> Any Twitter engineer in any country is presently provided direct access to production systems.
> The accesses to these production systems are not audited.
That's about 5.000 people.
> At Twitter engineers work on live data when building and testing software because Twitter lacks testing and staging environments; work is instead conducted in production and with live data. 🤣
Ah-ha! It seems that Pi-hole also added internal blocking of iCloud Private Relay domains last year, so even when you specifically unblock an iOS device, it will still run into problems as long as Private Relay is active in the network configuration.
There's an option to disable interception of Private Relay in the FTL config file: https://docs.pi-hole.net/ftldns/configfile/#icloud_private_relay
Managed to get uucp working on the cdtv and a raspberry pi, and also running scripts remotely on the pi from the cdtv. I made a quick tool to download and resize images from the internet to fit on an #amiga screen. The image is from NASA's APOD site. This opens up the possibility of synchronizing notes, calendar, mail on a machine with no concept of TCP/IP. #retrocomputing
Surveillance, USpol, Palantir, documentation
Vice got hold of Palantir's law enforcement handbook:
The actual handbook is here:
Share and enjoy!
What the hell is it with Android and Wifi networks? I currently run an access point with a minimal hostapd configuration on a RasPi, and half a dozen systems connect to it just fine (including an older Android 8.1 device), but this Android 11 tablet just keeps dropping from the network and then reconnects, again and again.
@cks ...the target systems have a route back to the management network through their usual gateway, but this still requires hide NAT using the address of the NAT gateway on the return path.
It's not a great setup that requires additional work in several aspects, but it provides just enough isolation for the end hosts, and they don't need any additional routes into the management network / VPN.
Just now seen an article by @cks in my rss reader, https://utcc.utoronto.ca/~cks/space/blog/tech/IPTunnelsAndRouting
This reminded me of our old management network setup, where we'd have a destination NAT address on each management LAN that has forwards for the relevant services to the actual destination. So the end systems would send, for example, syslog to an address on their management LAN, using their own management address as source. The same concept should work in a (Wireguard) VPN.
Folks, if you’re using @small-tech/auto-encrypt in your projects, please make sure you’re running the latest version of the package (3.1.0) or certificate provisioning/renewal will fail due to the latest Let’s Encrypt protocol update.
"When people ask me: “Why are you into floppy disks today?” the answer is: “Because I forgot to get out of the business.”"
generic computer and internetworking geek
network and systems administration, infosec, retrocomputing
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!