Almost like that xkcd joke…
Almost like that xkcd joke…
Explains the bird feathers
Why did you train so badly?!
Just choose Australian. Tbh we don’t care how you say it just be loud.
Plex was how last pass got hacked. https://www.howtogeek.com/147554/lastpass-data-breach-shows-why-plex-updates-are-important/
You still need to do stuff even if it is plex.
To back off your post, does anyone have one for Australia?
I don’t think that works on my Samsung TV, or my partners iPad though. :)
Although not especially effective on the YouTube front, it actually increases network security just by blocking api access to ad networks on those kinds of IoT and walled garden devices. Ironically my partner loves it not for YouTube but apparently all her Chinese drama streaming websites. So when we go travel and she’s subjected to those ads she’s much more frustrated than when she’s at home lol.
So the little joke while not strictly true, is pretty true just if you just say ‘streaming content provider’.
Bring free on cloudflare makes it widely adopted quickly likely.
It’s also going to break all the firewalls at work which will no longer be able to do dns and http filtering based on set categories like phishing, malware, gore, and porn. I wish I didn’t need to block these things, but users can’t be trusted and not everyone is happy seeing porn and gore on their co-workers screens!
The malware and other malicious site blocking though is me. At every turn users will click the google prompted ad sites, just like the keepass one this week.
Anyway all that’s likely to not work now! I guess all that’s left is to break encryption by adding true mitm with installing certificates on everyone’s machines and making it a proxy. Something I was loathe to do.
After I followed the instructions and having 15 years of system administration experience. Which I was willing to help but I guess you’d rather quip.
From my perspective unless there’s something that you’ve not yet disclosed, if wireguard can get to the public domain, like a vps, then tailscale would work. Since it’s mechanically doing the same thing, being wireguard with a gui and a vps hosted by tailscale.
If your ISP however is blocking ports and destinations maybe there are factors in play, usually ones that can be overcome. But your answer is to pay for mechanically the same thing. Which is fine, but I suspect there’s a knowledge gap.
Are you sure? Did you want to troubleshoot this or did you just want to give up?
I’ve got two synology nas connected to each other directly for hyper backup replications at clients because both units are on cgnat isps and there’s no public IP. And it just works.
Didn’t understand that by willing you meant wanting.
I use Ubuntu, it’s the default for ROS. I tried debian but the instructions didn’t work instantly so I just as quickly gave up and went back to Ubuntu since I was busy. Lol.
Yes, but first go check which list you want to use since they’re a good starting point to understand a kind of level of tolerance and expectations around your experience.
There’s lots of lists around here’s a small sample:
https://arstech.net/pi-hole-blocking-lists-2023/
Be prepared for a bump in time outs as you work through things you might need (I blocked by accident a bunch of needed Microsoft services that I need to use during my job).
I haven’t edited my white list in months, maybe over a year. It’s going very well. I’ve been running pihole on ubuntu for more than 5 years as two virtual machines. I’m happy.
To be honest I think we have different cultural values here. The way I read this and the way you read it is clearly different. I’m disappointed by how little I had my expectations changed, while you had them moved more.
I think the question is, where can you bet on a single coin flip? Maybe because I’m Australian, there’s only one day a year you can bet on a (two) coin flip legally here. Everyone else seems to generally understand that coin flips aren’t fair for gambling and therefore is illegal.
If this paper was like ‘this is how corruption in sports…’ rather than ‘this is like that magician cup and balls trick’ then I’d understand your concern.
But like you said, you don’t even have a coin in the house, so the practical side is day to day, perhaps not even once a year, not only are you not deciding on a coin flip, even if you were, you’d (or whomever was flipping it for you) have to learn a technique to see it affect you.
I’ve seen something similar to this before in remote desktop servers where user redirected printers end up bloating registries to the point login times exceed processing limits and so not all the configuration in the registry or group policy gets processed. Each redirected printer gets created and never pegged, and it’s unique to that rdp session so they are duplicated to infinity over time. Glad you found it out, the only point with the complexity is I was trying to explain that it being complex doesn’t mean it won’t be robust if it’s still implemented without conflicts so you can rule that out (if you’ve ruled out conflicts) . Sounds like you found the culprit in the end! Good work.
When the horses have all bolted, BBC is the one to close the barn door.
Hey, sorry to say but not seeing this at all. About 60 customers, each between 30-200 staff, in Australia region. Almost all of them have reasonable conditional access policies managing maximum login times per app, requirements for device compliance for data sync and geo-restrictions and longer login times for known sites, as well as standard mfa requirements.
Id say there’s something else in your stack. We monitor many of our customers with 3rd party tools too, including Arctic Wolf for seim /SOC alerts and triage and isolation if AAD accounts are breached. Sentinel one with integration in aad too. Though personally I feel like most medium and small businesses would be better served with the already included defender for business. A topic for a different day.
But no unusual requirement for cleaning cache and such to ensure the policies we configure act as we expect.
I’ve seen different tenants act differently of course in the past. But nothing right now I can suggest. I’d personally start doing a/b testing and reviewing all logs relative and see what impact before and after has on logs.
Anyway sounds frustrating so good luck.
I’m not in America but the organisation for NIST recommends it in guidance now and its getting backing by the nsa
https://www.zdnet.com/article/nsa-to-developers-think-about-switching-from-c-and-c-to-a-memory-safe-programming-language/ https://www.malwarebytes.com/blog/news/2022/11/nsa-guidance-on-how-to-avoid-software-memory-safety-issues
I see this becoming required in the future for new projects and solutions when working for new governnent solutions. The drum is certainly beating louder in the media about it.
Sure was! You need to be on top of paid and free and open source software from a security stand point. There’s no shortcut no matter what you think you’re paying for. Your threat model might be better when the service automates a Web proxy for you, but that’s only one facet. You trade problems but should never feel like you can “set and forget”. Sometimes it’s better for you to do it yourself because there’s no lying about responsibilities that way.