sylver_dragon

@sylver_dragon@lemmy.world

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
Some of column A, and some of column B. You are going to have tasks which need to get done, but you don’t really want to do. Do I want to wash the dishes? Honestly, no. It’s not something I enjoy doing. Do I need to wash the dishes? Yes, if I don’t we get ants in the kitchen, the dishes start to smell and we run out of clean dishes. There will be tasks which ate less time dependent and I can do something I feel like doing first. Maybe the chores I need to get done around the house are done for the day and I can spend a bit of time playing a video game.

Life isn’t all playtime and roses. Sometimes:
Image
⁨Comment⁩ on ⁨What are the solutions to doomerism, and that "can't find love" feeling that I've been seeing on Twitter (specifically a frontend)?⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
Kinda yes and kinda no. While the front end you’re using will necessarily request data from Twitter, which means there will be traffic generated, it’s bot traffic which is much less valuable.

But, as much as I agree with the “fuck Musk” sentiment, really it’s about your own well being. Twitter is a cesspit. Wallowing in a cesspit, whether physical or virtual, is bad for your health. Even if you aren’t in the official cesspit, just a pool filled with the same shit, it’s just as unhealthy.
⁨Comment⁩ on ⁨What are the solutions to doomerism, and that "can't find love" feeling that I've been seeing on Twitter (specifically a frontend)?⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:
“Now stop reading Twitter”.
If you’re using a front end, you’re still reading Twitter.
⁨Comment⁩ on ⁨What are the solutions to doomerism, and that "can't find love" feeling that I've been seeing on Twitter (specifically a frontend)?⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:

I’ve deleted my Twitter account

Now stop reading Twitter. You can’t fix folks who want to wallow misery.
⁨Comment⁩ on ⁨Can we possibly experiment with the DNS on our own, at a micro level ?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Messing with DNS is how a PiHole works. You set the devices on your network to use the PiHole for DNS and it “blackholes” domains related to advertising and tracking. You can do something similar with any system acting as a DNS server on your network.
⁨Comment⁩ on ⁨When you are not employed but need to go to a workshop/conference/public events that require you to lost out your company and title, what do you put on without sounding awkward?⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
A former coworker of mine was basically pushed out of the company we worked for, despite having basically written most of the software stack. He started doing independent consultant work for the customers, as the company’s management was such a disaster that they were unable to support deployments. He operated under the company name “MMI”, which stood for “Me, Myself and I”. I’ve stolen this name to describe working for myself on more than one occasion.
⁨Comment⁩ on ⁨If something could rotate infinitely after being initially pushed, would the initial push disqualify it from being classed as perpetual motion?⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
If something could move forever, without further input of energy, then yes, that’s perpetual motion. We just haven’t found anything which will do that yet and out best models for describing the universe hold that it’s impossible.
⁨Comment⁩ on ⁨'Ted Lasso' star turned football pro: Cristo Fernández signs for USL team⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
I guess Football really is his life.
⁨Comment⁩ on ⁨Explain Stalking to me. I have ex gf's I run into different times at the same stores. Some I keep running into store after store. Just coincidence. At what point is it stalking or something?⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
Mens Rea

If you want to dig deeper, law school might be for you.
⁨Comment⁩ on ⁨For people who distrust police / the legal system: If you ran a small bussiness and need to hire people, and someone has a conviction but they claim innocence, do you hire them?⁩ ⁨⁨5⁩ ⁨weeks⁩ ago⁩:
Like most complex things, the answer is: it depends.
In this case, it’s mostly about what the alleged crime is and what the role is. If someone was convicted of sexual assault of a minor and I’m hiring for a daycare, possible licensing issues and laws aside, I’d probably pass on that person. If I’m hiring an auto mechanic and the person was convicted of smoking weed, I’m only going to care that they aren’t operating heavy equipment while intoxicated.

The other thing to consider is how much time has passed since the conviction. To use a real, related example, I knew a guy who held a US Government TS/SCI clearance and who had been through a full scope polygraph. For those unfamiliar, this basically means that he had access to highly classified material and he had also been through a multi-hour polygraph. And despite the dubious nature of those, they often winnow out a lot of people. He was also a major drug user in the 1970s and '80s. The list of drugs he didn’t do was probably short than the ones he had done. But, between being honest about it and the amount of time which had passed since he got clean, he had no trouble getting and maintaining that clearance. Who you were then and who you are now can be pretty radically different.

