Harvesterify (u/Harvesterify)

Harvesterify commented on Linux Capabilities Revisited dfir.ch/posts/linux_capab... · Posted by u/Harvesterify

Nifty3929 · 2 months ago

One problem that I have with fine-grained ACLs is that they can unintentionally add security risk, because sometimes those finer grained controls can be exploited to gain additional privledges.

If I grant something root, I know what that means and I'll be very careful. But if I grant something permission X thinking I'm safe, and then it can be used to gain permission Y, or even root, then I can be accidentally exposed.

There is just a much larger surface area to guard against, ensuring that each granular permission can't be so exploited.

Harvesterify · 2 months ago

That's totally true, you actually have examples of unsafe capabilities delegation in the other article mentioned in the References: https://juggernaut-sec.com/capabilities/

Harvesterify commented on Dns0.eu private DNS service shuts down over sustainability issues bleepingcomputer.com/news... · Posted by u/N19PEDL2

mytailorisrich · 2 months ago

Launch tweet:

"We are launching the first 100% European public DNS resolver! Free, sovereign and operated by an independent non-profit organization based in France." [1]

Shutdown announcement on dns0.eu:

"We recommend switching to DNS4EU and NextDNS" [2]

I get that NextDNS and dns0 have the same founders, but it strikes me as odd to recommend an American company to the users of dns0... Unclear to me what was the point of dns0 for them.

[1] https://x.com/dns0eu/status/1622912939501010945

[2] https://www.dns0.eu/

Harvesterify · 2 months ago

DNS0 was launched at a time when no other EU public DNS resolver was available. Today, you have DNS4EU that is actively funded and pushed throughout the EU administration (and critical infrastructures), so I believe that the DNS0/NextDNS founders saw that there was very little differenciating factors to their proposal, and decided to shut it down.

Had they "captured" a larger marketshare in the EU while they were ahead, situation might have been different today, but in my opinion it never happened.

Harvesterify commented on Dns0.eu private DNS service shuts down over sustainability issues bleepingcomputer.com/news... · Posted by u/N19PEDL2

gionn · 2 months ago

A textbook case: public funds burned for years on a service that was never viable. The money's gone, the work's gone, and predictably, so is the project. Same old story.

Harvesterify · 2 months ago

Which public funds ? DNS0.eu was a private initiative, from the NextDNS founders. DNS4EU is a public initiative, as mentioned in the news, and this one is still supported and actively developed.

Harvesterify commented on Anssi: Technical Position Paper on Confidential Computing cyber.gouv.fr/en/publicat... · Posted by u/Harvesterify

Harvesterify · 2 months ago

Highlight:

"However, Confidential Computing is not secure enough to protect data integrity and confidentiality against a hostile administrator performing targeted, active attacks. Under such a threat model, users must avoid running on shared infrastructure operated by providers they cannot trust, and are rather encouraged to leverage Confidential Computing to increase their security posture on dedicated hardware instead."

Harvesterify commented on Battering RAM – Low-cost interposer attacks on confidential computing batteringram.eu/... · Posted by u/pabs3

Simple8424 · 3 months ago

Is this making confidential computing obsolete?

Harvesterify · 3 months ago

In their current form, AMD and Intel proposals never fulfilled the Confidential Computing promises, one can hope they will do better in their next iteration of SGX/TDX/SEV, but they were always broken, by design.

Harvesterify commented on Battering RAM – Low-cost interposer attacks on confidential computing batteringram.eu/... · Posted by u/pabs3

fweimer · 3 months ago

I'm kind of confused by AMD's and Intel's response. I thought both companies were building technology that allows datacenter operators to prove to their customers that they do not have access to data processed on the machines, despite having physical access to them. If that's out of scope, what is the purpose of these technologies?

Harvesterify · 3 months ago

Security theater, mostly.

Harvesterify commented on Inflammation now predicts heart disease more strongly than cholesterol empirical.health/blog/inf... · Posted by u/brandonb

gavinray · 3 months ago

Goodlabs prices:

https://app.hellogoodlabs.com/book-tests

  ApoB  $12
  LP(a) $20
  A1c   $ 4
  Lipid $ 8
  eGFR  $30 (Under "Cystatin C with Glomerular Filtration Rate, Estimated (eGFR)")

  Total: $74

So no, I wouldn't call $190 "pretty low", lol.

Harvesterify · 3 months ago

Unrelated to the topic, but does anyone know if an equivalent service (à-la-carte blood testing with online booking) is available in Europe, specifically the Netherlands (or France) ?