I have full IPv6, none of my ports that I haven’t explicitly whitelisted in the firewall can be accessed from the Internet. I can open a host completely, but it’s not default. This is on the most common brand of consumer routers here.

Just because it’s not NATted doesn’t mean there’s no firewall in place.

I worked in software certification under Common Criteria, and while I do know that it creates a lot of work, there were cases where security has been improved measurably - in the hardware department, it even happened that a developer / manufacturer had a breach that affected almost the whole company really badly (design files etc stolen by a probably state sponsored attacker), but not the CC certified part because the attackers used a vector of attack that was caught there and rectified.

It seemingly was not fixed everywhere for whatever reason… but it’s not that CC certification is just some academic exercise that gives you nothing but a lot of work.

Is it the right approach for every product? Probably not because of the huge overhead power certified version. But for important pillars of a security model, it makes sense in my opinion.

Though it needs to be said that the scheme under which I certified is very thorough and strict, so YMMV.

My router will still block all ports not explicitly allowed for the hosts regardless of protocol, it’s a firewall after all and not just NAT. Just because the host addressable doesn’t mean its ports are reachable.

Dazu kommt dann auch noch die komplett falsche Vorstellung, dass Kranke immer zuhause im Bett liegen.

Und selbst dann… wenn ich persönlich krank im Bett liege und jemand klingelt stehe ich nicht auf. Was wäre denn dann das Ergebnis des Besuchs? Ich muss sowieso für fast niemanden die Tür öffnen.

Testing is actually mandatory, what’s not mandatory though is to do it before deploying.

what’s feurking

An optional step in the développement process

Emacs? When there’s ed? Talk about bloat…

Personally I’d love to see more wider usage of S/MIME and/or PGP.

I’d rather see less. https://www.latacora.com/blog/2019/07/16/the-pgp-problem/ is a good summary about the issue and they have a shorter follow-up post about why encrypting mail in general is bad at https://www.latacora.com/blog/2020/02/19/stop-using-encrypted/

What I take issue with actalis, is that they don’t just sign your private key but you actually get the private key from them. It then depends on how much you trust the issuer.

By definition, that key can no longer be considered “private”.

Ich muss dabei leider am dieses Zitat denken, auch wenn es dort um die USA geht:

I have a foreboding of an America in my children’s or grandchildren’s time – when the United States is a service and information economy; when nearly all the manufacturing industries have slipped away to other countries; when awesome technological powers are in the hands of a very few, and no one representing the public interest can even grasp the issues; when the people have lost the ability to set their own agendas or knowledgeably question those in authority; when, clutching our crystals and nervously consulting our horoscopes, our critical faculties in decline, unable to distinguish between what feels good and what’s true, we slide, almost without noticing, back into superstition and darkness…

The dumbing down of American is most evident in the slow decay of substantive content in the enormously influential media, the 30 second sound bites (now down to 10 seconds or less), lowest common denominator programming, credulous presentations on pseudoscience and superstition, but especially a kind of celebration of ignorance.

Wenn ein Ende zum BSI führt

Kann mir nicht vorstellen, dass sie da Lust drauf haben. Da kannst eher bei irgendeiner Polizei. Oder man macht einfach die Stasi für sowas wieder auf, die kennen sich mit Postkontrolle ja aus.

I mean… it’s not like her sketch is too far off… it’s him they botched

Could be the kernel itself

Wouldn’t make sense to me because the thread says GNU/Linux and others, though this could relate to Android or distros not using any GNU.

gnupg

Usually not exposed to the network though, but it’s generally a mess so wouldn’t be too surprising

Another candidate I have in mind is ntpd, but again that is usually not easily accessible from outside and not used everywhere, as stuff like systemd-timesyncd exists.

Just want to stress that I’m not sure about it being OpenSSH, it was more supposed to be a fun guess than a certain prediction

Since this affects Linux and others, I’m guessing this is about OpenSSH. But I’m not very certain. Just can’t think of another candidate.

But holy sh, if your software has been running on everything for the last 20 years

This doesn’t sound like glibc as someone in the thread guessed.

Yes

systemd config is inspired by INI, with section headers and key-value pairs. It doesn’t get much flatter than that. It doesn’t compare to YAML or JSON.

Ich vermute, die privaten Kassen werden dazu bereit sein, wenn ihre Versicherten dann im Krankenhaus auch die für die GKVler anfallenden Gebühren zahlen müssen, und nicht wie bisher mehr als das doppelte.

It’s ok dude, I’m not trying to sway you. I’m not invested into the topic enough to defend something against theoretical and unsubstantiated claims. Use what you want or don’t

Which part of systemd’s config is not text-based? The only “database” it uses for configuration is the filesystem

Can’t make it right for everyone… Some people will complain about mining and the energy consumption (Bitcoin is supposed to currently use about 850 kWh per transaction), others complain about a supposedly unfair premine. They didn’t even hold an ICO.

51%

That’s not currently a required percentage, you need 67% of votes to confirm a transaction. Which in turn means 33% are enough to stall the network. But even then, what would their gain be, apart from owning more of their own currency?

Which is irrelevant because holders can just choose different representatives.

You can, but then you can no longer vote. And if you can’t vote, holding Nano does nothing.

I don’t think there’s a cryptocurrency today that comes without downsides, be it high resource usage, lack of anonymity or others, if they’re not straight up money grabs and a copy paste of another random junk on ETH. Bitcoin is not an option for me because of the monster mining has become - I don’t blame Satoshi, this is something I didn’t expect either, but it’s insanity currently.

The Epic “Store” barely qualifies as such, no wonder they’re trying to get at least something out of it