[Canonical Whitepaper 2025] A guide to infrastructure hardening: Best practices to improve the security posture of your Linux-based infrastructure deployments

[Colin Watson]

On Fri, Dec 12, 2025 at 03:53:01PM +0800, Bret Busby wrote:
>On 12/12/25 15:46, Bret Busby wrote:
>>On 12/12/25 15:34, Ralf Mardorf via ubuntu-users wrote:
>>>On Fri, 2025-12-12 at 03:10 +0000, Turritopsis Dohrnii Teo En Ming 
>>>via ubuntu-users wrote:
>>>>https://scontent.fsin4-1.fna.fbcdn.net/m1/v/t0.50684-6/An- 
>>>>QPxv9ZNZZ0c11iGB1pyzPfjxKJTjG8Qz0xNpoXiWxz7mIOHBCV9BZbjzXGXqwrCzW5-
>>>> zkTwrbdjgZEpsdbV0EOLaxMDQ3sYm0D-WnUVR83NaeyS63c-0QDBKUUA/ 
>>>>A+guide+to+infrastructure+hardening+(1).pdf? _nc_oc=AdnUaZXrZzBSawbBa2Fdg6N5_1_pDIQHxwjLwbg58gNZaqKmB7Vi3nsddN8bjL-7Eqo&ccb=10-5&oh=00_AfmDyrFxB28d4GRqI-
>>>> kzzMydIet7jkJbDzDEFn0DBru9Dg&oe=6962CB92&_nc_sid=de6fe6
[...]
>>I thought it was from canadian f###book - "fbcdn.net"
>>
>>Do the north corean and chinese and rushin cyberwarfare people get 
>>promoted within the party, according to the degreee of clicks they 
>>get from such posts?
>
>It even has the north corean operator code included in the URL
>("?_nc_oc=") to enable the kerching to the identified operator, for 
>each gullible click on the URL.

I can't tell whether this is very dry humour or whether you actually 
believe this, but just in case anyone else believes you ...

"CDN" in this context is "Content Delivery Network", not Canada.  The 
_nc_oc and _nc_sid query parameters are undocumented as far as I know, 
but it's implausible that they would refer to North Korea (typically 
transliterated with a K in English, not a C).  Firstly, if Facebook's 
CDN actually supported parameters to help North Korea, they would surely 
be obfuscated more than that.  Secondly, it's much more likely for them 
to be for Meta's own tracking purposes.

-- 
Colin Watson (he/him)                              [cjwatson at ubuntu.com]