Tails and another for storing random stuff, like a copy of documents when travelling.
Served in the Krogan uprisings. Now I run a podcast
Tails and another for storing random stuff, like a copy of documents when travelling.
Connect it to your PC or laptop and do a netinstall. Configure SSHD and a static ip. Plugin the disk to your server and then connect via ssh to admin it.
You could also set your laptop or PC to boot from the attached disk in the bios to test the services you want to start are starting
Happy to help 😉
Syncthing can do direct sync if you give the ip address to each node and you can disable relay servers .
Kdeconnect works great too if you are using linux and android
Yeah this is a much better approach
TPS reports 🙄
You could just poll it every few minutes via a cronjob and only send a notification if the numbers have increased.
Personally I use miniflux too in docker but I dont have a need for notifications.
Could you just poll the miniflux db directly ?
On laptops yes, on my server no. Most of the data is photo backups and linux ISOs form over the years.
Ive thought about using it for bank apps so I dont have hassle if I lose the phone or it gets robbed. Has anyone tried this ?
You are right, as you note this requires a set of skills that many don’t possess.
I have been looking for ways I can help going forward too where time permits. I was just thinking having a list of possible targets would be helpful as we could crowdsource the effort on gitlab or something.
I know the folks in the lists are up to their necks going through this and they will communicate to us in good time when the investigations have concluded.
I think going forward we need to look at packages with a single or few maintainers as target candidates. Especially if they are as widespread as this one was.
In addition I think security needs to be a higher priority too, no more patching fuzzers to allow that one program to compile. Fix the program.
I’d also love to see systems hardened by default.
I’m curious to know about the distro maintainers that were running bleeding edge with this exploit present. How do we know the bad actors didn’t compromise their systems in the interim ?
The potential of this would have been catastrophic had it made its way into the stable versions, they could have for example accessed the build server for tor or tails or signal and targeted the build processes . not to mention banks and governments and who knows what else… Scary.
I’m hoping things change and we start looking at improving processes in the whole chain. I’d be interested to see discussions in this area.
I think the fact they targeted this package means that other similar packages will be attacked. A good first step would be identifying those packages used by many projects and with one or very few devs even more so if it has root access. More Devs means chances of scrutiny so they would likely go for packages with one or few devs to improve the odds of success.
I also think there needs to be an audit of every package shipped in the distros. A huge undertaking , perhaps it can be crowdsourced and the big companies FAAGMN etc should heavily step up here and set up a fund for audits .
What do you think could be done to mitigate or prevent this in future ?
Your distro should havê a security mailing list you van subscribe to
it keeps the bug count down 😏
I like it but I would prefer it to be more restrictive out of the box. Such as have apps declare a list of urls the are permitted to contact , a browser could have * .
I’d like a more granular filesystem list too more akin to apparmors were each file path needed is explicitly defined, in some cases you would need a wildcard or a directory but for most apps this could be done.
The problem is the client 🤣