realn2s

realn2s, 9 months ago (edited 9 months ago) to random German

#Buch gefunden 😁

Ich suche ein Kinder-/Jugendbuch (oder Reihe) die ich vor einer halben Ewigkeit gelesen habe.

Inhalt:
Nach einem fehlgeschlagenen Bankraub (durch einen Tunnel) bei dem die Polizei im Tresorraum wartet, gründet die Bankräuberbande, um den Versuch zu vertuschen, notgedrungen ein Hotel.

Das läuft dann überaschenderweise ganz gut. Der Kommissar ist aber lange misstrauisch und kommt regelmäßig zur Kontrolle vorbei. Er wird dadurch ihr bester Kunde (des Restaurants). Die Bande fängt an dem Kommissar, unter Nutzung ihrer speziellen (kriminellen) Fähigkeiten, bei der Lösung von Fällen zu helfen.

Mitglieder der Bande waren u.A. ein Safeknacker, ein Fassadenklettere und noch 2-3 weitere.

Kennt jemand das Buch und kann mir Titel, Autor oder weitere Details verraten.

Lösung gefunden
Es ist die Kommissar Klicker Reihe von Rainer M. Schröder.
Die Geschichte mit den Hotel kommt aus Band 1 "Unternehmen Bratpfanne"
🎉
https://www.goodreads.com/book/show/18662555-unternehmen-bratpfanne

(Danke an @evilbibu
und auch sie die geboostet haben)

realn2s, 5 months ago (edited 5 months ago) to microsoft

I'm not sure if I get something wrong, but I think #Microsoft #Entra ID #Password Protection is complete rubbish. E.g. when ban weak passwords with the ominous 5 points rule the results seem to be completely arbitrary.

Microsoft speaks of including commonly used weak or compromised passwords in their Global banned password list. But the list isn't based on any external data source, so leaked passwords not leaked by Microsoft are not included 🤡​.

This leads to:
Known leaked passwords are accepted. Location name plus year is accepted. Dictionary word plus year is accepted!!!

Not sure if this applies only to German dictionary words.

It gets even worse. Reading the documentation, I found "Characters not allowed: Unicode characters" WTF

Coming back to the weird point system. A banned password is not really banned, it gives you "only" 1 point (and you need five).

This leads to the question how many points do none-banned words give?

If you think it can't get worse, you're wrong! It looks like each character of a none-banned word gives one point. Meaning "password1234" is an accepted password. (1 point for password and 4 for each digit)

Or a real life example: The #SolarWInds #SupplyChain attach which affected Microsoft, US government agency and countless other organizations world wide, was cause by a weak FTP server password.
Namely "solarwinds123", which would be accepted by #Entra ID #Password Protection (1 point each for "solar" and "wind", 3 points for the numbers. If "solarwinds" would be on the custom banned list, "solarwind1234" would have been enough.

And you can't do anything against it.

I actually hope that the documentation is somewhat wrong and that "123" is not 3 points but 1 as it are consecutive numbers. But this would make it only marginal better (2023

#Cybersecurity #Fail #SecurityFail

realn2s, 7 months ago to Cybersecurity

TL;DR;: Help!. Do you have tips writen policies or examples of good #cybersecurity policies you could share?

Please #boost for reach.

Long:
A #Confession

I really struggle with writing #cybersecurity #policies

I feel caught between writing them for #Compliance (easy evidence that it is followed), prescriptiveness (telling "everyone" what they need to do), usability (adapted to real life usage and followable), risk appetite (which is so different depending who you ask and depending on the context) and "security" (related to risk appetite, what is it anyway 🤪​).

And, to make matters worse I'm not an expert on all topics I'm asked to write policies for.
AND they shouldn't require frequent change 😠

From what I see (there are so many bad policies around) I don't seem to be the only one 😕

Help, stories, example, ... to help me (or others) writing better policies greatly appreciated.

realn2s, 5 months ago to Help

#Help need please #Boost

I'm looking for a copy of the article by Daniel Bobrow: "A Turing Test Passed" ACM SIGART Newsletter, December 1968, pp. 14–15;

I can't find a digital version 😞
#HistoryOfComputing

The article describes an conversation of Daniels boss with #ELIZA (one of the first chatbots) which went something like this

VP: Do you think that I can use the computer this morning?
ELIZA: Why do you ask?
VP: I might be able to make some additional telcomp sales.
ELIZA: Why aren't you sure?
VP: My prospective customers have never seen a demonstration of the system.
ELIZA: Does this mean very much to you?
VP: Of course it does.
ELIZA: You seem very positive of that.
VP: This is ridiculous.
ELIZA: What do you mean this is ridiculous?
VP: Is there any reason why I can't use the computer now?
ELIZA: Tell me more about your prospective customers.
VP: Call me

Note that after that remark the VP left out the period. Therefore, of course, the computer didn't answer him. This so infuriated the VP, who thought I was playing games with him, that he called me up, woke me from a deep sleep, and said:

Why are you being so snotty with me?

