cron @ cron @feddit.org

Posts

20

Comments

502

Joined

1 yr. ago

They should have split it so both of them can enjoy at least 50% of it.

Does anyone know how many corporations have the technical ability to inspect TLS 1.3?

To some extent. But look at the small letters in the background...

ssh with an easy to guess root password?

It probably has a large database of exploits it can use. The article claims 20k, but this seems to high for me.

Yes, but they replace common tools like top or lsof with manipulated versions. This might at least trick less experienced sysadmins.

Edit: Some found out about the vulnerability by ressource alerts. Probably very easy in a virtualized environment. The malware can't fool the hypervisor ;)

I agree, but I understood this question in the context of a homelab.

And for me, a homelab is not the right place for a public website, for the reasons I mentioned.

No, with these reasons:

• Bandwidth isn't plenty
• My "uptime" at home isn't great
• No redundant hardware, even a simple mainboard defect would take a while to replace

I have a VPS for these tasks, and I host a few sites for friends amd family.

Five pizzas?

I got it a few times over the last years, once on the steam deck.

Just one open source example ... freeradius has an option to log passwords:

    
log {
    destination = files
    auth = no
    auth_badpass = no
    auth_goodpass = no
}

  

Or another example: The apache web server has a module that dumps all POST data, with passwords, in plain text:

mod_dumpio allows for the logging of all input received by Apache and/or all output sent by Apache to be logged (dumped) to the error.log file. The data logging is done right after SSL decoding (for input) and right before SSL encoding (for output). As can be expected, this can produce extreme volumes of data, and should only be used when debugging problems.

I don't agree that this is "absolutely malice", it could also be stupidity and forgetfulness.

This is not about facebook not hashing credentials, it is that they appeared in internal logs.

Facebook is probing a series of security failures in which employees built applications that logged unencrypted password data for Facebook users and stored it in plain text on internal company servers.

Source: Krebs on Security

All models are equipped with 16GB of RAM, and two additional storage variants are available that cost 21,999 yuan (about $3,089) for 512GB and 23,999 yuan (about $3,370) for 1TB.

They are learning from Apple about the memory price. $300 for 512 gb additional memory storage is insane.

By supporting work on a freelance basis

This sounds like Valve is paying devs to work full time on arch, and thus managing to achive more than volunteers could.

A little low specs for a tablet with "pro" in its name, but at only €400 they needed to save money somewhere

You're right, my comment was oversimplified.

Because both ways are used. Microsoft relies on file names, linux on the first bytes of the file.

I don't think "most" applies here. Text-based files, pdf, media files and most executeable files are not .zip.

I think it makes sense from a programming view. When you have a document, you can add all the media files and pack them together as one archive. Then the program sets the filename to .docx so everyone knows that they need an office program to open that file.

For the users, all you need to know is what program can open which files. If every document would be named .zip, you would have no idea if it was a spreadsheet or slides for your presentation.

OP refers to the fact that you can rename some filetypes to .zip and unpack them.

Notable examples microsoft office files (.docx) or android apps (.apk).

Counterexample are media files (mp3, mp4, jpg).