cablespaghetti.dev is a Fediverse instance that uses the ActivityPub protocol. In other words, users at this host can communicate with people that use software like Mastodon, Pleroma, Friendica, etc. all around the world.
This server runs the snac software and there is no automatic sign-up process.
GrapheneOS version 2025071900 released:
https://grapheneos.org/releases#2025071900
See the linked release notes for a summary of the improvements over the previous release.
Forum discussion thread:
https://discuss.grapheneos.org/d/24190-grapheneos-version-2025071900-released
Today we received a little packet of four teardrop-shaped #seeds from China.
We do not know why.
My #security-focused or anime-raddled brain I'm not sure which or if there's a difference is filled with possible ways in which this may be an #attack vector. Not the least of which is destabilising of Western Civilisation through sheer paranoia. (Just as well I don't believe in Western Civilisation, eh?)
But I may be missing out on the chance to grow something beautiful?
/
Happy "Logging in as users -, [ and $ day" to all who celebrate:
Jul 19 02:02:12 portal sshd-session[88959]: Failed password for invalid user - from 152.42.130.79 port 33738 ssh2
Jul 19 03:00:14 portal sshd-session[79691]: Failed password for invalid user [ from 152.42.130.79 port 41708 ssh2
Jul 19 03:58:56 portal sshd-session[6194]: Failed password for invalid user $ from 152.42.130.79 port 55398 ssh2
#ssh #passwordgroping #security #passwords #cybercrime #botnet
Alright so I just found out that OCI (Docker/Podman) is just absolute garbage if you want anything resembling supply-chain security, because registries and clients are basically allowed to willy-nilly change the image digests. So I just cannot really prove that an image I just mirrored on my local registry is the same I pulled from elsewhere. Is this what we are basing much of our software infrastructure on?
Make our voice heard at the Apple encryption hearing!
On the sly, the UK government tried to force a backdoor into the firewall that protects your privacy. We made the hearing public.
Now we need to win in court ✊
Donate now to fund legal representation ⬇️
https://action.openrightsgroup.org/make-our-voice-heard-apple%E2%80%99s-encryption-hearing
#e2ee #apple #encryption #privacy #cybersecurity #ukpolitics #ukpol #crowdfunder #surveillance #security
When Root Meets Immutable: OpenBSD chflags vs. Log Tampering https://www.undeadly.org/cgi?action=article;sid=20250718072438 #openbsd #immutable #chflags #logs #logtampering #security #hacking
Discover how Model Context Protocol (MCP) can supercharge DevOps by connecting LLMs to tools like Grafana, CI/CD, and Sentry—right from your IDE. This talk from Alex Shershebnev covers building secure MCP servers, automating Ops tasks, and avoiding security pitfalls as you integrate AI into your stack.
#DevOps #AI #MCP #Security #LLM
Program: https://devopsdays.org/events/2025-london/program/alex-shershebnev
Tickets: https://ti.to/devopsdays-london/2025
Sponsorship: https://devopsdays.org/events/2025-london/sponsor
For those who have InfoSec, privacy, security, and/or related technology expertise…
Would you use Bitchat?
(Feel free to elaborate in the comments and/or boost if you’d like to see the opinion of others.)
#Bitchat #JackDorsey #InfoSec #Privacy #Security #Technology #OSS #Encryption
Yes: | 0 |
No: | 34 |
Jack Dorsey is not to be trusted: | 49 |
I just want to see the results: | 10 |
Closes in 19:54:17
Font caching no longer runs as root https://www.undeadly.org/cgi?action=article;sid=20250717061920 #openbsd #security #fonts #caching #privilegedrop #fontcache
Oh, my goodness. I boosted @Em0nM4stodon’s post about this earlier. But I need to share it with some intention.
This piece she wrote on Mastodon privacy/security is intense. It’s long. SO much information. Read it anyway. Seriously.
