Queer✨Anarchist Anti-fascist

  • 0 Posts
  • 12 Comments
Joined 1 year ago
cake
Cake day: November 14th, 2023

help-circle

  • Absolutely.

    I don’t have a CS degree, I have a Cybersecurity and Forensics one. But, I love programming, and between the overlap of the two degrees and and my advanced designation I ended up taking about 3/4ths of the classes needed to get a CS degree.

    Diversifying helped so much with me becoming a well rounded developer. My assembly programming class, while optional for CS, was mandatory for me, made me a significantly better dev. That assembly knowledge got me to become a skilled debugger, which made my C++ classes 10x easier, and it helped me understand memory at a lower level, making the memory problems easier to diagnose and fix.

    I convinced a CS friend to take one of my cyber classes, Reverse Engineering, and he found te components of the class where we analyzed a vulnerable program to find and exploit the vuln, or the bit where we tried and determined the bug based on malware that exploited it is insightful to learning to program securely.

    Learning about the infrastructure used in enterprise during a Windows admin or Linux admin class will make it easier to write code for those systems.

    From the cybersecurity perspective, many of my CS classes carry me hard. Knowing how programs are written, how APIs are developed, and how to design complex software lets me make more educated recommendations based on what little information I’m given by the limited logs I am given to investigate. Writing code that interfaces with linux primitives makes it easier to conceptualize what’s going on when I am debugging a broken linux system.


  • I have tons of experience with enterprise linux, so I tend to use Rocky linux. It’s similar to my Fedora daily driver, which is nice, and very close to the RHEL and Centos systems I used to own.

    You are slightly mistaken with your assumption that debian is insecure because of the old packages. Old packages are fine, and not inherently insecure because of its age. I only become concerned about the security implications of a package if it is dual use/LOLBin, known to be vulnerable, or has been out of support for some time. The older packages Debian uses, at least things related to infrastructure and hosting, are the patched LTS release of a project.

    My big concerns for picking a distro for hosting services would be reliability, level of support, and familiarity.

    A more reliable distro is less likely to crash or break itself. Enterprise linux and Debian come to mind with this regard.

    A distro that is well supported will mean quick access to security patches, updates, and more stable updates. It will have good, accurate documentation, and hopefully some good guides. Enterprise linux, Debian and Ubuntu have excellent support. Enterprise linux distros have incredible documentation, and often are similar enough that documentation for a different branch will work fine. Heck, I usually use rhel docs when troubleshooting my fedora install since it is close enough to get me to a point where the application docs will guide me through.

    Familiarity is self explanatory. But it is important because you are more likely to accidentally compromise security in an unfamiliar environment, and it’s the driving force behind me sticking with enterprise linux over Nixos or a hardened OpenBSD.

    As a fair word of warning, enterprise linux will be pretty different compared to any desktop distro, even fedora. It takes quite a bit of learning, to get comfortable (especially with SELinux), but once you do, things will go smoothly. you can also use a pirated rhel certification guide to learn enterprise linux

    If anything, you can simply mess around in a local VM and try installing the tools and services needed before taking it to the cloud.





  • It was a project requirement, PHI was processed by it, so yes, it needed a secure connection. I now realize I should have used mutual auth, but hey, I only learned about that after that project

    We never sent actual data to it (the actually sensitive data used for training never left a secure VM), but the point of the course was to act like we were. Plus, setting up an nginx reverse proxy is simple, setting it up and getting certs from some ssl commands is a 10 minute task that appeases the project manager/professor with minimal effort.


  • I was doing a group project in college where we had a Linux server running some of our custom software. I asked a group mate who worked in IT to self-sign some certs so we could get https up and running for our next sprint demo.

    He installed a fucking snap package to do it via certbot. On fucking RHEL. And that server was not hosting an internet-accessible service. And he didn’t know why I lost my mind.



  • I run two APs, and a Unifi server running on a thin client linux server.

    I have the U7, and the U6 extender that goes in a wall outlet

    I have a few of their small poe powered ethernet switches, they’re great since I have a poe switch as a backbone I can put it near a group of devices in a room, like consoles, raspberry PIs, etc, and just not have to worry about much setup or powering yet another tiny device.

    Highly recommend unifi devices