No smilies, no avatars, no flashing gifs. Just discuss the issues of the day, from last night's telly via football to science or philosophy.
Started by tasselhoff on Sep 29, 2017 8:58:34 AM
Information Security

Since we've been increasingly taking over the News & Comment thread with InfoSec stuff, I thought it might be better to have a dedicated thread.

tasselhoff - 29 Sep 2017 08:59:10 (#1 of 93)

Anyone with a shell can get root. Patch requires reboot...

tasselhoff - 29 Sep 2017 09:55:15 (#2 of 93)

How to set up Signal (e2e encrypted SMS replacement if both parties use it) without using your mobile phone number

flowbagging - 29 Sep 2017 14:32:01 (#3 of 93)

You could try to make things more transparent to the casual browser moaty.

tasselhoff - 29 Sep 2017 14:34:40 (#4 of 93)

This is not the thread for the casual browser, corky.

tasselhoff - 29 Sep 2017 18:03:40 (#5 of 93)

Open source DOM fuzzer. Nice...

Policywatcher - 29 Sep 2017 18:07:30 (#6 of 93)


TRaney - 29 Sep 2017 18:08:07 (#7 of 93)

Is this a glimpse inside Tass’s head?

tasselhoff - 29 Sep 2017 18:11:16 (#8 of 93)

one vaguely acceptable part of it, yes

tasselhoff - 29 Sep 2017 18:12:03 (#9 of 93)

it was just to avoid cluttering up the general thread really. Everyone's welcome...

Policywatcher - 29 Sep 2017 18:12:44 (#10 of 93)

And perhaps mine and maybe a dozen others here who've done ITSec work at some point.

I doubt it'll be high volume, and I'm sure that the issues that threaten to affect people will continue to be reported in the main threads.

TRaney - 29 Sep 2017 18:13:15 (#11 of 93)

Actually I have a random question. Is PaaS just a posh term for hosting?

Policywatcher - 29 Sep 2017 18:19:16 (#12 of 93)

Not quite.

I'm still getting into this, but there's SaaS, PaaS, IaaS, all describing different levels of hosting your stuff in hosted VMs. (Software, Platform, Infrastructure)

But they tend to carry expectations of tools and services including rapid deployment, automated resilience and scaling beyond the expectation of simply renting a server and being hosted on it.

Policywatcher - 29 Sep 2017 18:19:38 (#13 of 93)

tasselhoff - 29 Sep 2017 18:31:28 (#14 of 93)

Wot he said. You would also want to have a separate management network for SSH access via a centralised SSH gateway.

Policywatcher - 29 Sep 2017 19:08:32 (#15 of 93)

The other part is that you aren't hosting on specific physical iron. The VMs shut down when not in use, spin up on demand (not necessarily on the same host, but with the same IP) very quickly, and you only pay for the up time. Load balancers and monitors spin up and balance additional instances at high load. Sophisticated ones can move a VM between physical hosts on the fly, in mid-workload if the monitors detect a likely imminent hardware failure...

And yes, I did just come back from a conference trying to sell me this stuff.

Policywatcher - 29 Sep 2017 19:13:38 (#16 of 93)

Pretty good though.

The stuff that Parallels, who do the Windows VM on Mac stuff, have done with virtualizing multiple desktops from a server onto Windows/Mac/iPad clients, within the PaaS and IaaS services, at a far lower cost than Citrix, and much easier to set up and manage, looks pretty neat.

Even has an in-browser client, so you can access a virtualized desktop from anywhere without needing to install anything.

TRaney - 29 Sep 2017 19:16:38 (#17 of 93)

Unfortunately “he”s on my ignore list tass. Who is it and I’ll take him off.

You’re already exceeding my layman’s perspective. From my POV it seems more like an ASP but with more in-house access. Is that a reasonable simplification?

Policywatcher - 29 Sep 2017 19:25:31 (#18 of 93)

oh good grief.

Bonusy - 29 Sep 2017 19:40:54 (#19 of 93)

Jeez, I never thought all PW's posts about ancient IT would get him ignored.

TRaney - 29 Sep 2017 19:49:59 (#20 of 93)

He has other posts.

Anyway my ignoring habits are often as much about me as the ignoree.

Check Subscriptions
Home » IT & Computers