Conversation
Notices
-
Embed this notice
feld (feld@friedcheese.us)'s status on Thursday, 16-Jan-2025 03:20:48 JST 
feld
everyone is overreacting to CVEs like usual
if you're doing rsync over SSH, they'd have to have compromised the server key to not trigger the fingerprint/impersonation warning
If the server is compromised by an attacker, you have much larger problems.
Secure both ends. Use a secure network transport that can't be MITM'd. These problems don't matter then.
RT: https://mastodon.social/users/nixCraft/statuses/113833699519818054- ✙ dcc :pedomustdie: :phear_slackware: likes this.
-
Embed this notice
Christmas Sun (sun@shitposter.world)'s status on Thursday, 16-Jan-2025 03:21:50 JST 
Christmas Sun
@feld sometimes I forget people use rsyncd -
Embed this notice
feld (feld@friedcheese.us)'s status on Thursday, 16-Jan-2025 03:22:43 JST
feld
@sun the performance over ssh is ass, so it's fine to use rsyncd --just require a VPN Christmas Sun likes this. -
Embed this notice
JoshuaSlocum (joshuaslocum@poa.st)'s status on Thursday, 16-Jan-2025 05:07:10 JST 
JoshuaSlocum
@feld i only rsync to locally attached USB 1.1 hard drives i've scrounged from dumpsters
i am invinciblefeld likes this. -
Embed this notice
gentoobro (gentoobro@shitpost.cloud)'s status on Saturday, 18-Jan-2025 13:34:44 JST 
gentoobro
CVE's almost never matter. It's always something like "An attacker with root permissions and physical access to the machine might be able to recover your Facebook password in only 12 hours with this new speculative execution attack!."
✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
feld (feld@friedcheese.us)'s status on Saturday, 18-Jan-2025 15:05:02 JST
feld
@gentoobro And some kid with an infosec certificate and zero years experience is losing his mind
All GNU social JP content and data are available under the