#Tag
I love Bruce Schneier 🤣 On the physical constraints of twiddling bits in order to crack an AES-256 key:
"Brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space."
https://www.schneier.com/blog/archives/2009/09/the_doghouse_cr.html
Zero trust isn’t a feature, it’s a philosophy https://spiceworks.com/security/zero-trust-isnt-a-feature-its-a-philosophy/ by @sjvn
Implemented correctly, zero trust can help your #security. However, that's much easier said than done.
Hey #Proxmox community! I would like to hear your thoughts on how you usually update your Proxmox nodes and clusters. How do you handle minor Proxmox and #Debian package upgrades with #APT?
What would you think about a new API endpoint that lets you run unattended upgrades with a simple call like:
/nodes/{node_name}/apt/upgrade
At the moment you need to use the node’s HTML5 console to perform upgrades. Other methods exist such as running unattended Debian upgrade scripts, using patch management tools like #Spacewalk or #QualvoSec, or automating the process with #Ansible over SSH. My idea is to have an API based solution that relies on Proxmox authentication and authorization. This would also allow third party tools such as #ProxLB to provide automated patch management and even handle guest rebalancing in a way that is similar to DRS without requiring direct SSH access.Hey #Proxmox community! I would like to hear your thoughts on how you usually update your Proxmox nodes and clusters. How do you handle minor Proxmox and #Debian package upgrades with #APT?
What would you think about a new API endpoint that lets you run unattended upgrades with a simple call like:
/nodes/{node_name}/apt/upgrade
At the moment you need to use the node’s HTML5 console to perform upgrades. Other methods exist such as running unattended Debian upgrade scripts, using patch management tools like #Spacewalk or #QualvoSec, or automating the process with #Ansible over SSH. My idea is to have an API based solution that relies on Proxmox authentication and authorization. This would also allow third party tools such as #ProxLB to provide automated patch management and even handle guest rebalancing in a way that is similar to DRS without requiring direct SSH access.Threat actors are exploiting adtech companies to distribute malware and run malicious campaigns.
This is one of the many reasons why all Kagi products are built without ads or trackers.
https://cybersecuritynews.com/threat-actors-abuse-adtech-companies/
Threat actors are exploiting adtech companies to distribute malware and run malicious campaigns.
This is one of the many reasons why all Kagi products are built without ads or trackers.
https://cybersecuritynews.com/threat-actors-abuse-adtech-companies/
Just a reminder that if you use @signalapp, and if you can afford to do so, donate monetarily. Every little bit helps.
I can't (and don't want to) imagine a digital world where services like Signal don't exist.
#privacy #security #noai
Just a reminder that if you use @signalapp, and if you can afford to do so, donate monetarily. Every little bit helps.
I can't (and don't want to) imagine a digital world where services like Signal don't exist.
#privacy #security #noai
Comment le conducteur peut-il me voir moi toute petite sur mon vélo ?
Ces monstres n'ont pas leur place en ville.
Ça déborde de partout, c'est agressif, ça fait flipper quand ça roule derrière toi.
#streetphotography #photography #car #suv #voiture #securite #security #business #politics #velo #bike #sobriete #ego
There is an on-going malware attack targeting users of GitHub Desktop by buying ads on search engines that link to a committed Readme files on the GitHub Desktop repo with links to malicious versions of the app. This attack is on-going. I just found another attempt from a few days ago.
I found an Ad of the same kind on Duck Duck Go, so it's not just Google.
The details of the attack are described in detail in this article.
There is an on-going malware attack targeting users of GitHub Desktop by buying ads on search engines that link to a committed Readme files on the GitHub Desktop repo with links to malicious versions of the app. This attack is on-going. I just found another attempt from a few days ago.
I found an Ad of the same kind on Duck Duck Go, so it's not just Google.
The details of the attack are described in detail in this article.
Did I just send 25 letters by recorded post to representatives of the Italian government, parliament, and EU institutions, speaking out against ChatControl?
https://gagliardoni.net/#20250913_chatcontrol_letters
Yes, it looks like I did.
#chatcontrol #eu #privacy #surveillance #security #politics #cryptography
Did I just send 25 letters by recorded post to representatives of the Italian government, parliament, and EU institutions, speaking out against ChatControl?
https://gagliardoni.net/#20250913_chatcontrol_letters
Yes, it looks like I did.
#chatcontrol #eu #privacy #surveillance #security #politics #cryptography
Privacy isn't just about protecting
your own data, it's also about you protecting the data of others.
We all have a responsibility to
protect each other. Do not neglect this, or minimize the impact you may have.
Always ask for consent before sharing the data of others. Never assume.
This is a responsibility we all have towards each other: https://www.privacyguides.org/articles/2025/03/10/the-privacy-of-others/
A space for Bonfire maintainers and contributors to communicate
