biscuitswalrus @ biscuitswalrus @aussie.zone

Posts

0

Comments

212

Joined

2 yr. ago

Think of this:

You find a computer from 1990. You take a picture (image) of the 1KB memory chip which is on a RAM stick, there are 4 RAM sticks. You are using a DSLR camera. Your image in RAW comes out at 1GB. You project because there's 8 chips per stick, and 4 sticks it'll 32GB to image your 4KB of RAM.

You've described nothing about the ram. This measurement is meaningless other than telling you how detailed the imaging process is.

They took imaging scans, I just took a picture of a 1MB memory chip and omg my picture is 4GB in RAW. That RAM the chip was on could take dozens of GB!

I don't know man, I'd prefer light rail than a banananana bus, you know Brisbane style 3 segment bus...

Telegram isn't encrypting chats (only secret chats).

As far as reproducible builds telegram has got instructions and caveats or excuses around builds for the same issues signal does: https://core.telegram.org/reproducible-builds#reproducible-builds-for-ios

Both easily make Android reproducible builds. This Twitter message is a rock being thrown in a glass house, knowing most people who consume Twitter like it's a firehose, won't swallow the nuance of the details.

I don't even, not to complete lengths.

Reasonably sure they mean telegram. Only secret chats are encrypted. Telegrams chat otherwise is basically transport layer encryption.

https://www.wired.com/story/telegram-encryption-end-to-end-features/

Thanks for sharing!

Australian native bees can't sting, do a great job of pollinating, and make a little honey on the side. They're very curious from experience with a swarm making a home on my water meter box, but not very scary.

Oh I think I've met you! You must be my coworker!

Just joking of course, looking fun of a privacy focused person while making a point my coworkers also don't read. I'm glad you didn't delete the post though, I enjoyed the journey. You did read, you're better than my coworkers.

The Nintendo lawyers are full time, this is just a Thursday to them. You're keeping those lawyers employed by giving them work.

Or maybe they're trying to keep their system minimised from yet to be found security issues in the hundreds of packages pre installed that they don't ever use or need, and act as nothing other than additional threat surface.

Poetic

To me, not a player, it seems like there's a long winded explanation/justification for why they uploaded a illegitimately approved run. In Super Mario maker, if you make a level you need to beat it to upload it. They beat it with a tool instead of skill, to ensure the sequence of frame perfect tricks could be completed, something nearly impossible to do by real players.

There were many top level players all at once playing that level non stop. So I feel for them. Training their muscle memory to execute robot timings for what came out to be not a legit level.

Most of what was said was irrelevant, they managed a life story in the middle of an apology.

The presenter is borderline unwatcable. If that's you, sorry for any insult.

I agree I need someone who could tell me what a state nation could do with sequenced Ebola from a risk point of view.

I both think it would be a requirement to cure, and a requirement to modify to weaponise.

I think when the scientists lied when interviewed though they would only do that if they knew the trouble was grave.

The messaging around this so far doesn't lead me to want to follow the fork on production. As a sysadmin I'm not rushing out to swap my reverse proxy.

The problem is I'm speculating but it seems like the developer was only continuing to develop under condition that they continued control over the nginx decision making.

So currently it looks like from a user of nginx, the cve registration is protecting me with open communication. From a security aspect, a security researcher probably needs that cve to count as a bug bounty.

From the developers perspective, f5 broke the pact of decision control being with the developer. But for me, I would rather it be registered and I'm informed even if I know my configuration doesn't use it.

Again, assuming a lot here. But I agree with f5. That feature even beta could be in a dev or test environment. That's enough reason to know.

Edit:Long term, I don't know where I'll land. Personally I'd rather be with the developer, except I need to trust that the solution is open not in source, but in communication. It's a weird situation.

Now I'm not part of this, but a international student just got scammed $170 000 dollars over 3 months. They believed that the police had seized their Australian bank account and were contacting them related to their identity being stolen. It wasn't at the time of call, but the international student, maybe 25, was fully profiled. They knew where he studied, who they had been talking to. At the time of call, the poor kid thought he was talking to the police, gave every bit of information including bank account which had mfa, but undid it and and followed the scmmers requests believing he would be deported. He called home to his parents and asked them for more money even in order to build a new account because he believed is other one was frozen, the new account was under order and control of the scammer who this kid trusted. The scammer even made this kid move into a hotel for a week as their "premise needed to be searched" it wasn't for a month after this that it was found because the kid believed he couldn't tell anyone before the school (where he was attending but kept leaving to take calls which is a no no) had to tell the kid that absenteeism will result in the student visa being cancelled. At that point it all came out, month and more of being scammed.

My point is, no it's not business. Just look at the YouTubers, just watch Jim Browning. Just ask people, it's a multi billion dollar industry. And it's not limited to rules like 'business'.

There are massive collections of databases online that find where breaches have occurred allowing attackers to dump the database of that service, then collect all those database dumps together to identify all known accounts under an email address. Then once that email account ever has a password breach attackers can look up and see 'was this password used also on other accounts' and attempt to use the same email and password on them. Moreover they will just try that email regardless of known affiliation, if they already have a user name and password across many online services, it's safe to assume this will work sometimes. This is the essence of a credential stuffing attack.

https://www.abc.net.au/news/2024-01-19/what-is-credential-stuffing-scams-how-to-prevent-and-protect/103367570

https://www.abc.net.au/news/2023-05-18/data-breaches-your-identity-interactive/102175688

I've used abc here since I believe they write better for a lay person.

Edit: I should mean to say, they can also create a profile of you and your many email addresses as demonstrated.

Digging tunnels.

You realise if it's saved you can now use features that are built into the software, that get saved, like using 'track changes' to accept or discard edits granually. You have file system level version control to choose previous versions, you have an undo feature built in. Three different tools to use.

Not really, you can leave auto save on, and use the inbuilt track changes function. Best of both worlds.