Like any hiring process, it’s going to be a case by case basis. I’m actually involved in interviewing people for my current employer and the selection process hinges on many little things. You can have someone who is great on paper, but they have the personality of a raging walrus and that just kills their chances. You can also have folks who just have an off day, but it kills trust in that individual on the part of the interviewers. Hell, I’ve interviewed folks and immediately thought, “they don’t fit this role, but goddamn I wish they had applied when we were looking for this other role six months ago.” Interviewing people is weird, but I haven’t seen a better solution for selecting a candidate for many roles.
⁨Comment⁩ on ⁨How are criminals apprehended by vigilantes able to go to prison?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
This is one of the reasons vigilantism works better in fiction than in real life. In cases where some vigilante left a beat up suspect and some sort of evidence, any competent defense attorney is going to move to have the evidence suppressed due to issues around chain of custody and possible tampering. They would likely also push the narrative that the vigilante is the real criminal and left the evidence to frame their client. Between possibly getting much of the evidence suppressed, and building doubt around anything remaining, a conviction could be really hard for the prosecutor.

This also ignores issues around vigilantes going after the wrong person for something (see: lynchings) and applying wildly disproportionate, extra-judicial punishments for crimes (see: lynchings, again). Crime and punishment really are hard problems which don’t lend themselves to easy answers. And there is a reason the Code of Hammurabi is seen as such a big deal in history. Rule of Law is an important concept which protects people.
⁨Comment⁩ on ⁨What do you think of Paramount merging with Warner Bros. Discovery to create a new media company?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
It will be a Paramount Discovery of new ways to make movies and TV suck.
⁨Comment⁩ on ⁨Ubisoft initiates colossal restructure to become a more 'gamer-centric' company⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
They are chopping the development teams and titles up into convenient bite-sized chunks. Ubisoft will hang onto the large titles in the Vantage Studios vertical, and the rest will be spun off or sold off. Any spun off studios will be saddled with crippling debt.
⁨Comment⁩ on ⁨Trump signed executive order blocking states from enforcing their own regulations around AI⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
In a normal world, I’d expect this to get smacked down hard in the courts. But, we can pretty much count on Thomas, Alito and Gorsch being on board with Trump as an overt dictator. So, it just becomes a question about how much leverage the Trump administration has on Kavanaugh, Barret and Roberts. It’s pretty sad that we’re counting on three compromised people to protect the rule of law.
⁨Comment⁩ on ⁨Many fairy tales have this same methodology for waking up the princess.⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
Depending on which version of Sleeping Beauty you’re reading, this isn’t that far off.
⁨Comment⁩ on ⁨everyone warning!!⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
Sadly, yes a lot of organizations didn’t get the memo. But this really is the current guidance. In NIST 800-63B Section 5.1.1.2:

Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.
⁨Comment⁩ on ⁨everyone warning!!⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
I deal with this sort of thing pretty regularly for the company I work for. We get threat intelligence from several vendors when they see our users show up in “dumps”. Basically, threat actors will package up stolen credentials in a large zip file and make that available (usually via bittorrent) for anyone to download. Security vendors (e.g. Mandiant, which Google bought) download those dumps and search for accounts associated with their customers and send out these warnings when they find one. On the customer side, if the breach was recent we’ll force a password reset and warn the user about the breached password, with a recommendation to change their password on the affected site and also change any passwords which might be similar elsewhere.

Why do we force the password reset, even when it wasn’t the account for our business which was breached?
There’s a couple reasons for this. First off, people still reuse passwords all the fucking time. Maybe this victim didn’t, but we have no good way validate that. Second, even without direct reuse, folks like to have one main password that they apply slight variations to. They might use “Hunter 42!” at one site and then “Hunter 69*” at another. This isn’t smart, attackers know you do this and they have scripts to check for this. Lastly, if an organization is following the latest NIST guidance, you’re not changing your password on a regular cadence anymore. With that is the expectation that passwords will be rotated when there is a reason to suspect the credentials are compromised. Ya it’s annoying, but that’s part of the trade-off for not having to rotate passwords every six months, we pull the trigger faster on forced rotations now.

