I would look into something like Doppler instead of Vault. (I don’t trust any company acquired by IBM. They have been aquiring and enshittifying companies before there was even a name for it.)

Look into how any different solutions need their keys presented. Dumping the creds in ENV is generally fine since the keys will need to be stored and used somehow. You might need a dedicated user account to manage keys in its home folder.

This is actually a host security problem, not generally a key storage problem per se. Regardless of how you have a vault setup, my approach here is to create a single host that acts as a gateway for the rest of the credentials. (This applies to if keys are stored in “the cloud” or in a local database somewhere.)

Since you are going to using a Pi, you should focus on that being a restricted host: Only run your chosen vault solution on it. Period. Secure and patch it to the best of your ability and use very specific host firewall rules for minimum connectivity. Ie: Have one user for ssh in and limit another user account to managing vault, preferably without needing any kind of elevated access. This is actually a perfect use case for SELinux since you can put in some decent restrictions on the host for a single app (and it’s supporting apps…)

If you are paranoid enough to run a HIDS, you can turn on all the events for any type of root account actions. In theory once the host is configured, you shouldn’t need root again until you start performing patches.

That’s what you just got shown: Shove the configgy bits into Git.

You will likely have to find the configs you want to save first.

Wustite, ferrous oxide, is black. FeO.

Typical rust, usually found as hematite, is Fe2O3 and is red/brown. Also an iron oxide.

Magnetite is also another black iron oxide, Fe3O4.

There are quite a few other flavors of iron and oxygen too.

Sorry if it sounded like my rant was directed at you as it absolutely wasn’t. Your comment triggered me, because I absolutely fully agreed with yours as well. ;)

setenforce 0 is much cleaner, I have found.

Its just complex

When a security mechanism becomes more complex to manage than what it is supposed to protect, it becomes a vulnerability itself.

If you had a minimal system that you built from the ground up yourself and wanted to only have that system function in very specific ways, SELinux would be perfect. I would go so far as to say it would be nearing perfection in some ways.

Sorry, but in the real world, ain’t nobody got time for that shit. If you use auto configuration tools or pre-canned configs for SELinux on a system you are unfamiliar with, it’s more likely to cause application issues, create security gaps and will likely be shut off by a Jr. admin who really has no fucking clue what he is doing anyway.

It’s just easier to keep your system patched and ensure basic network security practices anyway.

It’s not impossible to manage these days. In the early days it was, but most everything is automagic now. If I am not mistaken, SELinux can be enabled to ‘log only’ which would give you data better handled by a HIPS anyway. (Don’t quote me on that.)

You want me to do what now?

(Sudo, the cat.)

Is this related to that Lemur thing I have been hearing about?

I am fairly sure it just tokenizes the card number and it’s not to prevent tracking. Most retail stores have been only storing tokenized card numbers for a while now, Apple Pay or not. With Apple Pay, it would be for card skimmer protection. Regular cards would still be vulnerable at the scanner.

The payment processor, your bank and the store still know who made the purchase.

I suspect many people aren’t talking about this because many Lemmy users don’t use the platform.

Just use an alternative service instead of trying to find more ways to use Musks personal propaganda platform. Honesly, It makes more sense to open up apps like this again, quietly, since it was was a serious strategic flaw to block it in the first place.

I don’t disagree with the concept of this front end, but there are just better options out there.

Alternate post title: Award winning biologist says that people might drink water when they are thirsty.

Everything else aside, my biggest gripes are with service control. Instead of just “service” they had to invent a new name that was super close to an existing function (systemctl vs sysctl) and reverse the switch order. (service sshd stop vs systemctl stop sshd.service)

Besides that, I absolutely hate that all the service configs are not in a standard location. Well, you get things like sshd.conf which are still in etc, but the systemctl configs are who knows where.

There are more important things to hate on with systemd, but I went for the superficial this time and I absolutely hate service management with systemd now.

Build a live boot USB for windows: https://monovm.com/blog/how-to-create-a-windows-live-usb/

There is a chance that the exe is just a wrapper for a compressed archive that contains the app to flash the bios and also the image. If the bios actually supports flashing manually, that would be super convenient.

deleted by creator

De-escalation is easy: Russia can get the fuck out of Ukraine. All of it.

1. do_gro
2. get_si
3. ? page
4. …
5. Profit.

“Your TV has become a digital billboard.”

It’s been a digital billboard for at least 40 years of my life. Radio was no different, so be sure to drink your Ovaltine.

Have you never seen a commercial before? Cheap subsidized hardware? Bloatware loaded on phones? Bloatware on TVs? Games that require 5 mins of ad time? Google’s crippling of Chrome to break ad blockers? Unskippable ads on YouTube? Sponsored ad spots in YouTube videos? All the 3rd party logos on Smart TV boxes? Product placements in movies? Ad placements before the movie starts? The list goes on.

The entire entertainment industry is based around advertising. Every delivery platform is designed to show you ads first and entertainment second.

People have problems figuring that out?

This isn’t a new concept and it’s really stupid that Ars is presenting it that way.

If companies didn’t know this, then they are already out of business. If the viewers didn’t know this… well… I can’t help you.

It was on old 3.5" drives a long time ago, before anything fancy was ever built into the drives. It was in a seriously rough working environment anyway, so we saw a lot of failed drives. If strange experiments didn’t work to get the things working, mainly for lulz, the next option was to see if a sledge hammer would fix the problem. Funny thing… that never worked either.

I used to take failed drives while they were powered on and kinda snap them really with a fast twisting motion in an attempt to get the arm to move or get the platters spinning.

It never worked.