Gonçalo Valério @dethos@s.ovalerio.net

The expected struggle:

https://ruben.verborgh.org/facebook/

#gdpr #privacy

Interesting post summing up the experience of working remotely for 10 years.

https://blog.viktorpetersson.com/2019/05/18/a-decade-of-remote.html

#remotework

"Stealing Downloads from Slack Users"

https://medium.com/tenable-techblog/stealing-downloads-from-slack-users-be6829a55f63

#security #infosec #slack

Understanding the MDS vulnerability: What it is, why it works and how to mitigate it

https://www.redhat.com/en/blog/understanding-mds-vulnerability-what-it-why-it-works-and-how-mitigate-it

#security #infosec #netsec

MIUT 2019

https://www.youtube.com/watch?v=mp6XMhDP3gk

#miut #madeira

Wow

https://www.reddit.com/r/sysadmin/comments/bn38pp/oracle_wallet_master_key_lost/

More discussion here: https://news.ycombinator.com/item?id=19885627

As someone said:

> This once again reinforces the point that a backup is worthless if you haven't tested restore.

#oracle #sysadmin #databases

Nice post about some important HTTP headers:

https://www.twilio.com/blog/a-http-headers-for-the-responsible-developer

#web #security #http #webdev

Local-first software - You own your data, in spite of the cloud

https://www.inkandswitch.com/local-first.html

🤔

"A free repository of customizable AWS security configurations and best practices"

https://asecure.cloud/

#security #cloud #aws #infosec #netsec

"Spoofing OpenPGP and S/MIME Signatures in Emails"

https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf

#security #infosec #gpg

Very nice presentation: Rethinking reactivity

https://www.youtube.com/watch?v=AdNJ3fydeao

(about svelte: https://github.com/sveltejs/svelte)

#frontend #javascript

"Attacking Cloud Containers Using SSRF"

https://dylankatz.com/attacking-cloud-containers-using-ssrf/

The "hackerone" report is also worth reading.

#security #netsec #infosec

"abusing web browsers for persistent and stealthy computation"

https://blog.acolyer.org/2019/04/12/master-of-web-puppets-abusing-web-browsers-for-persistent-and-stealthy-computation/

#security #infosec #netsec #web

Sure ... "unintentionally"...

https://gizmodo.com/facebook-asked-some-users-for-their-email-passwords-th-1834129792

#security #facebook

The one you should use for now is: "uBlock Origin"

https://armin.dev/blog/2019/04/adblock-plus-code-injection/

#security #netsec #infosec

"The danger of exposing docker.sock":

https://dejandayoff.com/the-danger-of-exposing-docker.sock/

#security #docker

"Don’t trust the locals: investigating the prevalence of persistent client-side cross-site scripting in the wild"

https://blog.acolyer.org/2019/04/10/dont-trust-the-locals-investigating-the-prevalence-of-persistent-client-side-cross-site-scripting-in-the-wild/

Always sanitize the content fetched for local-storage before injecting it on any page.

#security #netsec #appsec

Nice post about how to distribute your python app as a "snap".

https://medium.com/@abulka/getting-python-and-wxpython-apps-into-the-ubuntu-app-store-ccca7ae537a3

#python #ubuntu #snaps