If you get one of these, consider it a good time to think about how you come up with and store passwords. If you are re-using passwords, please turn off your computer/device and don’t come back to the internet until you have thought about what you have done. If you aren’t already using one, please consider a password vault (BitWarden or KeePassXC make great, free choices). These will both help you create strong passwords and also alleviate the need to memorize them. Just create a strong master passphrase for the vault, let it generate the rest of your passwords as unique, long (12+ character) random junk, and stop trying to memorize them (with the exception of your primary email account, that gets a memorized passphrase).
⁨Comment⁩ on ⁨Anon escapes from work⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
The nets are not there to prevent suicides. The nets are there to prevent the company losing business. So long as they are able to say, “look we care about our workers”, western companies won’t be pressured into changing suppliers by slactivists on twitter.
⁨Comment⁩ on ⁨Give your mouse the finger with this wild cursor control ring — Prolo Ring hits Kickstarter, hoping to transform your finger into the ultimate macro and gesture device⁩ ⁨⁨7⁩ ⁨months⁩ ago⁩:
Oh look, it’s an air mouse. But, you can’t change the battery, the licensing is all kinds of “fuck you”, and with all those gestures, I’m expecting a frustrating experience with the device constantly interpreting unrelated motions into inputs.
⁨Comment⁩ on ⁨it would be a better look⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
Too complicated. It would be a gold and diamond encrusted cartridge.
And we’d have enough holy relic fragments of the bullet which killed Jesus to supply an entire army’s ammunition needs.
⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
Given WINE’s focus on gaming, the execution of the malware could run into issues with system calls which the malware relies on not being fully implemented or acting in unexpected ways. That said, if the if the execution works, the malware may run to completion and have some impact, depending on what the malware was designed to do.
- Infostealers - On a Windows system, this class of malware pulls credentials from browsers (never, ever save your passwords in a browser. Use a password vault. e.g. KeePass, BitWarden). In the ones I have analyzed, they pull the passwords from the browser storage files directly and rely on known file paths. I think this would ultimately fail, as the files in those known paths won’t actually be your browser profile. Under the same logic, stealing cookies won’t work out either. They are just files in a known location, which won’t actually be the right location when running under WINE. Similarly, stealing credentials from Windows Credential Manager will fail, as that won’t have anything useful there. There is other stuff they can go after, but I think you get the point. The stuff it tries to steal won’t actually be in the locations it’s expected to be in. So, I’d think this class of malware would ultimately fail. Of course, attackers could always rewrite the malware to detect the WINE environment and then have it pivot to the the right locations for all this stuff. So, all of this analysis could become wrong.
- Ransomware - On a Windows system, this class of malware will search through the filesystem and encrypt files with specific extensions (.docx, .pdf, .png, and so on). Given that the Linux filesystem is reachable from the WINE environment, I kind think this has a chance of working. One interesting question would be if the encryption routines in the malware would actually work. Again, I think they would. The malware is likely to leverage cryptographic libraries built into Windows and I’d think that WINE would mostly handle those due to DRM/Anti-Cheat in games. It would just be down to how gracefully the malware deals with Unix file paths. My guess would be that the WINE translation layer would make it work. That just leaves the communications back to the attacker’s server for delivery of the keys. I’d guess this would work as WINE is setup to allow communications out to the internet.
- Remote Access Tool (RAT) - I’d guess that some of these would work though they may act funny for the attacker. As with ransomware, the communications back to the attacker’s server should work. This isn’t going to be terribly different from communicating with a game server. There might be some issues around the local agent working correctly though. The attacker may be relying on cmd.exe or powershell to run their commands. So, that might run into issues. At the same time, the malware could implement any commands directly via system and API calls. I’d think most of those would work. So, the attacker may have enough capability to fully compromise the Linux system, if they are willing to put the time into it.
That’s just three possible classes of malware, though it’s most of what I run into professionally (I work in Incident Response). Overall, I’d recommend not relying on Linux to keep you safe from malware bundled into pirated games. While I don’t expect that the infostealer parts of the malware would work correctly (for now), a lot of malware does more than one thing. The attacker may not get your credentials with the initial infection, but you could be opening yourself up to other malware. And, if the attacker includes a RAT, he could come back later and ruin your day.

So ya, be very, very careful about running stuff which you don’t know is safe.
⁨Comment⁩ on ⁨Intel warns shareholders that the US government's 10% stake could hurt company's international sales⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
One of the reasons the US Government banned the use of Huawei devices in US critical infrastructure was the Chinese government ownership stake in Huawei. And that makes complete sense, you don’t run your critical infrastructure on devices which a major adversary might be able to compromise at the hardware level. By the same argument, I can see many countries being uncomfortable using chips made by Intel, because of the large ownership stake the US Government holds in Intel. It wouldn’t be the first time the US Government has been implicated in hardware hacking for SIGINT. The NSA TAO was outed hacking Cisco routers en route to target organizations.

So ya, gotta expect that some countries will be hesitant to use Intel chips in some places. At the same time, if the US Government has a high level of visibility and control over Intel’s manufacturing and processes, there is a good argument that US critical infrastructure and defense assets will favor Intel chips. So, it may be that Intel ends up trading non-US customers for a greater share of the US Government’s business.
⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨9⁩ ⁨months⁩ ago⁩:
Ya, I just find that the mildly infuriating things can be less so by knowing why they are happening. As someone who regularly resets user passwords professionally (not for Proton), I figured I could give some insight into why this happens.
⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨9⁩ ⁨months⁩ ago⁩:
The alert seems to indicate a compromised account, this can mean a lot more than “a bad IP”. Your account may have shown up in a “dump” and they took action to ensure your safety. Have you tried putting your email address into HaveIBeenPwned. While the normal recommendation would be to not put your email address in a random web form, this site is actually run by a well known security researcher and just lets you know if you have shown up in such a dump in the past.

