boblin

joined 1 year ago
[–] [email protected] 2 points 1 year ago

TL;DR: It's Prometheus, and he didn't call the whole film dumb, just a lot of its plot points.

[–] [email protected] 4 points 1 year ago

An open port is like a door on a building. It allows people from outside (the Internet) to go to the attached room on the inside (the service you're exposing).

Now is that's the only room in the building (the computer is not used for anything else), and the building is alone in the middle of an island with no land access (the computer is separated from the network, like in a DMZ) then the second worst thing an attacker can do is squat in in and rifle through your papers (the configuration files). The worst thing they can do however is start using your address and the utilities you paid for to start some unsavoury business (make it part of a botnet).

But if the server is not segregated from the rest of your network, they'll start running into other rooms/buildings, getting their hands at anything they can. Your accounts, your identity, etc. You'll be living in a really bad neighborhood, being shaken down for everything you have at every corner.

Now for the type of door you're putting on a building: if you just port forward it'll be like a screen door. It keeps the bugs out, but any person can open it with ease or crash through it, and they can see what's inside by just standing in front of it (server fingerprinting). If the services you run have a vulnerability it will be exploited. If you don't have a firewall or intrusion detection it'll be like putting a combination lock on the door and never checking if someone is trying all the numbers. The attackers WILL just keep trying until they succeed, and they're really fast at it.

So it's not like you should never put a door on a building, but the door should be reasonably secure, with the appropriate strength, deadbolt, and depending on what you run a receptionist (reverse proxy) and security guard.

[–] [email protected] 2 points 1 year ago

Looking at the 2023 Q2 BackBlaze report, it seems you should absolutely avoid 10TB drives.

[–] [email protected] 3 points 1 year ago (1 children)

But Jaskier isn't gay in the show, either. He's bisexual.

Oh yeah, that completely changes things, and does completely fit in with the character.

I do have to admit that I did not watch the latest season, not because of Jaskier but because of what they did to Eskel in the previous season. So I took the other commenter's word that the character was made gay. I guess that's what I get for assuming honesty until proven differently on the Internet.

[–] [email protected] 3 points 1 year ago (3 children)

I believe they're referring to the character of Jaskier/Dandelion, who in the lore is a womanizing, promiscuous bard. Pretty much the DnD bard player character archetype. It is also pivotal to a number of plot points, because the character's womanizing habits frequently land him in trouble, making him a "damsel in distress" supporting character. Which in itself works better when the character is straight because it subverts the trope.

The thing is also that there's plenty of characters in the story who are or could be made gay without serious repercussions to the plot.

[–] [email protected] 3 points 1 year ago

You are correct. A little bit hurt maybe to be grouped with the bigots, but as I said I understand the sentiment, and I also understand that in certain demographics it's close enough to the truth.

[–] [email protected] 23 points 1 year ago (11 children)

As an ally I would prefer if the second panel said "homophobes" instead of "straight people", but I get the sentiment of the meme. It's like a Bechdel for the audience.

[–] [email protected] 1 points 1 year ago

Wasabi. Backups is literally their use case

[–] [email protected] 15 points 1 year ago (2 children)

Take a machine with Linux preinstalled. Will it run Linux without problems? Yeah, of course.

Take a machine with Windows preinstalled. Will it run Linux without problems? Check the list.

[–] [email protected] 3 points 1 year ago

Also less likely to harbour bugs.

[–] [email protected] 5 points 1 year ago

The CIS benchmarks for Linux are a good start. There are some off the shelf tools that let you run those, notably linux-bench. Another tool in a similar fashion is lynis. You can also use eBPF tools like callander to examine your workload behaviour and help tighten your seccomp policies.

Once you've established a baseline for your system, you'll next want to harden your environment. This means network scans, OWASP, etc. As far as off the shelf tools go, OpenVAS is quite popular even in Enterprise environments.

Finally there's the continuous security tasks. Continuous package updates, runtime security, log analysis, etc. There are some free tools that cover part of this like Security Onion, but if the price is right a SaaS tool can save you a lot of time.

[–] [email protected] 2 points 1 year ago

Many much housen.

view more: ‹ prev next ›