• Activity
  • Votes
  • Comments
  • New
  • All activity
    1. What is the difference between Linux distros? Why do you use the one you use?

      I still mainly use Windows, although I've dual-booted Linux a few times and I have Linux Mint on an old laptop right now. One thing I've never understood about Linux is all the different...

      I still mainly use Windows, although I've dual-booted Linux a few times and I have Linux Mint on an old laptop right now. One thing I've never understood about Linux is all the different distributions - their different reputations and why they have them. What is the mechanical difference between using one distribution of Linux and another? Or are the differences usually not mechanical?

      For example, Ubuntu and Debian seem to be large families, meaning that a lot of other distributions are based on them (using packages built for them in their package managers at least) as well as being popular distros on their own. But what's different between the two of them, and between each and the other distros based on them? (and what's similar? I gather they all use the Linux kernel at least!)

      I also know that people are quite opinionated on their choice of distro, I wondered what reasons people had for their choice. What things are easier or harder for you in your distro of choice? Is it mainly day-to-day tasks that are important or more how the OS works underneath? How much difference does your preferred distro make?

      For myself, I've only used Kubuntu (though not much) and Linux Mint, which was mainly for UI reasons, and particularly for the latter, ease of use for someone used to Windows (at least that was what I found years ago when I first looked into it).

      Though I doubt I'll ever fully move away from Windows I would like / need to have access to a Linux OS, so maybe this will help me to know what is important to look for. But I also hope it'll be a useful and interesting discussion topic. Also, there are some previous discussions on the latter question so I'd be more interested in learning about the main topic.

      also, please do add more tags

      29 votes
    2. GitLab reshuffles its paid subscription plans, drops its Bronze/Starter tier

      Via email: Effective January 26, 2021, GitLab has phased out the GitLab Bronze/Starter subscription tier. Current Bronze/Starter customers have over a year to transition Transition discount offers...

      Via email:

      Effective January 26, 2021, GitLab has phased out the GitLab Bronze/Starter subscription tier.

      Current Bronze/Starter customers have over a year to transition
      Transition discount offers are available to current customers
      Over the last few years, GitLab has evolved into a complete DevOps platform. Many Bronze/Starter customers adopted GitLab just for source code management (SCM) or continuous integration (CI), but GitLab is now a robust DevOps platform that can replace entire toolchains. GitLab customers are achieving faster releases, lower toolchain costs and more productive developers.

      The Bronze/Starter tier does not meet the hurdle rate that GitLab expects from a tier and is limiting us from investing to improve GitLab for all customers. Ending availability of the Bronze/Starter tier will help us accelerate development on customers’ priority needs such as improving usability, availability and performance, and making sure that security and compliance are enterprise-grade.

      We understand that this change could be disruptive for our current Bronze/Starter customers, which is why GitLab is offering transition options and price discounts to ease your transition to Premium over the next three years.

      All Bronze/Starter customers can choose a free upgrade to GitLab Premium for the remainder of their subscription for the first 25 users.
      At your next renewal before January 26, 2022, all Bronze/Starter tier customers can choose to
      Either renew at the Bronze/Starter tier for US$ 4 per user per month for one additional year
      Or opt in for discounted GitLab Premium prices for the next three years. For customers with 25 users or less, your discounted transition prices (paid annually) are US$ 6, US$ 9, US$ 15 per user per month for your first, second and third renewals respectively.
      To claim this offer, please visit the GitLab Customer Portal.

      To learn more about this change, watch this video, visit our customer FAQ or contact GitLab Sales.

      To address your questions and feedback, we have created a space in the GitLab Community Forum, which is actively monitored by GitLab Team members involved with this change.

      Thank you for the trust you place in GitLab to help you deliver software faster and more efficiently. We appreciate your use of GitLab and look forward to delivering more value to you every month.

      10 votes
    3. Anyone using a lightweight browser with Linux?

      I've got a crappy Chromebook running GalliumOS (Xubuntu) and Chromium is slow as molasses. I tried a few other browsers like Otter and Falkon. They're alright for most sites -- not Tildes, but...

      I've got a crappy Chromebook running GalliumOS (Xubuntu) and Chromium is slow as molasses. I tried a few other browsers like Otter and Falkon. They're alright for most sites -- not Tildes, but this seems consistent with QT5 browsers.

      Anyway, outside of text browsers, anybody have any light weight browser suggestions?

      14 votes
    4. What programming/technical projects have you been working on?

