Gonçalo Valério @dethos@s.ovalerio.net
Admin
Full-stack developer, advocate of a free, secure and safe Internet. Nature lover and sports enthusiast.
Joined Apr 2017
Gonçalo Valério
boosted
Certificate Transparency – a step-by-step overview:
https://certificate.transparency.dev/howctworks/
Certificate Transparency is a system of public logs for monitoring and auditing digital certificates.
#CertificateTransparency #TLS #HTTPS #InfoSec #Security #CyberSecurity
"Security hardening for GitHub Actions"
Gonçalo Valério
boosted
Regarding #youtubedl situation, I strongly recommend watching Good Copy Bad Copy:
https://en.wikipedia.org/wiki/Good_Copy_Bad_Copy
You can watch it on #PeerTube thanks to @documentaries here:
https://peertube.nomagic.uk/videos/watch/20b07947-85e8-4d50-a42b-796810193c8a
Or just torrent it, as the GCBC creators suggest themselves.
One of the best moments is when an MPAA chief talks about how people won't share things for free, and you watch it in a film explicitly made to be shared on a FLOSS operating system using VLC.
We need #copyreform.
"The Surprising Impact of Medium-Size Texts on PostgreSQL Performance"
"GitHub Gist - Account takeover via open redirect"
https://devcraft.io/2020/10/19/github-gist-account-takeover.html
"The Zerologon vulnerability has been reported to affect some versions of QTS.
If exploited, this elevation of privilege vulnerability allows remote attackers to bypass security measures via a compromised QTS device on the network. The NAS may be exposed to this vulnerability if users have configured the device as a domain controller..."
"Chrome exempts Google sites from user site data settings"
https://lapcatsoftware.com/articles/chrome-google.html
Is anyone surprised?
Gonçalo Valério
boosted
Three npm packages found opening shells on Linux, Windows systems:
https://www.zdnet.com/article/three-npm-packages-found-opening-shells-on-linux-windows-systems/
The packages are plutov-slack-client, nodetest199, and nodetest1010.
npm security team: "Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer."
#npm #JavaScript #Vulnerability #Backdoor #InfoSec #Security #CyberSecurity
"Not all attacks are equal: understanding and preventing DoS in web applications"
https://jacobian.org/2020/sep/11/analyzing-dos-vulnerabilities/
"Introduction to HashiCorp Boundary"
https://www.youtube.com/watch?v=tUMe7EsXYBQ
Interesting, looking forward to see how it evolves.
Gonçalo Valério
boosted
Plasma 5.20 is out 😊
A massive release, containing improvements to dozens of components, widgets, and the desktop behavior in general.
"Spotify: happy to let you move playlists to their service, unwilling to let you move them from their service."
https://daringfireball.net/linked/2020/10/12/spotify-songshift
🤷♂️ so open
"Google’s Android Security & Privacy team has launched the Android Partner Vulnerability Initiative (APVI) to manage security issues specific to Android OEMs."
https://security.googleblog.com/2020/10/announcing-launch-of-android-partner.html
Gonçalo Valério
boosted
Don't let the European Commission risk Internet users' rights in an untested experiment. https://www.eff.org/deeplinks/2020/09/eff-eu-commission-article-17-prioritize-users-rights-let-go-filters
"Typosquatting Is About More Than Typos"
https://www.iqt.org/bewear-python-typosquatting-is-about-more-than-typos/
"Gitter is joining the Matrix ecosystem and will become the first major existing chat platform to switch to natively speaking Matrix!"
https://matrix.org/blog/2020/09/30/welcoming-gitter-to-matrix
Awesome news.
"Samsung TV owners complain about increasingly obtrusive ads"
"On its webpage intended for business partners, Samsung boasts that is has 50 million Smart TVs in operation and that it has the industry’s largest ACR data set."
https://www.flatpanelshd.com/news.php?subaction=showfull&id=1583755244
So ... we no longer own our things, apparently we just buy direct sales channels into our homes 🤔
Gonçalo Valério
boosted
Looking for something interesting to watch today? Catch-up on this week’s Dweb meetup about how we can build something better than the Big Techs of today. Featuring @doctorow@twitter.com @arcalinea@twitter.com @mmasnick@twitter.com and @AmandineLePape@twitter.com
Spoiler: Matrix is incredibly well placed to help!
"What is the Value of Browser Diversity?"
https://daverupert.com/2020/09/the-value-of-browser-diversity/
Admin
Full-stack developer, advocate of a free, secure and safe Internet. Nature lover and sports enthusiast.
Joined Apr 2017