And if y’all don’t follow Em, do yourself a solid and get on that. She’s smart af about InfoSec/privacy/security. And super friendly.
https://www.privacyguides.org/articles/2025/07/15/mastodon-privacy-and-security/
#Fediverse #Mastodon #MastoTips #Privacy #InfoSec #Security #TheFutureIsFederated
Interesting read…
𝙂𝙤𝙤𝙜𝙡𝙚 𝙞𝙨 𝙩𝙧𝙖𝙘𝙠𝙞𝙣𝙜 𝙮𝙤𝙪 (𝙚𝙫𝙚𝙣 𝙬𝙝𝙚𝙣 𝙮𝙤𝙪 𝙪𝙨𝙚 𝘿𝙪𝙘𝙠𝘿𝙪𝙘𝙠𝙂𝙤)
https://www.simpleanalytics.com/blog/google-is-tracking-you-even-when-you-use-duck-duck-go
#google #tracking #privacy #InfoSec #security #tech #technology #BigTech #BigBrother
New Privacy Guides article 🔒
by me:
While most social media rely on commercial models harvesting users' data to sell to advertisers,
Mastodon offers a human-centric alternative that doesn't seek profits from your data and attention.
This means better social connections, better controls, and better privacy!
The first part of this article discusses privacy and security on Mastodon.
The second part is a tutorial to guide you in making the most of Mastodon's security and privacy related features.
This tutorial includes how to:
• Enable multifactor authentication 🔑🔑
• Adjust privacy vs discovery 👀
• Select post visibility and access
• Verify yourself
• Delete and back up your data
• Block users and instances ⛔
• Opt out with hashtags #️⃣
• Move from one instance to another 🚀
I hope this helps you making the most of what Mastodon has to offers!
https://www.privacyguides.org/articles/2025/07/15/mastodon-privacy-and-security/
#PrivacyGuides #Mastodon #Fediverse #Privacy #Security #Tutorial #TheFutureIsFederated #TinyMastodonTip
#Today one of my colleagues put my attention on this article, and to be honest I do love the reporting style. Meme's and writing like this?
"The ‘good news’, I suspect, is that most orgs will be too lacking in logs to have evidence."
"China go brrr"
At least it's not dry
#security #datasecurity #infosec #citrix #netscaler #citrix_netscaler #incident #exploit #meme #report
GrapheneOS just dropped stable Android 16 support for Pixel devices! 🚀🔒 Despite new hurdles from Google, the team’s update includes the TapTrap vulnerability fix and under-the-hood improvements. No flashy features, all about security! #GrapheneOS #Android16 #Pixel #privacy #security
🔗 https://www.heise.de/en/news/GrapheneOS-releases-Android-16-in-the-stable-channel-10484215.html
Shortlink: https://heise.de/-10484215
As much as #Trump seems to want credit for helping to end the war, he is also clear that he doesn’t want to be blamed for the outcome [of course]. “I do want to make one statement again,” he said. “I said it before. This is not Trump’s war.”
#geopolitics #TrumpIsWeak #PutinsPuppet #Russia #Ukraine #Europe #Security
It looks like #Russia was expecting an even tougher announcement by #Trump. The main Moscow stock index jumped more than 2.5% after Trump’s announcement. Konstantin Kosachev, a senior lawmaker, said on social media that Trump could change his mind again in the next 50 days (& probably will): “If this is all Trump had to say about Ukraine today, then for now, it’s all just hot air.”
#geopolitics #TrumpIsWeak #PutinsPuppet #Ukraine #Europe #Security
“There are not Americans dying,” #Trump said, noting he & #JDVance had “a problem” with #US involvement, though he never finished the thought. Trump acknowledged that the #UnitedStates wanted “a strong Europe.” He never said, however, whether he shared the Europeans’ concern that #Putin would not stop at #Ukraine & could broaden his push into #Europe.
“My conversations with him are very pleasant, & then the missiles go off at night,” #Trump said of #Putin. Clearly sensitive about his turnaround, Trump added of Putin: “He fooled Clinton, Bush, Obama, Biden — he didn’t fool me.”