What do you mean why am I being snotty to you?

The VP angrily read the dialog that 'we' had been having, and couldn't get any
response but laughter from me. It took me a while to convince him it really was the
computer.

realn2s, 5 months ago (edited 5 months ago) to random

From time to time i stumble onto this slide (allegedly) From a 1979 IBM presentation.

Does anyone have a plausible source for it?
I tried finding one but failed

#BoostWelcome #WisdomOfTheCrowd
#IBMSlide

realn2s, 4 months ago to random

My #Dell #U4320Q doesn't switch on

Has anyone experienced the same problem and might know a fix?

If I can't fix it, I need a #recommendation for a new #display

What is your preferred setup for programming and technical work?

#FediPower #SwarmIntelligece

realn2s, 7 months ago (edited 7 months ago) to random

Schwarm-Intelligenz gefragt.

#tldr

• Hat da jemand Erfahrung mit Nutzung des MagentaZuhause Schnellstart LTE Tarifs über die Fritzbox? (
• Kann jemanden einen anderen LTE Tarif empfehlen der mit der Fritzbox/LTE USB Sticks funktioniert?

Es sieht so aus das der Tarif wirklich nur mit dem Router der Telekom funktionieret:
"Der Tarif Zuhause Schnellstart ist ausschließlich
mit einem Schnellstart-Router nutzbar." 😐​
Steht im Kleingedruckten https://www.telekom.de/hilfe/magentazuhause-schnellstart#e_592344

Update für die einzelnen Geräte in Folge-Posts

#DSL Anschluss geht gerade nicht.
Die #Telekom hat mir deshalb eine LTE Router mit MagentaZuhause Schnellstart Tarif geschickt.

Damit könnte ich prinzipiell zwar ins Internet, würde das gerne weiter über die #Fritzbox laufen lassen.

Dabei scheiterte ich. Der original Huawei Router der Telekom (E5785-320a) wird beim Anschluss über USB an der Fritzbox nicht als mobile Verbindung erkannt. Ein anderer Huawei Router (E5738B-230) und ein LTE USB Stick (ZTE B66588) wurden von der Fritzbox zwar erkannt. Es sieht auch so aus als ob eine Verbindung aufgebaut wird, allerdings werden keine Daten übertragen ☹️

Ich weiß jetzt nicht ob ich war falsch mache oder ob der Tarif an den Router gebunden ist.

Gerne Boost

realn2s, 6 months ago (edited 6 months ago) to music

For no particular reason here some "cover bands" I really like

For a start #Pomplamoose https://www.pomplamoose.com/

Together with guest musicians the cover a wide range of songs. They manage to add their own touch and the fun they have recording it radiates through the videos.

Some of my favorites

• Daft Punk | Something About Us #cover
  https://www.youtube.com/watch?v=2CCNswShJRc
• I Will Survive + Maroon 5 Mashup https://www.youtube.com/watch?v=bgAIPwTlnHg
• Tainted Love - Gloria Jones / Soft Cell https://www.youtube.com/watch?v=m_T-YCoMc68

#Music

realn2s, 1 year ago to fediverse

Question to the #Mastodon community

After my negative experience with #DropBox
https://infosec.exchange/@realn2s/110200718918101674

Any recommendations for a (self-hosted) alternative? For a self hoste version I would really like the option to (securely) mirror it offsite (e.g team up with others and safe the data of each other. Ideally with E2E encryption)

@nextcloud looks most promising. But I don't know how the mirroring could be accomplished. The status and functionality of Open Cloud Mesh could be interesting.

#Boost is welcome

realn2s, 4 months ago (edited 4 months ago) to Cybersecurity

Dear #infosecurity crowd,

I would like to hear if you know the #OpenSpace conference format.