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's...

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's interesting about it? Are you having trouble with anything?

      8 votes
    5. Fortnightly Programming Q&A Thread

      General Programming Q&A thread! Ask any questions about programming, answer the questions of other users, or post suggestions for future threads. Don't forget to format your code using the triple...

      General Programming Q&A thread! Ask any questions about programming, answer the questions of other users, or post suggestions for future threads.

      Don't forget to format your code using the triple backticks or tildes:

      Here is my schema:
      
      ```sql
      CREATE TABLE article_to_warehouse (
        article_id   INTEGER
      , warehouse_id INTEGER
      )
      ;
      ```
      
      How do I add a `UNIQUE` constraint?
      
      5 votes
    6. What programming/technical projects have you been working on?

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's...

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's interesting about it? Are you having trouble with anything?

      8 votes
    7. Does reformatting an ext4 partition fix bad sectors, and what are they anyway?

      My Linux desktop is having a bit of difficulty with bad sectors. Lately I've had to boot into recovery and run an fsck a few times to try to fix a problem where the OS drops into read-only mode at...

      My Linux desktop is having a bit of difficulty with bad sectors. Lately I've had to boot into recovery and run an fsck a few times to try to fix a problem where the OS drops into read-only mode at the drop of a hat. Today I tried copying some files from one directory to another and got the following error message:
      cp: error reading "foo/bar": Input/output error

      I've just booted into a live USB and run fsck /dev/sda1 -c and it fixed a load of bad sectors, but the above error message is still happening.

      A bit of googling tells me that this is down to bad sectors on the SSD, and I'm not really sure what that means. Is anybody able to enlighten me? And as a follow-up question, would reformatting the hard drive resolve the problem, or are there any other things I can try to fix it?

      9 votes
    8. NixOS Configuration for a VPS

      Since I took so long to reply to Tips to use NixOS on a server? by @simao, I decided to create a new topic to share my configs. Hopefully this is informative for anyone looking to do similar...

      Since I took so long to reply to Tips to use NixOS on a server? by @simao, I decided to create a new topic to share my configs. Hopefully this is informative for anyone looking to do similar things - I'll also gladly take critiques, since my setup is probably not perfect.

      First, I will share the output of 'lsblk' on my VPS:

      NAME      MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
      vda       253:0    0   180G  0 disk  
      ├─vda1    253:1    0   512M  0 part  /boot
      └─vda2    253:2    0 179.5G  0 part  
        └─crypt 254:0    0 179.5G  0 crypt 
      

      That is, I use an unencrypted /boot partition, vda1, with GRUB 2 to prompt for a passphrase during boot, to unlock the LUKS encrypted vda2. I prefer to use ZFS as my file system for the encrypted drive, and LUKS rather than ZFS encryption. This is an MBR drive, since that's what my VPS provider uses, though UEFI would look the same. The particular way I do this also requires access through the provider's tools, and not ssh or similar. The hardware-configuration.nix file reflects this:

      Click to view the hardware configuration file
      # Do not modify this file!  It was generated by ‘nixos-generate-config’
      # and may be overwritten by future invocations.  Please make changes
      # to /etc/nixos/configuration.nix instead.
      { config, lib, pkgs, modulesPath, ... }:
      
      {
        imports =
          [ (modulesPath + "/profiles/qemu-guest.nix")
          ];
      
        boot.initrd.availableKernelModules = [ "aes_x86_64" "ata_piix" "cryptd" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
        boot.initrd.kernelModules = [ ];
        boot.kernelModules = [ ];
        boot.extraModulePackages = [ ];
      
        fileSystems."/" =
          { device = "rpool/root/nixos";
            fsType = "zfs";
          };
      
        fileSystems."/home" =
          { device = "rpool/home";
            fsType = "zfs";
          };
      
        fileSystems."/boot" =
          { device = "/dev/disk/by-uuid/294de4f1-72e2-4377-b565-b3d4eaaa37b6";
            fsType = "ext4";
          };
      
        swapDevices = [ ];
      
      }
      
      I disobey the warning at the top to add `"aes_x86_64"` and `"cryptd"` to the available kernel modules, to speed up encryption. The `configuration.nix` follows:
      Click to view the configuration file
      # Edit this configuration file to define what should be installed on
      # your system.  Help is available in the configuration.nix(5) man page
      # and in the NixOS manual (accessible by running ‘nixos-help’).
      