[invert that last statement for the truth]
#geopolitics #TrumpIsWeak #PutinsPuppet #Russia #Ukraine #Europe #Security
#Putin is convinced he has the battlefield momentum & has been prepared for #Trump to lose his patience, NYT reported last week. For all of Trump’s Russia-friendly rhetoric earlier this year, he refused to make the major concessions that Putin wanted, such as pushing Ukraine to give up more territory & limit the future size of its military.
#geopolitics #TrumpIsWeak #PutinsPuppet #Russia #Ukraine #Europe #Security
Just published another part of our long running series on #Kubernetes #Security fundamentals. This time looking at how Kubernetes cluster's use PKI. I know when I started the idea that every cluster had three different certificate authorities came as a bit of a surprise!
https://securitylabs.datadoghq.com/articles/kubernetes-security-fundamentals-part-7/
I'm still on some commercial platforms, but I've given up on X, Facebook, and WhatsApp. Sometimes I wish I could have made different choices when I started my online journey in the 90s, and not have my full name and details out there to some extent. I'm in too deep. There's some safety in knowing certain things - security-wise, to protect myself. But it's horrifying to think about people who don't take those precautions. Many are just prey for the black and gray hats.
I often choose not to post about these things on commercial social media because it's seen as fearmongering and insensitive. I wish I could warn everyone, but most do not care until something bad happens.
#Privacy #Security
This unusual T-shaped keyhole (left) is part of an Odell's nightlatch. It's at the entrance to an 1850s tenement on Kelvingrove Street and is only the second I've found in the wild in Glasgow.
Cont./
#glasgow #odellnightlatch #glasgowhistory #lock #dullmensclub #security #tenement #scotland #glasgowtenemenets
If you still think that #Apple cares for the #privacy of its paying customers:
Apple Gave #Governments Data on Thousands of Push #Notifications
https://www.404media.co/apple-gave-governments-data-on-thousands-of-push-notifications/
With companies like that, you're the product although you pay premium money.
#introduction i guess?
I'm a physicist who spent most of his time at school, in the datacenter. Then i somehow found myself in 'computer science research' labs writing software. For the past couple of years doing the security thing cause it's fun. Into #openbsd #plan9 #scheme #golang #C #security . When AFK i enjoy #cavediving #trailrunning #bicycletouring #mathematics . As always thank you #sdf for hosting us. It's nice to meet you all :).
Perusing a paper paper for once I saw this advert for WhatsApp.
No I can believe the content of your message can not be read, but by using it, your address book is theirs, your messages sent/received are logged and you will be tracked wherever you are - and whatever you are buying.
That’s what they really want.
Go #Signal - it makes sense
Well, great. Now @bitwarden is going to ad AI bullshit to their services. I left Bitwarden a few months back for different reasons but I'm kind of glad that I did. I switched to @1password@1password.social. If they add AI to their services (are they already?), I'm just going to call it quits on all of them and just move completely to @keepassxc@fosstodon.org. I can simply just host my own with Keepassxc and not have to worry about any AI crap. I'm using Keepassxc now but not for everything. That might change in the very near future.
Yes, The Book of PF, 4th Edition Is Coming Soon https://nxdomain.no/~peter/yes_the_book_of_pf_4th_ed_is_coming.html
Long rumored and eagerly anticipated by some, the fourth edition of The Book of PF is now available for preorder https://nostarch.com/book-of-pf-4th-edition #openbsd #pf #packetfilter #freebsd #networking #security #tcpip #ipv6 #ipv4 #bookofpf
Belgium is unsafe for CVD (coordinated vulnerability disclosure)
https://floort.net/posts/belgium-unsafe-for-cvd/
#CVD #security #coordinated #vulnerability #disclosure #Belgium
Long rumored, eagerly anticipated by some, you can now PREORDER "The Book of PF, 4th edition" https://nostarch.com/book-of-pf-4th-edition for the most up to date guide to the OpenBSD and FreeBSD networking toolset #openbsd #freebsd #networking #pf #packetfilter #firewall #preorder #security
The Node.js Project just pre-announced security updates, to be released next week, on Tuesday, July 15th;
"The 24.x release line of Node.js is vulnerable to 2 high severity issues. The 22.x release line of Node.js is vulnerable to 1 high severity issues. The 20.x release line of Node.js is vulnerable to 1 high severity issues."
