Conversation

Notices

1. Embed this notice
   Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Saturday, 20-Jul-2024 01:18:25 JST Haelwenn /элвэн/ :triskell:
   > Wakes up
   > Gradually discover the Crowdstrike thing
   
   Fun way to wake up (as least as a self-hoster).
   • Embed this notice
     Drew DeVault (drewdevault@fosstodon.org)'s status on Saturday, 20-Jul-2024 02:23:07 JST Drew DeVault

     in reply to

     @lanodan I know it's mean but I low-key enjoy watching horrible vulnerabilities or IT failures unfolding when they don't affect me

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Saturday, 20-Jul-2024 02:25:31 JST Haelwenn /элвэн/ :triskell:

     in reply to

     • Drew DeVault
     @drewdevault It's mean but at the same time, identifying SPOFs is something all somewhat critical infras ought to be doing.
     And then actual software audits but that's step 2 at least. :/
   • Embed this notice
     Drew DeVault (drewdevault@fosstodon.org)'s status on Saturday, 20-Jul-2024 02:47:01 JST Drew DeVault

     in reply to

     @lanodan I feel like proper data management and principle of least privilege should be employed before you install a proprietary auto-updating rootkit on all of your machines

     Haelwenn /элвэн/ :triskell: and Sick Sun like this.
   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Saturday, 20-Jul-2024 02:57:03 JST Haelwenn /элвэн/ :triskell:

     in reply to

     • Drew DeVault
     • w
     @w @drewdevault Which is seriously worrying when it's things like 911 and hospitals which I guess don't have the proper social ways to address those.
     It's quite like if during a fire drill you'd realize you can't escape the building when the electricity is out (yeah that happens) but then actually nothing gets done about it.
   • Embed this notice
     w (w@11n.org)'s status on Saturday, 20-Jul-2024 02:57:04 JST w

     in reply to

     • Drew DeVault
     identifying single points of failure is (sometimes) easy, convincing someone who can effect change to care is the real trick
     
     CC: @drewdevault@fosstodon.org
     
   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Saturday, 20-Jul-2024 04:46:08 JST Haelwenn /элвэн/ :triskell:

     in reply to

     • Drew DeVault
     • w
     @w @drewdevault I don't think any of the CrowdStrike incident was due to EOL equipment though? More like the opposite I'd say.
   • Embed this notice
     w (w@11n.org)'s status on Saturday, 20-Jul-2024 04:46:09 JST w

     in reply to

     • Drew DeVault
     @lanodan@queer.hacktivis.me @drewdevault@fosstodon.org a lot of it comes down to cost. It's hard to convince someone to proactively replace eol'd equipment when it's still working 'perfectly well'
     
   • Embed this notice
     w (w@11n.org)'s status on Saturday, 20-Jul-2024 05:31:52 JST w

     in reply to

     • Drew DeVault
     @lanodan@queer.hacktivis.me @drewdevault@fosstodon.org you're right, I was speaking more generally. It's been a long day 🙂
     
     Haelwenn /элвэн/ :triskell: likes this.