      { config, lib, pkgs, ... }:
      
      {
        imports =
          [ # Include the results of the hardware scan.
            ./hardware-configuration.nix
          ];
      
        # Hardware stuff
        # add the following to hardware-configuration.nix - speeds up encryption
        #boot.initrd.availableKernelModules ++ [ "aes_x86_64" "cryptd" ];
        boot.initrd.luks.devices.crypt = {
          # Change this if moving to another machine!
          device = "/dev/disk/by-uuid/86090289-1c1f-4935-abce-a1aeee1b6125";
        };
        boot.kernelParams = [ "zfs.zfs_arc_max=536870912" ]; # sets zfs arc cache max target in bytes
        boot.supportedFilesystems = [ "zfs" ];
        nix.maxJobs = lib.mkDefault 6; # number of cpu cores
      
        # Use the GRUB 2 boot loader.
        boot.loader.grub.enable = true;
        boot.loader.grub.version = 2;
        # boot.loader.grub.efiSupport = true;
        # boot.loader.grub.efiInstallAsRemovable = true;
        # boot.loader.efi.efiSysMountPoint = "/boot/efi";
        # Define on which hard drive you want to install Grub.
        boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only
        boot.loader.grub.enableCryptodisk = true;
        boot.loader.grub.zfsSupport = true;
      
        networking.hostName = "m"; # Define your hostname.
        # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
      
        # The global useDHCP flag is deprecated, therefore explicitly set to false here.
        # Per-interface useDHCP will be mandatory in the future, so this generated config
        # replicates the default behaviour.
        networking.useDHCP = false;
        networking.interfaces.ens3.useDHCP = true;
        networking.hostId = "aoeu"; # set this to the first eight characters of /etc/machine-id for zfs
        networking.nat = {
          enable = true;
          externalInterface = "ens3"; # this may not be the interface name
          internalInterfaces = [ "wg0" ];
        };
        networking.firewall = {
          enable = true;
          allowedTCPPorts = [ 53 25565 ]; # open 53 for DNS and 25565 for Minecraft
          allowedUDPPorts = [ 53 51820 ]; # open 53 for DNS and 51820 for Wireguard - change the Wireguard port
        };
        networking.wg-quick.interfaces = {
          wg0 = {
            address = [ "10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64" ];
            listenPort = 51820;
            privateKeyFile = "/root/wireguard-keys/privatekey"; # fill this file with the server's private key and make it so only root has read/write access
      
            postUp = ''
              ${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT
              ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.1/24 -o ens3 -j MASQUERADE
              ${pkgs.iptables}/bin/ip6tables -A FORWARD -i wg0 -j ACCEPT
              ${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o ens3 -j MASQUERADE
            '';
      
            preDown = ''
              ${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT
              ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.1/24 -o ens3 -j MASQUERADE
              ${pkgs.iptables}/bin/ip6tables -D FORWARD -i wg0 -j ACCEPT
              ${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o ens3 -j MASQUERADE
            '';
      
            peers = [
              { # peer0
                publicKey = "{client public key}"; # replace this with the client's public key
                presharedKeyFile = "/root/wireguard-keys/preshared_from_peer0_key"; # fill this file with the preshared key and make it so only root has read/write access
                allowedIPs = [ "10.0.0.2/32" "fdc9:281f:04d7:9ee9::2/128" ];
              }
            ];
          };
        };
      
        # Configure network proxy if necessary
        # networking.proxy.default = "http://user:password@proxy:port/";
        # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
      
        nixpkgs.config = {
          allowUnfree = true; # don't set this if you want to ensure only free software
        };
      
        # Select internationalisation properties.
        i18n.defaultLocale = "en_US.UTF-8";
        console = {
          font = "Lat2-Terminus16";
          keyMap = "us";
        };
      
        # Set your time zone.
        time.timeZone = "America/New_York"; # set this to the same timezone your server is located in
      
        # List packages installed in system profile. To search, run:
        # $ nix search wget
        environment = {
          systemPackages = with pkgs; let
            nvimcust = neovim.override { # lazy minimal neovim config
              viAlias = true;
              vimAlias = true;
              withPython = true;
              configure = {
                packages.myPlugins = with pkgs.vimPlugins; {
                  start = [ deoplete-nvim ];
                  opt = [];
                };
                customRC = ''
                  if filereadable($HOME . "/.config/nvim/init.vim")
                    source ~/.config/nvim/init.vim
                  endif
      
                  set number
      
                  set expandtab
      
                  filetype plugin on
                  syntax on
      
                  let g:deoplete#enable_at_startup = 1
                '';
              };
            };
          in
          [
            jdk8
            nvimcust
            p7zip
            wget
            wireguard
          ];
        };
      
