kravietz 🦇 @kravietz@social.privacytools.io
- OpenPGP
- 6F7B6BB9A9B632555E1A03C132AF1F39C4EE03F2
- Website
- https://krvtz.net
- Matrix
- @kravietz:krvtz.net
Polish expat into UK. Information security engineer. Caver & cave rescuer (thus the bat). NHS volunteer & blood donor.
Joined May 2019
Second, CTOs have the picture of manually keyed DNSSEC from 2000's (which was a nightmare) because this is when they usually stopped having hands-on experience with technology. They never heard about DNSSEC inline signing or ACME.
Third, large orgs frequently use "large" managed DNS providers, which suck at implementing "bleeding edge" technologies such as DNSSEC and IPv6. Or they will charge for them as "premium" features.
Why #dnssec is so unpopular among large orgs? As someone who works for large orgs I have seen a number of excuses, none of them really valid.
First, large orgs are traditionally risk averse and since they routinely screw up on simple "mandatory" things like TLS cert renewals so any mention of "DNS outage due to expired key" makes them freak out and reject any proposals of "optional" controls that could go wrong.
@snowden says guy who lives in a secret location in Yasenevo as Russian asset :)
Why has UK nuclear power plant Hinkley Point C increased over three times?
https://medium.com/@Jorisvandorp/the-hinkley-point-c-case-is-nuclear-energy-expensive-f89b1aa05c27
Nice, finally a privacy-friendly argument for my clients' web developers! 😃 I've been self-hosting everything on WebCookies.org for years but most websites still resort to CDN.
@sheogorath @eo@masto.nixnet.xyz @tyil @amolith@masto.nixnet.xyz @lioh@fosstodon.org
kravietz 🦇
boosted
@tyil @sheogorath @amolith@masto.nixnet.xyz @lioh@fosstodon.org
Oh yes, and CDN-served JS libraries :)
"Because it's faster"
"And we can't do CSP because we have too many external CDNs and one CDN loads another"
@sheogorath @tyil @amolith@masto.nixnet.xyz @lioh@fosstodon.org
This RIPE75 presentation discusses in detail how we ended up in a situation where everyone had to start moving content closer to the customer and eventually ended up in hands of a couple CDN and anycast proxy providers such as CF https://ripe75.ripe.net/archives/video/106/
@tyil @sheogorath @amolith@masto.nixnet.xyz @lioh@fosstodon.org
Because every single fscking web development tutorial begins with "install Google Analytics and CloudFlare" :)
@nikolal RPI might be too weak and you want 24/7 presence which is not necessarily the case with a broadband-connected computer. I'd just go for a VPS, they are cheap and hosted "out there".
@nikolal It's a Python app and not hard to set up on its own but configuration can be confusing. Currently it uses ~256 MB of RAM on my VM.
@phthalo WhatsApp Web is undocumented so it took them quite a lot of reverse engineering to build the bot. I guess this approach would work with Kakaotalk as well.
[*] with WhatsApp you can't really completely get rid of it because they actively ban independent client implementations so the bot uses WhatsApp Web, which in turn needs a running WhatsApp on Android. It can be an emulator (memory & disk hog) or a spare phone that sits at home connected to WiFi 24/7 just to do the bridging.
Weekend achievements: 1) spin a private #matrix instance on Synapse, 2) get Telegram bot working, 3) get WhatsApp bot workig. This way I can get rid of both #telegram and #whatsapp [*] apps from my #android device.
On the screenshot - Matrix chat client with a number of private WhatsApp chats open and a number of Telegram groups I'm subscribed to.
kravietz 🦇
boosted
So the European Central Bank has published a white paper about a crypto currency.
But this currency seems to be an own development, requires intermediate banks to be involved in all transactions and puts those banks in charge of remove your data from smaller transactions to make them anonymous.
Let me put it this way: this is broken by design. And that while we already have solutions for those problems implemented in GNU Taler.
It's just sad…
kravietz 🦇
boosted
"Galaksija" or Galaxy in Serbian, was a DIY computer from Yugoslavia, invented by Voja Antonić in 1983
It ran on a Zilog Z80 at 3Mhz and had 6K RAM and 8K ROM max. You built the whole thing, including the keyboard
Here's the complete listing from the Računari magazine (January, 1984) with the complete build instructions including the keyboard wiring (language is Serbian, I think)
http://www.voja.rs/galaksija/0102.htm
And the ROM-a B instruction set http://www.voja.rs/galaksija/ROM%20B%20Listing%20Scans/ROM_B_listing.htm
kravietz 🦇
boosted
Three French executives were convicted in the suicides of 35 of their workers https://www.washingtonpost.com/world/2019/12/20/three-french-executives-were-convicted-suicides-their-workers/
kravietz 🦇
boosted
@amolith @kev I'm more concerned with Clouflare's dominance (~75% of high-traffic websites on internet) regarding caching HTTPS in exchange for website owners private keys (in effect silently compromising all visitors to said sites as well). After digging into https://en.wikipedia.org/wiki/Cloudbleed and the technical solution at Cloudflare making this security bug possible, along with their transparency (https://www.cloudflare.com/transparency/), it became apparent that this is the biggest orchestrated HTTPS weakness out there serving US government.
- OpenPGP
- 6F7B6BB9A9B632555E1A03C132AF1F39C4EE03F2
- Website
- https://krvtz.net
- Matrix
- @kravietz:krvtz.net
Polish expat into UK. Information security engineer. Caver & cave rescuer (thus the bat). NHS volunteer & blood donor.
Joined May 2019
kravietz 🦇's choices:
