stardreamer

One way to do this would be set up crowdsec bouncers on each server but only run a single instance of the crowdsec daemon. Send all logs to the daemon and let it communicate with all the bouncers.

Sounds like a job for crowdsec. Basically fail2ban on steroids. They already have a ban scenario for attempts to exploit web application CVEs. While the default ssh scenario does not ban specific usernames, I'm pretty sure writing a custom one would be trivial (writing a custom parser+scenario for ghost cvs from no knowledge to fully deployed took me just one afternoon)

Another thing I like about crowdsec is the crowd sourced ban IPs. It's super nice you can preemptively ban IPs that are port-scanning/probing other people's servers.

It's also MIT licensed and uses less ram than fail2ban.

Is this an exclusively US thing? Back when I was in Asia there were always subtitled showings and non-subtitled showings. The better theaters even had a dedicated teleprompter at the bottom so the subtitles don't block the movie.

"But what if they start putting fries in my ports? I can't have fries without any ketchup!"

I must be dumb cause I still need 3 tries to plug in a HDMI/DP port.

USB B takes 6 tries: first three times in a RJ45 port, then 3 more after realizing I've been messing with the wrong port all this time.

1. Attempt to plug in the USB A device
2. If you succeed. End procedure
3. Otherwise, destroy the reality you currently reside in. All remaining universes are the ones where you plugged in the device on the first try.

That wasn't so hard, was it?

Sometimes you're working on an IoT device in a tight space, which makes rotating/seeing everything much harder.

Especially if you drop the cable it falls into a crevice somewhere.

You probably won't have trouble plugging it in the first time, but gods forbid you unplug/replug it then the cable rotates 540 degrees and you have no idea how it was plugged in before

Zen kernel should be fine. I've been running it for 4 years and haven't had any issues specific to zen.

Many years ago when I was still doing my undergrad I had a cyber security prof talk about side channels:

”There's no way to prevent side-channels. As long as two components are sharing the same physical resource there will be side channels. The only problem is that these side channels are leaking way more bits than we expected.”

So the question here is how big does the side channel need to be to leak something sensitive from memory? Turning off mitigations will almost certainly lead to larger side channels. Whether that is worth the risk is up to you.

And Quic, and Pony express, and GFS...

"Would anyone at the table like to carve the rump?"