bamboo
@bamboo@lemmy.blahaj.zone
- Comment on What's up with "Plex Servers"? 6 days ago:
Sounds like a great way to get fired from a job. Mirror as much as you can from him while he still has it up, but also probably limit it so that the bandwidth doesn’t raise any alarms.
- Comment on What's up with "Plex Servers"? 6 days ago:
With P2P file sharing, your client is sharing the files with random people on the internet and you’re identified by your IP address (or a VPN IP address / seedbox IP address / etc). MPAA hires companies to check for popular content and log the IP address, time, and content shared, and then sends that to the ISP. The risk and issue is sharing content with anyone randomly, since that is how your ISP is informed of the activity.
With media servers, unless you’re somehow sharing publicly, it’s safe to assume your members aren’t going to report you to your ISP. I guess in theory the ISP could see high upload bandwidth and investigate, but more likely than not, if there are limits, automated systems will just throttle the bandwidth, and no deep packet inspection or other forensics is performed.
- Comment on What's up with "Plex Servers"? 6 days ago:
Good on you, but I would never pirate Ready Player One, let alone pay $0.50 for it.
- Comment on If the government raided your house and found a bunch of .mkv files but you insist its all legally obtained, how do they ascertain if they are actually pirated or not? 6 days ago:
if you download a file (not via BitTorrent), your downloaded file will have the same hash as the person who shared it with you, but that doesn’t mean you were the sender.
- Comment on What would you do if you knew your neighbor was an ICE/DHS agent? 1 week ago:
Check if they’re on ICE List and if not, get proof and if they are ICE, get them on here.
- Comment on Nova Launcher unashamedly inserts malware ads into your home screen now. 1 week ago:
it was sold to a swedish company that plans to develop/support it further. Hopefully they do it well.
Narrator: They aren’t
- Comment on Am I financially enabling child labor in 3rd world countries by buying second hand fast fashion? 1 week ago:
It depends if you’re popular or not. People might copy your style and purchase the fast fashion directly because of you, even if you got it second hand. Say for example you’re Taylor Swift, and you literally steal the fast fashion cloths directly from the factory to wear in public. You are still indirectly financially enabling child labor and probably boosting the business.
- Comment on How come streaming or satelite don't have a playlist option? I got Dish and its annoying where I can't just tack on a bunch of movies or series and just let them play in an order I choose? 2 weeks ago:
For broadcast television, especially over the air, there’s no additional load on the provider side for broadcasting to 1 or 1 million people. The TV consumers never have to communicate back to the broadcaster, and this is very efficient from a bandwidth perspective. It’s somewhat similar for cable in most provider situations, the video is broadcast over a wire rather than over the air.
With streaming, each stream has to negotiate with a server to access the stream and the server serves the content to that consumer. This scales as there are more consumers, and the load on the provider increases. Caching layers and CDNs exist to distribute this load, and that is expensive. This is why streaming providers have a “Are you still watching” prompt if they think you’ve stopped watching, since it costs lots to serve the content.
- Comment on Don't believe them 5 weeks ago:
Just watch out, some phone providers will disconnect you after a few hours on a call. During the pandemic when there were a lot of people unemployed and there were long waits for unemployment insurance offices, there were stories of people waiting on hold for 6 hours or more, and then getting disconnected, losing their place in line.
- Comment on Don't believe them 5 weeks ago:
They are often also recording/transcribing the conversation when they put you on hold as well, and summarizing the call for the agent based on the transcript. When my ISP raises internet prices, I always have to call them to get the increase reversed. When I’m waiting on hold, i pretend to talk to my partner saying what my desired price is and that i’ll call a competitor afterwards if they can’t match so that gets summarized for the agent.
