Protecting Internal Web Resources

TL;DR: This blog post is a write-up of the process I went through to setup a set of internal web resources and apps for a small company I am running in my spare time ( providing a Single-Sign-On / SSO experience for internal users with web applications protected by flexible access policies including single and multi-factor authentication / two-factor authentication or 2FA).

As I mentioned in the TL;DR above, I run a small software/technology com … ⌘ Read more

Improving navigation for GitHub Actions
GitHub Actions changed how developers automate workflows with GitHub. Today, we’re introducing a new navigation to manage your GitHub Actions experience, improving discoverability and accessibility as well as opening up future feature opportunities. ⌘ Read more

Introducing fine-grained personal access tokens for GitHub
Fine-grained personal access tokens offer enhanced security to developers and organization owners, to reduce the risk to your data of compromised tokens. ⌘ Read more

RT by @mind_booster: When it comes to improving access to AV works, the EU must — at the minimum — put an end to #geoblocking of publicly funded AV works. Here is our proposal that we have submitted to the @DigitalEU stakeholder dialogue last week: https://communia-association.org/2022/09/30/proposal-av-stakeholder-dialogue-geoblocking/
When it comes to improving access to AV works, the EU must — at the minimum — put an end to #geoblocking of publicly funded AV w … ⌘ Read more

GitHub supports internet freedom and global availability in Iran
Access to the open internet is essential to defending human rights, and developers have an important role in promoting freedom of expression and transparency. GitHub is committed to keeping Iranians connected to the global developer community. ⌘ Read more

September Extensions Roundup: Test APIs, Use Oracle SQLcl, and More
Find out what’s new this month in the Docker Extension Marketplace! Access InterSystems, test APIs, use Oracle SQLcl, and backup/share volumes — right from Docker Desktop. ⌘ Read more

wsl-vpnkit: Internet for WSL2 distros behind a VPN
I’m still alive. 👋 Today, at work, I discovered a nice little tool for WSL2. On my work laptop I need to use Cisco AnyConnect to connect to the corporate network. Unfortunately this blocks Internet access in Windows Subsystem for Linux VMs (at least in the Ubuntu VM, I tried to use for some Docker stuff). I tried a lot of different hacks and workarounds, but none worked. Until I found wsl-vpnkit. It just works. 😄 ⌘ Read more

Now that I have access to Udemy Business and can watch many, many courses for free, I subscribed to two courses. One to improve my English and one to improve my quick-wittedness. Let’s see if I complete them and if they really help. ⌘ Read more

Paul Schaub: Creating a Web-of-Trust Implementation: Accessing Certificate Stores
Currently, I am working on a Web-of-Trust implementation for the OpenPGP library PGPainless. This work is being funded by the awesome NLnet foundation through NGI Assure. Check them out! NGI Assure is made possible with financial support from the European Commission’s Next Generation Internet programme.

[![](https://nlnet. … ⌘ Read more

@prologic@twtxt.net I don’t know any other way to host my file at my domain unless I make a sub domain. I am going to ask codeberg if they offer access of logs.

@abucci@anthony.buc.ci Its not better than a Cat5e. I have had two versions of the device. The old ones were only 200Mbps i didn’t have the MAC issue but its like using an old 10baseT. The newer model can support 1Gbps on each port for a total bandwidth of 2Gbps.. i typically would see 400-500Mbps from my Wifi6 router. I am not sure if it was some type of internal timeout or being confused by switching between different wifi access points and seeing the mac on different sides.

Right now I have my wifi connected directly with a cat6e this gets me just under my providers 1.3G downlink. the only thing faster is plugging in directly.

MoCA is a good option, they have 2.5G models in the same price range as the 1G Powerline models BUT, only if you have the coax in wall already.. which puts you in the same spot if you don’t. You are for sure going to have an outlet in every room of the house by code.

Huh… Nope.

HTTP/1.1 200 OK
Content-Length: 407
Content-Type: text/calendar
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag
Permissions-Policy: interest-cohort=()
Content-Security-Policy: default-src 'none'; sandbox
Referrer-Policy: same-origin
Vary: Authorization


BEGIN:VCALENDAR
VERSION:2.0;2.0
PRODID:SandCal
CALSCALE:GREGORIAN
BEGIN:VEVENT
DTSTAMP:20220822T180903Z
UID:bb63bfbd-623e-4805-b11b-3181d96375e6
DTSTART;TZID=America/Chicago:20220827T000000
CREATED:20220822T180903Z
LAST-MODIFIED:20220822T180903Z
LOCATION:https://meet.jit.si/Yarn.social
SUMMARY:Yarn Call
RRULE:FREQ=WEEKLY
DTEND;TZID=America/Chicago:20220827T010000
END:VEVENT
END:VCALENDAR

Tailscale SSH
I finally got around to using Tailscale SSH. I’ve been using Tailscale for over a year to access my servers via SSH (my VPS is even available via Tailscale only), but I haven’t used the new Tailscale SSH feature yet. ⌘ Read more

