Laser @ Laser @feddit.org

Posts

3

Comments

664

Joined

1 yr. ago

$57k is already laughable considering the amount of money deposited... but in gift cards?

You're already handling cash, aren't you?

38 years old neo Nazi, arrested at his mother's place after threatening a sheriff on 4chan because the sheriff stopped them from spreading hate.

Such a loser... in Minecraft :)

I have full IPv6, none of my ports that I haven't explicitly whitelisted in the firewall can be accessed from the Internet. I can open a host completely, but it's not default. This is on the most common brand of consumer routers here.

Just because it's not NATted doesn't mean there's no firewall in place.

At this point, Prime doesn't make sense if you want to save on shipping. It made sense because it included a lot of good stuff (video before ads, some music, shipping, games) but just for shipping, there were better options.

I basically overpaid but didn't care out of convenience - partner sometimes watched prime, I ordered occasionally, played some included games. But the changes to video were so shady that I cancelled it.

What's confusing about wine prefixes apart from the fact that wine itself doesn't come with a graphical interface to manage them? On a Deck, Steam should handle these for you

Please don't bring in this worn out Reddit joke

I worked in software certification under Common Criteria, and while I do know that it creates a lot of work, there were cases where security has been improved measurably - in the hardware department, it even happened that a developer / manufacturer had a breach that affected almost the whole company really badly (design files etc stolen by a probably state sponsored attacker), but not the CC certified part because the attackers used a vector of attack that was caught there and rectified.

It seemingly was not fixed everywhere for whatever reason... but it's not that CC certification is just some academic exercise that gives you nothing but a lot of work.

Is it the right approach for every product? Probably not because of the huge overhead power certified version. But for important pillars of a security model, it makes sense in my opinion.

Though it needs to be said that the scheme under which I certified is very thorough and strict, so YMMV.

My router will still block all ports not explicitly allowed for the hosts regardless of protocol, it's a firewall after all and not just NAT. Just because the host addressable doesn't mean its ports are reachable.

And the Bible being a justification for state executions is such a horrible excuse.

Which part of the Bible allow that? Is it this "an eye for an eye" thing? And if yes, do those people referring to it also honor the other verses in Leviticus (i.e. not eat shrimp)?

Salt the hash with something unique to that specific user so identical passwords have different hashes

Isn't that... the very definition of a Salt? A user-specific known string? Though my understanding is that the salt gets appended to the user-provided password, hashed and then checked against the record, so I wouldn't say that the hash is salted, but rather the password.

Also using a pepper is good practice in addition to a salt, though the latter is more important.

Testing is actually mandatory, what's not mandatory though is to do it before deploying.

what’s feurking

An optional step in the développement process

Emacs? When there's ed? Talk about bloat…

Skylines is ok, it never clicked for me, consider it more of a city painter than a management game... That plus Paradox' DLC policy made the game quite unattractive to me rather quickly. And it was very car-centric.

Unfortunately, I'm unaware of a serious contender.

Personally I'd love to see more wider usage of S/MIME and/or PGP.

I'd rather see less. https://www.latacora.com/blog/2019/07/16/the-pgp-problem/ is a good summary about the issue and they have a shorter follow-up post about why encrypting mail in general is bad at https://www.latacora.com/blog/2020/02/19/stop-using-encrypted/

What I take issue with actalis, is that they don't just sign your private key but you actually get the private key from them. It then depends on how much you trust the issuer.

By definition, that key can no longer be considered "private".

l haven't played Planet Coaster, but my impression was it's more of a coaster builder than a theme park manager? A lot of "hardcore" players play OpenRCT 2, and for a slightly more modern take on the genre there's Parkitect. But classic RCT hasn't been replaced

I mean... it's not like her sketch is too far off.... it's him they botched

Could be the kernel itself

Wouldn't make sense to me because the thread says GNU/Linux and others, though this could relate to Android or distros not using any GNU.

gnupg

Usually not exposed to the network though, but it's generally a mess so wouldn't be too surprising

Another candidate I have in mind is ntpd, but again that is usually not easily accessible from outside and not used everywhere, as stuff like systemd-timesyncd exists.

Just want to stress that I'm not sure about it being OpenSSH, it was more supposed to be a fun guess than a certain prediction

Since this affects Linux and others, I'm guessing this is about OpenSSH. But I'm not very certain. Just can't think of another candidate.

But holy sh, if your software has been running on everything for the last 20 years

This doesn't sound like glibc as someone in the thread guessed.

Yes