Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)IR
Posts
0
Comments
319
Joined
2 yr. ago

  • Maybe it's like mobile operating systems where those apps are part of an immutable area and can at most be hidden. However, given how incredibly slow OS updates are on modern Macs, that would be surprising.

  • Try using ICE instead of proxying all your traffic through a VPS. If you're just using the VPS for session establishment you won't be using a lot of bandwidth and won't get blocked or go over quota. Try searching for things like "wireguard mesh stun".

  • YouTube has RSS feeds you can access without scraping, but it's per channel so if you follow a lot of channels you'll be following a lot of RSS feeds.

    Lemmy also has RSS feeds for each community.

    Are you looking for a reader instead? A reader aggregates the feeds and displays them. Usually it keeps track of which items you've already read.

  • Is it a feature of the Galaxy Buds or a feature of the Galaxy S24? They say this is better than the Pixel Buds because it doesn't require an internet connection, but the Pixel Buds do not have language translation at all. They're headphones you connect to a phone that has language translation, and it's the phone that needs internet to work. If it were a feature of the Galaxy Buds that would be much more impressive, but since the article doesn't say exactly, it's unlikely that the Galaxy Buds actually have real-time language translation at all and it's just phone software and marketing.

  • Nobody cares about your home services unless they can use them to send spam or mine bitcoin. Owncloud is a funny name because it seems to imply it's for personal use: your own cloud. I didn't know until I found myself in one, but apparently a lot of schools use Owncloud.

    phpinfo is just a bad idea. It's a built in facility that dumps everything without knowing whether it's sensitive or not, right into the current page, making it trivial to add this vulnerability to your own application or library that an unsuspecting developer will include into their application. There's not even a single security warning in the documentation. Here's practically the same problem from 21 years ago: https://nvd.nist.gov/vuln/detail/CVE-2002-1725

  • I don't know how much of a difference it will make.

    It's easy to host files. Even if the malware "author" is clueless and just buying a customizable malware, either they'll figure out how to host files or file hosting will be provided along with the service they're buying.

    It may not stop Discord from being the file host either. Malware distributing bot accounts could keep copying a new link to the file, or could upload a new version of the file on demand.

    Discord can't expire webhooks the same way so webhooks will continue to be used for exfiltration. Pointing out that it's used for exfiltration as if it were related seems like bad reporting. It's a difficult problem because if they did break webhooks it'd only make things more difficult for legitimate users. These malware packages usually hijack the user's Discord installation and could send out the information as the user without using webhooks.