Another learning from this incident is that whoever still uses ssh in an open-to-internet mode (where anyone can attempt an ssh login on a hostname from any network connection) is behind the curve.
Public cloud solved this years ago for large cloud environments and tailscale solved it for small scale/on-prem/hobbyists
How the xz backdoor was found is exactly why i tell my SREs to investigate unexplained/strange things. (Not primarily for security reasons but it has also lead to those in the past)
The pluggable/modular idea is a very nice design, that will be quite helpful.
However please whatever you do, include an account reputation/lifecycle part in the telemetry. Long-term nothing else will work: ip/email even phonenr are too low level and easily obtainable by bad actors
I don't think people understand how brittle and ephemeral systems of government are—they literally can disappear or be replaced within hours; both with and without violence.
I've seen that happen in Eastern Europe in the late 80s and early 90s, basically just a few miles away from where I lived.
Deploying HTTP/3 at scale really shows the regression of the internet in terms of large monopolistic corporations vs independent companies or communities
Can someone help me parse a statement I just got from Okta? I asked if the service account compromised in a recent breach was protected by MFA. The response:
"The unauthorized access to Okta’s customer support system leveraged a service account stored in the system itself. Service accounts are used for machine-to-machine functions that would be disrupted by an interactive prompt. MFA is not supported on such accounts."
Can people with experience in these sorts of environments paraphrase in plain English? How is an account "stored in the system itself" different from other sorts of accounts? Is it really not feasible to use MFA for this account?
@dangoodin i would just hilight one important thing here: there are also multiple types of service accounts, and a lot depends on the exact services and authentication methods.
Those determine whether things like hardware security modules could be applicable or not
This does sound like that the “service account” in question was not exclusively system to system (with tokens/public-private key pairs or such) but rather a bog-standard account used for system purposes that nonetheless could be logged-in to.
Which is a questionable practice. Those accounts should not allow user logins exactly for this reason (so that credentials only exist on the system itself that uses the access)
Welcome back online to all the services down due to cloudflare’s surprise DR test that apparently went sideways. Also, I #hugops to the techies at Cloudflare who had a very bad, no good day.
Why is it when (white, natch) Americans or Europeans look for food sources after a natural catastrophe it's scavenging, but when Palestinians do it it's looting?
And why is 'desperate' in quotes?
Given that aid organizations talk about how difficult it is to get aid meant for innocent civilians past [Hamas/Israeli forces, depending upon one's politics], isn't this a desirable outcome?
@kims another example of horrible editors. The article itself is well-written and fine. No scare quotes there - the headline added by editors is awful.
One of the things I am really liking about Fastly, other than that it makes the instance incredibly fast from almost everywhere, is the observability. I was poking around and found this graph that shows the origin of traffic to the instance at a given point of time, with the size of the bubble representing how much traffic that pop is getting.
Note the two big circles. One over Germany, and one over Finland. Coincidentally, the location of Hetzner’s two main sites.
Much of that traffic is inter-instance communications. And the reason is that, I strongly suspect, much of the fediverse infrastructure exists in those two Hetzner datacenters.
NB: Hetzner is critical infrastructure for the fediverse.
Would atrocities like those be treated differently this time?
And it seems like mostly not. AT/DE learned instead to unconditionally avoid criticism of Israel and to avoid meaningful help to Ukraine to a large extent.
When did the lesson become “give a pass along ethnic lines, so they can perpetuate the cycle of violence?”
Why is it so hard to recognize a ghetto for a ghetto, whether it’s WW2 Warsaw or current Gaza?
All the neo-fascists whether it’s AfD or FPÖ in Austria revel in this hypocrisy. They want to go back to hating jews and these events will eventually let them.
And we have the largest ethnic cleansing and genocide happening in Europe since WW2, and all that Austria can muster is “we’re neutral”? Neutral between WHAT?
And Germany is only slightly better - Ukraine needs to win this war Mr Scholz: Germany should have supplied Taurus, and ramped up massively artillery shell production for Ukraine a year ago.
You’re afraid Ukraine would use Taurus to drop the Kerch bridge? That IS the aim Mr Scholz.
You won’t save lives by sending air defense systems to Ukraine while avoiding giving Ukraine the means to win the war. You feel good about lives on the margins, without really making a difference.
Russia will perpetrate genocide until it loses the war.
Russia might cease to exist if it loses the war: this is how it should be.
Did Austria and Germany learn the important lessons from mass atrocities in WW2? No, it does not seem like that.
Support for Ukraine is relatively low in Austria/Germany compared to other EU democracies. AfD and FPÖ are major parties with growing support. And instead of focusing on atrocities, this misdirected guilt along ethnic lines is bound to break with terrible consequences one day once those neo-fascists get into power.
@usi what’s more valuable: hosting refugees and giving defensive aid to Ukraine - or helping Ukraine actually win the war so that refugees do not have to be refugees?
The german approach is terribly inefficient, and it’s not aimed at defeating Russia.
A lot of german business still talks about the “return to normal” when there will be no such thing with Russia.