The bogus CVE problem has caused delays in my projects because the CIO wants our COTS scanner tool reports to have 0 CVE's or a detailed explanation on why it is not an issue.
Also I'm having difficulty communicating: CVSS is not a measure of risk, and that many of the ReDoS vulns are very much dependent on the context.
I’m wondering if eventually airspace will be carved out for commercial drone operations. And if in the future the FAA will attempt to stop enthusiast drone operations via costly regulations in the name of safety for commercial drone ops. As it’s very easy for someone with a DJI drone from to fly beyond LOS.
Also a Walmart in my area has blocked off part of its parking lot to launch 6 delivery drones. I’m going to miss the days of quiet skies.
It certainly looks like hobbyist drones/model aircrafts are going to be regulated out of existence almost everywhere (maybe still permitted at registered club sites, but nowhere else?). Especially now the world has seen videos of weaponised FPV drones in Ukraine.
But I don't see drone deliveries becoming a big thing outside of niche cases (e.g. medical supplies to remote locations with no easy road access). Payload capacity is very limited, wind/weather will ground them, and delivering to arbitrary homes/businesses (without dedicated landing/drop-off zones) isn't a solved problem. Then there's the safety/liability issues when they drones fail/crash. And the inevitability of Americans shooting guns at them.
Read up on the upcoming FAA Remote ID regulations. They were scheduled to go online last Saturday, but were postponed 6 months. They would effectively make it illegal to fly at any altitude without a transponder broadcasting the precise location of the aircraft.
The RC community has been pushing back on the regulations as it ads a lot of weight, expense, and complexity to drones and RC aircraft. There hasn't been any justification given by the FAA as to why these regulations are needed, adding to the confusion. Normally restrictions are put in place after an accident or some incident.
I don’t understand the tech independence claim? The script is replacing a unified service like Google or Apple iCloud with a lot of other services. Vultr and mailgun for example.
There is something to be said about the larger centralized services. I’d be hesitant to put any sensitive files on my own server. The larger firms have security departments ready to respond to CVE’s and 0days.
You might be surprised at how much even basic things like security response or considerations are valued at "larger firms", or inconsistently applied (in part because of their size), or don't accord with the users' interests.
It's typical for "larger firms" for example to have a vulnerability evaluation process that pretty much boils down to "can we avoid responding to this vulnerability at all?" and if there's any way to avoid it, they do--because even patching will cost money. Across a big service with a variety of components? Potentially even "real" money. And the mistakes these companies make, when they make them, are often huge (like Sony storing plaintext passwords), even when they're elementary mistakes.
Put something on encrypted storage and served by a reasonably-configured OpenBSD server? That's probably quite a bit safer from compromise, when considering all threats, than Flickr or Google Drive or whatever. What it's not safer from, probably, are corruptions and loss (like from bad hardware, mistaken deletion, key loss, and so forth).
So I use both services and self-hosted things--but it's certainly the case for my "sensitive files" that they don't go within sniffing distance of a "larger firm" cloud service but are stored and backed up with my own encryption, using tools like OpenBSD and the utilities stemming from it.
As for whether it's "tech independence", perhaps it's more about being able to make the choice for yourself about where that line is drawn, rather than being forced to accept serfdom because you don't know any better. If someone takes this as a first step, moving cloud providers could be their second, or DNS registrars; or maybe revision 2 of the script (or someone else taking inspiration from it) can describe how to host your own nameservers and MTA. But there has to be some place to start, and an opinionated cookbook is not a bad one.
> There is something to be said about the larger centralized services. I’d be hesitant to put any sensitive files on my own server. The larger firms have security departments ready to respond to CVE’s and 0days.
Some people change their own oil, mow their own lawns, fix their own dripping faucets, etc.
Running a secure server on the internet requires different, but not more knowledge and effort, and is less expensive, than changing your own oil.
There's no need to be in thrall to the "larger firms". They have different problems, which you might not be able to solve for them -- but you can often solve your own.
I think this is disingenuous. Example: configuring a linux firewall properly is not on the same competency level of changing your oil.
This script doesn’t harden sshd to the level I’d call safe. Disabling root login is minimum. I’d have port change, timeouts, fail2ban, otp via Pam all configured. Only allow specific IP ranges and users to ssh. I’d use ansible to properly configure instead of this script.