https://nodejs.org/en/blog/vulnerability/july-2025-security-releases
Great news! #HPE networking equipment is now secure!
"Combination accelerates HPE’s strategic vision with a full, secure networking IP stack"
The most recent report, issued in 2023, included an interactive atlas that zoomed down to the county level. It found that #ClimateChange is affecting people’s #security, #health & livelihoods in every corner of the country in different ways, with minority & Native American communities often disproportionately at risk.
#law #EnvironmentalLaw #Climate #ClimateCrisis #PublicHealth #WeatherPreparedness #Trump #USpol
Internet traffic, visualized with a opensource app which comfortably monitor your Internet traffic. It is a cross-platform and reliable app for your needs https://github.com/GyulyVGC/sniffnet
Why is security work unlike any other contribution to an open source project?
We need to re-think the tight association between maintainers and security work if we want sustainable open source security.
Read more: https://sethmlarson.dev/security-work-isnt-special
A friendly reminder --
Do NOT register anywhere to protest.
During the last protest, I noticed a lot of random websites claiming they wanted people to register their participation. You do NOT need to register at some random website, to announce your intentions to attend a protest.
Such sites can be used to create lists and such list can be given to authorities.
"Censys has made a list of some of the ICS products commonly targeted by Iranian hackers and scanned the internet to determine how widespread they are and whether their owners and operators have taken steps to secure them in recent months."
https://censys.com/blog/ics-iran-exposure-of-previously-targeted-devices
It’s not often my worlds collide like this, but this is pretty wild.
Coros Pace 3 doesn’t enforce Bluetooth pairing to a device, which leads to a cascading series of things that one could do when rogue connecting to the watch.
All of these are pretty terrible, but I can’t shake the image of someone spectating near the end of a race and disrupting someone’s hard-earned GPS file for their race. Obviously access to health and training data is way more severe, and there are devices and systems way more critical than someone’s GPS watch, but the fact that any of this is even possible is jarring.
On top of this, Coros’s initial response of “we’ll get to it by the end of 2025” is wildly unacceptable. They’ve since clarified their timeline (which is more aggressive) but they didn’t handle this well at all from what I’m reading.
https://blog.syss.com/posts/bluetooth-analysis-coros-pace-3/
Confirmed: There will be a full day PF tutorial "Network Management with the OpenBSD Packet Filter Toolset" at #eurobsdcon 2025 in #zagreb.
Details to emerge via https://2025.eurobsdcon.org/, and expect more goodies to be announced!
#openbsd #freebsd #pf #packetfilter #networking #security #freesoftware #libresoftware #bsd
I've had admin powers at 5+ companies' Google Workspace/G Suite over the past decade or so. Every single one had groups which were misconfigured, often so anyone in the whole company could join without approval or see the message history at https://groups.google.com without being a member at all.
This is because for any sensible configuration of Google Groups when using it for email groups you have to use the "Custom" permissions mode. The default Public mode doesn't allow external people to email the group, but does allow the whole company to see all the messages. The default Team mode, has the same problem of everyone being able to see all the messages.
Also let's not forget that dangerous little "Anyone in the organisation can join" toggle at the bottom which is on by default. So any random new starter can join your confidential company directors group and get all the emails sent to it.
Giving Google the benefit of the doubt here, I think the reasoning might be that Google Groups is intended as a kind of company forum, not for private email groups. However that isn't how anyone uses it in my experience...