        # Some programs need SUID wrappers, can be configured further or are
        # started in user sessions.
        # programs.mtr.enable = true;
        # programs.gnupg.agent = {
        #   enable = true;
        #   enableSSHSupport = true;
        #   pinentryFlavor = "gnome3";
        # };
      
        # List services that you want to enable:
      
        # Enable the OpenSSH daemon.
        services = {
          dnsmasq = {
            enable = true;
            # this allows DNS requests from wg0 to be forwarded to the DNS server on this machine
            extraConfig = ''
              interface=wg0
            '';
          };
          fail2ban = {
            enable = true;
          };
          openssh = {
            enable = true;
            permitRootLogin = "no";
          };
          zfs = {
            autoScrub = {
              enable = true;
              interval = "monthly";
            };
          };
        };
      
        # Set sudo to request root password for all users
        # this should be changed for a multi-user server
        security.sudo.extraConfig = ''
          Defaults rootpw
        '';
      
        # Define a user account. Don't forget to set a password with ‘passwd’.
        users.users = {
          vpsadmin = { # admin account that has a password
            isNormalUser = true;
            home = "/home/vpsadmin";
            extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
            shell = pkgs.zsh;
          };
          mcserver = { # passwordless user to run a service - in this instance minecraft
            isNormalUser = true;
            home = "/home/mcserver";
            extraGroups = [];
            shell = pkgs.zsh;
          };
        };
      
        systemd = {
          services = {
            mcserverrun = { # this service runs a systemd sandboxed modded minecraft server as user mcserver
              enable = true;
              description = "Start and keep minecraft server running";
              wants = [ "network.target" ];
              after = [ "network.target" ];
              serviceConfig = {
                User = "mcserver";
                NoNewPrivileges = true;
                PrivateTmp = true;
                ProtectSystem = "strict";
                PrivateDevices = true;
                ReadWritePaths = "/home/mcserver/Eternal_current";
                WorkingDirectory = "/home/mcserver/Eternal_current";
                ExecStart = "${pkgs.jdk8}/bin/java -Xms11520M -Xmx11520M -server -XX:+AggressiveOpts -XX:ParallelGCThreads=3 -XX:+UseConcMarkSweepGC -XX:+UnlockExperimentalVMOptions -XX:+UseParNewGC -XX:+ExplicitGCInvokesConcurrent -XX:MaxGCPauseMillis=10 -XX:GCPauseIntervalMillis=50 -XX:+UseFastAccessorMethods -XX:+OptimizeStringConcat -XX:NewSize=84m -XX:+UseAdaptiveGCBoundary -XX:NewRatio=3 -jar forge-1.12.2-14.23.5.2847-universal.jar nogui";
                Restart = "always";
                RestartSec = 12;
              };
              wantedBy = [ "multi-user.target" ];
            };
            mcserverscheduledrestart = { # this service restarts the minecraft server on a schedule
              enable = true;
              description = "restart mcserverrun service";
              serviceConfig = {
                Type = "oneshot";
                ExecStart = "${pkgs.systemd}/bin/systemctl try-restart mcserverrun.service";
              };
            };
          };
          timers = {
            mcserverscheduledrestart = { # this timer triggers the service of the same name
              enable = true;
              description = "restart mcserverrun service daily";
              timerConfig = {
                OnCalendar = "*-*-* 6:00:00";
              };
              wantedBy = [ "timers.target" ];
            };
          };
        };
      
        # This value determines the NixOS release from which the default
        # settings for stateful data, like file locations and database versions
        # on your system were taken. It‘s perfectly fine and recommended to leave
        # this value at the release version of the first install of this system.
        # Before changing this value read the documentation for this option
        # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
        system.stateVersion = "20.09"; # Did you read the comment?
      
      }
      
      You'll notice that this server acts as a Wireguard endpoint and as a Minecraft server. I described the first part on the [NixOS wiki page for Wireguard](https://nixos.wiki/wiki/Wireguard) under the section that mentions dnsmasq. The second part is done using NixOS's systemd support, which can be a bit confusing at first but is easy enough once you know how it works.

