e38383

@e38383@infosec.exchange

Hacker, old, something with security, knows stuff. I write shell scripts on the go via a phone keyboard, don’t tempt me, please! And finally: oxygen activist.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

HilliTech, to random
@HilliTech@techhub.social avatar

Apple Vision Pro will be interesting. I wonder how my office will change, if at all. If my iPad and MacBook can just act as interactive objects within visionOS, it'll be like having a souped up version of Universal Control.

I feel like we're not going to truly understand the product's impact until it's in our hands.

e38383,

@HilliTech I really hope that it fulfills all the promised things. The first thing I will definitely do is losing terminal windows somewhere on the wall; today I’m losing them on a second monitor which my brain can’t comprehend ;)

nixCraft, (edited ) to random
@nixCraft@mastodon.social avatar

Poll: How old were you when you first got unrestricted access to the internet?

e38383,

@nixCraft about 10, but it wasn’t called internet back then ;)
The internet was already there, but mostly it was BBSs.

muddylaces, to macos

Hey #SoftwareDevelopers of Mastodon, I have a sort of #LazyWeb request. For a while now, I’ve been looking for a fast, nice looking #MacOS diff tool, that is a one time purchase, and not too expensive ($50 USD or less). Open source is welcome as well. So far I’ve mostly found Windows ports (that still look like windows apps) and apps that are decidedly not Mac. Any #recommendations out there?

https://muddylaces.ca/2023/12/15698/

e38383,

@muddylaces I found Text Differ a few days ago: https://proxymanstore.gumroad.com/l/textdiffer. I didn’t have the time to test it yet, but it fits your search.

e38383,

@muddylaces please share your experience, It's still in my Downloads, but I'm really busy the next few weeks :(

defaultvlan, to random

Is this better than Windows 98?

e38383,

@defaultvlan definitely, it’s the year of the Linux desktop!

inlovewithpda, to linux
@inlovewithpda@chaos.social avatar

this there a way to deal with umlaute (ä,ü,ö) and spaces in ?

rclone lsd server:Speicher - Geschäft
or
rclone lsd server:"Speicher - Geschäft"

is not working....

e38383,

@inlovewithpda most likely the charset is different on the remote. rclone lsd server:"$(rclone lsf server: | grep Speicher)" should work and you can check what charset is used. Maybe use hexdump to figure it out.

You can also try rclone lsd server:"$(echo "Speicher - Geschäft" | iconv -t iso8859-1)" (with the correct charset)

If nothing helps, it may be just a different „-“, maybe – or —.

nixCraft, to random
@nixCraft@mastodon.social avatar

What was the first version of Unix or Linux Server you were ever paid to work on?

e38383,

@nixCraft SuSe something between 6.2 and 6.4, can’t remember exactly.

nixCraft, to linux
@nixCraft@mastodon.social avatar

This , , , shell feature comparison table shows that ZSH and FISH have the most features. Why aren't you using ZSH or FISH yet?

e38383,

@nixCraft that comes just at the right time. I was thinking about switching to fish, but without associative arrays and subshells it’s not for me.

Zugschlus, to random German
@Zugschlus@zug.network avatar

Fallen Euch Songs mit Wednesday und Thursday ein?

Ich verrate Euch dafür auch meine Freitags- bis Dienstagssongs.

e38383,

@Zugschlus da müssen wir wohl Dienstag Nachmittag mit „Tuesday Afternoon“ (The Moody Blues) anfangen, vor allem weil es Mittwoch doch recht früh wird: „Wednesday Morning, 3 A.M.“ (Simon & Garfunkel). Für Donnerstag geht’s dann mit „Thursday“ (Pet Shop Boys) weiter. Abschließen würde ich dann mit „Finally Friday“ (George Jones).

stefan, to macos
@stefan@social.stefanberger.net avatar

I am pretty impressed by .

Look into it for encrypted backup and restore via a variety of target protocols.

FYI even the latest includes for scheduling tasks. You just need to give it (/usr/sbin/cron) file system access permissions to be able to execute a script. (Cmd+shift+G after clicking the + in the security settings).

e38383,

@stefan take a look at resticprofile, it handles schedules and retention pretty well (and all other things one can do with restic).

defaultvlan, to random

A quick reminder, also for myself: Having a backup strategy where every copy physically resides in one house isn’t viable. I had a close call with a fire next door. 🔥💾

e38383,

@defaultvlan use some cloud/online storage with encrypted backups. The encryption key should be in your password manager or a simple encrypted file with a known passphrase.

