JDPFu.com 2025

Another example of why you shouldn’t trust consumer routers. d-link

It isn’t just this specific d-link router. We’ve seen the same issues over and over and over with pretty much every non-enterprise vendor.

Plus we don’t want our devices used by crackers to DDoS Brian Krebs anymore, right?

We are Linux people. We CAN do this ourselves.

Always wanted a way to get the full content from websites without all the extra stuff and have a way to take it with me on a portable device without a data plan. Wallabag to the rescue.

Plus, I don’t want too many central orgs like google/fb/twitter/NSA/GCHQ/KGB/Mom knowing what I was reading.

Wallabag is like read-it-later. Once setup (and the setup is much like Nextcloud), then almost any webpage I’m viewing inside a browser can be grabbed for later using “cntl-alt-s” – That tells a browser plugin to tell Wallabag to save that URL for reading later. Great for longer Ars or Krebs on Security articles. Also a great way to grab instructions for setting up something non-trivial as a record. Wallabag supports annotations, so if those instructions don’t work, we can add comments/corrections. We can also share this content with others.

Poor quality of Seagate disks is a well-know issue for people using spinning disk storage at home. I hear their enterprise HDDs aren’t bad, but that isn’t what we purchase.

My sample size is very small. From 1990 – 2005 I went out of my way to purchase Seagate HDDs. They lasted for the sizes I bought. Used some 320G Seagate disks in an array for 7+ yrs and NONE of those failed. They made quality HDDs.

A friend found this link.
Security Conferences
Seems to have all the security conferences in the USA covered.

Nice 1-stop location to find more videos than anyone will be able to watch. There is a slight downside. The few videos I’ve watched were encoded a h.265/HEVC. HW support for this codec is non-existent and my Kodi Raspberry Pi v2 can’t play those without massive stuttering. Had to re-encode the videos before watching.

Why Are Driverless Cars Cool? After all, we’ve been driving vehicles for over 100 yrs and it seems to work very nicely, right?

Ok, think back to that old western movie (or The Three Musketeers ) when the cowboy whistled to his horse and the horse moved where she/he was needed for the fast get-away. Remember how nice that was – great animal, neat trick, right?

But what does that have to do with driverless cars?

Selling security vs doing security. The first one is a hell of a lot easier.

Link

With so many different vendors pushing thousands of different products, we all need a little help to find the right product to fit our needs.

Product reviews were helpful, but those have been taken over by commercial interests gaming the system. Read somewhere that 80% of product reviews on sites like Amazon are fake, put up by review management companies in violation of the ToS for Amazon, but still it is next to impossible to stop these.

So a few websites started making reviews which seemed to be based on facts and real trials. Sorta like Consumer Reports, but free. There is a difference between how Consumer Reports does their reviews and how these websites, like TheWirecutter.com do theirs. I´ll explain below.

It has been reported that Mark Zuckerberg’s Twitter and Pinterest accounts used the trivial password, dadada .

• Using the same password on two online accounts is poor security practice. Mr. Zuckerberg should know better.
• Using only 2 characters, no mixed case, no numbers and no special characters is poor security practice. Mr. Zuckerberg should know better.
• Using only 6 characters total is just stupid these days. Anything less than 12 characters takes under 24 hrs to break with home computing power from 5 yrs ago. Mr. Zuckerberg should know better.

Security practices start at the top. I suppose if your company is primarily about hookups and cat photos, then security might not be on the forefront of your mind.

Links

• The Register
• Business Insider
• there are hundreds of others.

What Hope Do We Have?

People are saying if Mr. Zuckerberg fails at this, what hope do they have? CEOs tend to ignore security, IME. I was told by a CEO that if I made the minimum password 15 characters (plus a sufficient complexity), he would switch to using his hotmail account. Reminds me of Ms. Clinton.

At my job, In the 1990s, a group of co-developers stole my work password because they were too lazy to setup their own Windows account to perform InstallShield packaging. I reported the infraction to my boss, the VP of Development and a founder of the company. When he refused to do anything about it, I started looking for another job. 2 months later I was gone.
The next company wasn´t much better about security, but the following one was excellent and I worked there for about 8 yrs. I left over contractual differences, not the people nor the work.

A Fine Line

I suppose for some people, having all the security enforced that I believe is require could also be a reason for many more workers to leave, so management needs to walk a careful line if the work is not interesting enough for people to stay even with good network and computer security.

Below are some statistics from a few running VMs for your consideration.

ID S RDRQ WRRQ RXBY TXBY %CPU %MEM    TIME   NAME                            
 4 R    0    0  287    0 26.0  9.0 454:26.51 win7ult
 2 R    0    3 551K  16K  3.3 19.0 258:56.21 desktop
 5 R    0    3  287    0  0.7 15.0 217:59.98 email
 6 R    0    0  287    0  0.1  3.0  10:24.97 email-front
 3 R    0    2  287    0  0.1  7.0  43:37.56 blog

Breakdown of the Stats

I watched the virt-top output for about 2 minutes and grabbed those numbers above during a representative 2 sec period. The Windows VM never dropped below 25% use. The other VMs each would bounce up as something required it, then would drop back down to nearly nothing when done.

More details below.

The firejail project is new to me. It takes all those security efforts added to the Linux kernel over the years and makes them available for end-user programs. These are specifically designed for GUI programs. How cool is that?