Dependabot now alerts for vulnerable GitHub Actions
GitHub Actions gives teams access to powerful, native CI/CD capabilities right next to their code hosted in GitHub. Starting today, GitHub will send a Dependabot alert for vulnerable GitHub Actions, making it even easier to stay up to date and fix security vulnerabilities in your actions workflows. ⌘ Read more

All GitHub Enterprise users now have access to the security overview
Today, we’re expanding access to the GitHub security overview! All GitHub Enterprise customers now have access to the security overview, not just those with GitHub Advanced Security. Additionally, all users within an enterprise can now access the security overview, not just admins and security managers. ⌘ Read more

‘Based’ Paganism vs. Christianity
I’ve been meaning to write about Paganism recently. I will frame it as a response to an email I received within the past day or so:

Hey Luke,

First off, I would like to thank you for all your efforts in making everything
you know accessible to everyone. You have exposed me to some of the most
thought-provoking people on the internet and Varg is one of them. I was
wondering if you can write an article or make a video on what you think about
Varg’s Paganism in r … ⌘ Read more

Corrupting memory without memory corruption
In this post I’ll exploit CVE-2022-20186, a vulnerability in the Arm Mali GPU kernel driver and use it to gain arbitrary kernel memory access from an untrusted app on a Pixel 6. This then allows me to gain root and disable SELinux. This vulnerability highlights the strong primitives that an attacker may gain by exploiting errors in the memory management code of GPU drivers. ⌘ Read more

6 strategic ways to level up your CI/CD pipeline
From incorporating accessibility testing to implementing blue-green deployment models, here are six practical and strategic ways to improve your CI/CD pipeline. ⌘ Read more

**The SDF Public Access UNIX System Celebrates 35 Years!

Here’s what I wrote about SDF back on the 20th anniversary, only now more impressive as SDF goes on in operation, and still faithful to the same ideas, objectives and modus operandi.

Happy birthday!

https://mindboosternoori.blogspot.com/2007/06/sdf-celebrates-20-years.html**
The SDF Public Access UNIX System Celebrates 35 Years!

Here’s what I wrote about SDF back on the 20th anniversary, only now more impressive as SDF goes on in operation, and still … ⌘ Read more

I grepped access logs and found at least three subscribers! @apex@rawtext.club, @prologic@twtxt.net, and @darch@neotxt.dk, hi there!

JD.com extends access to Tencent’s WeChat for three years with US$220 million in stock
JD.com is keeping its preferential access to WeChat’s 1.29 billion users, extending a partnership with Tencent that gives it a short cut on the platform. ⌘ Read more

Singapore man who preyed on disabled children jailed for record 45 years in ‘exceptionally sickening’ case
Prosecutors said the man committed his crimes over the span of 16 years, including from 2005 to 2018 when he worked as a part-time tutor to ‘gain access to a ready pool of children’ – many of whom were disabled. ⌘ Read more

Biden signs landmark gun control bill into law with bipartisan support ‘to save lives’
President Biden called the legislation the most significant of its kind in decades; measures include restricting gun access for youngest buyers and bolstering mental health support. ⌘ Read more

China relaxes barriers for transgender health, but family approval remains an obstacle
While policy changes make it easier for LGBT youth to access gender affirmation surgery, many still struggle with getting their parents’ consent. ⌘ Read more

Browsing the World Wide Web via E-Mail. 1990’s Style.
A look back at “Doctor Bob’s Guide to Offline Internet Access”. ⌘ Read more

Hopes fade for swift Nato accession for Finland and Sweden
A dispute with Türkiye, which is blocking their bid to join the alliance, appears unlikely to be resolved before a summit in Spain next week. ⌘ Read more

Paul Schaub: Reproducible Builds – Telling of a Debugging Story
Reproducibility is an important tool to empower users. Why would a user care about that? Let me elaborate.

For a piece of software to be reproducible means that everyone with access to the software’s source code is able to build the binary form of it (e.g. the executable that gets distributed). What’s the matter? Isn’t that true for any project with accessible source code? Not at all. Reproducibility means that the r … ⌘ Read more

TikTok moves US user data to Oracle servers amid concerns over China
The move comes as US media reports that such data was repeatedly accessed by China-based ByteDance staff, according to leaked audio from internal meetings. ⌘ Read more

G20 to raise US$1.5 billion for global pandemic fund, host Indonesia says
The money will finance efforts such as surveillance, research, and better access to vaccination for lower-to-middle income countries, health officials said. About US$1.1 billion has been pledged so far. ⌘ Read more

WTO talks down to the wire with no major deals yet in sight, India holds its ground
First meeting for four years wrapped up without solutions to issues such as food security, overfishing and access to Covid vaccines. India said it was a voice for developing countries resisting high-handed Western demands. ⌘ Read more

WHO will share vaccines to stop monkeypox amid inequity fears
Agency chief says the initiative for ‘fair access’ to vaccines and treatments will be ready within weeks, but health experts say it’s a missed opportunity to control monkeypox in Africa where it has been for decades. ⌘ Read more

Introducing Entitlements: GitHub’s open source Identity and Access Management solution
We’re excited to announce that we’re open sourcing our Identity and Access Management solution: Entitlements. ⌘ Read more

GitHub Enterprise Server 3.5 is now generally available
GitHub Enterprise Server 3.5 is available now, including access to the Container registry, the addition of Dependabot, enhanced administrator capabilities, and features for GitHub Advanced Security. ⌘ Read more

Founding Members now have full access to all Lunduke Journal sites
No matter which site you subscribe on, Founding Members now get full access on both Substack and Locals. ⌘ Read more

** My programming language odyssey **
While I wouldn’t say I’m wicked adept at any one language, I’ve dipped my toes into many different languages. Here, I try to roughly recreate my programming language journey.