- Comment on You nomster! 1 month ago:
hunt and peck
- Comment on 1 month ago:
Not sure when the sale happened, but there was a recent video about the invention of the Blue LED from the past year which was really good, highly recommended. To me click bait implies the contents are not worth the headline / title / thumbnail, but old Veritasium and recent have kept up mostly the same level of quality IMO. I will say updating old video titles and thumbnails to juice the numbers was annoying, but the optimist in me figured that at least people who had not previously experienced old Veritasium got it recommended to them which is a positive.
- Comment on Elon Musk’s Optimus Robot shuts down after reproducing the gesture of its human operator removing their headset 1 month ago:
2025 version of the mechanical turk
- Comment on Still looking for the right community for this meme 2 months ago:
Thank you for this post!!! I didn’t see the other ones and you were not on my blocklist yet.
- Comment on Games you played inside video games. 2 months ago:
The Pico-8 version of Celeste inside of Celeste
- Comment on Haha, Russia 🤏 2 months ago:
How does the true size work on a 2D plane? Is it because we’re ignoring connecting landmasses that this gives a better approximation than a full globe 2D map?
- Comment on How do people with epilepsy triggered by flashing lights, drive past trees that are backlit by the sun? 2 months ago:
And at night
- Comment on Plex’s crackdown on free remote streaming access starts this week 2 months ago:
They are requiring Plex Pass for all remote sessions, even ones which don’t go through plex servers, where your client connects to your remote plex server directly. IMO, this should not require Plex Pass if the remote stream is not going through Plex’s server.
Also since the April 2025 update where they required the payment, the “new experience” apps have been terrible, and people have been side loading the old apps because they retain core functionality. Maybe there was a technical reason to release new apps to enforce the Plex Pass requirements, but it has been a terrible experience being told to pay money and then getting a worse experience, compared to what was free a year ago.
- Comment on We have one at home 2 months ago:
I bought Cyberpunk on Stadia on release day, since I couldn’t play it anywhere else, and it was actually great for me. The technical issues I ran into were all because the game was buggy, not because the service was bad. The biggest issue was the self self-fulfilling prophecy that Google was going to kill it, and not worth subscribing to (which they eventually did kill because of low usage). I think that if Google had spun out Stadia as it’s own company, it may have succeeded.
- Comment on Not impressed 2 months ago:
he’s out of line but he’s right
- Comment on Study concludes cybersecurity training doesn’t work 2 months ago:
Unless the email client is blocking external images, a tracking pixel in the email would be enough to see that the email was rendered, and that the address is valid. The trainings specifically instruct you to review the contents of the email and check the email headers before clicking links, so that alone would confirm to a spammer that the email is valid.
- Comment on Study concludes cybersecurity training doesn’t work 2 months ago:
It’s also such a dumb metric because most of people’s jobs are to click on links elsewhere on the internet, yet when it’s in an email, it’s bad? Unless you’re running an old browser or there is a 0 day, simply opening a link isn’t going to hack your system, but further actions by the user would need to be taken to be compromised. These simulations don’t account for that.
- Comment on Study concludes cybersecurity training doesn’t work 2 months ago:
Totally agreed, I get it’s easier to consider it a fail if you open the link, and that simply opening a random link has some inherent risk, but there should at least be a fake page to enter credentials and evaluate how many people actually go through with that, and break that out as a CRITICAL where the other clicks are HIGH or MEDIUM status, to classify the risk.
Also, this is just an anecdote, but in a similar phishing simulation i helped with, we had to bypass filters for rejecting emails with links for websites registered in the last 60 days. Obviously this isn’t a foolproof way to prevent phishing attempts, but it does cut out a lot of junk, and we’ve indirectly been training employees to not deal with that.
