What do yall think a CISO of today needs to know/understand?
I am trying to figure that out
I will sort it out
The account is @[email protected]
Thank you so much for your support. It is always good to hear from people that appreciate the podcast and orchid pics. I don’t get a lot of feedback so it’s nice to hear.
Heya, I’m the admin for infosec.pub, along with a bunch of other fediverse instances including infosec.exchange. I’ve been on the fediverse for a long time - infosec.exchange turns 8 next month, for example.
With each event that disenfranchises people (twitter bought by Musk, Reddit API, etc), I’ve seen a big surge in new instances. My observation is that many people get into running multi-user instances without really understanding what it takes, time-wise, emotionally, and financially.
Some of the software, like lemmy, but also kbin, calckey, and others, get pushed into the spotlight before they’re really in a reasonable spot to support the incoming community. Lemmy is relatively well functioning and complete, but only around a core set of use cases, whereas some of the others were just nowhere near ready.
I don’t know of anything on the lemmy roadmap to add account portability.
In any event, I’m here for the long term, though I do have to keep reminding our user base that this service is free to use, but not free to run, and therefore donations are much appreciated though not mandatory.
good luck! I was an amazing day when I got my CISO position. It was an even better day when I left it :)
Thanks. I’ve added to my list to fix
ok. I set up threativore and added you as a moderator. I doubt it's as sophisticated as what reddit had to offer. The instructions are here: https://github.com/db0/threativore/blob/main/README_manual.md
OK - old.infosec.pub is now up and running
Introducing old.infosec.pub
Hi all. As requested, I just added the mlmym interface to infosec.pub. It approximates the old style reddit interface.
So far, it has some.... quirks. For example, as far as I can tell, you cannot post with an "undetermined" language.
Yes. I will figure out how to get that working
Upgrade complete. Infosec.pub downtime/upgrade
Hi all. Lemmy 0.19.9 released today and it has some fixes I want to get in place sooner rather than later. I will be installing the upgrade in about an hour. The downtime should be minimal, but it’s also possible it goes horribly wrong and I have to run a recovery.
Edit: the upgrade is complete. It was quite painless.
I will install one today and send you the details
Lemmy’s admin tooling is… basic
Just to clarify - post with your moderator account.
Thanks. Can you make a post in that community? It’s the only way I know of to make someone a moderator
Sounds like a plan. Just let me know
As far as I can tell, @SqueamishOssifrage hasn't logged in to the site for about 2 years, and to be honest, I'd rather have a the community moderated, so if you want, I'll add you as a moderator.
How do you validate the responses here?
I’m not sure what you mean?
infosec.pub downtime - December 14
The following instances will be offline briefly on Saturday, December 14 from 9am ET / 2pm UTC for approxmately 10 minutes: infosec.exchange infosec.town infosec.pub pixel.infosec.exchange books.infosec.exchange matrix/element.infosec.exchange relay.infosec.exchange meetup.infosec.exchange video.infosec.exchange infosec.press infosec.place fedia.io fedia.social elk,.infosec.exchange infosec.space convo.casa
The servers supporting these instances require a reboot. The Dell servers these instances run on take a very long time to boot, so I am estimating 10 minutes of downtime. It could be more, could be less.
We use live patches to minimize reboots needed for patching, however Ubuntu only provides livepatch support for a year, which is how long most of these systems have been running for.
Call for moderators
Hi all. This community was created for a spambot (tuxbot) but it appears to have some following. Is anyone interested in moderating the community?
Infosec.pub upgrade to lemmy 0.19.6 complete
The upgrade went smoothly and took less time than I expected. Let me know if any problems. And yes, tuxbot is still suspended.
I am guessing the operator of the bot thought it ok because it was posting mostly(?) in channels that it created and was moderator of.
I banned it.
Infosec.pub downtime
Hello everyone. Lemmy 0.19.6 was released today. I am going to apply the update Sunday, November 10 at 2am UTC. Downtime should not be more than one hour.
Infosec.pub scheduled downtime
Infosec.pub will be down for maintenance on Monday, July 1 2024, from approximately 10am until 1pm Eastern Time. I will be upgrading to the latest version of Lemmy, which requires an upgrade to postgres.
Infosec.pub downtime for maintenance
Hello everyone. I will be taking infosec.pub offline for a while today to move the instance to a new, larger server.
Changes to Infosec.pub
I am going to be disabling image uploads and image serving, moving to moderated signups, and instituting some extensive block lists on infosec.pub due to the pervasive problems with CSAM attacks on lemmy instances.
No, it’s not happened to any of our instances yet, but I don’t need that headache. And if anyone does, I promise you that I will make it my life’s mission to see that those responsible are convicted and rotting in prison where they belong. ❤️
Edit: h/t to @infosec_jcp for pointing out the problem to me.
Please don’t enable 2FA
2FA in lemmy doesn’t work reliably yet. Please don’t enable it or you will almost certainly get locked out.
Note: it makes me sad to post this.
Blocking sh.itjust.works
Hi all. I am going to implement a block for sh.itjust.works. I am going to need years of therapy from all the nasty crap coming from that instance.
Federation and new community creaton is disabled
Hi all. I’ve disabled new community creation and federation until there is a fix for the latest vulnerability
Vulnerability fixed
As some have pointed out, there was a serious xss vulnerability in lemmy disclosed yesterday. The Lemmy team released a fix a bit ago and I've since patched infosec.pub.
Apologies for the problems
Lemmy and kbin have been... exciting to set up and debug.
There is a new version of lemmy in RC right now that should fix most of the issues we've been seeing, or at least give error messages that indicate what is going on.