Do any of these NVR solutions offer police/authority notifications when alerts trigger and you are not home? It's the one thing that keeps me tied to a cloud provider.
Ever considered these aren't the full set of exploits the researcher discovered? Or that he can find more since he found these? If I found a bunch, I'd certainly withhold a few as insurance.
Sure, but GitHub and Gitlab aren’t the only two ways to share code on the Internet. The conspiracy theories about two unrelated companies shutting down his git accounts to prevent him from releasing these supposed exploits are reaching pretty deep into conspiracy theory nonsense. The conspiracy theories can’t even agree if he was banned for posting them or because he hadn’t posted them but might post them.
They’re pointing out a proposal that some nodes can block pins, resulting in censorship
and that censorship at all would compromise the point of IPFS
although I disagree with both of those takes. Nodes always had discretion in IPFS, just pick a different node or pin something yourself which has pretty much always been required. Everyone can route to your pinned files while pinned.
I can see a situation where Microsoft contacted federal law enforcement to strongarm both GitLab and GitHub. But I believe all megacorps are one giant government conspiracy so consider the source.
Security industry going to be okay - someone will always pay for 0-days. If vendors wont pay its just gonna be US agencies, Israel resellers, China or Russia.
If you don't feed your army, you will soon feed someone's else's.
These days corporate security treats these workstations like a dummy terminal. No secrets live on the workstation. You have to re-auth with sso constantly with biometrics and are basically editing data that is in a cloud. So the risk to a corp is minimal where even in the worst case they are insured.
Zero days like this are being disclosed regularly so the idea of securing a windows workstation is tantalizing but you'll never feel satiated trying to drink that water so don't even try.
So yea there's plenty of windows users but we're certainly not hosting anything important on those boxes and would frankly be aghast at the suggestion.
> These days corporate security treats these workstations like a dummy terminal
Correct, "zero trust" is the buzzword but this is how Microsoft even recommends you set up your endpoint infra. Assume breach, treat every endpoint as if it is currently compromised or could be at any time. Laptops are basically ephemeral, when set up right, and can be wiped and re-imaged within an hour or less.
That's not unique to Windows either, that's how all employee/user endpoints should be managed.
Not to mention all the startups being founded right now. Sure, github's still the default, and maybe you can still monetize stars or something, but it's also a clown show from an availability, feature roadmap and company policy perspective.
Is it really fiscally responsible to tie your company's future to that?
I wonder if anyone tracks metrics for this stuff. Percentage of stuff with a repo there is probably still high, but what's happening with stuff like github actions, and are devs directly pushing to github, or are they just mirroring an internal / other provider's git repo to it?
No problem. The CIA will give it's high level officers millions of dollars in gold bars simply for the asking. I'm sure purchasing exploits doesn't even require a purchase order.
My worst interview was at Uber (their security team).
The screening and technical interviews on site were all fine and dandy. At the end of the onsite interviews I spoke with the director in charge of the team. I asked some general questions like, "What's the team's work-life balance like?"
He chuckled and said something like they work 60+ hour works. I looked at him and said flatly, "Yeah, I'm not doing that."
The HR person called me after the onsites and was completely puzzled. She said she never seen a candidate pass technicals and not get an offer. She suggested sending me to another team (I declined).
> My worst interview was at Uber (their security team).
Worst? It sounds like a great interview where you set a boundary before going into a situation you would not have liked. People forget that part of the interview process is also for the candidate to decide if they want to work for the company.
I feel you. I once had a second-level manager interviewer suggest that I work through the lunch hour while on the job. I terminated that interview process the same day.
I really like Linux, but it's incredibly fragmented. The fragmentation can be seen as part of the allure of Linux (make it your own, use whatever you want, may the best software win, etc).
As I've gained experience (and maybe some wisdom), I've come to find the fragmentation a huge turn off. I've grown more and more fond of the BSD world. You install an operating system. You can learn the system and it doesn't change (much). It feels like you can accrue knowledge that doesn't become irrelevant every six months.
Can you detail the transition? What were the pain points? I feel like you lose a lot of the selling point of OpenBSD as soon as you start pulling from ports, but how could you do anything productive without it
Ports are sometimes hardened as well, such as Firefox, Chromium, Got (OBSD git alternative, not yet part of base) etc...
But I personally don't really use OpenBSD for security. Sure, good security is important, but for a simple person, I think any updated OS, with good passwords/pubkey auth, good config, being careful etc etc... Is good enough.
OpenBSD is a coherent OS. It's simple (for geeks), and you can use it, by just using the documentation. There's no need for looking up tutorials really, because you don't have to read a 500 page book to understand certain tools, just basic man pages and some computer science knowledge.
With OpenBSD, you go back to a simpler time. Without all the hectic bullshit and an ever-faster pace of constant changes that makes our lives worse, rather than better. The only useful thing it can't do is gaming - with some exceptions, for that I use Windows.
Talking about ports again: OpenBSD comes with batteries included. Not everything though, but you don't really need the ports that much for just a server, if you aren't doing anything complex.
I also use it on desktop/laptop systems, booting it up (yes, it's relatively slow...) always gets me to a state of tranquility. The good ol' days. Maybe that's just my type of brain, but life needs to become simpler again.
Really, what post-2010 information technology has really improved our well-being? Can't think of much.
OpenBSD may have to many rough edges for a desktop system though, even for most geeks. But for those, there is FreeBSD (have it on one laptop). Just get a well-supported machine for that.
I've tried Windows a few times over the years and every time I regretted it. From nagging notifications, random restarts while I sleep (for "updates"), ads in the start menu, ai shoved into every orifice, to constant "updates required" after you just updated.
On the bright side, the battery life was better on Windows and sure-- games work. The latter is slowly becoming the norm on Linux as well.
reply