Mozilla published a new GPG key that will be used to sign the Firefox release manifests in future:
The new GPG subkey’s fingerprint is 097B 3130 77AE 62A0 2F84 DA4D F1A6 668F BB7D 572E, and it expires 2021-05-29.
"Less capabilities, more security: minimizing privilege escalation in Docker"
"Dataclasses and attrs: when and why"
Interesting article about new ways advertisers can use to fingerprint our devices:
@nomadlogic Yes, sure, but nevertheless it is important to be aware of it.
"Disclosing TOR users' real IP address through 301 HTTP Redirect Cache Poisoning"
Modern credential management – security tokens, password managers, and a simple spreadsheet:
– there are no "secure" or "insecure" credentials as long as you don't define your own threat model
– use password managers to actually manage (not only store) passwords
– use a spreadsheet to keep track of the rest (SSH keys, GPG keys)
An example of how your local/development webservers might be accessible to any website you visit.
Some git tips to make you more productive:
Interesting post summing up the experience of working remotely for 10 years.
"Stealing Downloads from Slack Users"
Understanding the MDS vulnerability: What it is, why it works and how to mitigate it
More discussion here: https://news.ycombinator.com/item?id=19885627
As someone said:
> This once again reinforces the point that a backup is worthless if you haven't tested restore.
Nice post about some important HTTP headers: