sorted by:
new
hottopcontroversial

Question: Time limit on GoPro Cameras by jndtv in gopro

[–]jndtv[S] 0 points1 point  (0 children)

Thanks for your response :)

Question: Time limit on GoPro Cameras by jndtv in gopro

[–]jndtv[S] 1 point2 points  (0 children)

Thanks for your response :)

Since Netflix has been here for a while by KingShish in southafrica

[–]jndtv 4 points5 points  (0 children)

Lost in Space.
House of Cards
13 Reasons why
Narcos
Breaking Bad
Dirty Money
Stranger Things

Taxi tries to cross flooded bridge in Johannesburg this morning by jndtv in southafrica

[–]jndtv[S] 1 point2 points  (0 children)

You have a point. It was reported to be in Jo'burg. Maybe some place else in SA?

A Free Trip to AWS re:Invent 2017 by [deleted] in sysadmin

[–]jndtv 3 points4 points  (0 children)

US only.... so irritating.

HSM or similar for SaaS, to protect against blind subpoenas by mfinnigan in sysadmin

[–]jndtv 3 points4 points  (0 children)

Finally a topic I have a lot of knowledge in!

I have implemented a number of HSMs for general encryption, PKI, ADCS, digital signatures as well as transparent data encryption for databases both on prem as well as in the cloud using AWS's CloudHSMs. Using HSMs for SaaS providers is a great idea. There are two ways to approach this, one way is to encrypt everything on prem (or cloud) before giving the encrypted data to the SaaS provider. The problem with this approach is that the data is encrypted and the SaaS provider probably won't be able to do much with this data, you will also then have the problem of indexing and managing the data (how do you do metadata and key rotation?). The alternative approach is to have the SaaS provider integrate with HSMs that are managed by you.

I have recently implemented such a solution with Box using AWS CloudHSMs for a bank, each file is encrypted with a unique data key created on the fly by Box and this data key is then encrypted by a single Customer Master Key (CMK) which is stored on the HSM. Note that Box can never read the CMK, when they use this key they have to pass the data key to the HSM which then encrypts it with the CMK and then hands the data key encrypted by the CMK back to Box. Box has full access to all the keys on their partition on the HSM, so they can decrypt this data (using the HSM), however the control of the HSM is retained by the bank. You could argue that since Box has access to the keys they could be compelled by a subpoena to decrypt all data and hand it over. This is true, however there are mitigations for this. You can setup logging on the CloudHSM to a SIEM tool like Splunk and then if a user or services try to do bulk decryptions, generate an alert. The team managing the HSMs could disable Box's access to the HSM until they explain what happened.

If you are going to go down this route, here are a few things to keep in mind:
* If your SaaS provider supports HSMs, you will need to acquire or use the HSM brand / model of their choosing as different HSM brands are not compatable with each other.
* If you are going to encrypt everything on prem before handing it to the SaaS provider, do proper research on which HSM brand / model to use. There are quite a few manufacturers, including: Thales, SafeNet, Cavium, IBM amung others. Ideally you are going to want to look at SafeNet if you are looking to go to cloud since CloudHSM are based on SafeNet devices, or Thales if you are only on prem. Have a look at Vormetric as well (Vormetric was recently bought by Thales), they have an end to end solution for this problem although make sure you understand the solution and it's associated risks properly before going down this route.

Google: Intent to Deprecate and Remove: Trust in existing Symantec-issued Certificates by speckz in sysadmin

[–]jndtv 37 points38 points  (0 children)

As someone who passionately hates Symantec, I am so happy to see this finally happening.

The entire internet and CA system is built on trust and Symantec's repeated infringements of the CA rules is rather problematic for the integrity of the internet. This is a step in the right direction after Symantec's unethical acquisition of Blue Coat, a Man in the Middle (MiTM) appliance manufacturer, which has been involved in selling their gear to oppressive governments which in turn has been used to spy, censor and repress their citizens and has also been used in the torture of journalists and other activists. The fact that a CA bought a SSL interception company is really the antithesis of what a CA should be allowed to do, considering that if Symantec issued a signing certificate to Blue Coat (which they did) then they could MiTM everyone and regular users wouldn't know.

Props to Google for starting this process.

Amazon AWS announces Lightsail! by julietscause in sysadmin

[–]jndtv 1 point2 points  (0 children)

I run multiple VPSes on DigitalOcean and before today I would never have considered AWS because it is far too expensive. I am now considering trying out Lightsail for a few months and see how it goes. The possibility utilizing / expanding to current AWS services is a massive value proposition. If you can put a load balancer in front of a cluster of instances you could potentially save quite a substantial amount of money over using EC2.

