Ya that is why i came back a few mins later myself and said to ignore it :)
It started out ok, but got bad , quick as i kept reading. No, i'm not going to be running a *mandatory* out-proxy, or *have* to pay to use another person's proxy.
IPFS is still a better idea.
As soon as I notice the website of a project has been designed by one
of those UX masturbation morons, I send the project to /dev/null.
Thanks. I did the same thing but I didn't want to come across as rude or stupid. I gave it an honest five minutes trying to figure out what it was. All I learned was that it was an "ecosystem," so I guess it's a bundle of several technologies that they're trying to sell (maybe figuratively or maybe not, I'm not sure) as a package.
Five minutes isn't very much time, but it seems like after five minutes I should at least know what I'm getting into. Imagine taking five minutes to read the abstract of a paper and still not knowing what topic the paper is going to cover.
Slight tangent, but I got the same sense from Matrix. It looks interesting to me, but it's way too hard to get to the meat. And once I did get to the meat, it looked a little too "webbish" for me. I don't get why everything has to be so over-built. What ever happened to KISS?
Freenet, tho it seems they have gotten 'pretty' too, at least does explain why they are there upfront.
The Tor website used to be much better. Back then the logo was an actual onion, instead of an abstrabt representation of an onion, they explained the core ideas and why it was sueful pretty much in the homepage.
The i2pd website at least tries to explain what i2pd and i2p are. It is not super helpful but at least they don't hide behind a shitload of corporate marketing.
Same thing with the official java I2P implementation, really.
Well, to be fair, I think it is pretty easy today. Everything about my
experience that wasn't easy was self-inflicted because of my own
neuroticism.
That's because you used the .deb package, which will eventually go away because we're not maintaining it.
Ran across this by random. Seems interesting. But its not well
known. Any opinions? https://www.mysterium.network/
After looking through their glossy website, I'm having trouble understanding why one wouldn't simply choose to use I2P and/or Tor instead of getting involved in something new. This seems like another I2P except with someone trying to make money on it.
And of course there'
s the usual problem with decentralized networks -- although they are, in every way, technologically and organizationally superior -- they aren't worth much until people start using them. As long as Joe Sixpack remains satisfied with TikTok and YouTube, the problem remains.
Cant go into much detail until its fully remediated and made public, but got hacked at the office again this weekend. Several servers had to be unplugged ( virtually. they were not physical servers )
Today they pulled our PDC out of commission.. all day to rebuild the damage. i have never unexpectedly lost a PDC on a network i ran and it was always planned, but i thought in the old days this was less painful, but i guess with how security has this setup its not as painless as it was.. ( even involves secret rooms and air-gaping.. things even i had not heard about until today ) And it didnt save it from happening either. so the extra pain was pointless..
"Contractors working with/for the Chinese government" is the last rumor i heard. So same as last time we got hit.
Great. Another long weekend for a lot of people.
Seems its part of crystal reports designer, so im getting bitched at by security.
Well, seems since our security team does not do research and just knee jerk reaction, they quarantined my PC.
Took me almost no time at all to determine what was really going on as i read the damned CVE All they did is search PCs for file with a name of log4j, and didnt bother with what it really was, or what version it was.... No consideration that the real issue was on servers...
( and course mine is NOT vulnerable. being a desktop, and a 'good' version.. it didnt effect 1.x versions at all.. )
Yeah, my previous employer is a Java shop, I sent a Facebook message to a former coworker on Saturday morning saying "seriously, stop what you're doing right now and patch this, it's that bad."
Under the circumstances, you have to expect some performative security and knee-jerking and whatnot. Because that's the way people roll when they have to deal with shit quickly.
until you shut down several perfectly fine critical servers that effect citizen facing applications and we end up on the news.
The CVE said 2.x logically, even without reading, 1.x was ok.
Responding to this shit as an emergency response consultant is awesome.
Doing it for the company you work for is misery.
It is so strange how that works. It isn't the work I mind, it is being compelled to fix something of MINE that someone else broke that I think makes it bother me.
Im sure ill have stones tossed at me, but i would imagine that google's is 'good enough' if you are going that route.
Google's is good enough.
But, Keypass is also a solid choice, if you want to manage something local. There is an Android version, and it will use biometrics - which makes it far less likely that you'll lose or forget your master password.
Thu Dec 16 2021 19:49:05 EST from Nurb432Im sure ill have stones tossed at me, but i would imagine that google's is 'good enough' if you are going that route.
Guy at work got his hand worked on. They put it in a cast. The hand he used for finger print scan. No phone for him now.
Fri Dec 17 2021 12:04:40 AM EST from ParanoidDelusionsand it will use biometrics -
I believe that is true, but i dont think its been tested at the SCOTUS yet.
And the court can compel you. Once they demand it, you sit in jail in contempt until you do.
Fri Dec 17 2021 07:03:01 PM EST from zelgomerYeah, not a big fan of biometrics. I've also heard it claimed before that in the US you can't be compelled to divulge passwords or PINs because it violates the 5th, but you can be forced to provide biometrics. Don't know how true that is.
2021-12-16 19:30 from zelgomer
Anyone have a good password manager recommendation for...less technical
family members? I have my own way of doing things and never trusted
those things, so I don't have any experience with them. But some recent
happenings made me realize they have their place.
KeepassX works well. It is what I told my boss to use and so far he is fine and not complaining.
For a small number of passwords you could spend 20 bucks and get a hardware password holder such as a NitroKey. People is usually very good at knowing their passwords are stored in that USB with a lock logo, but those same users may fail to understand where their software managed passwords reside. Silly, heh? But it is how it works.
2021-12-17 19:03 from zelgomer
Yeah, not a big fan of biometrics. I've also heard it claimed before
that in the US you can't be compelled to divulge passwords or PINs
because it violates the 5th, but you can be forced to provide
biometrics. Don't know how true that is.
It depends. If they are after information with the intention of incriminating a third party (which is more usual than people thinks) then you are not covered by the 5th anyway.
I had something similar happen to me. The equivalent of the Feds sent me a non-refusable order to disclose some of my accountability docs because they suspected it incriminated one of my vendors in a fraud scheme. I happened to hate that particular vendor with all my guts so I helped them destroy the motherfucker with a wide smile upon my face.
However, the only way not to disclose such docs if you don't want to is to declare they are incriminating YOU, in which case they can t ask them for you but you turn yourself into a target.
"There is a vulnerability and we need to force everyone to use VPN to access this server, not the internet"
"great, lets drop the external DNS record, that will do it"
Really? How stupid can you be? Some of us had cached DNS and could still hit it externally.. bit of research and that was ALL they did.
2021-12-23 00:39 from Nurb432 <nurb432@uncensored.citadel.org>
"There is a vulnerability and we need to force everyone to use VPN to
access this server, not the internet"
"great, lets drop the external DNS record, that will do it"
Really? How stupid can you be? Some of us had cached DNS and could
still hit it externally.. bit of research and that was ALL they
did.
Hold on, you mean to tell me that you can still connect to my server even if I don't advertise a human readable alias for it? What are you some kind of hacker??
Reminds me of the morons who run services with open sockets to the world but think that they need to firewall ICMP for security.