7
submitted 3 weeks ago* (last edited 3 weeks ago) by TheFool@infosec.pub to c/infosecpub@infosec.pub

Images that have been proxied by another instance break when I try to view them on here. As far as I could gather lemmy tries to proxy them again and that doesn’t work creating broken links like:

https://infosec.pub/api/v3/image_proxy?url=https%3A%2F%2Flemm.ee%2Fapi%2Fv3%2Fimage_proxy%3Furl%3Dhttps%253A%252F%252Fi.ibb.co%252FBGzbmXH%252F5f838e188876c0c9.png

Source: https://infosec.pub/post/19061593

[-] TheFool@infosec.pub 36 points 1 month ago

sigh - Days without thinking about her: 0

9
submitted 4 months ago by TheFool@infosec.pub to c/infosecpub@infosec.pub

I noticed our instance got updated to lemmy 0.19.5 which means image proxying is now available. Since it‘s a privacy preserving measure and also (in case of catbox) really helps with loading times I would really like this feature. I am not quite sure but as far as I can tell it is not enabled at the moment. Does anyone know if it is planned to be used in the future?

Also I don’t know where instance related announcements and news are posted so I‘d appreciate it if someone could point me in the right direction.

[-] TheFool@infosec.pub 40 points 5 months ago

I‘m gonna be that guy and recommend GrapheneOS it is a different Android system and while that sounds like a really hard task to do for a beginner they have a really user friendly web-installer with step by step instructions. Adterwards you can just install and use google play store from their integrated app.

It’s made specifically for Pixel phones and you can’t much more degoogle than that

[-] TheFool@infosec.pub 36 points 5 months ago

Damn, congrats bro, your life is going to go up immensely soon

[-] TheFool@infosec.pub 47 points 6 months ago

If you need to add stuff to a PDF document, now you can do that online with Firefox. Open the PDF in Firefox and click the Text or Draw buttons in the upper right corner to make changes to your document. Download the file to save it with your changes.

Fill in forms online without printing and scanning

We’ve all faced this: you need to fill in a form that is a PDF, but it isn’t editable. In the past, your only option was to print it on a dead tree, add things with ink, and then scan it back into your computer.

No more! Now, all you need to do is edit the PDF online with Firefox, save it, and email it from your computer.

Add text

Open the PDF in Firefox. Click the Text button to choose a color and text size before selecting where on the document you wish to add text. It’s that easy!

Add drawings (or your signature)

Open the PDF in Firefox. Click the Draw icon to choose a color, thickness and opacity before then being able to draw on the document. It probably won’t be any messier than your usual signature!

Add image with alt text

Open the PDF in Firefox. Click the image icon, which will then prompt you to upload an image. Adjust size and placement of your image as needed. Click the “+Alt text” button on the image to add a photo description to make your PDF more accessible.

Create a highlight

Open the PDF in Firefox. Select the text you want to highlight, then click the highlight icon that appears below your selection, or right click to find the highlight option in the context menu. Click the icon in the top right to freehand highlight sections of the PDF.

[-] TheFool@infosec.pub 41 points 6 months ago* (last edited 6 months ago)

What’s happened?

The Linux kernel project has become its own CVE Numbering Authority (CNA) with two very notable features:

  • CVE identifiers will only be assigned after a fix is already available and in a release; and
  • the project will err on the side of caution, and assign CVEs to all fixes.

This means each new kernel release will contain a lot of CVE fixes. 

So what?

This could contribute to a significant change in behaviour for commercial software vendors.

The kernel project has long advocated updating to the latest stable release in order to benefit from fixes, including security patches. They’re not the only ones: Google has analysed this topic and Codethink talks extensively about creating software with Long Term Maintainability baked in.

But alas, a general shift to this mentality appears to allude us: the prevalent attitude amongst the majority of commercial software products is still very much “ship and forget”.

Consider the typical pattern: SoC vendors base their BSP on an old and stable Linux distribution. Bespoke development occurs on top of this, and some time later, a product is released to market. By this point, the Linux version is out of date, quite likely unsupported and almost certainly vulnerable from a security perspective.

Now, fair enough, upgrading your kernel is non-trivial: it needs to be carefully thought through, requires extensive testing, and often careful planning to ensure collaboration between different parties, especially if you have dependencies on vendor blobs or other proprietary components. Clearly, this kind of thing needs to be thought about from day one of a new project. Sadly, in practice, in a lot of cases, upgrading simply isn’t even planned for.

And now?

With the Linux kernel project becoming a CNA, we’ll now have a situation where every new kernel release highlights the scale of how far behind mainline these products are, and by implication how exposed to security vulnerabilities the software is. 

The result should be increased pressure on vendors to upgrade.

With this, plus the recent surge in regulations around keeping software up to date (see the CRA, UNECE R155 and R156), we may start to see a genuine movement towards software being designed to be properly maintained and updated, ie, "ship and remember" or Long Term Maintainability. Let's hope so.

What else?

Well, the Linux kernel is just one project. There are countless other FOSS projects which are depended on by almost all commercial projects, and they may also be interested in becoming their own CNA. 

This would further increase the visibility of the problem, and apply a renewed focus on the criticality of releasing software products with plans to upgrade built in from the start.

If you would like to learn more about CNAs or Codethink’s Long Term Maintainability approach, reach out via sales@codethink.co.uk.

[-] TheFool@infosec.pub 61 points 10 months ago

Don‘t worry, many mastodon servers are blocking threads out of principle, infosec.space for example

494
Extinguishing rule (infosec.pub)
submitted 10 months ago by TheFool@infosec.pub to c/196@lemmy.blahaj.zone
[-] TheFool@infosec.pub 26 points 11 months ago

Don’t worry ADHD isn’t a real illness, we‘re all just faking it because we’re lazy

[-] TheFool@infosec.pub 26 points 1 year ago

Linux Distribution (Distro) and Desktop Environment (DE). Not sure why the commenter above expected you to use Linux though

25

I am relatively new to Star Trek. I have watched strange New Worlds, the Lower Decks and Discovery and want to watch some of the “older” memed shows from this sub. I could never really get into TOS because it's just too old. What would you guys recommend to watch first to get really into it?

3
submitted 1 year ago by TheFool@infosec.pub to c/memes@lemmy.ml

Using a third party app of course

view more: next ›

TheFool

joined 1 year ago