And when you just plan a new backup strategy, also plan a worst case scenario and give someone you trust access to your passwords and documents in case anything happens to you.

scy, to random
@scy@chaos.social avatar

Timo wrote in the article:

> Aside from Postfix and Sendmail, other SMTP implementations are most likely affected as well

He knew they were affected. He chose to only talk to the commercial vendors, even discussing at length with Cisco whether it's a vulnerability at all. He chose not to talk to the biggest vulnerable open source projects with the same diligence.

And I'm sorry, but the whole article makes it look like that's because he didn't expect money and fame from the FOSS projects.

e38383,

@scy I probably should read it again. I somehow missed this three times, I guess I didn't expect anything under “GMX and Ionos” regarding other products.

Thank you for clarifying this. I'm totally on your side now.

unixtippse, to random
@unixtippse@mastodon.online avatar

Der Stoff, aus dem hoffentlich Hausverbote beim CCC gemacht sind. 🖕 https://chaos.social/@scy/111623638315808182

e38383,

@unixtippse ich verstehe das Problem nicht wirklich. postfix ist doch gar nicht betroffen, klar kann man es auch an der falschen Stelle fixen, aber es ist doch deutlich geschickter wenn sich alle richtig verhalten würden, oder?

Warum hätte er also postfix informieren sollen, wenn das Problem eben auf der anderen Seite liegt?

Oder ich habe es halt komplett falsch verstanden.

e38383,

@unixtippse Ok, ich sehe nun, dass es bereits in RFC 2822 unter “2.3 Body” nicht erlaubt ist ein LF ohne CR anzunehmen. Das war mir unbekannt.

Ich behaupte trotzdem, so wie der ganze Artikel geschrieben ist, dass das nicht der Part war an den Timo gedacht hat. Im Gegenteil ging es ihm um die Gegenseite, die LF anstatt CRLF akzeptiert.

Ein halbes Jahr darauf zu sitzen und es dann zu veröffentlichen, birgt halt die Gefahr was vergessen zu haben, aber der Zeitpunkt ist wenigstens günstig, aktuell haben die meisten eh zu viel Zeit.

e38383,

@unixtippse Ok, ich hab das wohl die ganze Zeit überlesen, dass er es in dem Artikel auch von postfix hatte. Wieso packt man das auch unter “GMX and Ionos”, da erwarte ich einfach nichts zu postfix.

Also: postfix ist wohl komplett betroffen, sowohl sendend als auch empfangend. My bad.

scy, to random
@scy@chaos.social avatar

Okay, now I'm a bit sad that I won't be at #37C3, and it's because of this talk:
https://events.ccc.de/congress/2023/hub/en/event/smtp_smuggling_spoofing_e-mails_worldwide/

Presenter #TimoLongin found an exploit in SMTP, notified commercial vendors GMX, Microsoft & Cisco in July, then published a blog post in the week before Christmas that describes how the attack works. Free software maintainers and admins were not warned in advance and had to rush to build workarounds.

Would've loved to talk to him about his idea of "responsible disclosure".

#SMTPSmuggling

e38383,

@scy I've read the article from Timo now at least 3 times and I'm convinced that he really forgot about RFC 2822 section 2.3 (“CR and LF MUST only occur together as CRLF; they MUST NOT appear independently in the body.”). The whole article is written from the perspective of the recipient server which should not allow LF as line ending for “CRLF . CRLF”.

My first impression therefore is that he just didn't realize that the sender (postfix) is also problematic. I made the same (false) assumption and can totally understand when this isn't the point of the research. #postfix is not in scope of the written article, it's just a vehicle to transport it to a vulnerable server.

OTOH it's good to know that postfix can work around the problem and a fix is in the work, but it's still not the problem here.

e38383,

@scy My point is that Timo gets crucified for not telling the right people instead of getting recognized as someone who did find a vulnerability. I just don't read in the article that he thought about all those products at all. I'm happy he have written about the bug and I'm even more happy it is now and not some other time when all normal projects are running high.