- Comment on Study concludes cybersecurity training doesn’t work 2 months ago:
Abstract from the paper itself:
This paper empirically evaluates the efficacy of two ubiquitous forms of enterprise security training: annual cybersecurity awareness training and embedded anti-phishing training exercises. Specifically, our work analyzes the results of an 8-month randomized controlled experiment involving ten simulated phishing campaigns sent to over 19,500 employees at a large healthcare organization. Our results suggest that these efforts offer limited value. First, we find no significant relationship between whether users have recently completed cybersecurity awareness training and their likelihood of failing a phishing simulation. Second, when evaluating recipients of embedded phishing training, we find that the absolute difference in failure rates between trained and untrained users is extremely low across a variety of training content. Third, we observe that most users spend minimal time interacting with embedded phishing training material in-the-wild; and that for specific types of training content, users who receive and complete more instances of the training can have an increased likelihood of failing subsequent phishing simulations. Taken together, our results suggest that anti-phishing training programs, in their current and commonly deployed forms, are unlikely to offer significant practical value in reducing phishing risks.
And the methodology:
Our study analyzes the performance of nearly 20,000 full-time employees at UCSD Health across eight months of simulated phishing campaigns sent between January 2023 and October 2023. UCSD Health is a major medical center that is part of a large research university, whose employees span a variety of medical roles (e.g., doctors and nurses) as well as a diverse array of “traditional” enterprise jobs such as financial, HR, IT, and administrative staff. For their email infrastructure, UCSD Health exclusively uses Microsoft Office 365 with mail forwarding disabled. On roughly one day per month, UCSD Health sent out a simulated phishing campaign, where each campaign contained one to four distinct phishing email messages depending on the month. Each user received only one of the campaign’s phishing messages per month, where the exact message depended on the group the user was randomly assigned to at the beginning of the study (§ 3.1). In total these campaigns involved ten unique phishing email messages spanning a variety of deceptive narratives (“lures”) described in Section 3.2. All of the phishing lures focused on drive-by-download or credential phishing attacks, where a user failed the phishing simulation if they clicked on the embedded phishing link.
- Comment on Study concludes cybersecurity training doesn’t work 2 months ago:
I still personally benefit from the social engineering resistance training I’ve had over the years to this day though.
Me to, I use it to get out of situations I don’t want to deal with. “Ohh you’re calling me asking for PII? Sorry, i can’t provide that information unless I initiate the conversation. I’ll call the number I have on file for you to provide that.” <hangs up and never follows up>
- Comment on Why would a company force you to use a rental car instead of your own for a drive to the office/Christmas party? 3 months ago:
This seems like the right answer. Also, if there is an incident and your personal insurance is involved, you might be hit with higher premiums for years, and would have a case to have your employer to have the increase be reimbursed.
The cost of the rental car avoids a lot of bureaucratic headache on both sides that could last years if something were to happen.
- Comment on 10M people watched a YouTuber shim a lock; the lock company sued him. Bad idea. 3 months ago:
Wow this is so good. Love the judge in this case:
Proven had demanded a preliminary injunction that would stop McNally from sharing his videos while the case progressed, but Proven had issues right from the opening gavel:
LAWYER 1: Austin Nowacki on behalf of Proven industries.
THE COURT: I’m sorry. What is your name?
LAWYER 1: Austin Nowacki.
THE COURT: I thought you said Austin No Idea.
LAWYER 2: That’s Austin Nowacki.
THE COURT: All right.
When Proven’s lead lawyer introduced a colleague who would lead that morning’s arguments, the judge snapped, “Okay. Then you have a seat and let her speak.”
- Comment on "Mother's Love" (Gris) 3 months ago:
Gris is an amazing game. Love the soundtrack too.
- Comment on Wear your seatbelt 3 months ago:
“Weight has nothing to do with it!”
- Comment on Hollow Knight Silksong (mod recommendations) 3 months ago:
I might not be as far (just past act 1), but I haven’t felt the need to grind rosaries (yet). A bunch of times I’d be exploring for an hour and notice I have like 500+ rosaries, and then I get them made into strands till I have to spend them. I don’t think I’ve seen anything on sale for more than 800 rosaries, Maybe it’s different later in the game but at least in the beginning of the game, it doesn’t feel like a chore.