trying to make money on it.

And of course there'
s the usual problem with decentralized networks -- although they are, in every way, technologically and organizationally superior -- they aren't worth much until people start using them. As long as Joe Sixpack remains satisfied with TikTok and YouTube, the problem remains.

[#] Wed Dec 08 2021 19:00:39 EST from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

Cant go into much detail until its fully remediated and made public, but got hacked at the office again this weekend.  Several servers had to be unplugged  ( virtually. they were not physical servers )

Today they pulled our PDC out of commission..  all day to rebuild the damage.  i have never unexpectedly lost a PDC on a network i ran and it was always planned, but i thought in the old days this was less painful, but i guess with how security has this setup its not as painless as it was.. ( even involves secret rooms and air-gaping.. things even i had not heard about until today )  And it didnt save it from happening either. so the extra pain was pointless.. 

"Contractors working with/for the Chinese government" is the last rumor i heard. So same as last time we got hit. 



[#] Sat Dec 11 2021 17:30:01 EST from Nurb432

Subject: Log4j

[Reply] [ReplyQuoted] [Headers] [Print]

Great. Another long weekend for a lot of people.

Seems its part of crystal reports designer, so im getting bitched at by security. 

 



[#] Sun Dec 12 2021 10:47:06 EST from Nurb432

Subject: Re: Log4j

[Reply] [ReplyQuoted] [Headers] [Print]

Well, seems since our security team does not do research and just knee jerk reaction, they quarantined my PC.  

Took me almost no time at all to determine what was really going on as i read the damned CVE   All they did is search PCs for file with a name of log4j, and didnt bother with what it really was, or what version it was....  No consideration that the real issue was on servers... 

 

( and course mine is NOT vulnerable. being a desktop, and a 'good' version..   it didnt effect 1.x versions at all.. )

 

 

 



[#] Tue Dec 14 2021 12:46:05 EST from LoanShark

[Reply] [ReplyQuoted] [Headers] [Print]


Yeah, my previous employer is a Java shop, I sent a Facebook message to a former coworker on Saturday morning saying "seriously, stop what you're doing right now and patch this, it's that bad."


Under the circumstances, you have to expect some performative security and knee-jerking and whatnot. Because that's the way people roll when they have to deal with shit quickly.

[#] Tue Dec 14 2021 18:10:36 EST from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

until you shut down several perfectly fine critical servers that effect citizen facing applications and we end up on the news. 

The CVE said 2.x  logically, even without reading, 1.x was ok.  

 



[#] Tue Dec 14 2021 22:55:24 EST from ParanoidDelusions

[Reply] [ReplyQuoted] [Headers] [Print]

Responding to this shit as an emergency response consultant is awesome. 

Doing it for the company you work for is misery. 

It is so strange how that works. It isn't the work I mind, it is being compelled to fix something of MINE that someone else broke that I think makes it bother me. 




[#] Thu Dec 16 2021 19:30:09 EST from zelgomer

[Reply] [ReplyQuoted] [Headers] [Print]

Anyone have a good password manager recommendation for...less technical family members? I have my own way of doing things and never trusted those things, so I don't have any experience with them. But some recent happenings made me realize they have their place.

[#] Thu Dec 16 2021 19:49:05 EST from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

Im sure ill have stones tossed at me, but i would imagine that google's is 'good enough' if you are going that route. 



[#] Fri Dec 17 2021 00:04:40 EST from ParanoidDelusions

[Reply] [ReplyQuoted] [Headers] [Print]

Google's is good enough. 

But, Keypass is also a solid choice, if you want to manage something local. There is an Android version, and it will use biometrics - which makes it far less likely that you'll lose or forget your master password. 

 

Thu Dec 16 2021 19:49:05 EST from Nurb432

Im sure ill have stones tossed at me, but i would imagine that google's is 'good enough' if you are going that route. 



 



[#] Fri Dec 17 2021 17:40:20 EST from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

Guy at work got his hand worked on.  They put it in a cast.  The hand he used for finger print scan.  No phone for him now. 

Fri Dec 17 2021 12:04:40 AM EST from ParanoidDelusions

and it will use biometrics - 



 



[#] Fri Dec 17 2021 19:03:01 EST from zelgomer

[Reply] [ReplyQuoted] [Headers] [Print]

Yeah, not a big fan of biometrics. I've also heard it claimed before that in the US you can't be compelled to divulge passwords or PINs because it violates the 5th, but you can be forced to provide biometrics. Don't know how true that is.

[#] Fri Dec 17 2021 19:51:52 EST from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

I believe that is true, but i dont think its been tested at the SCOTUS yet.

And the court can compel you. Once they demand it, you sit in jail in contempt until you do. 

Fri Dec 17 2021 07:03:01 PM EST from zelgomer
Yeah, not a big fan of biometrics. I've also heard it claimed before that in the US you can't be compelled to divulge passwords or PINs because it violates the 5th, but you can be forced to provide biometrics. Don't know how true that is.

 



[#] Sat Dec 18 2021 07:00:49 EST from darknetuser

[Reply] [ReplyQuoted] [Headers] [Print]

2021-12-16 19:30 from zelgomer
Anyone have a good password manager recommendation for...less technical

family members? I have my own way of doing things and never trusted

those things, so I don't have any experience with them. But some recent

happenings made me realize they have their place.



KeepassX works well. It is what I told my boss to use and so far he is fine and not complaining.

For a small number of passwords you could spend 20 bucks and get a hardware password holder such as a NitroKey. People is usually very good at knowing their passwords are stored in that USB with a lock logo, but those same users may fail to understand where their software managed passwords reside. Silly, heh? But it is how it works.

[#] Sat Dec 18 2021 07:06:44 EST from darknetuser

[Reply] [ReplyQuoted] [Headers] [Print]

2021-12-17 19:03 from zelgomer
Yeah, not a big fan of biometrics. I've also heard it claimed before

that in the US you can't be compelled to divulge passwords or PINs

because it violates the 5th, but you can be forced to provide
biometrics. Don't know how true that is.



It depends. If they are after information with the intention of incriminating a third party (which is more usual than people thinks) then you are not covered by the 5th anyway.

I had something similar happen to me. The equivalent of the Feds sent me a non-refusable order to disclose some of my accountability docs because they suspected it incriminated one of my vendors in a fraud scheme. I happened to hate that particular vendor with all my guts so I helped them destroy the motherfucker with a wide smile upon my face.

However, the only way not to disclose such docs if you don't want to is to declare they are incriminating YOU, in which case they can t ask them for you but you turn yourself into a target.

[#] Wed Dec 22 2021 19:39:41 EST from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

"There is a vulnerability and we need to force everyone to use VPN to access this server, not the internet"

"great, lets drop the external DNS record, that will do it"

 

Really? How stupid can you be?  Some of us had cached DNS and could still hit it externally.. bit of research and that was ALL they did.  



[#] Thu Dec 23 2021 09:15:51 EST from zelgomer

[Reply] [ReplyQuoted] [Headers] [Print]

2021-12-23 00:39 from Nurb432 <nurb432@uncensored.citadel.org>
"There is a vulnerability and we need to force everyone to use VPN to

access this server, not the internet"

"great, lets drop the external DNS record, that will do it"

 

Really? How stupid can you be?  Some of us had cached DNS and could

still hit it externally.. bit of research and that was ALL they
did.  


Hold on, you mean to tell me that you can still connect to my server even if I don't advertise a human readable alias for it? What are you some kind of hacker??

Reminds me of the morons who run services with open sockets to the world but think that they need to firewall ICMP for security.

Go to page: First ... 10 11 12 13 [14] 15 16