"Dataclasses and attrs: when and why"
Interesting article about new ways advertisers can use to fingerprint our devices:
"Disclosing TOR users' real IP address through 301 HTTP Redirect Cache Poisoning"
Modern credential management – security tokens, password managers, and a simple spreadsheet:
– there are no "secure" or "insecure" credentials as long as you don't define your own threat model
– use password managers to actually manage (not only store) passwords
– use a spreadsheet to keep track of the rest (SSH keys, GPG keys)
An example of how your local/development webservers might be accessible to any website you visit.
Some git tips to make you more productive:
Interesting post summing up the experience of working remotely for 10 years.
"Stealing Downloads from Slack Users"
Understanding the MDS vulnerability: What it is, why it works and how to mitigate it
More discussion here: https://news.ycombinator.com/item?id=19885627
As someone said:
> This once again reinforces the point that a backup is worthless if you haven't tested restore.
Nice post about some important HTTP headers:
Local-first software - You own your data, in spite of the cloud
"Spoofing OpenPGP and S/MIME Signatures in Emails"
"Attacking Cloud Containers Using SSRF"
The "hackerone" report is also worth reading.
"What can I use to encrypt my Linux filesystem?":
– LUKS/LVM supports full-disk encryption (and optionally 2FA)
– ext4 supports folder-based encryption
– eCryptFS/encfs are outdated/unmaintained
– GoCryptFS uses modern crypto but leaks metadata
– CryFS uses modern crypto and hides metadata but is slower than GoCryptFS
Thanks to Mr. Schumacher from Magdeburger Institut für Sicherheitsforschung