nomad

Old tech is more like it. Good basics but you wouldn’t code in ASM must of the time even if you learned it.

Merkle trees

Hard disagree. I’m a security engineer by training and actually learned C at university among other languages. Most security weaknesses are human error. Therefore most used and therefore read and audited code tends to be the most secure. C is a perfectly reasonable language for low level things like embedded controllers where rust is hard to get. But safer by design is always more reliable than skill or willpower or even experience. So its just not likely that his C code is safer than something written in current technology. I get feeling comfortable in a language, but that should not ignore technological progress. I’m not a fan of all thee rust hype, but in terms of security it is a signifikant leap forward and feels alot like C.

Just vibes? Is this vibe coded? The readme reads like AI. Why C? If you vibe code, why not use a memory safe language instead? No libs? Why would you create your own parsers? Thats how security nightmares are born. :/ thanks for your contribution though

The same tools.

Kernel updates are usually held back and need to be selected manually. E.g. apt-get install linux-image-amd64.

I prefer rsync for private backups and employ bareos in my company for all servers.

Check for the existence of the for containing packages that recommend a reboot. Debian does not do live patching like Ubuntu does. Not least because updates to firmware are usually not applied until reboot. Also even if that were the case, regular checks for healthy reboots make sense.

Debian admin here. Even Debian gets regular kernel upgrades that like a reboot afterwards. Security updates are more important than uptime. Also regular testing for clean recovery after a reboot is a must so a power outrage doesn’t bring any new surprises with it. Also test your backup restores regularly.

The small section after two spots is there to prevent people to park too close to each other. This prevents people from being boxed in.

That’s why they stack the buses instead of linking them.

Had a coding firm costing 1k+ euros which was unfamiliar with django select all() from DB just to cast that into a list each time a user opens the tool. That got real funny real fast when the customer started adding the announced 50k objects per day. They did that buried in about 50-60 api endpoints conveniently coded by hand instead of using genetic api endpoints available from django rest framework.

When the loading times hit 50s per click, the company took the money and ran. My colleagues and me spent 2 years and half that to fix that shit.

Wow that’s bad practice. Sell your monitoring to them to help improve their quality.

Just build a few selenium Tests to ensure the API requests the website performs don’t change without you noticing :)

Ask them to generate a schema file that you can download from the api. Or at least an endpoint that returns a hash of the current api schema file. That’s cheap versioning telling you if something changes.

You can always use the swagger schema to verify the api. So ask some basic questions what should always be true and put that into validation scripts. If they use a framework, HEAD requests usually tell you some things.

Last really bad vendor had an openapi page that listed the endpoints but the api wouldn’t adhere to the details given there. I discovered that their website used the api all the time and surfing that i was able to discover which parameters were required etc.

Last idea is statistics. Grab any count data you can get, like from pagination data and create a baseline of available data over time. That gives you an expected count and you can detect significant divergences.

I tend to show up at the vendors it guys in person and bribe them into helping me behind their bosses backs. Chocolate, coffee and some banter can do wonders.

I have long suspected that its a techies responsibility to take care of their immediate friends and family in regards to self hosting. SoiI usually offer that service for free to my extended family. I usually tell them they have to rely/trust someone, might as well be me and if it weren’t them I would charge customers X money for that service monthly. So it becomes a gift and something personal and they feel taken care of and when the dreaded “help me with my email” call comes you just pop open their account without trying all the password on that crusty sticky note and look into it. I especially love those “they claim they didn’t get that email” calls. Pop open the log and send the excerpt of their server accepting the email to the claimant and boom number one of all the standard excuses is done for. I once saved my mums job that way.

Snippets and architecture design ideas

Watched it till the end. Its a rightwing call to protest the woke agenda and resist the plandemic. Trash.

I use sogo for that. Includes a web interface as well as proper authentication mechanisms and sync integration. Is also lightweight and even allows LDAP integration oif you like.

Also caldav support for tasks and events as well as carddav for contacts. Also allows connections to any email account for sharing calendar events and being invited via email.

I use llms from both ends. It helps me plan an think through complex code architecture and helps me do the little stuff i do too infrequent to remember. Putting it all together is usually all me.

Kiester password manager?