• 0 Posts
  • 18 Comments
Joined 1 year ago
cake
Cake day: September 17th, 2023

help-circle
  • And then, because you were never in a classroom and never took a class on security, you probably have no idea what a buffer overflow attack is or how to use tools like valgrind to check for them.

    Then you put your C code on the internet and get your server pwned inside of an hour.

    Slightly hyperbolic? Yes definitely. But there is a reason we don’t teach C to beginners anymore. Generally you want them to understand the mindset of coding before throwing them in the deep end. And I would bet nothing has caused more people to quit programming then Segmentation fault: core dumped








  • For most transmissions of digital information (even those here on earth) there’s a concept of a “checksum”. Basically at the end of every message, there’s a special number, and you can do some math on the rest of the message to get that same number. If anything happened to change or damage the message in transit, the math doesn’t work out and so the checksum fails.

    I would assume Voyager works in a similar way so every time it receives a message it will compute the checksum and see whether it matches






  • You should definitely set up a DMARC record to prevent other people from using your email domain to send spam. If you don’t have DMARC configured, other email servers will give any senders the benefit of the doubt and accept mail that claims to be from your domain.

    You can just set the DMARC record to reject 100% of unverified mail and call it a day. Since you aren’t sending anything it won’t affect you.


  • The ideal solution is to have one identity provider and then use Single Sign-On (SSO) to authenticate your users to all of their other apps. All of the big identity providers (Microsoft, Google, Okta, etc) support security keys.

    I recognize that it might not be feasible to use SSO for all of your apps as a small business; a lot of SaaS platforms unfortunately charge extra for SSO. That being said my advice would be use SSO whenever possible for your apps and include SSO availability in your decision-making process for purchasing new software.

    For those apps that do not support SSO, my advice would be to either compensate employees for using their personal devices for work or give them corporate devices that are only used for work things.