My router will still block all ports not explicitly allowed for the hosts regardless of protocol, it’s a firewall after all and not just NAT. Just because the host addressable doesn’t mean its ports are reachable.
My router will still block all ports not explicitly allowed for the hosts regardless of protocol, it’s a firewall after all and not just NAT. Just because the host addressable doesn’t mean its ports are reachable.
Testing is actually mandatory, what’s not mandatory though is to do it before deploying.
what’s feurking
An optional step in the développement process
Emacs? When there’s ed
? Talk about bloat…
Personally I’d love to see more wider usage of S/MIME and/or PGP.
I’d rather see less. https://www.latacora.com/blog/2019/07/16/the-pgp-problem/ is a good summary about the issue and they have a shorter follow-up post about why encrypting mail in general is bad at https://www.latacora.com/blog/2020/02/19/stop-using-encrypted/
What I take issue with actalis, is that they don’t just sign your private key but you actually get the private key from them. It then depends on how much you trust the issuer.
By definition, that key can no longer be considered “private”.
Could be the kernel itself
Wouldn’t make sense to me because the thread says GNU/Linux and others, though this could relate to Android or distros not using any GNU.
gnupg
Usually not exposed to the network though, but it’s generally a mess so wouldn’t be too surprising
Another candidate I have in mind is ntpd, but again that is usually not easily accessible from outside and not used everywhere, as stuff like systemd-timesyncd exists.
Just want to stress that I’m not sure about it being OpenSSH, it was more supposed to be a fun guess than a certain prediction
Since this affects Linux and others, I’m guessing this is about OpenSSH. But I’m not very certain. Just can’t think of another candidate.
But holy sh, if your software has been running on everything for the last 20 years
This doesn’t sound like glibc as someone in the thread guessed.
systemd config is inspired by INI, with section headers and key-value pairs. It doesn’t get much flatter than that. It doesn’t compare to YAML or JSON.
Which part of systemd’s config is not text-based? The only “database” it uses for configuration is the filesystem
YOUR REALITY IS SHAKEN
YOU HEAR THE WORD “MONDAY” ECHOING AND SHIFTING IN COLOURS
A kind of interesting phenomenon. He comes in with his dog, cries that he doesn’t have a place to stay, Jon allows it for as long as needed and then… he just vanishes one day, leaving Odie with Jon, never to contact them again. Did something happen between the two? Was he ever real or a product of Jon’s mind? A wiki states:
According to Davis, Lyman’s original purpose was to be someone who Jon could actually talk to and express other ideas — a role gradually taken over by Garfield, himself.
It doesn’t reveal who gave Lyman that purpose; it could be that it was Jon himself who, over the years, got less attached to reality, so he got done with talking to and interacting with Garfield.
That or it’s just a lazy uninspired comic that only has a minimum level of continuity and doesn’t care to explain why a former choir character suddenly vanishes.
They’re afraid of the drag dealers’ wrath
Really? They might use some GNU programs, but I’m sure the default user land for OpenBSD is all theirs. Just because you know cp
etc. as GNU utils doesn’t mean the BSDs use the same ones. They are just part of the operating system. https://github.com/dcantrell/bsdutils tried to collect various BSD implementations for example
I was also with a provider that didn’t offer API access for the longest time. When they then increased prices, I switched, now paying a third of their asking price per year at a very good provider.
I guess migrating is difficult if the provider doesn’t offer a mechanism to either dump the DNS to a file or perform a zone transfer (the later being part of the standard).
Can only recommend INWX for domains, though my personal requirements aren’t the highest.
Not true, I also enjoy stuff not created by workers, like mountains, forests or the sea.
On the other hand, I hate a lot of stuff capitalism created.
A lot of paid cert providers were not so great before LE put the spotlight on the issue; it was more of a scheme to extract money from operators who couldn’t afford to not offer TLS / SSL. https://bugzilla.mozilla.org/show_bug.cgi?id=647959 was a famous post that made fun of / criticized the system before LE. This hurt security, and if not free, LE wouldn’t have worked.
Also wildcard certificates are more difficult to do automated with let’s encrypt.
They are trivial with a non-garbage domain provider.
If you want EV certificates (where the cert company actually calls you up and verifies you’re the company you claim to be) you also need to go the paid route
The process however isn’t as secure as one might think: https://cyberscoop.com/easy-fake-extended-validation-certificates-research-shows/
In my experience trustworthyness of certs is not an issue with LE. I sometimes check websites certs and of I see they’re LE I’m more like “Good for them”
Basically, am LE cert says “we were able to verify that the operator of this service you’re attempting to use controls (parts of) the domain it claims to be part of”. Nothing more or less. Which in most cases is enough so that you can secure the connection. It’s possibly even a stronger guarantee than some sketchy cert providers provided in the past which was like “we were able to verify that someone sent us money”.
Open source firmware doesn’t mean anything as long as tivoization is happening.
Which I don’t know whether it’s the case, but legislature might make this a requirement.
I have full IPv6, none of my ports that I haven’t explicitly whitelisted in the firewall can be accessed from the Internet. I can open a host completely, but it’s not default. This is on the most common brand of consumer routers here.
Just because it’s not NATted doesn’t mean there’s no firewall in place.