troed

So? Pubkey login only and fail2ban to take care of resource abuse.

There are a lot of hero programmers involved in enabling people in Ukraine to defend themselves.

it’s … not … a simple messenger, if that helps?

Do you even open source?

…

Let me rephrase it like this instead: “If we allow manufacturers to just take public domain software and not give back their changes …” maybe it rings some bells?

Especially in coding?

Actually, that’s where they are the least suited. Companies will spend more money on cleaning up bad code bases (not least from a security point of view) than is gained from “vibe coding”.

Audio, art - anything that doesn’t need “bit perfect” output is another thing though.

I can see this work as a cab service. Pick me up at home and drop me off at my destination hotel/office. Within a single country this will shorten travel time enormously and for those paid enough by the hour that might come out to be cheaper than wasting time on travel.

oh wow that really put the trust back into Ventoy. Nice! Thanks for the link

Waydroid is pretty nice, integrating the Android apps as regular apps in the Linux UI.

I went from Seafile to Nextcloud with family file sharing as the primary usage. I’m using the AIO docker installation without issues.

This might not help, but I never experienced the issues you had.

(I moved away from Seafile due to - in my opinion - it dying a slow death with less and less support)

Had a Tesla Model 3 before, have a VW ID.7 now. They’re driven the same and it looks like they both agree about the distances driven.

FWIW

Still no. Here’s the reasoning: A well known SSHd is the most secure codebase you’ll find out there. With key-based login only, it’s not possible to brute force entry. Thus, changing port or running fail2ban doesn’t add anything to the security of your system, it just gets rid of bot login log entries and some - very minimal - resource usage.

If there’s a public SSHd exploit out, attackers will portscan and and find your SSHd anyway. If there’s a 0-day out it’s the same.

(your points 4 and 5 are outside the scope of the SSH discussion)

Feel free to argue with facts. Hardening systems is my job.

This is not “the correct answer”. There’s absolutely nothing wrong with “exposing” SSH.

A few replies here give the correct advice. Others are just way off.

To those of you who wrote anything else than “disable passwords, use key based login only and you’re good” - please spend more time learning the subject before offering up advice to others.

(fail2ban is nice to run in addition, I do so myself, but it’s more for to stop wasting resources than having to do with security since no one is bruteforcing keys)

There are still server softwares our there that are going to be exposing people’s private Mastodon posts.

You could’ve saved yourself a lot of typing there by just admitting to claiming things you actually didn’t know.

If you know of other ActivityPub servers that expose private posts the same way I suggest you make a responsible disclosure to the developers.

I don’t know of any, but you claim they exist so …

You have absolutely no idea what “responsible” in “responsible disclosure” means :) It’s completely irrelevant how Mastodon has implemented private posts when it comes to how Dansup handled the issue, knowing what the effects were.

You don’t, when told of a vulnerability, handle it in a way that cause harm if it can be avoided.

Read more, post less. I’ve said nothing about any spec violation. That’s not relevant.

hahahahaha

Watch and try again ;) I post under my real name.

https://www.cve.org/CVERecord?id=CVE-2024-44754

https://www.youtube.com/watch?v=ZbKLAjPYOEg

Feel free to post less and read more.

It has everything to do with ActivityPub since if you follow that protocol strictly you will cause this behavior. It still doesn’t change that Dansup was told that this caused Bad Things™ and yet he didn’t follow normal procedure in how you handle it.

Vulnerabilities don’t need to be buffer overflows.

/cybersec researcher