#til: `tac` is the reverse of `cat`.
both literally and functionally.
we just broke atlassian bamboo builds with emojis in commit messages.
TIL this is a thing: https://monitor.firefox.com/
TIL: tls server offers different subsets of ciphers among those configured depending on key type (rsa/ecdsa)
I just delivered a sql injection to a graphql endpoint* and my mind is quite blown atm 🤯
(*on a pentesterlabs exercise, not a real service!)
0xf00
boosted
Facebook Messenger still scans all messages, even with end-to-end encryption. Scanning is done locally on the device before text messages are sent and after received messages are decrypted.
Facebook privacy lol
#til: mysql driver has an option to create the db upon connection if doesn't exist already (as long as the user connecting has CREATE permissions), e.g.:
`jdbc:mysql://localhost:3306/someschema?createDatabaseIfNotExist=true`
0xf00
boosted
My colleague Kief Morris is curating the website "Infrastructure as Code", modeled after his book by the same name: https://infrastructure-as-code.com/
Also, he just made the source of the site, including all the useful information open source, so people can submit PRs and suggestions for improving the material: https://github.com/kief/infrastructure-as-code.com
I find it incredibly valuable, especially as a reference material. Have a read, improve it, let's all benefit from the aggregated knowledge!
I wonder if it's easy to write a fargate backend for garden now...
only after going through the pain of setting up a concourse cluster in fargate I realise that actually, it could never work as concourse needs privileged mode and fargate doesn't allow it 😭
"with great security comes great usability" -- security spiderman's uncle
quantum typing: when the waveform of your typing skill collapses when observed by your pair
I just rolled out my own test framework for infra tests in bash and it took 5 minutes and I have working tests and I'm not ashamed
0xf00
boosted
me: DevOps is good for your organization, your delivery and your culture
enterprise: We already do DevOps!
me: Oh cool, show me!
enterprise:
0xf00
boosted
Well, it finally happened to me: My very own creepy Facebook moment.
But I don't even use Facebook.
https://www.brainonfire.net/blog/2019/02/17/my-own-creepy-facebook-surveillance-moment/
TL;DR: Facebook account I opened 8.5 years ago and never used receives "recommendation", out of the blue, to check out a small store I only just learned existed and started patronizing.
(That account: No phone number, no friends, no profile info, sort-of-fake name, dedicated email address. Me: No smartphone, didn't pay by credit card.)
0xf00
boosted
Server hardening–some people install arbitrary security software to "harden" their server.
Hardening is about removing/disabling functions, accounts, services etc., not about installing random packages.
Basic hardening tips:
– install a minimal operating system + firewall
– regularly update your OS
– remove/disable unused packages, interfaces, services
– secure and monitor your log files
– backups!
Tools like Lynis suggest more tips that need careful consideration.
0xf00
boosted
guess which all-powerful tech monopoly is breaking ublock origin (and umatrix, and likely many other similar add-ons, such as noscript) in their browser, which happens to be the most popular browser in the world?
https://bugs.chromium.org/p/chromium/issues/detail?id=896897&desc=2#c23
who could have foreseen this? who would ever think that an advertising company's web browser would end up breaking compatibility with an ad blocker? frankly i'm shocked