      Edit: Also, the provider I use is ExtraVM, who has been excellent.

      6 votes
    9. Full-stack developers starting a software agency?

      Hey guys, I have been flip-flopping back and forth on this idea for a while, and would love some feedback on whether peeps would find this valuable. Although I still call my self a "software...

      Hey guys,

      I have been flip-flopping back and forth on this idea for a while, and would love some feedback on whether peeps would find this valuable.

      Although I still call my self a "software developer" (and try to code daily), for the last 8 years I have ran a small 5-person agency that I started from the ground up, so my role was really CEO/CTO/CFO/Everything-O. My company focused on delivering high-quality custom software. Not brochure websites, and not Wordpress - our niche was internal business software (or as I like to call it "boring software for boring businesses") - and for a client service company we got very high margins of return.

      Last year my business was acquired by a larger company which was an amazing result after the time and effort I had poured into it. I have realised I now want to help other developers who want to start their own software agency, or maybe they already have and are looking for hints or advice on certain topics.

      So I have started Dev to Agency - a part blog part guidebook for how a full-stack developer can start and successfully run a software development agency, the things to pay attention too (and the things to ignore), and the key-values that I feel helped my business go from nothing, to 7 figures per year, and then to being acquired (if that is a path people would want to take).

      I have just published my first couple of posts, About Dev To Agency that is a rundown of what I hope to achieve with this, then a post about My small custom software development agency - which gives an overview of what I built and where I think my articles will add value, and lastly You are the gold standard which covers how I feel an owner/maker should set the businesses standards and practises based of their personal values.

      I have never written a blog before (or really done any writing before), so it would be fantastic to get some feedback from the community, and if there are any developers that this could interest then please subscribe on the website.

      Cheers,

      Chris.

      15 votes
    10. What programming/technical projects have you been working on?

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's...

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's interesting about it? Are you having trouble with anything?

      10 votes
    11. Fortnightly Programming Q&A Thread

      General Programming Q&A thread! Ask any questions about programming, answer the questions of other users, or post suggestions for future threads. Don't forget to format your code using the triple...

      General Programming Q&A thread! Ask any questions about programming, answer the questions of other users, or post suggestions for future threads.

      Don't forget to format your code using the triple backticks or tildes:

      Here is my schema:
      
      ```sql
      CREATE TABLE article_to_warehouse (
        article_id   INTEGER
      , warehouse_id INTEGER
      )
      ;
      ```
      
      How do I add a `UNIQUE` constraint?
      
      4 votes
    12. Tips to use NixOS on a server?

      I see some people using NixOs on their servers. I would like to try it out to self host some services and learn about NixOs. I use hetzner and they have an NixOs iso available so I can just use...

      I see some people using NixOs on their servers. I would like to try it out to self host some services and learn about NixOs.

      I use hetzner and they have an NixOs iso available so I can just use that to install NixOs. But how do people manage remote instances of NixOs? They would just use ansible or something like it, to run nix on the host, or is there a better way?

      Thanks

      11 votes
    13. Sunday Security Brief

      Sunday Security Brief This brief covered a unique attack vector, information on a broad campaign using DNS attacks, a case relating to technology law, and a few advisories that either stuck me as...

      Sunday Security Brief

      This brief covered a unique attack vector, information on a broad campaign using DNS attacks, a case relating to technology law, and a few advisories that either stuck me as important or curious.

      What happened last night can happen again ~ fortune


      Topics:

      • IDN Homograph Attack
      • A Deep Dive on DNS Hijacking Attacks
      • Law enforcement has seized the domains and infrastructure of three VPN services being used for cybercrime
      • Advisories

      IDN Homograph Attack

      This particular exploit is interesting. It takes advantage of the fact that many different characters look alike to mislead people from their desired domain to a malicious one. I wonder what practices could help avoid this issue. The obvious step is to be concious of limiting the links that you click on from websites like Tildes, Hacker News, Reddit, or where anywhere can share a link with you via text. For example, if you see a Reddit thread about PayPal where someone includes a link to the PayPal Customer Service Center... Don't click it, just Google "PayPal Customer Service". This will be far safer in ensuring that you're going to the domain that you meant to!

      Another thing to note is the importance of realizing how your trust online and how that changes your behavior. I know that I have a general sense of trust for people here that removes a lot of doubt when it comes to clicking random stuff you all share here. That trust could potentially work against you.

