After five years of captivity, I'm finally free of Cloudflare. And tomorrow, I'll be free of Teachable.

Feels incredible.

Most Mirai forks are disposable. #Jackskid was built not to be.

Joint research with Comcast Threat Research Labs — we tracked this botnet across 80+ samples and 13 build generations as it evolved from a bare-bones prototype into a dual-vector Android TV/IoT platform with triple-layer encryption and DNS-over-HTTPS C2.

Report and IoCs: https://github.com/deepfield/public-research/blob/main/jackskid/report.md

#threatintel #ddos

RE: https://unredacted.social/@unredacted/116280342997139646

We've completed our deployment of nearly 100 additional Tor exit relays (totaling 123). We now have nearly 500 CPU cores and 1TB of RAM dedicated to relaying traffic on the Tor network, a huge milestone for supporting Internet freedom.

Real infrastructure, not vaporware. We've shared some pictures of our work and hope you enjoy the purple aesthetic, matching Tor's primary color.

Kender jeg en der forstår NIS2 godt nok til at forklare mig (bare i punktform) hvilke krav en auth DNS udbyder skal leve op til?

(Jeg kan godt selv google - jeg leder efter en der arbejder med NIS2 og forstår reglerne godt)

Jeg vil gerne betale et par timers løn for den rigtige person.

Del gerne - tak! :)

Instead of having a lot of standalone Ansible roles on my forgejo instance, I have created my own collection.

Let me announce you the first release of the "jriou.general" Ansible collection 🚀 https://git.riou.xyz/jriou/ansible

#selfhosting #homelab #ansible #certbot #coller #firefly #forgejo #galene #golang #navidrome

Amazing opening keynote at @bsidessf by my old con buddy @bubblewire making the case for *optimism* in a very tumultuous time for the security community.

Why to be optimistic?
1. “The Room where it happens” Security is now increasingly part of strategic institutional decision making. Beyond just tech to real influence. 10 years ago, who wanted hackers in the room?

2. We have learned to design for humans, not against them.

3. Started to focus on what actually moves risk. Real skepticism of rote vendor solutions. Better at calling bullshit and focusing on what solves real problem

4. Barrier of entry are lower. Abstractions allow more people to engage in security. Everyone can be a builder. We depend on creativity and experimentation. Security practitioners are becoming builders.

5. Legacy risk might finally be tractable! AI tools can read, understand, and transform the legacy cold bases. We can imagine burning down technical debt.

6. We can pave things from the start - new providers are thinking about security “with a heightened awareness” New AI leaders have invested in security. Not a first priority, but maybe second or third, rather than bolt-on.

We have managed massive transitions in the security space before (cloud native!).

She also reminds us that the entire security community is built on just that: community. We share, we build collaboratively, we rely on alliances and nonprofits and standards orgs.

This is the best evidence, that Google is going too far.

I got email, that my 200 GB Google One plan is being phased out (with wife we have shared sub for Google Photos), and I have to choose between 100 GB (too small) or 2 TB (too expensive).

Wife, who not even 2 weeks ago asked me how to open file browser on her MacBook, asked me if I can make "some server thingy", to have our photos locally, and not in Google Photos.

So here I am, configuring Immich locally!

#selfhosting #server #linux