Kid_Thunder @ Kid_Thunder @kbin.social

Posts

0

Comments

246

Joined

2 yr. ago

Depends on if there's an IPv6NAT and how your ISP converts between IPv4 and IPv6 or actually supports IPv6 straight through. It also depends on your router.

Currently, there's still some debate since IPv6NAT (NAT66/NPT6/NATv6) isn't really needed for WAN boundaries for the reasons NAT exists. However, without it you are right on that this will be a problem for the consumer because PCs, IoT devices, printers, circuts or whatever my wife has, etc. could all be exploitable and even worse, you may never know you're contributing to the botnet.

As an example, I have a global IPv6 on a few on my devices. They can connect to IPv6 if it originates from me but if it originates from them or is UDP it doesn't route to my IPv6. My router doesn't care. It'll route it just fine either way. It would appear that my ISP has me behind one of the IPv6 NATs.

I'd imagine that's true for most people at home.

Truth Social where he is most active is owned by Trump Media and Technology. Right now SCOTUS is considering a case in court that may determine whether social media companies and websites in general can just ban people with differing opinions as a private entity or not.

NAT provides some measure of security as pure coincidence to how it works. It is not designed or intended to provide security. It does not inspect packet payloads in order to filter them for security. It looks at the header and attempts to route it to an internal IP address (your devices on your LAN) and if it cannot, it will drop the packet because the header will only have the external IP address -- the packet has no idea which device it is supposed to go to. Forwarding a port is telling the NAT to assume that when a packet hits a certain port, if it doesn't know the destination internal IP, forward it to some internal IP anyway.

The reason you can connect to websites, ssh outside, FTP, whatever, is because your connection comes from your internal IP first to some other IP and therefore, NAT knows which internal IP to route those packets to.

Take for example this scenario:

You download some software. It has malware that provides command and control (C2) to someone else outside of your network. A firewall and/or antivirus may be able to stop this and hopefully notify you. NAT will not help here. Furthermore, if you have uPNP enabled (usually it is by default on your router) the malware can forward any ports through your NAT to the compromised device opening it up to bot attacks and the like.

Another scenario:

You want to play a video game with you and your friends and you're going to host it. So either you manually forward those ports or perhaps uPNP just does it for you. That game has an exploit known by attackers, or perhaps it can just be DDoS'd. Your NAT isn't going to stop that. Hopefully a firewall will help you here. It definitely will if you set up explicit rules so that if they aren't your friend's IPs it will drop them. Though it is possible the game is exploitable and your friend's are compromised.

Take for example malware has been known to spread via Minecraft.

As I understand it, NAT is a firewall

NAT is not a firewall. NAT does not inspect packet payloads, it doesn't do anything except attempt to route packets to where they are supposed to go. If the connection originates from outside or it is a 'connectionless' protocol, the NAT has no idea which internal IP to route to, so it drops the packet.

NAT provides some security by sheer coincidence and not by design.

TLDR; After interviewing the president of Crunchyroll and getting absolutely nowhere with a test free account with 'forever' digital content it appears neither Crunchyroll nor The Verge knows how they are going to handle this. The title appears to be the most positive way to summarize the situation as possible.

Summary:

The author doesn't know what Crunchyroll is going to offer to make this up to customers, had issues with trying to get an answer for their own account's content and Crunchyroll's response has been fairly ambiguous but it seems they want to handle it on a case-by-case basis. Things like perhaps premium subscription discounts were mentioned. Allowing some sort of limited-time download was not mentioned. It is clear that there is no plan to make this content available the same way on Crunchyroll going forward.

The author used a free account that has two 'forever' digital content and they received canned responses from customer service seemingly after this interview with Crunchyroll's president. When asking Crunchyroll about that afterwards, the author was given a special link for all customers to use. So far there has been no further customer service response.

There is no definitive answer as to the solution and it is unlikely to be 'good' based on the comments from Crunchyroll so far.

It doesn't sound so terrible. Just tracks upsells for a bonus, right? Think about what happens every single time with technology like this. It will definitely be used to create metrics on virtually everything an employee does and continue to press upward.

If this goes unchallenged expect things like cameras watching everything you do. White collars have cameras aimed at their faces and keyboards, blue collars have them on their job sites. You'll need to meet hard metrics to be considered at the bare minimum and also compete with others for raises/bonuses based on the data. The top competitors push the mean metrics up and up.

It wasn't that long ago when employers were demanding not only their employees' social media username and passwords but also applicants. Some states passed laws specifically banning that, which was helpful and thankfully some of those states were key states where many corporations are incorporated for the immense tax breaks and also thankfully people just made it ineffective by creating obvious dummy accounts.

Workers rights in the US much like consumer rights aren't that great compared to other nations. Unions are trying hard to make a big come back but are being hard fought. There are big companies that continue to illegally union bust that aren't held accountable at all.

Companies do not need this to remain competitive and survive. They need this to maximize profits. Please consider these types of issues when you vote and write your representatives about these things going forward.

In I'd say the first 10 years in my adult career, I definitely hated that. At about the 10 year mark I changed my entire perspective on things. I just changed to the mindset that employment is a two way business decision. I knew that I could leave at any time and I know they can make me leave at any time. So, I became much more independent. I make my own meetings with others when I feel I need to. I only attend meetings I feel like matter, which cuts a lot of them out. I do great work and I specifically build relationships with everyone I interact with. In all of my positions at all of the companies and projects I've worked on, I basically cut my manager out of everything. I set my own boundaries and make my own decisions. I will not do something that I don't want to do. I will not work hours that I don't see as reasonable for whatever I'm doing and I will have a good work-life balance.

