Gonçalo Valério @dethos@s.ovalerio.net
Admin
Full-stack developer, advocate of a free, secure and safe Internet. Nature lover and sports enthusiast.
[Header photo by Colin Watts, source Unsplash]
Joined Apr 2017
"Do the easy boring job regularly, instead of the hard scary job in a panic."
https://jessitron.com/2021/01/18/when-costs-are-nonlinear-keep-it-small/
"How clicking a link can give away your precise location"
https://ash-king.co.uk/blog/Shazlocate-abusing-CVE-2019-8791-CVE-2019-8792
"... bought the domain name used in the NS delegations for the ccTLD of the Democratic Republic of Congo (.cd) and temporarily took over 50% of all DNS traffic for the TLD ..."
https://labs.detectify.com/2021/01/15/how-i-hijacked-the-top-level-domain-of-a-sovereign-state/
"A Glossary of Blind SSRF Chains"
Gonçalo Valério
boosted
ProTip: Remember to check your URLs for "utm_*" parameters
E.G. If I see:
"?utm_source=reddit.com" at the end of the URL you shared, I know you got it from Reddit
Or "utm_campaign=newsletter0120" tells me you probably copied it from an email sent in January of last year
These are never needed to actually reach the page you're sharing. They're just for analytics (UTM tracking modules) and will reveal where you get your information (to us and the site), which may cause privacy issues
"If a discussion will matter after today, don’t have it in a chat room. "
https://critter.blog/2021/01/12/if-it-matters-after-today-stop-talking-about-it-in-a-chat-room/
"Subdomain Takeover: Going for High Impact"
"Understanding systemd-resolved, Split DNS, and VPN Configuration"
Gonçalo Valério
boosted
WhatsApp updates its Terms and Privacy Policy to mandate data-sharing with Facebook https://www.xda-developers.com/whatsapp-updates-terms-privacy-policy-mandate-data-sharing-facebook/
"To summarize, the maintainer recently updated their chrome store package. The update raised red flags for some users, because the changelog was not modified and there was no tag created in GitHub. On investigation, it appeared that the extension was now connecting to various third-party servers, and executing code from them."
https://github.com/greatsuspender/thegreatsuspender/issues/1263
"Comparing the Github and Gitlab pull request workflow to the Git built-in email workflow."
Gonçalo Valério
boosted
Strong encryption is key to digital privacy and free speech, yet governments are eager to access your devices and communications instead of securing them. Technologist Bruce Schneier breaks down the new Crypto Wars in our first EFF30 Fireside Chat. https://www.eff.org/deeplinks/2020/12/eff-30-saving-encryption-cryptographer-bruce-schneier
"Types of dark pattern"
"Build a Tiny Certificate Authority For Your Homelab"
https://smallstep.com/blog/build-a-tiny-ca-with-raspberry-pi-yubikey/
Gonçalo Valério
boosted
More Xmas presents from KDE: Say hello to NeoChat, the new instant messaging app for the Matrix network. Find out how it works on mobile and desktops, learn about its cool features and how you can contribute to its success in the launch announcement.
https://carlschwan.eu/2020/12/23/announcing-neochat-1.0-the-kde-matrix-client/
"Rootless mode graduated from experimental in Docker Engine v20.10."
Gonçalo Valério
boosted
This is an excellent and accessible read on implementing end-to-end encryption for developers.
https://soatok.blog/2020/11/14/going-bark-a-furrys-guide-to-end-to-end-encryption/
"Yes, we run workloads that your nephew can run on his Raspberry Pi 4, but this is the future of enterprise."
"This means that passwords that result in hashes that, for instance, don’t contain bytes between 0x00 and 0x3B match every other password hash that don’t contain them. Passing this check means an attacker doesn’t need a byte-for-byte match with the stored hash value,"
Admin
Full-stack developer, advocate of a free, secure and safe Internet. Nature lover and sports enthusiast.
[Header photo by Colin Watts, source Unsplash]
Joined Apr 2017
