There’s this newfangled thing people complain about…

I’m learning that some people don’t have more than one set of sheets. We are privileged.

And… 6 months?

I hate any company that uses or builds AI to screen out hires so, so much. Tagging metadata is OK, but filtering is just evil (am/have been a hiring manager).

The company also added that it’s instituting a bug bounty program to better catch security vulnerabilities in the future. “We do not take this matter lightly, even though it was resolved swiftly and effectively,”

I also hate it more that I can’t hate them for doing the right thing.

I use a dual NIC mini PC running OpnSense. Ot would support USB sims. I actually have two of the routers connected woth a network cable. If one goes down, the other takes over.

I firmly believe I was way more prepared to ride a motorcycle because I spent countless hours reading about techniques before I got on one.

So… Maybe.

I wonder if it’s so you can get a calendar of usage tines. Could be handy to ensure kids are brushing for the right amount of time?

But… your original comment is just… wrong?

This isn’t a critical security flaw unless you have the worst partition scheme on your encrypted volumes imaginable.

The default LUKS partition scheme is vulnerable.

It’s not even a process flaw at that point, just “possible”.

There is a successful POC, it is a flaw.

you can compromise disks once encrypted because everything is happening in an in-memory boot process.

This is not just in-memory. This is modifying the unencrypted part of initramfs on disk. Powering off the machine does not remove the exploit.

You always “boot something that is unencrypted.” You then “mount” the encrypted volumes and load the OS.

This is how people can put an SSH server (dropbear) in initramfs so they can unlock remotely.

The attack is to initramfs, not the encrypted layer.

The order’ish:

• Boot
• Initramfs loads, gives you the LUKS prompt
• Initramfs decrypts/mounts OS
• OS loads

I’m confused.

Initramfs is unencrypted in /boot when using LUKS with RAID. It has to be, right?

The attacker uses a debug shell to modify the unencrypted boot, so the next time you boot and type your LUKS password, they can gain access.

This doesn’t line up with your comment?

Agreed, and unfortunately articles like this are food for CEOs to do more under the guise of AI. “See, it works!”

I’m still running Qwen32b-coder on a Mac mini. Works great, a little slow, but fine.

I just validated that the latest version of the LDAP privilege escalation issue is not an issue anymore. The curl script is in the ticket.

This was the one where a standard user could get plugin credentials, such as the LDAP bind user, and change the LDAP endpoint. I.E., bad.

I chose this one because after going through all of them, it was the only one that allowed access to something that wasn’t just data in Jellyfin.

So for me, security is less of an issue knowing that, as only family use the service, and the remaining issues all require a logged in user (hit admin endpoint with user token).

Plus, I tried a few of those and they were also fixed, just not documented yet. I didn’t add to those tickets because I was not as formal with my testing.

@EncryptKeeper@lemmy.world

Use an LDAP to OIDC bridge?

Using the same digit 4 times is no longer allowed most places, but this chart shows them being pretty popular.

This chart has no sourcing or date associated. Is it old?

Edit: Yes, it is. Here is the excellent source article: http://www.datagenetics.com/blog/september32012/

So it’s from 2012, and used historic breach data from years before then.

In other words, this chart is wholly inacurate now.

Tagging those discussing similar: @Rivalarrival@lemmy.today @codfishjoe@lemmy.world

Colonel Sanders daughter.

About 1995.

Either comment OP hasn’t followed the news, or they forgot this was the Fediverse.

I used to do all the things mentioned here. Now, I just use Wireguard. If a family member wants to use a service, they need Wireguard. If they don’t want to install it, they dont get the service.

In sorry, a few benchmark points mean absolutely nothing with modern computers.