Most of these things are pretty secure out of the box.
Even without fail2ban disabling root login and only allowing SSH key authentication makes those scripts just a waste of time for the attacker. That game is a low effort attempt to just get the low hanging fruit for botnets though.
Yes, My home network setup is a bit complicated but I am using Pfsense so I have things on separate vlans with internal firewall rules to reduce risks.
All traffic in on port 443 is routed from Cloudflare to an NginX reverse proxy which decides how to connect back into my network for things
Years ago I would just run a server on the network with 443, 80 and 22 exposed directly to the world and never had any major issues. (Other than the normal automated attacks trying to gain shell access over SSH)
I got 1gbps internet (symmetrical) and a raspberry pi cluster… running my own Wordpress never made more sense… AND that botch should scale!
All I hear is NFTs
I have been on the other side of the equation professionally speaking.
I think we mostly agree.
The auditors were certainly not malicious, they can simply only see what they can observe.
Appealing to authority without explaining the caveats is risky to do and disingenuous to people who need to take security very seriously right now.
A potential vector or matter of concern does not mean there is a compromise. Without evidence of a hack or compromise you just have the idea that something could happen.
The app model in general has meant that we have given up tremendous amounts of privacy and security in general for the sake of connivence.
If I were the developer of this app I would’ve approached things from the inception with the question of “How do I get people to trust me who absolutely should not trust me?”
That said, it is always easier to tear down than it is to build.
If I were an at risk individual I would likely opt to use the app myself assuming I could share general location instead of specific location. In areas like LA there is likely a lot of data flowing in that would not help a malicious actor if the location is not specific.
When you do business with companies in certain industries not only is your software audited but your entire development process, business processes and staff are audited.
It’s not unreasonable to question a closed source application for something like this as one version was audited, but what about the next?
How do we know their dev process hasn’t been compromised? Or the person building app wasn’t compromised? Or that the entire thing was not compromised from the start?
Likewise, an audit without full access to code isn’t useless, but hiding behavior from an audit and for a certain period of time would be straight forward. How do you know there is not a dormant command and control system in the app that will cause it to behave in a malicious manner after a set amount of time or after a specific push notification is received?
I am not saying this is present, just that Audits like this are only able to catch what they can observe and the existence of an audit does not mean to blindly trust something
Having the App be open source would be a big step towards providing the transparency needed to address these concerns users would not have to trust anyone and can confirm the builds on the app stores match what is on their Git.
I am not pointing this out to jump on the “Don’t use this app” bandwagon. I am pointing it out to say that there are reasons to be skeptical of these sorts of things in our current political climate.
Remember Sabu and LulzSec
All a matter of preference.
I would say the most important thing to do is to pick a switch you think would be fun and then just pick the coolest looking keyboard that matches it.
The Keychron keyboards are a great starting point; They are pretty cheap so if you are unsure you won’t be too upset if you want to later try a bigger or smaller layout.
I can’t tell you my favorite layout unfortunately, I like 40%, 60%, full keyboards and even have a Kinesis (It helped me a lot with hand pain when I typed QWERTY. I recommend switching to DVORAK or another layout before spending so much money on a Kinesis these days)
People who don’t understand and read these articles and think Skynet. People who know their buzz words think AGI
Fortune isn’t exactly renowned for its Technology journalism
I would ask what value chromebooks add to education?
We are not teaching kids to do anything with them other than consume Google and Adobe services.
It’s no better than schools were when I was in school where we used windows and mainly learned to consume Microsoft products.
Chromebooks are absolute garbage.
Most computers I have used over the last 15 years will disable USB power if you short out the port (working with electronics you tend to replicate the “sticking scissors into a USB port” with some regularity)
Pencil lead I am sure causes other issues though… it gets red hot and melts eventually
Uncle Tony on you tube likened air travel to jail… and I can’t shake it… I feel like a prisoner everytime I fly and HATE IT
Cell != Battery
Battery = MANY Cells
I am not correcting you just hate the headline.
If you made a battery with 666(667 if we round up) of these you could supply 2ma of power at 3v for 50 years!
I don’t have sizes available so assuming 2032 sized batteries… If you stacked them that would be over 2meters tall.
With further advancement these could be viable
A lot more than that. 2ma
Analog circuits are weird though
Elizabeth Holmes only got in trouble for lying to people who should’ve done their “due diligence”
The patients / families of the patients that Theranos lied to and mislead never got justice.
Yeah it is awful for intermittent printing; you will not get as many prints as you expect but it WILL still print (after you run a couple of maintenance cycles to flush out the dry ink)
it was Louis Rossman and recently was within the past month; That said its currently being discussed
I don’t really like Louis Rossman much but most of his critiques of companies not treating consumers correctly are typically correct
Personally speaking though removing old firmware from site and adding a genuine cartridge check are the first steps you would take to begin limiting users.
EcoTank I like because Epson can literally NOT confirm if the ink is genuine or not (if you REALLY were determined you could even get Magenta into the Cyan tank and it would still squirt ink out… although incorrectly of course)
The printer I am liking right now isn’t laser but comes out to be about the same cost to print as laser.
It’s the Epson EcoTank. The print quality is pretty good for things where a laser printer is the wrong tool and the refills are relatively reasonable… and Shaq promotes it!
Brother has pulled some shit recently…
Government in this case is forcing sites to collect PII to verify age not blocking content not blocking content themselves.
I am working under the knowledge that these age verifications are not theoretical (Its the end game of all the KYC startups from last decade)
If you are in the south in much of the US these ID checks are already forced and will only expand
A browser header gives the result without building a Database of people who like porn
Browser headers also put the responsibility on sites that promote dangerous things to kids (its in your best interest as a site that can deliver porn, things not suitable for kids to check and respect the header from a liability perspective)
Local models are actually pretty great! They are not great at everything… but for what most people are using LLMs for they do a fine job.
Thats from llama3.1:8b and the answer is decent, it took about 20seconds to generate my answer and used no more power than if I were to play a video game for the same amount of time.