How do you deal with places with thousands of remote endpoints??
douglasg14b
joined 2 years ago
Depends. Our engineering slack (Few thousand members) doesn't contain secrets for a few reasons:
- Secret scanning
- We have a /secret bot that will take your secret, store it securely, and then present a GUI for each person with access to display that secret "for just that person". And then after a set period of time it's made inaccessible, and wiped from the infra.
- Training and knowledge transfer on secret security
This has been incredibly effective. Especially the secret bot.
Turns out that the problem with people sharing secrets is just a matter of convenience. If you make a secure way convenient then everyone tends to just use it by default.
Just because it's not marketed doesn't mean it's not offered
Your logic isn't making sense.
The code would end up somewhere for others to use...? What?
One-off products or beta offerings are often kept private, sometimes indefinitely.
Lol, you think democracy voters are now going to vote for the rapist with 34 felonies?
Uh... Yes?
They don't care. They only care about voting along party lines.
Literally every single Republican that I know even the left leaning ones and even the ones who are going to be immediately and purposefully harmed by a Trump administration are still voting for Trump.
It's insane.
Doesn't matter if your first second or 5th.
You're going to get the camp treatment anyways.
We don't learn from history.
First they came for the socialists, and I did not speak out—because I was not a socialist.
Then they came for the trade unionists, and I did not speak out—because I was not a trade unionist.
Then they came for the Jews, and I did not speak out—because I was not a Jew.
Then they came for me—and there was no one left to speak for me.
—Martin Niemöller
And now you know why he's donating to the Trump campaign.
Because with the shift of power with project 2025 he can actually do this.
Yes but it pushes it to an operating system level and that means everyone wins as the operating system solutions to improve as vulnerabilities are found and resolved.
You also don't need rce access to exfiltrate data. If decrypted keys are held in memory, that mitigates an entire class of vulnerabilities from other applications causing your private chats from leaking.
Full disk encryption is not a solution here. Any application that's already running which can provide read only file system access to an attacker is not going to be affected by your full disk encryption.
They don't necessarily need RCE access.
Also this isn't how security works. Please refer to the Swiss cheese model.
Unless you can guarantee that every application ever installed on every computer will always be secure under every circumstances then you're already breaking your security model.
An application may expose a vulnerable web server which may allow read only file system access without exposing the user to any direct control of their computer from an attacker. Now your lack of security posture for your application (signal) now has a shared fate to any other application anyone else built.
This is just one of many easy examples that are counter to your argument here.
That's literally how a stutter works my man.
The wrong words come out sometimes even if you know what you were about to say.
This seems to be the case here as evidenced by the rest of the press conference being smooth as butter.
But no one seems to care how well things went when you have single phrase fuck up early on. Answering questions effectively and intelligently later on means nothing when you can focus on something that brings in drama points for your average voter to suck on ...
Lol good fuckin luck.
In a corporate environment you just aren't getting what you need out of Linux that you don't of windows for many of the kinds of endpoints affected.