Same. I have used the controller as a container. Take a backup of the configuration and you don't even need to keep it running. I returned to a network after two years, fired up a controller, imported the config backup and g2g
Rolling up headphone wires (or any wires) works best when you create a looped bundle and alternate between overhand and underhand. It stops it from getting twisted and tangled. When done right, you can hold one end, throw the under end, and it all unfurls neatly.
Learned this from a theatre stagehand and have been using it ever since.
It has a name in the security industry, Insecure Direct Object Reference (IDOR) [1]. Somewhat related to Path Traversal [2]. Unfortunately CFAA is very broad and can be (mis)interpreted in wild ways.
I was thinking along similar lines to what you've suggested here, but then I considered how many VPS might be configured by folks following some random web tutorial, to set up their LAMP stack (or whatever), that end up doing something like what was described.
A lot of those VPS instructions these days recommend a reverse proxy like Caddy or Traefik for that exact reason. I think it's also a valid argument to say that anyone playing around on a VPS without knowing what they're doing is probably going to learn some hard lessons, and that's kind of the point.
This but unironically. There's no way to ensure that nobody overwrote your .profile or .bashrc with a backdoored sudo that steals your password, or runs your command and then runs an evil command afterwards.
It is. That's why SELinux and AppArmor were invented.
Instead of having "root" and "user", both of these provide sets of permissions that can be granted to apps.
In this case, SELinux would've stopped this. Codex could've still relabelled the files when mounting but this can be blocked for sensitive directories like /etc.
This feels like using a computer is inherently unsafe.
On the plus side, once we outlaw them we'll shut down the ability for conspiratorial thinking to spread easily and the world will slowly heal from the last couple of decades (the previous one in particular).
Hooray! We're finally doing something about the harms of social media. Smash your computer today!
It's already here, mobile OSes are just computers with ton of guardrails and you can't do whatever you want with it, for the sake of security. I mean we almost got an Android where you can't install the APK you want.
Parallel construction is when they use illegally obtained evidence to construct a separate set of ostensibly legitimate evidence. Like, an illegal wiretap might lead to someone being in the right place at the right time to witness a crime.
While containers have some useful properties, it was never intended to be, and never really functioned as a strict security boundary. We've duct-taped around that, and it's reasonably good now, but that only goes so far.
The fundamental problem is that the kernel is just too huge of an attack surface. It is probably always going to have exploitable bugs. A VM (especially hardware assisted) is a relatively tiny attack surface and it shows in the amount of bugs found.
I typically say that containers (and any other isolation that shares a kernel) are good for "mostly trusted" workloads, like different teams at the same company. You want isolation against accidents more than intentional attacks.
VMs are good for just about everything if you are careful (for example what devices and hardware are exposed) but if you want ultimate isolation you want completely separate hardware. It is the only way to be sure against hardware bugs and side-channels or VM bugs.
I'm surprised that this has apparently been ongoing for 6-7 months. I thought outfits like GitGuardian, or solo researchers with trufflehog (etc) would find leaked keys in days, not months. Maybe this is related to the major growth of github? The scanners can't keep up?
reply