• 0 Posts
  • 3 Comments
Joined 1 year ago
cake
Cake day: October 18th, 2023

help-circle


  • I call BS - with notable exceptions for a particular omnipresent retail chain whose ToS was recently updated so they could do substantial tracking of your traffic.

    A company I work with is wholesale migrating both internal and external accounts to a third-party auth provider in whom I have very little faith. That is a concerning security risk.

    Using open wifi hotspots is hardly a best practice in any world, of course, but I’m hard-pressed to believe that it takes precedence over, say, ticking the boxes on NIST CSF or PCI compliance. Or just plain old “shoulder surfing” which has always been a risk in public, but becomes much more concerning given we all have a computer screen in our hand constantly and it’s often full of data useful to someone with ill intent.

    They might not get your pw or 2FA codes, but knowing your username is plenty for them to convincingly call you later, pretending to be from the bank. “Now that you’ve changed your pw, the system will send one extra 2FA code to your device as a test. Please read me the code when the text message comes in.”


  • If binaries aren’t pre-built, compiling it yourself is not particularly difficult (assuming it’s a decent repo that’s well-maintained).

    • Readme often has a list of dependencies and basic instructions. On linux, build steps might look something like make && sudo make install, possibly with a ./configure thrown in beforehand. You can, of course, run configure where present with a help flag to see all available options, and change them as you like, but many programs ‘just work’ with the default options on a variety of platforms.

    • Before that, you have to install the dependencies. Often, it’s a copy/paste command in the readme, and on Debian might look like sudo apt install libsomething libsomethingelse libsomethingelse - the overwhelming majority of the time, that gives you the correct versions (may be part of package name)

    • Otherwise, you can make several times, and if you read the errors, it will often tell you what’s missing and you can iterate through the deps that way.

    • I don’t suggest building the dependencies initially. It might be necessary (If memory serves, you still need to drop the PCRE library source in a specific place for Nginx to find, for instance, but the build process also builds that). It’s usually not necessary, and if you delve too far down it can be a frustrating experience.

    I’m not in the habit of building for windows, as the only computer I run it on is my work computer, but there may be instructions for that in readme as well. If the dependency installs fail, you’ll have to search your distro’s package manager to find the correct name of the package on your distro, but once it’s present you should be able to proceed from there without problems (in well-maintained projects)

    If it doesn’t build, you can always open an issue on the GitHub - there are no stupid questions, particularly if you search issues/closed issues first for keywords in the errors you see. The vast majority of projects are run by decent people who respond reasonably and/or some community member will jump in with an answer.

    For some languages, the build steps look very different - Maven projects in Java come to mind. I don’t love that tool, but it’s less evil than some of the alternatives. OTOH, if it’s rust, the build steps are very quick and painless - including installing Rust in the first place.