Please #boost for reach

#cybersecurity

Edit: Thank you all for boosting and answering.
I would love to make the Open Space format better known in the cybersecurity context. I think it is a valuable addition to existing formats such as traditional conferences or #BSides

If you would like to learn more about Open Space see my follow up posts

If you participated in Open Space events (in any domain) please share your experience.

realn2s, 1 year ago to random

Da kann man sich doch nur an den Kopf fassen.

"Über Verteuerung drängen wir Mieter raus. Dann geben wir finanzielle Unterstützung damit Arme die teuren Mieten zahlen können"

Damit wird quasi direkter Geld zu den Vermieter transferiert.
Und man kann sich dann über die hohen Sozialausgabe beschweren 🤬
https://www.spiegel.de/wirtschaft/soziales/wohnungsnot-wissenschaftler-wollen-aeltere-durch-hoehere-mieten-zum-umzug-bewegen-a-be74b8a9-69ab-4dfa-8ea6-09af87cbe4d9

realn2s, 6 months ago (edited 6 months ago) to random

#swarmintelligence question

I got a #Phishing/ #SPAM email with a really strange header. The header doesn't contain any "Received:" lines. As it "is" an external email IMHO there should be at least one of the local #SMTP-Server/#MTA

Any experts there who can explain me the header?

#Boost welcome

realn2s, 7 months ago to linux

After it worked like a charm the last time, another #SwarmIntelligence #Nerd question. (Please boost for reach)

How can I (temporarily) disable all color output on a #Linux command line?

Background: I try to work in a sunny environment. Maximizing screen brightness it basically works fine BUT some command color their output (git, rail, ...). And blue or red output is very hard to read on the black background.

A had hoped that an
export TERM=xterm-mono
would do the trick, but sadly not.

Any ideas on how to accomplish this are welcome
(I would like to avoid switching of color output for each command separately so 😠 )

realn2s, 9 months ago to mastodon

I'm looking for #FedITips, #AskTheFedi

One of my reoccurring unsolved problems is, finding stuff i know exists but I only remember fragments about.

E.g. I know I follow a person but can't recall their handle. Search is useless as i can't restrict it to "following". Handle auto-completion only works if i know enough of the beginning of the handle.
Essentially I have to scroll through my followings, bookmarks, favourites or wherever I think I find them easiest

Is this a client problem?
Are there client which offers a "following" search?

#mastodon cc @feditips

realn2s, 11 months ago to random

@jlink bist du eigentlich gerade in Heidelberg?
Ich nämlich auch (war für mich vermutlich seltener ist als für dich 😉)

realn2s, 4 months ago to random

Anekdotische Evidenz, aber mit scheint die aktuelle #Corona Variant krass ansteckend ist. Bei mir sind im patchwork-Familienumfeld 4/5 krank. Über mindestens 2 Infektionswege. Zeitweise jetzt schon eine Woche durchgehen positive Tests.

Ich bin das restliche 1/5 😬🤞🏻
(Wobei eher 😷 passend wäre)

Masken funktionieren+
#Covid

realn2s, 4 months ago to random

Was für eine Überraschung.
Niemand kennt die Ursache #COVID #COVID19

🤡​🤦🏻‍♂️​

realn2s, 4 months ago to macos

Looking for #SwarmIntelligence

TL;DR: I'm looking for a dual screen adapter which works on an Intel MacBook Pro (ideally with Linux & Windows as well)
If you know one, please share

Some time ago my main display broke 😠
https://infosec.exchange/@realn2s/111766648815587427

While I try to get it fixed somehow (only way I see at the moment is an repair cafe) I work with 2 display I scavenged.

Nothing easier than that I thought, simply buy a USB-C dock with two HDMI ports. Boy was I wrong.

It works fine on Linux.

On Windows both display use the same resolution which leads to a distorted image on the higher resolution display.

On #MacOS both external screens show the same image. This is said to be a limit of MacOS but I have a hard time believing this. I can add a second USB-C to HDMI Adapter and both external displays just work fine. Additionally it should be possible daisy chain thunderbolt displays. So it feels rather like an artificial technical issue. E.g. the vendor would need to use different more expensive chip (or really use Thunderbolt).

Can anyone #Recommenced a Dock which supports two or more display on MacOS?

realn2s, 7 months ago to rant

How NOT to comment code!!!

#Rant about past-self

YES I see the there is a limit set at id 207. And yes, it should be removed. But WHY did I set the limit 🤬​?!?!?

