AndrasKrigare @ AndrasKrigare @beehaw.org

Posts

4

Comments

325

Joined

2 yr. ago

I disagree with one of their points

Network firewalls can also be configured to deny inbound and outbound traffic to and from the physical interface. This remedy is problematic for two reasons: (1) a VPN user connecting to an untrusted network has no ability to control the firewall and (2) it opens the same side channel present with the Linux mitigation.

Sure, they can't control the network firewall, but why would you do that when you can change your local firewall? Set an iptables rule to drop all traffic going out the physical interface that isn't destined for the VPN server. I'm 70% sure some vpn clients do this automatically.

No place like loopback

Interesting, interesting, so by that logic it's fundamentally impossible for a country to have inadequate rail service and all rails are of equal quality? I'll be sure to let everyone know they can cut all funding because none of it matters.

Not sure if you're making a joke, but windows kill birds because they're transparent and birds fly into them not realizing it's there. The rest of the building doesn't really kill birds because they won't fly into it.

Saw that response coming. I'm just saying maybe don't assume everything is American before asking a question like that, and especially don't do it for a website with "euro" in the name

Are we really not going to talk about how the website is EURO gamer?

Facebook is literally the fifth most hated https://www.axios.com/2023/05/23/corporate-brands-reputation-america

These things aren't well-defined, so you're certainly welcome to, but I think most people would consider an omniscient, omnipotent creator of the universe to be a god and not a spirit.

I agree, but I think AA also exists. I'd put Remnant From the Ashes in that category

Neither of those are necessarily true. For an Abrahamic god, sure, but one can certainly conceive of a god that doesn't define good and evil, and a god that defines good and evil and doesn't define itself as good.

A monopoly with checks notes 30% market share. It has a plurality, but not a majority.

https://www.theverge.com/2022/1/20/22892939/music-streaming-services-market-share-q2-2021-spotify-apple-amazon-tencent-youtube

Those are different things.

Shit, are we getting to that point where all non-password logins are "2fa" like how all denial of services are "DDoS"

My thought was that it was going to be just about WiFi internal to the house and it was an issue with interference from neighbors (which then gets shut out in the rain).

Look into my eyes and it's easy to see One and one makes two, two and one makes three It was destiny

I disagree. DM's always have the ability to put in their own choices and, in this case, room descriptions, regardless of what a module says. But that is work, and one of the things you buy a module for.

To make an extreme example, imagine I sold a campaign module called Blank Slate, where every page just says "and then you decide what happens next" and "decide what rooms are in this dungeon and what monsters are there."

I think he was more remarking that you said "built on top of an existing *ix" instead of saying it was built off of BSD

That's awesome, reminds me of one of my favorite scenes from the Bourne movies. Bourne knows some agents are coming after him to the building he's in, so he picks up a phone, calls the police and says "I heard gunshots, I think they're Americans" and then throws the phone against the wall, fires a few random shots, and leaves. The police then catch the agents sneaking up to the building and arrest them.

One caveat I'd want to note is for the underlying methodology that uses:

As this study by Joseph Bonneau attests, people frequently choose common phrases in addition to common words. zxcvbn would be better if it recognized "Harry Potter" as a common phrase, rather than a semi-common name and surname. Google's n-gram corpus fits in a terabyte, and even a good bigram list is impractical to download browser-side, so this functionality would require server-side evaluation and infrastructure cost. Server-side evaluation would also allow a much larger single-word dictionary, such as Google's unigram set.

As another example, the passphrase "This password is good" is claimed to take centuries to crack, but if the search space were narrowed down from a sequence of words to grammatically correct sentences, certain passphrases would be much weaker than this would show.

OP kinda already addressed that. A password manager is great, but you still need a master password, so do you use a passphrase for that?