      "The internationalized domain name (IDN) homograph attack is a way a malicious party may deceive computer users about what remote system they are communicating with, by exploiting the fact that many different characters look alike"

      "The registration of homographic domain names is akin to typosquatting ~ Wikipedia, in that both forms of attacks use a similar-looking name to a more established domain to fool a user. The major difference is that in typosquatting the perpetrator attracts victims by relying on natural typographical errors commonly made when manually entering a URL, while in homograph spoofing the perpetrator deceives the victims by presenting visually indistinguishable hyperlinks."

      IDN homograph attack ~ Wikipedia


      A Deep Dive on DNS Hijacking Attacks

      The article covered is a few months old, but still relavant as ever. The U.S. government alongside private security personnel issued information of a complex system that allowed suspected Iranian hackers to obtain a huge amount of email credentials, sensitive government and corporate information. The specifics of how this attack occured are not publicly available but Cisco's Talos research has a write up of how DNS Attacks work, the relavant snippets are below.

      "Talos said the perpetrators of DNSpionage were able to steal email and other login credentials from a number of government and private sector entities in Lebanon and the United Arab Emirates by hijacking the DNS servers for these targets, so that all email and virtual private networking (VPN) traffic was redirected to an Internet address controlled by the attackers."

      "Talos reported that these DNS hijacks also paved the way for the attackers to obtain SSL encryption certificates for the targeted domains (e.g. webmail.finance.gov.lb), which allowed them to decrypt the intercepted email and VPN credentials and view them in plain text."

      "A Deep Dive on the Recent Widespread DNS Hijacking Attacks" ~ Krebs on Security


      Law enforcement has seized the domains and infrastructure of three VPN services being used for cybercrime

      The balance between allowing autonomy and protecting our collective interests comes to my mind. This seems like a worthy example of when stopping people from victimizing others overshadows the benefits of free action.

      "Law enforcement agencies from the US, Germany, France, Switzerland, and the Netherlands have seized this week the web domains and server infrastructure of three VPN services that provided a safe haven for cybercriminals to attack their victims."

      "... described the three as "bulletproof hosting services," a term typically used to describe web companies that don't take down criminal content, despite repeated requests."

      "According to the US Department of Justice and Europol, the three companies' servers were often used to mask the real identities of ransomware gangs, web skimmer (Magecart) groups, online phishers, and hackers involved in account takeovers, allowing them to operate from behind a proxy network up to five layers deep."

      Law enforcement take down three bulletproof VPN providers ~ Zdnet


      Advisories

      • Debian, DSA-4824-1 chromium security update. Source

      • Arch, CVE-2020-25637 libvirt. Source

      • CentOS, CESA-2020-5437, Important CentOS 7 kernel. Source

      • RedHat, RHSA-2020:5665, Important: mariadb:10.3 security, bug fix, and enhancement update. Source

      • Windows, If you know of a good tracker for Windows securities advisories, please let me know. I was considering just drawing from the Microsoft Security Response Center Blog.

      11 votes
    14. Saturday Security Brief

      Saturday Security Brief Topics: Attack Surface Management, Active iMessage exploit targetting journalists, Academic research on unique EM attack vectors for air-gapped systems. Any feedback or...

      Saturday Security Brief

      Topics: Attack Surface Management, Active iMessage exploit targetting journalists, Academic research on unique EM attack vectors for air-gapped systems.

      Any feedback or thoughts on the experience of receiving and discussing news through this brief or in general are welcome. I'm curious about this form of staying informed so I want to experiment. (Thanks again for the suggestion to post the topics as comments.)


      Attack Surface Management

      This concept is about ensuring that your network is equipped to handle the many issues that arise from accommodating various "Servers, IoT devices, old VPSs, forgotten environments, misconfigured services and unknown exposed assets" with an enterprise environment. Some of the wisdom here can be applied better think about protecting our personal networks as well. Outdated phones, computers, wifi extenders, and more can be a foothold for outside attackers to retain persistant access. Consider taking steps to migigate and avoid potential harm from untamed devices.

      Consider putting certain devices on the guest network if your router supports doing so and has extra rules for devices on that network so they can't cause damage to your other devices directly.

      "A report from 2016 predicted that 30% of all data breaches by 2020 will be the result of shadow IT resources: systems, devices, software, apps and services that aren’t approved, and in use without the organization’s security team’s knowledge. But shadow IT isn’t the only area where security and IT teams face issues with tracking and visibility."

