I just checked my monitoring for DNS that I setup at the beginning of the month after reading this article shared by @jpmens:
What all 3 visible domains have a TTL of 1 day. This are 700000 requests within 18 days. I don't want to know what this would look like with the TTLs I used before (1 hour to 2 minutes)
I wonder how much bandwidth we waste with low TTLs, because this is already a massive number.
@aral made such an important speech at the EU commission, packing a lot of stuff.
I cannot stop laughing at this reference, though. 🤣
Amnesty International: Facebook and Google’s pervasive surveillance poses an unprecedented danger to human rights. https://www.amnesty.org/en/latest/news/2019/11/google-facebook-surveillance-privacy/
There are some very nice designs for an icon for forum.f-droid.org: https://forum.f-droid.org/t/upgrade-of-f-droid-logo-icon-for-2019/7412/22
We'd love to see more feedback there so we can get one of them approved as the official forum icon.
@aral did an amazing speech today in the european parliament on "the future of internet regulation". It was a full attack on how the EU is currently supporting big tech platforms.
Windows will improve user privacy with DNS over HTTPS https://techcommunity.microsoft.com/t5/Networking-Blog/Windows-will-improve-user-privacy-with-DNS-over-HTTPS/ba-p/1014229 #DoH
Trying to convince my wife she might like the boardgames.social #mastodon instance... as our linen closet looks like this.... 😂
Remember, privacy doesn't exist without security! Keep your server updated and follow our announcement channels. If you run NGINX, did you already update the configuration and PHP packages on your server? You should!
Brace for a *critical* vulnerability
@sheogorath It's recommended by people who work there because it's the most complete thing out there and it's been relatively widely tested. They don't have the bandwidth to audit it, they don't contribute to it. I did audit it, found several problems. They were partially fixed, but I personally still wouldn't recommending running the playbook, unless you review it yourself and are happy with what the playbook is doing. Previous versions did things like turning of SELinux for example.
In order to secure your #Nextcloud from the #NextCry attack, you should keep all writable data on a volume that is mounted with `noexec`. Of course you should also make sure you have your setup up-to-date and check the current security best-practices for nextcloud.
Finally you should also make sure you have very regular backups of your data, don't consider synchronized data as backup.
Something to keep an eye on.
New NextCry Ransomware Encrypts Data on NextCloud Linux Servers
"A representative from Nextcloud told BleepingComputer that they are currently investigating the incidents and will provide more information as it becomes available."
I'm a professional relationship therapist for programs and their users.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!