The timing for a vulnerability is never good and now should be as good as any other time.

Maybe I'm just as grumpy as everyone else, just in the other direction. I like the timing, most of you don't like it (and I don't understand why).

I will try to get a test environment to get a better understanding what is vulnerable and what not.

andreagrandi, to macos

I’m looking for a #backup solution for #MacOS which can make incremental and #encrypted backups. Nothing linked to a specific #cloud (but nice if it supports many, plus USB disks). Something similar to “Duplicati” (but stable). Already tried Kopia (UI too complicated and doesn’t support multiple tasks). Nice if open source but willing to pay for the best solution.

Any ideas? Boosts are very appreciated for better reach 🙏

ps: I already pay for pCloud, iCloud and Google Drive to use as storage

e38383, (edited )

@andreagrandi I used Arq in the past, but switched to #restic (https://restic.net/) together with #resticprofile (https://github.com/creativeprojects/resticprofile) to have a common solution for all my systems.

StefanMuenz, to random German
@StefanMuenz@vivaldi.net avatar

Ich kaufe keinen #Weihnachtsbaum und benötige daher die Staatsbürgerschaft irgendeines anderen Landes.
🎄#Merz🤦

e38383,

@StefanMuenz so einfach geht das? Kann man das Land dann aussuchen oder wird einem das zugewiesen?

jschauma, to random
@jschauma@mstdn.social avatar

Thinking of starting a new consulting business, called "That's Fucked Up As A Service".

I sit there and you explain your legacy system to me, and all I do is say "That's fucked up." If you agree, you get a discount. If you try to justify the brokenness, you have to pay double.

e38383,

@jschauma reminds me of FOAAS, but I really like the idea of monetizing it.

(https://github.com/tomdionysus/foaas)

e38383, to random German

Podcast im falschen Land gezogen und gleich mal norwegische Werbung abbekommen.

e38383, to random

Some #polarlights behind #clouds for you.

Zugschlus, to random German
@Zugschlus@zug.network avatar

Liebes Nerdfolg, wenn wir hier gerade so am diskutieren sind, mag mir mal jemand ein USB-C-Ladegerät empfehlen, mit dem ich mein neues Notebook mit 65W und gleichzeitig noch zwei "normale" USB-Geräte (Handy, Tablet, LTE-Router, Headset etc) laden kann?

e38383,

@Zugschlus wenn dir 2× USB-C reicht würde ich da sofort zuschlagen, das ist ein verdammt guter Preis für das Ding. Ich brauch's nicht und komme ins Grübeln ;)

nixCraft, to random
@nixCraft@mastodon.social avatar

Oh boy here we go again with 32 bit signed int time_t problem. This is a real problem. Unix is embedded in lots of stuff that doesn't update. We will have real issues with those systems

e38383,

@marcel @nixCraft @beoz one unix time number can refer to more than one UTC time (see http://www.madore.org/~david/computers/unix-leap-seconds.html). We have about 15 years left to a) convince everyone that we need leap seconds at 03:14:07 and b) to alter the spin of the earth so we get 8 leap seconds.
Maybe it's negative 8 leap seconds, after reading this all my head spins more than the earth ever could (or could not).

tailscale, to random
@tailscale@hachyderm.io avatar

Year-end travel brings you closer to loved ones—but farther from your home network. We've put together some tech tips on how to prepare for travel and what to do when you get there https://tailscale.com/blog/travel-tips/

e38383,

@tailscale that’s a great post. One thing missing: set this all up and use it for normal operation. I use tailscale ssh even locally and never have to worry about using it from anywhere else.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • provamag3
  • InstantRegret
  • mdbf
  • ethstaker
  • magazineikmin
  • GTA5RPClips
  • rosin
  • thenastyranch
  • Youngstown
  • osvaldo12
  • slotface
  • khanakhh
  • kavyap
  • DreamBathrooms
  • JUstTest
  • Durango
  • everett
  • cisconetworking
  • Leos
  • normalnudes
  • cubers
  • modclub
  • ngwrru68w68
  • tacticalgear
  • megavids
  • anitta
  • tester
  • lostlight
  • All magazines
    •