In the case of httpd. Id run it in docker or chroot. Again fail2ban, otp, I’d probably put it on a different port have it proxied via Cloudflare and have httpd only allow Cloudflare ips.
All this that are difficult to learn.
Source: I run my families infrastructure. Which spans multiple servers, routers, switches across 7 houses in 3 countries. I also change my own oil.
Question for someone more knowledgeable: as the iPhone’s periscope lense tech improves will this effectively make the low end of professional mirrorless/dslr cameras obsolete?
Hell no. The limitations of this sensor/optics size (regardless of fancy periscope tech) is apparent given how overreliant Apple has gotten on their DSP/image processing to produce 'better' images.
I've actually been more and more dissatisfied with the results from iPhones over the years; their sensors have had the same limitations with dynamic range and low-light ability for years but try to make up for it with fancy signal processing. It (mostly) works well when you look at these images on a small 6 inch screen, but blow them up to even a moderate sized computer monitor and they look pretty abysmal compared to even a basic entry-level mirrorless camera or DSLR.
The latter two have much less intrusive noise reduction and produce a far better looking honest, unprocessed image than any phone camera could. Shooting in RAW on an iPhone is proof of this; the raw sensor output is much, much noisier than a low-end DSLR in anything but peak noon outdoor lighting conditions.
That's not getting into many of the other benefits of dedicated cameras, like much more granular control over colors, WB, exposure, aperture, shutter speed, filters, true control over depth of field, more lens choices, etc, that are aided by the superior ergonomics. Cell phones have completely replaced point-and-shoots but large-sensor cameras and film cameras still blow the pants off of even the most sophisticated mobile cameras in terms of detail and versatility. The question is whether you have a use-case which calls for the greater expense and size of a camera like that.
It already has, if by low end professional you mean low end dslrs in general. The low end of dslrs was largely a way to get good quality images for your typical non professional person. Tourist, enthusiast, etc. Nowadays, why bother? Good phone cameras have been plenty good for many years, and much more portable.
I don't think they'll likely ever replace professional gear, since any tech in phones can easily be applied to cameras on a larger scale... it just eats into the market more and more until professional is the only market left.
In terms of sales the low end camera market is already dead and has been for years. In terms of image quality current smartphone cameras do not compare at all. Even a 1" sensor point and shoot or low end micro four thirds mirrorless camera won't fall apart in terms of quality nearly as fast as a smartphone camera will in bad situations and doesn't need severe computational photography/AI smear processing to make decent looking photos.
That particular question will always revolve around: “for what purpose?”
If it’s for the sake of just taking good photos as a memory? Yes. There’s been a huge reduction in people buying point and shoots , or even low end cameras for vacations or lower end special events.
If it’s for the sake of more important special events or control, then no. They’re aimed at very different market segments. When it comes to mirrorless (DSLR is almost dead) there’s very little capability difference between low and high end today. The market is just: “what can you afford and what niceties do you want”. But the people who will buy one will likely want immediate physical control that a phone cannot offer.
So imho it’s less about the low end of the camera products and more about the low end of the customer needs.
They have an IRC chat room where you can request an invite[0]. They typically ask if you have a personal website, git repo, interesting projects, etc when inviting people.
This will not be popular but you don’t need ECC or Xeons.
You can find great deals on powerful PCs from eBay sellers who are IT recyclers.
I’ve found the SFF/Mini PC’s to be great.
You also have to decide what you want to do. And if you want the headache.
For example it’s easy to start doing home automation, dns server, NAS. When things break or updates break things and nothing is working and you have to pull it all apart again was to much for me.
There have been studies showing both dramatic increases and decreases in productivity after companies shifted to WFH throughout the pandemic. A common problem with these studies is that the pandemic itself is a confounding factor that affected employee morale and productivity very differently in companies with different management styles, yet this confounding factor is not acknowledged.
It is not impossible that, all other things unchanged, WFH would have a negative impact on productivity. That is because for WFH to work, many other things need to change. To illustrate this with a stupidly simple example — if you ask your employees to work from home but don't give them access to company resources from home, the productivity is going to tank. This extends to a hundred other things that need to be adjusted for WFH. You must necessarily manage the company in a way that supports WFH to empower WFH employees to succeed. But plenty of studies show that tremendous increases in productivity are possible, they have been de-facto achieved in companies that managed WFH right.
Also I'm having difficulty communicating: CVSS is not a measure of risk, and that many of the ReDoS vulns are very much dependent on the context.