A cookie notice that seeks permission to share your details with "848 of our partners" and "actively scan device details for identification".

How are you storing passwords and 2FA keys that proliferate across every conceivable online service these days?

What made you choose that solution and have you considered what would happen in life altering situations like, hardware failure, theft, fire, divorce, death?

If you're using an online solution, has it been hacked and how did that impact you?

I've been using VMware for about two decades. I'm moving elsewhere. KVM appears to be the solution for me.

I cannot discover how a guest display is supposed to work.

On VMware workstation/Fusion the application provides the display interface and puts it into a window on the host. This can be resized to full screen. It's how I've been running my Debian desktop and probably hundreds of other virtual machines (mostly Linux) inside a guest on my MacOS iMac.

If I install Linux or BSD onto the bare metal iMac, how do KVM guests show their screen?

I really don't want to run VNC or RDP inside the guest.

I've been looking for documentation on this but Google search is now so bad that technical documents are completely hidden behind marketing blurbs or LLM generated rubbish.

Anyone?

There is a growing trend where organisations are strictly limiting the amount of information that they disclose in relation to a data breach. Linked is an ongoing example of such a drip feed of PR friendly motherhood statements.

As an ICT professional with 40 years experience, I'm aware that there's a massive gap between disclosing how something was compromised, versus what data was exfiltrated.

For example, the fact that the linked organisation disclosed that their VoIP phone system was affected points to a significant breach, but there is no disclosure in relation to what personal information was affected.

For example, that particular organisation also has the global headquarters of a different organisation in their building, and has, at least in the past, had common office bearers. Was any data in that organisation affected?

My question is this:

What should be disclosed and what might come as a post mortem after systems have been secured restored?

U2F keys can be purchased online for the price of a cup of coffee. They're being touted as the next best thing in online security authentication.

How do you know that the key that arrives at your doorstep is unique and doesn't produce predictable or known output?

There's plenty of opportunities for this to occur with online repositories with source code and build instructions.

Price of manufacturing is so low that anyone can make a key for a couple of dollars. Sending out the same key to everyone seems like a viable attack vector for anyone who wants to spend some effort into getting access to places protected by a U2F key.

Why, or how, do you trust such a key?

The recent XZ experience shows us that the long game is clearly not an issue for some of this activity.