I get very far by just keeping a set of folders for each piece of equipment in a git repo.

Pictures, etc, and sometimes the PDF manual if I bother.

The difficult part here is being consistent over time - making sure you mark down when you bought things, serial numbers, etc. a proper website/app will force you to do this, but there is flexibility in having whatever convention you like most

Strongly agree. A guide for dead simple setups would be incredibly useful (e.g. gsuite as idp, oauth for a single app).

It took me a few days to get that basic setup working, and a few days more to improve it. But once it was up, it was rock solid.

Keycloak might seem a little daunting to start with, but is basically glue between your idp (ldap) and whatever apps need to authenticate.

or in Jerboa

The original article smelled wrong when they claimed to have broken AES. Thankfully, Bruce Schneier is far more authoritative than I ever will be and gives a short and succinct list of links to debunkings of this.

Only on signup

Anything using Blind as a “verified industry source” is going to be skewed to the type of person who uses Blind. Beyond that, it’s low sample size, and there are suspiciously round fractions for some of the larger companies. Worse, because Blind is blind - this doesn’t represent current employees, but merely people who worked at some point in the past at those companies.

Not saying it’s not good - just saying not to get overly excited over a badly done survey

Stripe is a company that operates within the US and are subject to US law. The US passed a law that says that RT is subject to comprehensive sanctions. That means that it is now a criminal offense for any US company or person to do business with them. So Stripe doesn’t have much choice and has to immediately stop doing business with RT. In the actual announcement, African Stream is called out by name. No proof needed because they are explicitly added to the list of sanctioned entities, and can enjoy being cut out of doing business with any company with a US or EU connection, just like ISIS, Boko Haram, and the PFLP.

Context: https://cyber.fsi.stanford.edu/io/news/african-stream

tl;dr - They’re a front for RT, and subject to comprehensive sanctions

TCP Selective Ack is very much a thing, but it does take extra memory so lots of TCP stacks exclude it or disable it by default.

TCP was never designed with wifi in mind. TCP retransmission was only ever meant to handle drops due to congestion, not lossy links.

Tmux is a wonderful complement to mosh. Together you get persistence even when your local client loses power (speaking from experience)

I worked with mosh for years to connect to servers on other continents. It was impossible to work otherwise. It only has two small warts: forwarding, and jump hosts.

The second is fixable/ish with an overlay network, but that isn’t always an option if you don’t control the network. I tried to solve this with socat but wasn’t able to configure it correctly - something about the socket reuse flag was very unhappy.

Intel, whose investment will be over five years, will pay a corporate tax rate of 7.5% instead of 5% previously. The normal tax rate is 23%, but under Israel’s law to encourage investment in development areas, companies receive large benefits.

Usually these types of grants are never a good investment but the increased corporate tax rate alone covers a third of the grant (9b yearly taxable revenue at 2.5% over 5 years comes out to 1.125b).

• MSF provide health services and are around 80% efficient (20% of your donation goes to overhead). I’m not sure if they make it easy to earmark a donation to Gaza.
• UNICEF does more infrastructure projects, but have around 30% overhead.

If you really want to maximize your impact, check if your employer or professional association have donation matching for various large charities.

There are obviously many more charities - these are two that I believe have the highest chances of actually reaching civilians in Gaza and not being diverted.

Also that in order to exploit this it requires an active man in the middle. Which requires any of the following:

• Reverse proxy hijack/NAT hijack - from a compromised machine near the server
• BGP hijack - stealing traffic to the real IP
• DNS hijack - stealing traffic to send to a different IP
• Malicious/compromised network transit
• Local network gateway control
• WAP poisoning - wifi roaming is designed really well so this is actually easier than it sounds.

Almost all of those have decent mitigations like 801.x and BGP monitoring. The best mitigation is that you can just change your client config to disable those ciphersuites though.

It is indeed one and the same. This is the post that triggered this article (warning: it’s long and not well organized): https://blog.cr.yp.to/20231003-countcorrectly.html

Credit where credit is due, DJB is usually correct even if he could communicate it better.

So this is basically a native version of xlwings that requires exposing your excel data?