Time to upgrade your GitLab :blobfoxcomputerowonotice:

about.gitlab.com/releases/2021

Generally speaking it's recommended to subscribe to the webfeed. If you also want to chat a bit about those updates, feel free to join us in our Git Hosters room:

shivering-isles.com/matrix#git

It's a small matrix room with people hosting their own platforms and talk a out it. Hope to see you around :)

Nice little feature of Bitwarden:

vault.bitwarden.com/#/tools/in

Check what services you are registered to have 2FA options and check the instructions on how to enable them.

I wouldn't recommend to store your 2FA credentials along with te passwords in Bitwarden, but checking once a year, where you can set up new 2FA is definitely recommended!

Oh, Apple added an anti-stalkerware guide to their official manual:

manuals.info.apple.com/MANUALS

This helps to identify potential abuse of legitimate iOS settings/features. Feel free to share so that those in need can find it.

:blobfox_com: if you run a shared K8s environment you might want to take action to prevent CVE-2020-8554:

blog.champtar.fr/K8S_MITM_Load

"MitM-as-a-service" as anyone with the rights to create a service objecr can take over IP addresses for all namespaces of a cluster.

Fancy, finally an alternative to Let's encrypt!

scotthelme.co.uk/introducing-a

It's always good to have alternatives around. ZeroSSL appears to be a European company that now provides free TLS certificates using the ACME protocol.

:blobfoxthink: So in order for games to perform better, the new generation game consoles have implemented direct storage access for the graphics cards to load graphic assets without bothering the rest of the system, resulting in better performance. This technology is about to hit PCs as well, soon.

What bothers me about this: I see no way how this will work with properly encrypted disks/storage.

By the way, thanks to the help of @nathand I was able to reproduce the issue earlier today.

I can official say that one shouldn't use the implementation of canarymail for OpenPGP, because it's unaware of how to select the right key. They not only are unable to select the encryption sub key, but also ignore expiry dates and key revocation, making it an actual danger.

Show thread

If you run a macbook or iOS device and use "canarymail.io/" as mail client, could you please try to send me and OpenPGP encrypted email? I want to verify if they have a major flaw in their implementation.

As I just got an email that was undecryptable.

Another weekend another evening project. Today: A simple container firewall that runs in user space and therefore doesn't need CAP_NET_ADMIN.

Is it as effective as iptables? By no means. But it's most likely sufficient for the majority of use cases.

git.shivering-isles.com/shiver

Well, who would have expected that a browser that markets itself with the the fact that it sells its user's attention, is doing weird stuff like placing affinity links on random people's websites?

davidgerard.co.uk/blockchain/2

If you are running brave, consider to go back to whatever browser you used before or try out a new one. There are enough browsers out there which display a website as it is, and don't randomly replace links.

Hello people, please upgrade your installations if not already done :)

1.6.3 provides a security fix. Time to run: flatpak update

If you use the version.

Enjoy your time, and if you feel bored, may checkout one of the many channels I founded:
shivering-isles.com/matrix

Another blog post sneaked out :X

shivering-isles.com/Why-I-use-

TL;DR: Multiple password managers can help to ensure that you have the option to have very convenient integrations for passwords of low importance and an offline password manager for high-value passwords. Sometimes using just one is not enough. No password manager is perfect, sometimes you need more than one to cover all areas.

If you didn't notice: There is a 1.6.0 release of Riot on its way to Flathub :)

Riot 1.6.0 bring the new and shiny cross-signing features. Means you get TOFU now, can cross-sign your devices and users, which allows easy to transfer trust between all your matrix sessions.

Just make sure you use RiotX on Android in order to have all devices compatible :)

Perfectly on time, two minutes before midnight I made it to publish a new article. Today it's about CSP and how you can use them to prevent unexpected/unwanted leaks of user data.

shivering-isles.com/self-isola

Maybe not my greatest piece, but it's in the spirit on the situation and therefore 🤷 Enjoy! :blobfox:

Catched another one…

Force pushes to master branches seem way more common that one would like:

github.com/envygeeks/jekyll-do

Having a mirror of all kinds of repositories really helps to find those and verify that they weren't malicious.

I know a lot of people complain about images being insecure because they are not signed and I agree. But looking at what goes into them… how about a few thousand lines of code lying around on a 10 year old FTP server transmitted over the internet in plaintext and no signatures and checksums at all?

Sure, "The binary is unsigned!" is our main problem… it's no wonder all this kind of supply chain attacks happen these days. It seems like no one cares about source integrity.

There is a security update for Riot out. Please updates your clients as soon as possible.

github.com/vector-im/riot-web/

The newest version is already on Flathub, therefore `flatpak update` should get you safe again.

Enabling DNSSec on Fedora :fedora:

systemctl stop NetworkManager
sudo mv /etc/resolv.conf /etc/resolv.conf.old
sudo ln -s /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
systemctl enable --now systemd-resolved
systemctl start NetworkManager

That was easier than expected :blobfoxthink:

And I catched one!

was rewriting commits on their master branch. And my mirror bot figured that out by being refused to force-push to the master branch of the mirror.

git.shivering-isles.com/github

vs.

github.com/minio/minio/commits

You may also notice that OpenPGP signature for the commit disappeared.

The rewrite is nothing evil, but one could introduced malicious behavior with such a rewrite. It's always a good idea to keep a mirror of your repositories.

git.shivering-isles.com/shiver

Show more