I faintly recall that it was a problem with the data which caused the rendering to fail. The quick fix was not to render the erroneous data and clean it up later.
This quick fix stayed in the code for more than 2 years. It seems I cleaned-up the data as well as the code works without the limit.

Not to future-self "Comment the WHY before the what"

realn2s, 7 months ago (edited 7 months ago) to rant

#Rant
I'm just trying to restore a web project for which the production server got accidentally deleted.

As I have to do it on an available replacement server, some things are change and I have to read up on stuff. One thing I come across in many tutorials is

chown -R www-data.www-data PATH_TO_WEB_PRESENCE
(often followed by a chmod 66x)

And I think this is WRONG!!!

The directories and the data should NOT be owned by the user of the webserver. Vor security reasons the webserver should only have READ access to the stuff!!

Please correct me if I'm wrong or are overlooking something.
(and yes I understand that with this ownership you avoid permission problems)

realn2s, 6 months ago (edited 6 months ago) to Cybersecurity

Some time ago I posted search for a specific security incident #wisdomofthecrowd / #swarmintelligence

https://infosec.exchange/@realn2s/111464877137569866

I just noticed I never explained why.

If you work in #Cybersecurity you sometimes encounter resistance to take steps to secure oneself (or the organisation). The argument often goes something like:

"I'm not a target"
"To attack us wouldn't be profitable"
"We are to minor/nobody knows me"
"We are not a bank"
...

To counter that I'm searching for stories of #LittleBreaches. In which a few 100 or thousand £¥$€ were stolen. Which maybe even had a "happy ending" (because they failed or the victims got reimbursed).

I'm looking for stories were listeners think "😳 that could have been me"

And stories which are in the news usually don't do this

Nobody is going to steal $48 million from my crypto wallet or crypto exchange as I have neither nor that have this kind of money
https://web3isgoinggreat.com/?id=kyberswap-hack-2

Nobody is going to steal chip design intellectual property from me
https://www.tomshardware.com/news/chinese-hackers-steal-chip-designs-from-major-dutch-semiconductor-company

and nobody is going to switch off my power station or destroy my centrifuges

realn2s, 7 months ago to random

#BSidesMunich23 is already over 🥴
It has been a blast 😁
Let's see if i can use my treat ride back to #Kassel to write some posts.

realn2s, 8 months ago to random German

"obwohl sich das hybride Arbeiten in den vergangenen drei Jahren weitgehend positiv auf die Produktivität ausgewirkt habe und bei den Arbeitnehmern [wollen CEOs großer Firmen wollen Homeoffice mehrheitlich abschaffen]"

Ich verstehe die "Freie Marktwirtschaft" nicht. Die handelt doch nicht rational, sondern rein Ego getrieben. HO ist produktiver und sichert die Gewinnung und das Halten qualifizierter Mitarbeiter*innen. Trotzdem "Ne" 🙀​. Da kann man doch nur die Hände über dem Kopf zusammenschlagen.

Wird noch "besser":
"Immerhin: Statt einfach eine Pflicht aufzuerlegen, wollen statistisch knapp 9 von 10 befragten Geschäftsführern (87 Prozent) auch lieber mit Vorteilen ihre Mitarbeiter in die Präsenz zurückholen. Dazu zählen "attraktive Aufgaben, Gehaltserhöhungen und Beförderungen"."

WTF, wieso können attraktive Aufgaben nicht aus dem HO erledigt werden? Bekommen dann HO Mitarbeiter*innen absichtlich unattraktive Aufgaben?

Und "Gehaltserhöhungen und Beförderungen"! Spich bei gleicher Leistung wird dan die Person befördert, die die Leistung im Office erbringt? Oder noch krasser, trotz schlechterer Leistung werden Office Arbeiter*innen belohnt.

Quelle: https://www.heise.de/news/Umfrage-CEOs-grosser-Firmen-wollen-Homeoffice-mehrheitlich-abschaffen-9330256.html

realn2s, 8 months ago to Cybersecurity

I'm looking for input.

I recently was in a conference take were the speaker (digitally) handed out bingo card at the start. Found it to be great fun.

My question to you all:

What should be on a #cybersecurity #bingo card?

0-day
2FA
Breach
Encryption
Password
???

realn2s, 11 months ago (edited 11 months ago) to random

#cccamp23 I GOT A TICKET 😅​🎆​