Readit News logoReadit News
arsome commented on Cloudflare Global Network experiencing issues   cloudflarestatus.com/inci... · Posted by u/imdsm
djfobbz · a month ago
Alright kids, breathe...a DDoS attack isn't the end of the world, it's just the internet throwing a tantrum. If you really don't want to use a fancy protection provider, you can still act like a grown-up: get your datacenter to filter trash at the edge, announce a more specific prefix with BGP so you can shift traffic, drop junk with strict ACLs, and turn on basic rate limiting so bots get bored. You can also tune your kernel so it doesn't faint at SYN storms, and if the firehose gets too big, pop out a more specific BGP prefix from a backup path or secondary router so you can pull production away from the burning IP.
arsome · a month ago
Very quickly you'll find this doesn't work. Your DC will just null your IP. You'll switch to a new one and the attackers will too, the DC will null that one. You won't win at this game unless you're a very sizeable organization or are just willing to wait the attackers out, they will get bored eventually.

Deleted Comment

arsome commented on Tell HN: Azure outage    · Posted by u/tartieret
samtp · 2 months ago
Well "mail in voting" in Washington state pretty much means you drop off your ballot in a drop box in your neighborhood. Which is pretty much the same thing as putting it in a ballot box.
arsome · 2 months ago
One of these things is much easier to burn or otherwise tamper with.
arsome commented on Gemini 2.5 Flash Image   developers.googleblog.com... · Posted by u/meetpateltech
shibeprime · 4 months ago
I’m more bullish on cryptographic receipts than on AI detectors. Capture signing (C2PA) plus an identity bind could give verifiable origin. The hard parts, in my view, are adoption and platform plumbing.

If we have a trust worthy way to verify proof-of-human made content than anything missing those creds would be red flags.

https://iptc.org/news/googles-pixel-10-phone-supports-c2pa-u...

arsome · 4 months ago
This seems absolutely silly, it's not hard to take a photo of a photo and there's both analog (building a lightbox) and digital (modifying the sensor input) means which would make this entirely trivial to spoof.
arsome commented on Tailscale is pretty useful   blog.6nok.org/tailscale-i... · Posted by u/thm
CharlesW · 10 months ago
Networking SmartFriends: Is port forwarding intrinsically a bad idea (as compared to using Tailscale Funnel) from a security perspective if I want to expose, say, a Plex server running on my NAS to the outside world?
arsome · 10 months ago
It's largely equivalent here - you're just exposing something via a tunnel rather than directly via your home IP.

That could have benefits, for example, if you're concerned about a DDoS attack on that service taking your home internet out, you may be able to work around it like this. But it won't mitigate a gaping hole in the underlying service which you're still exposing.

It could also have drawbacks, like limited bandwidth and higher latency, which would make it highly unsuitable for something like a game server.

Deleted Comment

arsome commented on Liberux: Linux phone   liberux.net/... · Posted by u/marcodiego
arsome · a year ago
Site has now turned into a wordpress installer?
arsome commented on Right to root access   medhir.com/blog/right-to-... · Posted by u/medhir
yndoendo · a year ago
I contacted the Google through the BBB. Made the statement that lack of ability to install and configure a Kernel level firewall, edit the HOSTS file, and remove unwanted bloat-ware reduces the security of the product. Google agreed their actions do this and said they find the lack of security acceptable. Having a firewall like Little Snitch should be acceptable to know where the phone is communicate, with whom, and how to prevent it.

Re-imaging with a rooted image is not acceptable because this also reduces the device's security by prevent OTA updates!

Gated community is broken when the end user cannot improve the security of the device above and beyond the lack polices of Google and Apple. For instant there should be no reason my device ever communicates with organizations I do not support such as Facebook or X-Twitter. X-Twitter is often used as command and control service in plain site.

It is not just out-wards communicate to monitor but in-wards too. I've used Zone Alarm in the past at an international company to help find the infected servers and computers that where serving up viruses and other malware.

*I would argue that the "Gated Community" analogy is flawed. A real world gated community still allows for the home owner to improve the security. By installing cameras, security system, and guards. Apple & Google prevent such actions.

arsome · a year ago
There are indeed software firewalls on Android that use the VPN functionality to implement something like this so they don't even require root, I believe Glasswire offers one.

Deleted Comment

arsome commented on Charset="WTF-8"   wtf-8.xn--stpie-k0a81a.co... · Posted by u/edent
poizan42 · a year ago
Yes, it's easy

    bool ValidateName(string name) => true;
(With the caveat that a name might not be representable in Unicode, in which case I dunno. Use an image format?)

arsome · a year ago
name.Length > 0

is probably pretty safe.

a

u/arsome

KarmaCake day2524January 7, 2020View Original