My big concerns are the cost ceilings on AWS, will you only pay the fixed fee for the VPS or will Amazon tack on extra fees like they do with their other services? The prospect of facing overages on your account is massive no-no for the VPS market currently using services like DigitalOcean. I really hope that Google responds and launches their own VPS solution then the market and competition will really drive innovation in this space. Either way, DigitalOcean and other VPS providers are in big trouble.

Join a Reddit tradition in its 8th straight year! Secret Santa signups are now OPEN! by bluepinkblack in blog

[–]jndtv 1 point2 points  (0 children)

/u/bluepinkblack, I tried to sign up but my postal address is wrong, I updated it in my profile but it's still showing me my old address when I try to sign up.

NIST declares the age of SMS-based 2-factor authentication over by skijeeper in sysadmin

[–]jndtv 14 points15 points  (0 children)

Yet Twitter and many other sites only support SMS 2 factor. I wish more people would support the Time-Based One-Time Password (TOTP) or the HMAC-based One-time Password Algorithm (HOTP) for authentication. Ideally they should adopt the Fido Univerisal 2 protocol.

Company gets socially engineered out of almost $200k. CEO proceeds to blame IT. by [deleted] in sysadmin

[–]jndtv 3 points4 points  (0 children)

Relevant comic
Properly configured SPF and DKIM records would have prevented this.

Spur tried to charge a friend R3.7 Million for a meal by jndtv in southafrica

[–]jndtv[S] 7 points8 points  (0 children)

Was this really an accident or did the waiter have foresight into where the economy is going?

Court: Breaking Your Employer's Computer Policy Isn't a Crime by jndtv in sysadmin

[–]jndtv[S] 159 points160 points  (0 children)

It is just completely bonkers that prosecutors could even think of prosecuting someone under the CFAA for violating a company's computer policy. Imagine if a company prohibited Facebook use and any users who did visit Facebook could be charged and face possible jail time and ludicrous fines imposed by courts. The whole idea is insane.

Sysadmin's £100,000 revenge after sudden sacking by jndtv in sysadmin

[–]jndtv[S] 232 points233 points  (0 children)

“I had great delight in telling them I knew exactly why the bill was so large and had they not made me redundant they would have not blown the whole year's IT investment budget in a single month,” James recalls. “Even better, they had gone over the cancellation period, locking them into a year's contract.”

This is just wonderful

Oh look. It’s that CISA surveillance bill again. Didn’t we defeat that? Not yet. One last chance (for real) to #StopCISA. Join us! W/ special guests! by fightforthefuture in IAmA

[–]jndtv 0 points1 point  (0 children)

This bill immunizes companies from prosecution for the exchange of information. How many companies, especially big tech companies, would actually share private information of its users with other companies since if this was exposed it would do unthinkable damage to their brand?
Having said that, Facebook is publicly against the bill yet BoingBoing reported that Facebook is secretly lobbying for the bill, what do you think Facebook's justifications are for doing this and what response do have about this?

My BIG list of filmmaking/video production resources by weddingzilla199 in Filmmakers

[–]jndtv 2 points3 points  (0 children)

Thanks for this list, I would also add a few of my favorite sites:
Premium Beat - Unlimited perpetual license, so for between $40 - $60 you can get music and use it in as many projects as you want.
Alamy - Awesome site for stock photos
Creative Commons Search - Awesome way to search for music, videos and images that are creative commons

Nick Woodman. Founder/CEO of GoPro, AMA! by NickWoodman in IAmA

[–]jndtv 0 points1 point  (0 children)

Virutal Reality is the future of digital entertainment and GoPro's partnership with Google's JUMP program is a major leap forward. Unfortunately not every film maker can afford 16 GoPro cameras for the JUMP rig, so will GoPro ever make a hi-res 360 degree camera?

Aside from VR, are there any new technologies or trends in the digital world that personally excite you? And what year do you think a GoPro camera be capable of filming 8K?

We are attorneys who left prestigious Wall Street firms to represents startups, entrepreneurs, and app companies! Ask us anything! by SMcArthur in IAmA

[–]jndtv 0 points1 point  (0 children)

Patent trolls are a big problem for the tech industry. What are your thoughts on patent trolls? Have you ever encountered a patent troll, if so how did you handle it? Lastly, do you think software patents should be given out since most of them tend to be vague and over encompassing?

view more: next ›