Remember when everyone told you to check your Google Account for location history and activity tracking and so on?

You should do the same with your Microsoft account (if you have one). They also have such a page about personalized advertisement, activity history, location history, buy history, …

You might want to change some of those settings :)

Realy great article about Hardware security tokens:

paulstamatiou.com/getting-star

It contains a ton of information for people who want to learn a bit about modern security tools :)

Cache-Poisoned Denial-of-Service (CPDoS) is a new class of web cache poisoning attacks aimed at disabling web resources and websites.

cpdos.org/

As I just saw some people talking about "With self-hosting this wouldn't have happened", I have to say, looking at the self-hosting scene and their usage of vendor images for server installs, this would have happened the same way with most self-hosted setups.

Most people, don't use their own OS images when setting up new servers. You should do this to mitigate vendor accounts.

Just donated $100 to @gnome to fight a patent troll gnome.org/news/2019/10/gnome-f

Any software entity choosing to spend time to squash the fuckers instead of silently paying up has my utmost respect.

Please consider donating too, it's a good cause!

Those "lessons learned" are more like lessons you should already know. But not everyone is an expert, and not everyone thinks of everything in first place. Therefore I hope there are maybe some people who at least get something new out of it.

By the way, most likely you don't need a public VPN service at all. They neither provide anonymity, nor much additional security, when you get some basics right.

If you really wonder about those basics, feel free to reach out :)

Some "lessons learned" from the whole disaster:

1. Revoke keys when you notice the private key was compromised
2. Use HSMs to prevent private keys from getting compromised
3. Inform your customers about breaches
4. Do proper audit logging of your systems' user accounts
5. Use your own OS images, when installing machines
6. Run an IDS to get informed when your production systems act unusual
7. Spend more money on infrastructure security, less on marketing it

Currently checking my shared documents on Nextcloud and came across an interesting PDF that seems to be around for quite a while:

cloud.shivering-isles.com/s/VW

Just if someone never saw it before. It's a little privacy guide that has quite some nice illustrations for kids. Why not teach team blue vs. team red as a super hero comic?

In Facebooks Trackingtools steckt eine wenig beachtete technisch-juristische Schwachstelle (👏 Paul-Oliver Dehaye). Betroffene können damit universell gegen Websites oder Apps mit Facebook-Tracker vorgehen. Selbst wenn vorher eine Einwilligung eingeholt wurde. rufposten.de/blog/2019/10/20/d

Just decided to run Mastodon in "Secure mode" for a few days and see how that goes.

I really don't make it to figure out the whole gendering thing in languages.

I mean in German we have 3 genders in our grammar (male, female and neutral) and one would think, great, so for gender neutral language, I just use the neutral pronoun. But that doesn't work, because people consider that objectifying. Instead various people tried to setup a new gender and I wonder: Why?

When became language constructs so complicated? And why should we stop making assumptions about the world?

@Gargron I think I noticed that the federated timeline on my 3.0.1 server loads noticeable slower than on 2.7.X, was there such a fundamental change that this can happen or is my setup weird?

I saw you were posting about rebuilding of the timelines recently, but not sure if that's explicitly about that?

Just experienced the new "follower transfer" feature of #Mastodon3, from the follower point of view, and it's awesome.

I did not have to do anything and then just saw a message in my timeline that said "hey, this is my new account, etc." from someone I like to follow.

A game changer for the #fediverse.

One thing that person noted though is that it does not automatically transfer the list of accounts one follows. Any reason for that?

Cc:
@Gargron @Thib

Amnesty International: "Young people have the right to learn & talk about sex! But today Poland will vote on a bill which would make teaching or promoting sexuality education to under 18s a crime punishable with for up to 3 yrs in prison. Support people in Poland opposing this. amnesty.org/en/latest/news/201"

[#humanrights #news #bot]

Want to be in charge of a critical piece of software that runs on pretty much every linux desktop?

libinput is searching for people to eliminate the bus factor:

who-t.blogspot.com/2019/10/lib

Would be great when such critical software parts wouldn't rely on the shoulders on a single person (not me).

There is one thing got right and that's .

They:

- provide a multipart email, means HTML and plaintext version of the content
- Split links in the plaintext version out with "[1]" and use proper mail formatting
- sign their emails using S/MIME

Sounds easy? Let me put it this way: They are the only company I get such nice emails from to my private mail account.

If your setups are breaking due to missing container images, it's possible that this was me. I just removed a bunch of repositories from Docker Hub. All of them were more than a year old, so you shouldn't have used them anyway anymore.

Show more

Sheogorath 🦊's choices:

Sheogorath's Microblog

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!