Well, in principe I do not see that much different between ‘curl | bash’, ‘sudo apt-get install’ or installing an app on your phone. In the end, it all depends on trust.

Considering how complex software has become and on how many libraries from all over the internet any application that does more then ‘hello world’ depend, I do not see how you can do if you are not prepared to put blind trust into some things.

Concerning CrowdStrike, I am just reading an book on human behaviour (very interesting for everybody who is interested in cybersecurity), and I am just on the chapter about the fear of deciding with unknown parameters vs. the fear of not deciding at all. Any piece of software will brake at some point, so will you wait forever to find something that will not have any vulnerabilities?

Obtainium seems to have a very interesting take on this. Thanks for the link! I will check it out 👍

The problem is here is this: how is a user supposted to know if the official website of an application is organicmaps.app, organic-maps.app, organicmaps.org or github.com/organicmaps?

And even if she/he knows, hackers do ways to make you look the other way. The funny thing in this case is that the original author complained that the app was removed from google playstore, and did so on the fosstodon mastodon-server. Although I guess this was not at planned, he made the almost perfect social-engineering post. :-)

One of the basic elements of a democracy are three branches. In fact, democracy is an inherent instable system where these three branches must keep eachother in check. A natural concequence thereof is that every one of these three branches has the right to conduct and lead investigations.

That the courts can act proactive or reactive is more a cultural element then a core element of democracy. There are quite some countries where judges are part of the investigative process and can unilateral.

As Brazil, as a number of other countries in Latin America, has been in the situation in the past that both the gouvernement and the parlement are controlled by people with a … euh … not so good reputation on their democratic values, a judicial branch that acts in a more proactive manner should not be that IMHO unexptected.

Here there are two issues: free speech and the judicial system in Brasil. I’ll reply to the later in a different mail.

The freedom of speech is the result of democracy. No democracy, no freedom of speech. It is also inherent part of the democractic process.

On the other hand, it is not the only element of a democracy. and it can also be used against these other elements?

My question to you: can you use a fundamental freedom, granted to you by the fact you line in a democracy, to attack democracy?

Big international companies have no problem to create pseudo “national” versions of services if they can make more money with it.

So there should not be a problem for the social media companies to create versions that meets local legislation.

If you create a product and want to sell it in a certain market, you must also adhere to the laws of that country/region.

Protection of citizens against unjust ruling by a court is a protection-principle of democrary.

Why would you grant such a protection to an organisation aimed at destroying democracy (X/twitter)?

No apps at all ???

So it really is like a dumb terminal. Now I know why I never used a Chromebook😀

Sounds like a money laundering sceme!

As I mentioned earlier, I guess chrome is more like android where you have a much more strict seperation between the OS, applications and user data. (I remember reading about all the different partitions on android and what they are used for, but I should bruch up my knowledge on this).

Thanks for the additional into on brtfs! 👍

Just watched some videos on btrfs. I start to understand the conceps. Perhaps I should also look into how exactly

On windows and the “recovery partion”. I guess what you say is that it should always be possiblity to boot in some kind of system, but it will not happen automatically as there is no way for a system to detect that the system completely hangs.

Thinking about it. It kind of strange. Embedded systems have watchdog interrupts that get fired if the system hangs (i.e. if it does not provide a “yes, I still live” signal every “x” milliseconds). Does a PC not have something similar?

just watched some videos on btrfs. Looks interesting indeed. I will look into it and perhaps do a test-installation and see how it goes.

Thanks for the info

OK. That makes a lot more sense.

Thank you for correcting the original post. 👍

Yes, that was indeed the question.

If I read it correct, you need a specialised distro for this. You cannot do this on a off-the-shelf Debian or Ubuntu?

I’ll do some searching on ‘unmutable Linux’. Thanks for the (very quick) answer! 😀

Concerning linux, yesterday I was watching this video on computerphile on the crowdstrike incident. https://www.youtube.com/watch?v=rlaNMJeA1EA (*)

What is interesting is the comment made in the video on how chromebooks do software upgrades with dual “OS” disk-partitions and the ability to rollback to the previous OS-partition.

Question: is something like this also possible on one of the major linux distros? (debian, ubuntu, rocky, …) What would be the procedure to do this kind of “dual partition” system-upgrade?

(*) a great video that explained some of the technical details in a very clear way, including some very interesting ‘lessons learned’ and "what if"s If you ever need to explain crowdstrike to your manager, this video is a good start.

This is a typical mail a phishing campaign would send out, and we have already said to people "never believe this kind of messages. They are all fake.

Now, if a genuine company sends out mails with a genuine gift-cards (what the article on techcrunch seems to indicate) … this is NOT helpfull at all!!!

And that comming from a cybersecurity company (rolling-eyes)

Yes, that’s a very useful idea. Thanks!

Well, based on advice of Samsy, take a backup of home-server network to a NAS on your home-network. (I do home that your server-segment and your home-segment are two seperated networks, no?) Or better, set up your NAS at a friend’s house (and require MFA or a hardware security-key to access it remotely)

What was that saying again?

“the biggest thread to the safety and cybersecurity of the citizens of a country … are managers who think that cybersecurity is just a number on an exellsheet”

(I don’t know where I read this, but I think it really hits the nail on the head)

I have been thinking the same thing.

I have been looking into a way to copy files from our servers to our S3 backup-storage, without having the access-keys stored on the server. (as I think we can assume that will be one of the first thing the ransomware toolkits will be looking for).

Perhaps a script on a remote machine that initiate a ssh to the server and does a “s3cmd cp” with the keys entered from stdin ? Sofar, I have not found how to do this.

Does anybody know if this is possible?