The web. A marvel, a terror. I started here, more out of ease of access than necessity, but was able to get far enough to make a career out of web dev. I should also add SQL to this list.

[Elm](https://elm-lang … ⌘ Read more

Prepare for next semester with GitHub Global Campus and Codespaces
Teachers, it is now your turn to join GitHub Global Campus with our student community! Get access to exclusive benefits, programs, and the Power of Codespaces at no cost in GitHub Classroom! ⌘ Read more

tried to figure out how to use university springer access to download a textbook, gave up after two minutes and just used libgen. lmao

Git Credential Manager: authentication for everyone
Ensuring secure access to your source code is more important than ever. Git Credential Manager helps make that easy. ⌘ Read more

How I can access Linux with Chrome OS Flex
I recently installed CloudReady on my ThinkPad. Unfortunately, the Linux feature is not available there because microcode updates are missing, there is no BIOS update and Crostini is quite strict about security. ⌘ Read more

Chrome OS Flex and CloudReady
At first I missed the news, but today I somehow stumbled across it: Google has released an early access version of “Chrome OS Flex”, as a result of the integration of CloudReady into Chrome OS. CloudReady also ran under my radar until today, but I did take the time to give both a try. ⌘ Read more

Everything SHOULD be straightened out with the twtxt file and regular access to the capsule now. This post should be visible!

My public VPS is now only accessible via SSH from my tailnet. One more possible attack vector less. ⌘ Read more

Thinking beyond SQL injection: OWASP tips for secure database access
When it comes to secure database access, there’s more to consider than SQL injections. OWASP Top 10 Proactive Control C3 offers guidance. ⌘ Read more

The House of Lunduke BBS
Classic BBS gaming, 24x7 telnet access, fancy-pants ANSI graphics ⌘ Read more

Guest Blog: Deciding Between Docker Desktop and a DIY Solution
Guest author Ben Hall is the lead technical developer for C# .NET at gov.uk (a United Kingdom public sector information website) and a .NET Foundation foundation member. He worked for nine years as a school teacher, covering programming and computer science. Ben enjoys making complex topics accessible and practical for busy developers. Deciding Between Docker […]

The post [Guest Blog: Deciding Between Docke … ⌘ Read more

@will@twtxt.net At work we are using KeePass with Multi Cert KeyProvider Plugin.

https://www.creative-webdesign.de/en/software/keepass-plugins/multi-cert-keyprovider

We leave master password empty. Each person needs an own certificate to access the database file.

Not using a master password makes it easy to add or remove people with access w/o changing (and sharing) a master password.

Graphcore Poplar SDK Container Images Now Available on Docker Hub
Graphcore’s Poplar® SDK is available for developers to access through Docker Hub, with Graphcore joining Docker’s Verified Publisher Program. Together with Docker, we’re distributing our software stack as container images, enabling developers to easily build, manage and deploy ML applications on Graphcore IPU systems. We continue to enhance the developer experience to make our hardware and software … ⌘ Read more

Previously, to work on my code server, I always installed Visual Studio Code locally and then accessed the server using the Remote SSH extension. But that no longer seems necessary now that I have code-server installed. Using code-server, Visual Studio Code can be easily used in the browser. Cool project! ⌘ Read more

@prologic@twtxt.net
Thank you, that’s the correct one.

Still I have this in my logs (first access of “eleven” by yarnd):

ip.ip.ip.ip - - [21/Oct/2021:20:05:36 +0000] “GET /eleven.txt HTTP/2.0” 200 344 “-” “yarnd/0.2.0@46bea3f (Pod: twtxt.net Support: https://twtxt.net/support)”
ip.ip.ip.ip - - [21/Oct/2021:20:05:36 +0000] “HEAD /avatar.png HTTP/2.0” 200 0 “-” “yarnd/0.2.0@46bea3f (Pod: twtxt.net Support: https://twtxt.net/support)”

And I guess without avatar.png sitting there I would have seen even more requests like /eleven.txt/avatar.png.

I’ve copied stackeffect.png to avatar.png to make yarnd happy when accessing stackeffect.txt.

So in this setup yarnd fetched eleven.txt along with avatar.png which belongs to another twtxt. This feels buggy.

What’s new from GitHub Changelog? September 2021 recap
Catch up on 44 ships, including a colorblind-accessible theme, a public README.md for organizations, and customization of code review settings. ⌘ Read more