I ended up reading it on bleeping computer since the linked site looks like an auto tldr bot saved 50% of the words. The important 50% was discarded.

https://www.bleepingcomputer.com/news/security/18-year-old-security-flaw-in-firefox-and-chrome-exploited-in-attacks/

Ah yep that makes sense though I’m following now

Oh okay, I see… Or rather, I see I don’t understand lol

Wait so, if your kettle fails, your fridge loses power for example?

For me I want to know how much frame latency there is since I’m suspicious and I want to try things to see the effect and I just don’t know how to get that information in an OSD like I can with msi afterburner.

If someone knows what can do this in Linux, please reply!

Instead I just stopped all competitive and cooperative gaming. Which is a bit of a shame. Sometimes I’ll load up windows to join friends but usually by the time I’ve updated whatever game I’ve gotten over it.

Don’t get me wrong, hiccups aside I’m very happy which is why I’m in Linux most of the time. But it’s not always a wonderful world.

That would surely only power a single circuit (due to isolation) and if you have to be selective, a critical circuit like your fridge isn’t really likely to have a wall port on the same circuit near where you’d happily have your fume emitting generator…

I’m no electrician but I’ve generally installed automatic transfer switches (ATS) for mine site server cabinets that then power UPS racks and the transfer switch automatically or manually can switch from mains to generator if mains power goes out (which at a mine is all the time). I feel like a similar and safe system must exist for homes. Or something no different to switching solar to grid and back.

But again, not an electrician.

At this point we want antivirus and anticheat out of windows kernel. Microsoft killing access to it will genuinely fix Linux compatibility issues.

It couldn’t be more win-win.

Microsoft is trying to test that approach. The company tested restricting kernel access to third party security vendors in the past, with Vista OS in 2006, but had to backtrack the move.

Symantec and McAfee then claimed Microsoft’s decision to shut off access to the kernel amounts to “anti-competitive behavior.”

Without kernel access, this software may struggle to perform in-depth behavioral analyses of processes and applications, to meet its objectives, said Varkey. “Blocking this access can limit the software’s ability to detect and prevent sophisticated attacks.”

They can’t be trusted, kick out everyone’s access to the kernel. Everyone must use API and that can be interpreted.

The children will have this memory engraved, and I have no idea what this will do. Awful.

This will be able to do cross site (apps) information collection within other sites (apps) in this profile. The way this works is one of many, and complicated so: https://blog.mozilla.org/en/products/firefox/cross-site-tracking-lets-unpack-that/

The idea of profiles is to stop this behaviour and other behaviours through isolation. Along with other practices makes up a privacy-in-depth (layered) approach. It doesn’t solve everything.

For example if you are in the same house sharing an internet connection, it is possible to say “at least one outstation in this house (IP) are interested in ‘x’ and therefore I should target everyone in that house because people who live together are interested in similar things”. Even if you isolate, you could still teach a data hoarding company like meta you like something simply by them by necessity needing your IP to communicate.

Some people try to say ‘I’ve got a VPS with a VPN to communicate all traffic through’ but that doesn’t add any privacy, your exposed VPS with its IP is an IP only for you and still all collected information about you would be able to be thumbprinted to that IP across many services (eg instagram whatsapp and Facebook). A public VPN provider in this case adds a layer of obfuscation since you can change your IP rapidly and it’s an IP that’s shared with other unrelated users. Which is exactly why many services like reddit are banning access from them under the guise of “oh training data leaks from VPN, and we want to sell it” bs.

Anyway it’s a tough world out there to be private. I’m at an age where after 10 years without Facebook and I never had instagram, everyone knows I’m contactable via sms. It’s not secure, it’s barely private, but I don’t really “chat” except at the pub. So that’s where they ask me to visit. Lol.

So one logical reason they even bother calling placements is because if both yuki and Max took replacements and upgrades that both would drop them to the back, who would really be at the back?

On a different point, a bad PU maker can’t even be replaced until 2026. They’re locked into their makers by the FIA until then. So they can’t really change off redbull to say Ferrari until after next season.

Imo let him start from the back, no big deal. We’ll get a good comparison of how well yuki in the vcarb can get through the field, if at all, compared to perez who will probably put himself out in q1 and attempt yet another recovery drive.

Fun for all

Giving you an up vote instead of myself leaving a snarky comment.

I keep asking the pets for their owners secrets but they don’t tell me? I’ve tried pats, compliments and treats? Am I doing it wrong? How are you getting them to tell you about their owners?

I checked too, it’s not a valid public DNS record, so then the question is, does Oktas internal DNS resolve this. Even if it does, how does okta even sit in this? Are they the identity provider for Twitter? Surely even if it’s identity, it’s got nothing to do with content moderation? So many questions.

