I read some of the discussion over CVE-2023-7028. It sounds like they were reading a list of emails for password reset and if one matched the account they sent the reset email to all of them.
In my mind it is an extremely low bar that programmers not mix unauthorized input with account data. It simply should not have been possible to send an account secret to anything other than emails present in the database, full stop.
IDK, I appreciate the transparency and I would have been safe from that attack because I always use 2FA. But this is not a viable product for hosting code if their coding practices allow something like that through.
You’re correct. And I don’t think we are armchair coding. We know proper security is so hard that even experienced developers can write code vulnerable to something like a timing attack. But sending secure data to unvalidated input isn’t a minor slip up that could happen to anyone. They are either unaware of or not bothering with good practices.
I’m planning to set up LUKS on an SSD. Many guides are suggesting using a simple key to set things up and then revoke it when everything is in place....
Yes. Some guides suggest, say, “just use ‘key’ for now, we’ll replace it later.” I didn’t mention their step adding a stronger key, I guess I didn’t see that as an important part of the question.
I think yeah, I will not be following that advice for sure. Just wondering at this point if someone should take extra precautions around SSD encryption. Like should one overwrite the whole drive if a key is leaked so that the odds of recovering any info from the chips is lessened? Or is revoking the leaked key sufficient?
He’s received plenty of warnings but no repercussions. So he will continue stealing from charities and misusing campaign funds until there is an actual consequence.
One problem is that what they’re calling him is completely inaccurate. “Journalist” implies impartiality, of at least content with a non-zero amount of truth.
I often hear, “You should never cheap out on a good office chair, shoes, underpants, backpack etc…” but what are some items that you would feel OK to cheap out on?...
I agree. For power tools, especially where decent accuracy is key like it is with a jointer, definitely more of a “do your research, price is not equal to quality,” not “you can do fine with any cheap one.”
https://imgur.com/a/JMlZvgJMy first attempt at a commercial 3D print: an asthma inhaler body that can flip into a slimmer form so it doesnt jut out and dug into legs or tear pants. What do you guys think?...
He testified for under three minutes. But former President Donald Trump still broke a judge’s rules on what he could tell a jury about writer E. Jean Carroll’s sexual assault and defamation allegations, and he left the courtroom Thursday bristling to the spectators: “This is not America.”...
I dunno when it happened but I swear SBCs were the new best thing in the universe for a while and everyone was building cool little servers with their RockPis and OrangePis....
Thank you, really appreciate your advice. I was just struggling to install Proxmox on a new machine, and you made me take a step back. The kernel is messed up, do I really want this? Why am I jumping through hoops for this when Debian has zero issues installing? I’ll be trying the container software you mentioned instead.
I’m glad the people with this device are getting traction on using it with their HA, but holy hell this is a complete non-starter for me and I cannot understand why they got it in the first place. There’s no climate automation I would ever want that is worth a spying device connected to the internet and a spying app installed on my phone.
I’m cynical so I assume they are turning a profit selling user data. So the lost money is not from AWS expenses but from not having installed apps to steal more data.
I’m just getting started on Proxmox and had no idea plugins like that were available. Anything in particular that works well for you? I’d like to try it out.
Sorry, but do you have a setup where you don’t need to worry about the atomicity of that operation? It sounds simple and effective, so I’d like to do it, but I’m concerned I may get something halfway through a write.
I suppose the odds are you’d have at worst a bad log file whereas config files and binaries are used read-only the majority of the time.
Currently, I run Unraid and have all of my services’ setup there as docker containers. While this is nice and easy to setup initially, it has some major downsides:...
Could you give a quick example of using NixOS configuration to launch a machine or deploying something remotely? I’m just starting to move beyond a single machine at home. I’d really like to get transition to infra as code.
GitLab users warned of flaw that allows file overwrite — so update now (www.techradar.com)
How safe is revoking a LUKS key on flash media?
I’m planning to set up LUKS on an SSD. Many guides are suggesting using a simple key to set things up and then revoke it when everything is in place....
Trump must still cough up at least $90M in E. Jean Carroll verdict — and soon — even though an appeal means she has to wait for it (www.businessinsider.com)
Donald Trump has to cut a fat check, and his appeal of the E. Jean Carroll verdict won’t delay that....
Happened to me multiple times (lemmy.zip)
Math (lemmy.ml)
think of the shareholders (slrpnk.net)
What are some things you can/should cheap out on?
I often hear, “You should never cheap out on a good office chair, shoes, underpants, backpack etc…” but what are some items that you would feel OK to cheap out on?...
My First Commercial 3D Print (files.cults3d.com)
https://imgur.com/a/JMlZvgJMy first attempt at a commercial 3D print: an asthma inhaler body that can flip into a slimmer form so it doesnt jut out and dug into legs or tear pants. What do you guys think?...
Donald Trump testifies for less than 3 minutes in defamation trial and is rebuked by judge (apnews.com)
He testified for under three minutes. But former President Donald Trump still broke a judge’s rules on what he could tell a jury about writer E. Jean Carroll’s sexual assault and defamation allegations, and he left the courtroom Thursday bristling to the spectators: “This is not America.”...
So SBCs are shit now? Anything I can do with my collection of Pis and old routers?
I dunno when it happened but I swear SBCs were the new best thing in the universe for a while and everyone was building cool little servers with their RockPis and OrangePis....
Sounds like Haier is opening the door! (github.com)
Dear Andre,...
Ditching PaaS: Why I Went Back to Self-Hosting (shubhamjain.co)
cross-posted from: lemmy.ml/post/10738584...
Backing-up Single Board Computer
Hello everyone!...
Kubernetes? docker-compose? How should I organize my container services in 2024?
Currently, I run Unraid and have all of my services’ setup there as docker containers. While this is nice and easy to setup initially, it has some major downsides:...