My job has been threatened from time to time but I just shrug and say "that's your decision but it doesn't change mine" but I usually have a great reputation everywhere for being the guy that can 'do anything' and 'get it done'. I've had directors and once a VP force a rewrite of my manager's performance of me because I basically tell them I'll just leave if my performance rating isn't what I expect it should be from what I produce. It takes about 6 months, sometimes a little longer at a new place to get that sort of political capital for me.

Basically, taking control of my own work-life has made me a lot more money, given me a much better work-life balance (I rarely work over 40 hours a week) and has made my actual time at work much more productive and enjoyable. I've empowered myself and it is fucking great.

Most of your direct managers aren't really going to let you go (except perhaps mandatory lay-offs) if you're very productive because you're effectively making them look good and advancing their career. If they do, then fuck'em, you shouldn't be there anyway because you'll always be held back and treated poorly for your efforts. You don't have to actively search for jobs always but shooting your resume out to places from time to time, especially as you build your professional network can be very beneficial. If you have a good offer, demand they match it somehow -- either in money or benefits of some type. If they don't then just take the offer.

When management knows that you can and will leave and you're productive, it changes the whole dynamic for you at work.

I know some people take the opposite path and do the bare minimum they have to in order to keep the job but I think having control over what you are doing, when you are doing it and having actual leverage in negotiating your pay whenever is much better for you. When they know you don't need them, they'll pay you better and just let you do your thing. The 80/20 || 90/10 (depending on how mismanaged your org actually is) rule is real. Be one of the 10 || 20 and show them you know it.

I was shadow IT for a project and asked IT to design this special unconventional thing which of course they wouldn't. So I made this little embedded linux device to take care of it. Gave them the design and steps I made and all that. They were like "nah" so I told them to give me admin on their file server and switch and I'd just do it myself. So they did (lol?).

I had to create a service account, so instead of just having the system account do it on their file server because I figured that wouldn't be OK. I asked them how do I properly get a service account approved and they passed me to Cyber who had me submit a user request. It got denied because it didn't have a signed user agreement or a Sec+ or similar cert......

So I created a word doc that said "I am not a real person and therefore cannot sign any contracts. I am just software man." and exported it to PDF and named it the same name of the agreement file name. Did the same for the cert. They approved it.

Then nobody ever created the account because IT's helpdesk couldn't figure out how to do it. I think it was more that they probably didn't have an OU structure properly set up so they wanted some architect or something to weigh in.

Anyway, I just let System do it because, well I had been waiting months at that point. The service account probably still doesn't exist in AD. They then took my admin privs away and got credit from upper management for solving this odd problem that my stuff took care of.

Eventually they needed a more robust solution and also in a few more places since it worked well but they started slamming it a bit too hard with data. They wanted to just keep giving me specific rights and then take them away when I was done but also submit paperwork every single time to them to do it.

Apparently, I burnt bridges when I said "nah" as a Reply to All when they told me that. But who cares to have a bridge to nowhere anyway? As far as I know (since I still occasionally get a technical question about it) my little guy is still chugging away today, though I've moved on since then.

Man jokes about "good sex" being key to his 47 year marriage.

Conservatives: Rage while putting a thrice married rapist on a pedestal of morality supposedly "chosen by God" and what-not.

Democrats: See opportunity to win women voters over due to IVF being considered abortion.

Republicans: See opportunity to win black voters over due to sneakers and menthol cigarettes.

I disagree about ClamAV in-so-far as its vanilla virus signature database. You really should use some third party ones though you have to be careful since some like specifically malware patrol are way too general. For example, malware patrol will identify any document mentioning any drive.google.com URL a virus.

In regards to MP, I actually submitted the offending signature to MP support and the CSR told said and I quote "Unfortunately that is not a false positive, there is confirmed malware hosted at drive.google.com." It caught my attention because a bunch of READMEs from some github projects and some HTML files ended up in the quarantine. I asked if future signatures would include this general URL since I'm going to blacklist this specific signature and was told basically 'yes, probably'.

I do recommend third parties though and most are free for personal use. Some require a key and therefore some sort of sign up but it isn't terrible except perhaps in regards to where I'm posting, some would consider it so.

Not all digital reporting but a massive amount of it is just low quality. Many articles stating something with 5 tweets from random people or reddit posts or similar, blog quality op-eds; atrocious barely moderated comments sections, recycled articles, adblocker blockers, cookie notifications with too many checkboxes, autoplay irrelevant videos (relevant ones are still bad) and paywalls just aren't good enough.

You need compelling content, you need original content and you need a compelling price point for subscriptions. On the op-ed side, everyone does a terrible job compared to some hobbyist youtubers.

Vice had some compelling content (to me) but not nearly enough for me to want to subscribe with actual money. I personally think Vice went for quantity over quality more and more plus probably grew too fast over the last decade. I guess that's what happens when investment firms essentially control the company.

Yeah you can use any executable but hh is just short and in everyone's path.

In powershell:

for(){hh }

Also the beeping will be annoying.

I like how they didn't provide an alternate solution to this. Mr. Miller is showing real Texas leadership potential.

Don't worry, he'll end up still having enough funds for a legal defence after the RNC is backrupt due to it. We will find out in 5 years or so that it turns out Russia backed his funds for legal defense and some loans or something. He'll say it was due to a 'great business deal because Russia are great business people, maybe the greatest' due to like a $500 million 'business' deal to put Trump's name on a random warehouse out in the middle of Siberia.

For Windows you can use KDE Connect (and also MacOS) or Microsoft Phone.

For Linux Mint there's KDE Connect or GSConnect (GNOME Extension) though I don't use GNOME often, I remember liking KDE Connect better still.

OK