A good and sobering piece about how all the open-source-like movements have failed us https://www.boringcactus.com/2020/08/13/post-open-source.html
The first time I went to Ruxcon I joined the WiFi for a bit and connected to my VPN. Later an acquaintance warned me against it. After I got home I noticed an unusual number of login attempts against the VPN. The IP had a PTR to a domain with a real contact. The name in question matched a cryptographer at an Australian organisation. His phone number was on his profile so I called. "Did you own me?" Sadly no straight answers - he stammered something about a virus and that it was fixed. Fun times.
squatting valid internal package names was a nearly sure-fire method to get into the networks of some of the biggest tech companies out there, gaining remote code execution, and possibly allowing attackers to add backdoors during builds.
Dev log: yet another #gemini server
7 / #100DaysToOffload #Rust
Daily link: disqus, tracking, modern web
Disqus: the dark commenting system
I've had Disqus on my blog for five-odd years and had started to get annoyed with it, but that post made me dump it.
This arvo I saw a courier put a card in my letterbox without knocking. Being late in the day, grumpy old me declared "stuff it" and I drove to the TNT depot with every intention of reading a book until the bloke finished his shift. The staff there were legit helpful - they looked him up ("new contractor" one muttered) and directed me to the real dropoff point. Sure enough, my guy showed up. 60 minutes after the card hit my letterbox I had my package. I'm…oddly pleased how this all turned out.