seb 
@seb@ioc.exchange
Mod
Cyber blue team leader by day, tinkerer/hacker at night.
Architecting secure systems and traveling the world is what I like.
Unfair, harsh, inconsiderate behavior is what I don't like.
Joined Nov 2019
seb
boosted
boosted
"your music is great, you could make so much money! put it up to stream!"
@thegibson @ryen Were you thinking forks of OSSEC, TheHIVE Project, osQuery, GRR or something completely new?
seb
boosted
boosted
OMG, am dying!!!
Someone used the bug GitHub refused to fix, that allows you to add a commit to a repo you don’t control... to upload YouTube-dl to the DMCA request repo on GitHub.
https://github.com/github/dmca/tree/416da574ec0df3388f652e44f7fe71b1e3a4701f
seb
boosted
boosted
Hi.
I’m 34 years old, dad of two, ICU-nurse and a hobbyist computer programmer and FOSS-lover.
I just learned about mastodon and I am fascinated by its concept.
Hoping to find some chill people here to talk about my interests!
@tda233066 Welcome to IOC.exchange!
Web Rant: Clarification / Addendum
@docskrzyk @thegibson Agreed. However, putting everything in a browser also makes the user conversion easier and that will boost the network effect.
seb
boosted
boosted
The Web Needs to Die: A Long Rant
Today I said something that I never thought I'd hear.
I think the web needs to die. I wish I had listened to a friend who, 15 years ago, was ranting about the trend to re-invent the internet on port 80.
We have taken a resilient network with a diverse ecosystem of applications and shoved every damn thing into a web application. The deluge of standards and bolt ons makes the web look like the stacks from Ready Player One - unmaintainable and fragile. We have created a single (and highly corporate/commercialized) single point of failure.
Accessing the internet:80 (or 443) is so fraught that you have to be a big player to make a browser that works correctly, but doing so allows you to gatekeep the whole thing. As a bonus you could mine behavior from that client to feed into your search and advertising machine.
And now we can't do shit without it. We're guzzling the kool-aid such that we write write apps in (originally) hacked-in web programming languages using toolkits that basically turn an entire web browser into a shared library.
I wish I had good alternates or suggestions for a functional replacement, but I have to say it: The web is a dangerous joke.
@lucas Here is another interesting discussion about the complexity of the www: https://hackers.town/@docskrzyk/104977957082538091
@lucas Interesting thought.
I was thinking that browsers became so complex that you need to have some kind of business (which can pay the developers) to even create one. Employee owned businesses seem like a good choice for such endavours. However, reading their post about open sourcing makes me wonder if employee owned also means super cautious and hesitant.
Here is an employee owned company’s business model that seems to have some ethical roots: https://vivaldi.com/blog/vivaldi-business-model/
And here are their reasons to not open source all of vivaldi: https://vivaldi.com/blog/vivaldi-browser-open-source/
All of this seems pragmatic and ethical to me. #fediverse - Any other opinions on that?
Best tutorial on Systemd Timers I have found: https://www.tutorialdocs.com/article/systemd-timer-tutorial.html #linux
First paper on HIDS ever: https://faculty.nps.edu/dedennin/publications/IDS%20model.pdf #cybersecurity #infosec #theory >
The problem of viruses is temporary and will be solved in two years. -John McAfee, 1988
seb
boosted
boosted
#security #cryptography https://kryptor.co.uk/ Looks to be a promising project for file encryption. :)
seb
boosted
boosted
Awesome AWS S3 - Security, Tools and Intel
Collection of tools, techniques and useful links concerning security and exposed AWS S3 Buckets
seb
boosted
boosted
How to properly manage ssh keys for server access :: Päpper's Coding Blog — Have fun coding.
Every developer needs access to some servers for example to check the application logs. Usually, this is done using public-private key encryption where each developer generates their own public-private key pair. The public keys of each developer are added to the authorized_keys file on each server they should have access to.
https://www.paepper.com/blog/posts/how-to-properly-manage-ssh-keys-for-server-access/
seb
boosted
boosted
Another #fediboost, this time for https://social.nixnet.services.
It's a Mastodon instance run by @amolith who also provides a bunch of other services for people to use over at https://nixnet.services. He's a genuinely great guy and runs a good instance.
It's a Mastodon instance run by @amolith who also provides a bunch of other services for people to use over at https://nixnet.services. He's a genuinely great guy and runs a good instance.
Mod
Cyber blue team leader by day, tinkerer/hacker at night.
Architecting secure systems and traveling the world is what I like.
Unfair, harsh, inconsiderate behavior is what I don't like.
Joined Nov 2019
seb 's choices:
