• 1 Post
  • 35 Comments
Joined 1 year ago
cake
Cake day: June 18th, 2023

help-circle







  • One night when returning from a party at work, I’ve decided to stay a while longer in the tram to escort my co-workers to the tram central hub (which was like half an hour of tram ride), instead of getting out at my home, which was only 5 minutes from our workplace.

    When I got into the tram back home, there was an older guy with a carboard robot costume, who was talking to someone about his work in the theater. Because I find people like that interesting, I decided to move closer and sit next to them, so I can listen to their pretty interesting conversation. I’ve tripped and basically literally fell into their conversation, and the other guy left, so we started talking. It turned out he does a prop-guy on movies and for theater, and we hit it off pretty well. He also lived literally 3 minutes from my place, and we have decided to go have a few more beers at his home, which was basically a storage lot full of random stuff without much furniture - just random props, one bed, and a lot of beer.

    I’ve messaged my GF that I’ll be late, since I’m drinking with this pretty cool old guy, and send her a picture of the place. Her reponse was “Wait, isn’t that <name>?”. Turns out, he was a prop guy on a movie they were filming a lot of years ago at their old family house when she was young, and not only he was the most fun guy to be around there, always sneaking out to drink with them, but also briefly dated her (late) mother, so he’s basically her step-dad. Since he’s pretty old-school, no social networks, internet and barely a phone, we did exchange contacts and since then have seen him a few times, and it was always a treat, like getting us to the backstage of theater production. But the way we have met is so, so random and the odds of something like that happening are mind blowing. I usually don’t follow random people home, but here we have hit it off so well that we wanted to keep talking and it didn’t even felt weird.


  • This is the first time ive heard about microg. How is the app support with it? Can you run every app that needs play service? I have Google Sandbox installed only on a second Graphene profile, and use it for bare minimum of apps that dont work without it, Bolt app, mostly weird MFA for work or package tracking apps i use once per month, while disabling most of their permissions. Will microg improve my situation in this case to be worth switching over? Does it work without root?



  • One thing I forgot to mention - last time I recommended cloudflared, I was told that the TOS for cloudflared forbid use for high-volume streaming of data, such as movie/audio streaming, or sharing of large files for download.

    I never had an issue with it, but I didn’t use it for streaming, only to share/download a small to medium sized file once per few weeks. I suppose that if you were to publicly post a link to a few Gb large file, and had hundreds of people download it through the cloudflared, they may take an issue with it. Maybe even if you were regurally watching streamed movies from your server through it. So just a heads up, make sure to check the ToS first.


  • I’m using GrapheneOS, and suprising amount of apps (including my bank app) works without Google Services. And if there’s something I need for work that doesn’t work without them, I have another profile with sandboxed Google play (which isn’t enabled on my main profile), and use the app there, where it’s separated from all of my data. No need to root my phone, and so far it worked great.

    As for sharing your Nextcloud stuff, what I did was for services that need to be public, I just got a cheap (like, few dollars per year) domain and use Cloudflare Tunnel (Cloudflared). It handles all port forwarding for you, and you don’t have to make anything public on your router - just install cloudflared on the server and have it forward the port you want to your domain. You can also set up geoblocking and ACL pretty easily, so it’s perfect for that.

    I’ve however recently moved to using ZeroTier, because it has a nice mobile VPN app, so I just run zerotier (it’s literally two commands to install and join a network) on my server, and if I need to access something there I just launch it on my phone and connect through ZeroTier. This, however, won’t help if you want to share stuff from your server with others, since they’d have to install a ZeroTier client and also join your network. For Jellyfin, Nextcloud and Sunshine, though, it’s amazing.

    And if that still feels like too much hassle for you, I’d recommend looking into Proton Drive. I’d consider that one of the best hassle-free alternatives to GDrive, which launched recently.


  • I really hope that CS will come up with recipes and emails where the board specificly “strongly recommended” that they reduce operation costs or denied internal investments. It probably won’t happen, because such pressure from investors is usually pretty vague, i.e they don’t literally tell you to cut corners, but they strongly suggest that if you won’t somehow increase revenue, you (the management) will have problems. Of course, it’s up to you how you do it, but to meet their often unrealistic demands, just doing a better job while also investing into internal failsafes is often simply not possible. It’s a loss-loss situation for CS, but I really hope they won’t loose this legal battle.


  • I’m sure there’s a lot of CS employees that would disagree with that, unfortunately there’s probably not much they can do about it.

    I was just a few days ago giving my two weeks notice exactly for that reason. I’m getting so fed up with capitalism and companies working for the vultures who give zero fucks about what you do or whether you do it well or not, prioritizing profits over actually doing your job well. I don’t care about money, I worked in cybersec out of principle, to help people with their security. I don’t really care about money, as long as there’s job to be done for someone, I don’t really care if the project I’m working on is super profitable for me, as long as it at least breaks even. But no, we had to cut corners, basically scam our customers by selling products we had no qualified people for who barely scraped by enough results for the customer to not notice it. Non-existent R&D or training, because several milions of anuall profit are not enough. Fuck all of them, if I’m ever going to work again in cybersec, it will be a non-profit.

    This OP’s article infuriates me, the nerves they have to demand more money for what’s entirely their failure, which they also directly cause in every company they touch. I’m sure that the fact that the failure was so devastating for most companies is also by large margin fault of their investors, some of which are probably also part of this lawsuit, that blocked investment into disaster recovery plans or backups, because their millions of profit per year felt low.

    I feel like I’m getting pretty radicalized recently, ugh.


  • While I’m all for holding CS accountable for what happened, thisis not the way how to do it and to whom they should be accountable. If there’s any lawsuit, it should come from the customers who have been affected by the outage, not some fucking investors and shareholders that probably kept pressuring CS for the last several years to reduce costs and increase revenue, that are now scrambling to avoid consequences of their endless greed ruining companies they don’t care about by forcing endless growth at all costs and doing as much as they can to prevent internal investments, because that’s not what makes the line go up.

    Fuck them. I hope they loose and have to eat their losses + expensive lawsuit. If CS would be able to actually invest their revenue internally, instead of it feeding pockets of greedy investors who give literaly zero fucks about the product or the service, this may not have happened.

    I saw that happen at the cybersecurity company I was working at, when we got acquired by investors. Several milion of profit after costs suddenly wasn’t enough, and we had to reduce already non-existent internal projects or investments, that we have already been lacking to be able to do our job properly.





  • I wouldn’t call Crowdstrike a corporate spyware garbage. I work as a Red Teamer in cybersecurity, and EDRs are bane of my existence - they are useful, and pretty good at what they do. In the last few years, I’m struggling more and more to with engagements we do, because EDRs just get in the way and catch a lot of what would pass undetected a month ago. Staying on top of them with our tooling is getting more and more difficult, and I would call that a good thing.

    I’ve recently tested a company without EDR, and boy was it a treat. Not defending Crowdstrike, to call that a major fuckup is great understatement, but calling it “corporate spyware garbage” feels a little bit unfair - EDRs do make a difference, and this wasn’t an issue with their product in itself, but with irresponsibility of their patch management.