![]() > You can't just say it could be bad one day therefore everyone should do now That doesn't make it any different for today but it points out there is more than "threats have increased" that can change what's a reasonable place to be on the security curve. In a decade browsing via VM may be commonplace for the average user (though probably more persistently for that use case) and not require a thought to use. I'd also add there is a counter to the always increasing cost/reward ratio of targeting: the always decreasing amount of complexity of implementing the security mitigations for the "next level" of security. It is not about closing every conceivable hole in your attack surface to achieve minimal risk. #Halomd on windows how toSecurity is about judging how to stay as far up the curve as you can without it costing you more than you'd realistically lose to do so. That it's certain conditions is precisely why it isn't for the vast majority though, if it were you wouldn't need to specify corner cases. certain high security businesses or certain high risk individuals that should consider higher security options (or in some cases regulation therefore). At some point you have to accept that having the possibility of a bad scenario isn't enough on its own, it needs to be actually weighed and compared. It could be everyone falls victim to a firmware big so nobody should trust reusing a device. For instance it could be everyone falls victim to a hypervisor security bug so nobody should trust VM browsing. You can't just say it could be bad one day therefore everyone should do now - that's just fear mongering not supportive reasoning. No amount of Browsers-in-a-VM are a substitute. #Halomd on windows fullUltimately to achieve what we all actually want (strong isolation guarantees that would prevent a full browser exploit from both A) your SSH keys from getting stolen and B) also your gmail spool from being attacked, and let's be honest, B is the worst case scenario) requires a rethinking of the fundamental software stack from OS to user-visible applications. The world isn't a Tom Clancy novel so you don't actually need to do anything more than this to be very secure and on top of almost all active threats. Selectively allow any webpage interactivity, as necessary. #Halomd on windows installThe real solution is this: Install Firefox, install noscript to nuke all javascript, install ublock too, and get a password manager. Unless you plan to literally restart/wipe after every interaction with every domain in a separate same-origin policy where any sensitive information exposure occurs.īut if you're that careful, what is the VM really doing for you, and why the hell are you even exposing yourself that much? Just use Lynx or something. That's where all the actual value is why would I care if it's inside a VM or not when I can get credentials to your mail provider from the browser itself and just exfiltrate? It doesn't matter if you restart the browser once or a million times anytime it has sensitive information, it is a target. This means any and all cookies, shared logins, account access, tab information - is all game. If your browser is attacked by an 0day of any sort, or malware or whatever, it will have access to the shared credentials and information inside your browser. In my experiences, nothing fixes this, not even disable/enable iCloud Photos - until the next major version number iOS release, which seems to reindex or rebuild device Photos library. Note, with 10^6 photos in iCloud Photos and multiple devices syncing, sometimes one or more usually older items lose sync or won’t sync from an iPhone. All at once is best if no errors, as it doesn’t seem to rate limit the first batch. Helping others with this, I’ve had to try both ways. So after that either just let it sit to catch up over the next week(s), or, if you are somehow certain of zero errors, keep cloud sync off until all Photos are imported and indexed locally then turn it on. If Photos thinks you’re doing separate syncs, it can hit at 25K. There is a rate limit on syncing Photos to cloud. Able to use logs and narrow down and retry remaining from an import when issues. I imported Photos to Photos, and let it sync. #Halomd on windows macI brought each into its own Photos library to limit blast radius of import issues, and was able to isolate which image(s) caused faults.Īfter having an array of Photos libraries, I made a big enough store on a fast Mac that could stay online uninterrupted to act as my library host and iCloud Photos master. With 10^6 photos, to get this to work I had to use old Aperture Library manager utilities to split those by album (by year for unclassified), then bring those split libs into Photos one at a time. As versions updated, Photos understood more and more Aperture metadata and edits. I came from Aperture into modern Photos after holding out as long as possible. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |