Sorry.. meant hextet.. not octet.. that's how angry I was.. hahaha..

For context:

IPv4 (4 octet)
IPv6 (8 hextets)

Side note, carry on...

Show thread

One day I'm going to cross paths with these insensitive router UI/UX folks and we're going to exchange some very strong words.. a box for each octent in IPv6.. and no support for truncated values.. why.. why would you do this...

DNS matters ... here is a song to help bring that point home.. seems like an appropriate time to share this..

tony boosted

IMPORTANT: We're seeing a large scale attempt to bulk-register bot accounts across the public Matrix network (including captcha bypass) in order to perform spam flood attacks. If you're running a public homeserver please disable open registration, or require email for signups.

Great example of how things built for good can be used for bad, and how misconfigurations and poorly designed validations can lead to catastrophic results...

Put some thoughts to virtual parchment on how I approach security with web applications..

It's less about the tools, and more about what a bad actors needs to be successful..

Don’t even know why I’m ever surprised anymore..

Ads embedded in the authentication flow for Google.. using the authentication method they force on you, overriding other choices you made..


Great article by @danielcid showing live examples of how bad actors enumerate WordPress users then use XMLRPC to brute force WordPress sites. good to see that some things have not changed...

I realize it's always the WAF's fault, but what if it's not?

Ok, it is in this example.. but again, what if it's not?


Just some tips if you're ever having issues and trying to figure out where it's coming from before blaming the provider.

New feature at NOC allows you to optimize the relationship between the CDN and your cluster of origin servers..

How cool is that? Specifically designed for admins running GCE / AWS clusters for their origins and also using a CDN..

Check it out :

tony boosted

Got a couple things wrong in the original post, made some updates to account for those.

Show thread

Automattics JetPack plugin overrides user defined controls to stop auto-updates...

Am I the only one that things there is so much wrong with this?

tony boosted

Just discovered an awesome #fediverse account #search tool.

@dcid Is the source available somewhere, so we can have more of these search engine humming..?

Just exploring the Domain Name System (DNS) and ways it can be used to control what you see and how your domain performs...

Put together a new script to automate how I install my agents on my web servers... what else should I add?

New article by @dcid sharing some of what we're seeing at NOC as the platform comes alive .. old vulnerabilities are the fan favorite it seems...

That failed, so tried escaping the double quotes too:

ssh root@[ip address] 'mysql --user="root" --password="[pass]" --execute=& USER 'foo2'@'localhost' IDENTIFIED BY 'mariadb';&#34'

This actually gets past the error, but doesn't create the user on the remote server..



Show thread
Show more

Open Source Social Network. Focused on technology, networking, linux, privacy and security, but open to anyone. Civil discourse, polite and open. Managed by the team.