[Edit] Apparently federal facilities were not challenged. So only struck down for businesses.
 - https://www.reuters.com/world/us/us-supreme-court-blocks-bid...
There were at least three federal mandates:
(1) Federal workforce,
(2) Federally-funded healthcare facilities,
(3) Large businesses
In recent Supreme Court decisions in cases challenging #2 and #3, #3 was struck down and #2 was upheld, #1 was not challenged in those cases.
This database is concerned with #1, since it's an employee database for an agency within the federal government (hence why the employee database has a federal register notice.)
Eg, several big banks are covered by #1, the way it is written. These banks have as their contractors, large consulting companies - which now enforce on their end.
LearnDMARC  was posted here recently and can show you how this is validated.
 - https://www.learndmarc.com/
For navigation I have 2 portable GPS navigation systems. A really old one that I just can't get myself to throw away and a recent Garmin. If that fails I stop and ask for directions and meet new people.
Something you may find useful to reduce the phones attention-seeking behavior is to find a way to disable all sounds on your phone. I don't know if smart phones can do this but my little flip phone can be entirely silent and I can set custom ring tones in the phone book for important numbers. If something is important from a number I don't have they can leave a voicemail.
These scientists are free to ask to come on the JRE and share their views.
It seems unreasonable that listeners shouldn’t be allowed to hear any other viewpoints.
It’s really really stupid for someone with a huge audience to bring on an anti-vax nut job and uncritically interview them because simply being on the show at all lends their message legitimacy — “this person who I trust to curate content says this is a voice worth listening to.”
The message isn’t “you shouldn’t be allowed to listen to their viewpoints” but “what the fuck Joe, you basically endorsed these idiots and people actually listen to you.”
It turns out that everyone knew who would be there, what weapons they would have and their intentions. The only thing they got wrong AFAIK was the clothing. The militia that usually wear Hawaiian shirts were in plain clothes but they were still spotted instantly. Here is a documentary that covers this fairly well and everything leading up to it.  No covert communications. The militias were using public podcasts and social media sites to communicate and coordinate with one another and people were using machine learning to predict their actions quite accurately.
The bit I don't quite understand is why the Whitehouse had only a normal contingent of police in standard gear. These police were barely equipped to deal with a black Friday sale at Walmart much less a massive mob with some militia stirring them up.
 - https://www.youtube.com/watch?v=v22xC09WSVc
grep ^read /etc/profile.d/timeout.sh
Another risk with a bastion model is port forwarding. As an organization you have to decide what is appropriate for that bastion. Unrestricted forwarding? Restricted? Denied?
If your bastion is also used for automation to drop files into a staging area, you can limit that automation to file transfers and even limit what it may do with files. This prevents the automation from having a shell or performing port forwarding.
The keys should be outside of the home directories to prevent malicious tools from appending additional authorized_keys into the account. Make use of automation to manage key trusts and add a comment to keys to map them to an internal tracking system like Jira. This assumes your MFA/2FA is excluding specific accounts or groups via PAM and permitting the use of ssh keys with specific groups or accounts.
Match Group sftpusers
ForceCommand internal-sftp -l DEBUG1 -f AUTHPRIV -P symlink,hardlink,fsync,rmdir,remove,rename,posix-rename
Another thing mentioned in the article is iptables. In a PCI environment one may want to also have explicit outbound rules using the owner module to limit what users or groups are permitted to ssh out. So if your organization have a group of people allowed to use this host as a bastions, then one could write a rule like
iptables -I OUTPUT -m owner --gid-owner devops -p tcp --dport 22 -d 192.168.0.0/16 -j ACCEPT
Lastly I would add that bastions should have as minimal an OS install possible and have SELinux enforcing. Actions denied by SELinux should go to a security operations center after you spend some time tuning out the noise and false positives.
 - https://man7.org/linux/man-pages/man8/sftp-server.8.html
It would be interesting to hear what you think of Keykloak.
There's also one very important difference between those two:
- others can see your favourites.
- you can see both your upvotes and your favourites
so only use favourites for things you don't worry about others seing.
I don't know if this is important for you but for a lot of people here it probably can be.
dig +noall +answer @ns3.digitalocean.com -t ns digitalocean.com
digitalocean.com. 1800 IN NS ns2.digitalocean.com.
digitalocean.com. 1800 IN NS ns3.digitalocean.com.
digitalocean.com. 1800 IN NS ns1.digitalocean.com.
dig +noall +answer -t soa digitalocean.com
digitalocean.com. 3600 IN SOA kim.ns.cloudflare.com. dns.cloudflare.com. 2263777094 10000 2400 604800 3600
Figured this might be related but guess not (I'm admittedly kinda ignorant around the intricacies of DNS, hence the question mark in the title).
Well that's not good. Lets hope they have an audit trail that can tell you what went wrong. Without the details of your domain I could only guess. I'm sure they and cloudflare together could help you figure it out.
Only if you also require regular cigarettes to be licensed as medicines, or if you want to create yet another illegal market.
The tobacco companies did a good job of making it harder to use vapes. History has made me heavily biased to see any attempt to make alternatives to tobacco harder to acquire something that must be in some way funded by big tobacco. I see that as a personal attack on a family member that has been trying to stay away from tobacco.
 - https://www.youtube.com/watch?v=biNxl7tiVSY [video]