      Attack Surface Management: You Can’t Secure What You Can’t See ~ Security Trails


      Multiple Journalists Hacked with ‘Zero-Click’ iMessage Exploit

      Mobile spyware is continuing to evolve and tend towards professional solutions. Recently this technology has been abused to conduct espionage on journalists of major networks. Where once these exploits typically required some mistaken click from the user, new developments are allowing their activities without any trace or requiring interaction from the target.

      "NSO Group’s Pegasus spyware is a mobile phone surveillance solution that enables customers to remotely exploit and monitor devices. The company is a prolific seller of surveillance technology to governments around the world, and its products have been regularly linked to surveillance abuses."

      "In July and August 2020, government operatives used NSO Group’s Pegasus spyware to hack 36 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera. The personal phone of a journalist at London-based Al Araby TV was also hacked."

      "The journalists were hacked by four Pegasus operators, including one operator MONARCHY that we attribute to Saudi Arabia, and one operator SNEAKY KESTREL that we attribute to the United Arab Emirates."

      "More recently, NSO Group is shifting towards zero-click exploits and network-based attacks that allow its government clients to break into phones without any interaction from the target, and without leaving any visible traces."

      The Great iPwn Journalists Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit ~ Citizen Lab


      Security researchers exfiltrate data from air-gapped systems by measuring the vibrations made by PC fans.

      Besides this potential exploit the article mentions past research done by Guri and his team which is worth checking out, like:

      • LED-it-Go - exfiltrate data from air-gapped systems via an HDD's activity LED

      • AirHopper - use the local GPU card to emit electromagnetic signals to a nearby mobile phone, also used to steal data

      • MAGNETO & ODINI - steal data from Faraday cage-protected systems

      • PowerHammer - steal data from air-gapped systems using power lines

      • BRIGHTNESS - steal data from air-gapped systems using screen brightness variations

      "Academics from an Israeli university have proven the feasibility of using fans installed inside a computer to create controlled vibrations that can be used to steal data from air-gapped systems."

      Academics steal data from air-gapped systems using PC fan vibrations ~ Zdnet


      Good Practices

      "Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. But people who don’t take advantage of these added safeguards may find it far more difficult to regain access when their account gets hacked, because increasingly thieves will enable multi-factor options and tie the account to a device they control. Here’s the story of one such incident."

      Turn on MFA Before Crooks Do It For You ~ Krebs on Security

      16 votes
    15. Friday Security Brief

      Friday Security Brief This release is trial for a weekly security brief compiled from trusted sources that encourage a general awareness of cyber security issues. I'm still not sure about how to...

      Friday Security Brief

      This release is trial for a weekly security brief compiled from trusted sources that encourage a general awareness of cyber security issues. I'm still not sure about how to do this so any thoughts or feedback will be appreciated.


      Brexit deal mandates a limit to security standards

      "In what is surely an unthinking cut-and-paste issue, page 921 of the Brexit deal mandates the use of SHA-1 and 1024-bit RSA:"

      Brexit Deal Mandates Old Insecure Crypto Algorithms ~ Schneier on Security


      FBI Warns of Hijacked Security Devices being exploited for Swatting

      "Stolen email passwords are being used to hijack smart home security systems to “swat” unsuspecting users, the Federal Bureau of Investigation warned this week. The announcement comes after concerned device manufacturers alerted law enforcement about the issue."

      FBI Warn Hackers are Using Hijacked Home Security Devices for Swatting ~ Threatpost


      A look back at some email attacks of 2020

      "In 2020, our spam folders bulged with malware-laced emails, phishing lures linking to ransomware schemes, impersonation attacks, spoofed brand and fake domain missives, and dubious requests from legit-sounding companies. So, what defined 2020 in spam?"

      Inbox Attacks: The Miserable Year (2020) That Was ~ Threatpost


      SolarWinds hackers accessed Microsoft source code

      "The hackers behind the SolarWinds supply chain attack managed to escalate access inside Microsoft's internal network and gain access to a small number of internal accounts, which they used to access Microsoft source code repositories, the company said on Thursday."

      SolarWinds hackers accessed Microsoft source code ~ Zdnet


      CISA updates SolarWinds guidance

      "The US Cybersecurity and Infrastructure Security Agency has updated its official guidance for dealing with the fallout from the SolarWinds supply chain attack.

      In an update posted late last night, CISA said that all US government agencies that still run SolarWinds Orion platforms must update to the latest 2020.2.1HF2 version by the end of the year."

      CISA updates SolarWinds guidance, tells US govt agencies to update right away


      24 votes
    16. Is Firefox still a good (enough) browser for privacy?

      Someone posted this on the privacy subreddit. I also ended up finding this and this after doing a bit of searching. As someone who isn’t in the CS/IT spheres (chemical engineering is my...

      Someone posted this on the privacy subreddit. I also ended up finding this and this after doing a bit of searching. As someone who isn’t in the CS/IT spheres (chemical engineering is my background), Firefox has been my go-to browser for awhile, although I’m being made aware of the flaws of Firefox (most of which go over my head) and behavior of Mozilla. What can be done to fix this, especially considering that Firefox is the only FOSS browser with a significant user base?

      22 votes
    17. Day 19: Monster Messages

      Today's problem description: https://adventofcode.com/2020/day/19 Join the Tildes private leaderboard! You can do that on this page, by entering join code 730956-de85ce0c. Please post your...

      Today's problem description: https://adventofcode.com/2020/day/19


      Join the Tildes private leaderboard! You can do that on this page, by entering join code 730956-de85ce0c.

      Please post your solutions in your own top-level comment. Here's a template you can copy-paste into your comment to format it nicely, with the code collapsed by default inside an expandable section with syntax highlighting (you can replace python with any of the "short names" listed in this page of supported languages):

      <details>
      <summary>Part 1</summary>
      
      ```python
      Your code here.
      ```
      
      </details>
      
      10 votes
    18. Day 18: Operation Order

      Today's problem description: https://adventofcode.com/2020/day/18 Join the Tildes private leaderboard! You can do that on this page, by entering join code 730956-de85ce0c. Please post your...

      Today's problem description: https://adventofcode.com/2020/day/18


      Join the Tildes private leaderboard! You can do that on this page, by entering join code 730956-de85ce0c.

      Please post your solutions in your own top-level comment. Here's a template you can copy-paste into your comment to format it nicely, with the code collapsed by default inside an expandable section with syntax highlighting (you can replace python with any of the "short names" listed in this page of supported languages):

      <details>
      <summary>Part 1</summary>
      
      ```python
      Your code here.
      ```
      
      </details>
      
      11 votes
    19. What programming/technical projects have you been working on?

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's...

      This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's interesting about it? Are you having trouble with anything?

      9 votes
    20. Day 24: Lobby Layout

      Today's problem description: https://adventofcode.com/2020/day/24 Join the Tildes private leaderboard! You can do that on this page, by entering join code 730956-de85ce0c. Please post your...

      Today's problem description: https://adventofcode.com/2020/day/24


      Join the Tildes private leaderboard! You can do that on this page, by entering join code 730956-de85ce0c.

      Please post your solutions in your own top-level comment. Here's a template you can copy-paste into your comment to format it nicely, with the code collapsed by default inside an expandable section with syntax highlighting (you can replace python with any of the "short names" listed in this page of supported languages):

      <details>
      <summary>Part 1</summary>
      
      ```python
      Your code here.
      ```
      
      </details>
      
      8 votes
    21. Fortnightly Programming Q&A Thread

      General Programming Q&A thread! Ask any questions about programming, answer the questions of other users, or post suggestions for future threads. Don't forget to format your code using the triple...

      General Programming Q&A thread! Ask any questions about programming, answer the questions of other users, or post suggestions for future threads.

      Don't forget to format your code using the triple backticks or tildes:

      Here is my schema:
      
      ```sql
      CREATE TABLE article_to_warehouse (
        article_id   INTEGER
      , warehouse_id INTEGER
      )
      ;
      ```
      
      How do I add a `UNIQUE` constraint?
      
      10 votes
    22. Day 25: Combo Breaker

      Today's problem description: https://adventofcode.com/2020/day/25 Join the Tildes private leaderboard! You can do that on this page, by entering join code 730956-de85ce0c. Please post your...

      Today's problem description: https://adventofcode.com/2020/day/25


      Join the Tildes private leaderboard! You can do that on this page, by entering join code 730956-de85ce0c.

      Please post your solutions in your own top-level comment. Here's a template you can copy-paste into your comment to format it nicely, with the code collapsed by default inside an expandable section with syntax highlighting (you can replace python with any of the "short names" listed in this page of supported languages):

      <details>
      <summary>Part 1</summary>
      
      ```python
      Your code here.
      ```
      
      </details>
      
      8 votes