Yeah we do a lot around frameworks at my current place, and previously we worked directly with customers with iso and acsc essential 8 frameworks. For us, non-compliance = revenue opportunity. That means we are financially rewarded for aligning them and encouraged to do so. On that same note I wrote up a checklist for “sysadmin best practices” aimed for driving reviews and checks and Remedial opportunities for small businesses, useful in that space. I got such an overwhelming amount of response in the msp reddit from people asking in DMs about it (not hundreds, just dozens, too many for me though). It’s quiet here in lemmy. Happy to share my updated version of course, just I think if you’re dealing in your sector it’ll look like childs play lol. But I kind of want to encourage a bit of community within professionals here. I just don’t want do spend time on it…

I feel you about the lowly experienced officer bit though. An account manager or business development manager, or even CTO won’t listen to me. I have a business degree, most of them don’t. I try to apply critical decision making in my solutions and risk advisory. But the words fall on deaf ears. I take a small but very guilty pleasure watching the very thing I warn against, happening both to clients and my employers. Especially when the prevention was trivial but all it needed was any amount of attention.

After nearly 20 years of IT and about 15 in MSP I’m so tired. I’m very much resonating with that “lowly engineer” comment.

You know it’s stuff like this that forces me to rewrite dns on the firewall, but that’s probably not even possible if they use DNS over TLS.

Hmm, yeah. Thanks for sharing. Because of 15 odd years of IT Managed Services, I only have non-technical companies on the brain and in my world view I hadn’t considered technology provider companies at all. They typically don’t need managed service providers (right or wrong :p).

It’s impossible to tell and you’re probably more close to the truth than not.

One fact alone, bcdr isn’t an IT responsibility. Business continuity should be inclusive of things like: when your CNC machine no longer has power, what do you do? Cause 1: power loss. Process: Get the diesel generator backup running following that SOP. Cause 2:broken. Process: Get the mechanic over, or get the warranty action item list. Rely on the SLA for maintenance. Cause 3: network connectivity. Process: use USB following SOP.

I’ve been a part of a half dozen or more of these over time, which is not that many for over 200 companies I’ve supported.

I’ve even done simulations, round table “Dungeons and dragons” style with a person running the simulation. Where different people have to follow the responsibilities in their documented process. Be it calling clients and customers and vendors, or alerting their insurance, or positing to social media, all the way through to the warehouse manager using a Biro, ruler, and creating stock incoming and outgoing by hand until systems are operational again.

So I only mention this because you talk about IT redundancy, but business continuity is not an IT responsibility, although it has a role. It’s a business responsibility.

Further kind of proving your point since anyone who’s worked a decade without being part of a simulation or contribute to their improvement at least, probably proves they’ve worked at companies who don’t do them. Which isn’t their fault but it’s an indicator of how fragile business is and how little they are accountable for it.

That’s how supply chains work. A link in the chain is broken, the whole thing doesn’t work. Also 10% of major companies being affected, is still giant. But you’re here using online services, probably still buying bread probably got fuel, probably playing video games. It’s huge in the media, and it saw massive affects but there’s heaps of things that just weren’t even touched that information spread on. Like TV news networks seemingly kept going enough to report on it non stop unaffected. Tbh though any good continuity and disaster recovery plan should handle this with impact but continuity.

A software shouldn’t use passwords for tls, just like before you use submit your bank password your network connection to the site has been validated and encrypted by the public key your client is using to talk to the bank server, and the bank private key to decrypt it.

The rest of the hygiene is still up for grabs for sure, IT security is built on layers. Even if one is broken it shouldn’t lead to a failure overall. If it does, go add more layers.

To answer about something like a WiFi pineapple: those man in the middle attacks are thwarted by TLS. The moment an invalid certificate is offered, since the man in the middle should and can not know the private key (something that isn’t used as whimsically as a password, and is validated by a trusted root authority).

If an attacker has a private key, your systems already have failed. You should immediately revoke it. You publish your revokation. Invalidating it. But even that would be egregious. You’ve already let someone into the vault, they already have the crown jewels. The POS system doesn’t even need to be accessed.

So no matter what, the WiFi is irrelevant in a setup.

Being suspicious because of it though, I could understand. It’s not a smoking gun, but you’d maybe look deeper out if suspicion.

Note I’m not security operations, I’m solutions and systems administrations. A Sec Ops would probably agree more with you than I do.

I consider things from a Swiss cheese model, and rely on 4+ layers of protection against most understood threat vendors. A failure of any one is minor non-compliance in my mind, a deep priority 3. Into the queue, but there’s no rush. And given a public WiFi is basically the same as a compromised WiFi, or a 5g carrier network, a POS solution should be built with strengths to handle that by default. And then security layered on top (mfa, conditional access policies, PKI/TLS, Mdm, endpoint health policies, TPM and validation++++)

Seems like you should submit a change request with your fixes?