Bert Driehuis

@bertdriehuis@infosec.exchange
5 Followers
33 Following
38 Posts
Security noob since 1986
Show threadBert Driehuis1d ago

@mackaj @ghostsponge @nixCraft I've been running my own gitlab instance in my homelab for years, and the care and feeding it needs is super okay for me (YMMV). I've installed the omnibus package, set Unattended Updates to Daily, and apart from needing a reboot every once in a while to fix hickups after major upgrades it's been hands-off for me.

Because of that, I haven't really looked into forgejo yet. I see it has CI/CD as well, cool.

Moving off of GitHub is painful, especially if you use all the features. A git repo moves just fine, but converting CI/CD, issues, discussions and GitHub Pages is a ton of work and rarely preserves history nicely.

Show threadBert Driehuis1d ago
@cR0w So it doesn't sound like Wazuh. I love Wazuh, it stays out of the way of the user. Configuring it to silence nuisance alerts is a ton of work, but once you get the hang of it, it's quite effective. Would I run it for an MSSP? Not sure about that... That's why the 800 lbs gorilla's gained their weight in that marketspace. Still, would love to be proven wrong there.
Show threadBert Driehuis3d ago

@nixCraft it is really hard to get something of the complexity of LibreOffice off the ground, let alone make it successful. If you want to make the world a better place, put some money into scratching an itch. I'd love to see anyone with some cash to spare, sponsor LibreOffice to improve variable font support, just to mention an idea. It would leapfrog MS Offices equally lackluster variable font support in an instant.

But it's not the shiny new toy that will sell your OS to the masses, so not holding my breath.

Show threadBert Driehuis3d ago

@rx13 @da_667 maybe I haven't worked on that scale of project, but I far prefer to get a RoR app to maintain than many of its alternatives. Of relevance to the original toot, with its asset management pipeline it often cuts down CSS and JavaScript down to one file (== webhit) each.

But, like Opus put it so nicely, to each their dentifrice...

Show threadBert Driehuis4d ago
@roman @nixCraft that looks like the original DEC terminator... The cables that came in that set had excellent signal transfer properties, but were super sensitive to kinking or pinching. To diagnose network issues, I speedwalked the affected corridor and replaced the first grey cable I saw. Nine out of ten times no more issues after that. Did more to establish my wizard reputation than anything else...
Show threadBert DriehuisAug 5

@MutuallyPrecautionary @nixCraft it was a sales demo. I remember seeing it in the store way back when. I think it had a couple of canned plots.

The thing was outlandishly expensive. I settled for a used commodore PET 2001 at the time at a tenth of the price of the HP.

Bert DriehuisJul 30

@campuscodi The real question is: what compromises are better, and which are worse?

It's a tough nut to crack. Can one ensure the integrity of the security enclave on a rooted phone? If not through the vendor API, how does one ensure the integrity? If not through integrity of the enclave, how will one prevent copying of the attestation, especially if privacy concerns rule out tracing use of the attestation and possibly revoking it?

The only alternative that I can see is: don't use age verification. But that ship has sailed after the tech bros sabotaged every attempt at making their algos kid safe for twenty years.

If no one comes up with a solution to the integrity issue, maybe offer people the choice between using the vendor API and uploading their govt id to every site. What could go wrong?

Show threadBert DriehuisJul 25
@fionasboots @GossiTheDog Look up Loon LLC on Wikipedia!
Show threadBert DriehuisJul 23
@ChuckMcManis @mossyfoot @briankrebs If you're using Postfix, you can do header and body filters that weed out some of the abuses. I'm dropping any mail that uses Cyrillic lookalikes mixed in with latin characters in the subject. Of course, both UTF-8 in MIME and regexes have their secrets, but it works for me and kills a ton of badness...
Bert DriehuisJul 15
@campuscodi maybe I'm in a different bubble than most, but if Ada beat Rust something feels off kilter.