Another possibility would be that they have seen a major change in your IP geolocation in a short time. This is referred to as “improbable travel” and it’s something which many security departments take action on. If you login from an IP address which is associated with Paris, France and then an hour later are logging in from Dubai, UAE, this is going to be flagged. Sure, you might travel between those two locations, but you ain’t doing it in an hour. So, your account gets flagged as possibly compromised.

even if it were a VPN, so what, your company literally runs a VPN

Right, but they may not know that you are using another VPN. So, continuing the issue above of “improbably travel”. If you are on Proton’s VPN, they know all of their exit IP address and likely take them into account. But, if you are using a different company’s VPN, Proton likely doesn’t know all of that company’s exit IP addresses and so can’t account for them. Consider the situation from their perspective:
1. You are using some other VPN and they force you to do a password reset.
- Outcome - you’re a bit annoyed, but ultimately your mail account is safe.
1. Some attacker has your password and tried to use it to access your mailbox, but Proton stopped the login and forced a password reset.
- Outcome - you are a bit annoyed, but your mail account is safe.
1. Some attacker has your password and tried to use it to access your mailbox, and Proton let them in.
- Outcome - You get wrecked and are really unhappy.
No matter what, Proton is going to lose out a bit to you being unhappy. However, if they force the password reset, the worst case is you being slightly annoyed about a password reset. By not taking action, they risk your account being fully compromised, which can be very, very bad for you. So, they are likely to be more proactive in forcing a password reset than you might like. This will be especially true if you do not have any sort of two-factor authentication setup. If the whole game is lost by one password being lost, any whiff of that password being compromised will result in a password reset.

Ultimately, it is am annoyance but one which is actually positive for you. They take your email security seriously enough that, when their system detected something, they took action to keep you safe.
⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨9⁩ ⁨months⁩ ago⁩:

have T-Mobile as my home internet provider and I deal with this fairly often.

I have the same ISP and the same issue. I believe a lot of the issue is that T-Mobile uses CGNAT on their network. This means that your public IP is shared with a lot of other people and it means your “location” (based on your public IP) can jump around from time to time. I’ve had Netflix get bitchy about this before as my connection seemed to be coming from Maryland instead of Virginia and their records indicate that I’m not a terrible driver.
⁨Comment⁩ on ⁨All will eventually be revealed⁩ ⁨⁨9⁩ ⁨months⁩ ago⁩:
Part of the mythology of Jesus is that he got better. So, the cross became a symbol of his sacrifice and suffering for the followers of his religion. It’s a constant reminder of “look what you made Jehovah do by being an evil sinner.” It is also a concise icon which can be used to identify the members of the religion. And, it’s been in use for a long time now and is well recognized as a Christian religious symbol, with the original usage of crosses as torture and execution devices being mostly ignored. Perhaps back 1500 to 2000 years ago, such confusion may have made sense. These days, it’s so far removed from that context that such confusion is usually a matter of being willfully obtuse.
⁨Comment⁩ on ⁨workflow⁩ ⁨⁨9⁩ ⁨months⁩ ago⁩:
While slaves were almost certainly involved, a lot of the labor was likely Corvee Labor. Less like chattel slavery and more like taxes in the form of labor.
⁨Comment⁩ on ⁨Off topic⁩ ⁨⁨10⁩ ⁨months⁩ ago⁩:

Movie theater audio systems continued to go big blue baby boinking bonkers. Remember when the THX logo wasn’t survivable by children under 7?

Yes
⁨Comment⁩ on ⁨Off topic⁩ ⁨⁨10⁩ ⁨months⁩ ago⁩:
So, the solution to completely fucked up sound is to use a device to mangle that sound back into something which isn’t complete shit?
And yes, I understand it’s about the director wanting the loud sounds to be loud. But, when your art direction means that a major (if not majority) of your audience is going to have to “fix” your artistic direction, your artistic direction is the problem.

p.s.: don’t mean to jump down your throat, this is just one of those things that grinds my gears. Along with the “let’s make everything too dark to possibly see” art direction which has become popular.
⁨Comment⁩ on ⁨I just went onto reddit to a intrest subreddit which happens to be NSFW and i got this, fuck reddit im glad i quit it.⁩ ⁨⁨10⁩ ⁨months⁩ ago⁩:
Try using old.reddit.com. Literally just replace www with old, or add old in front of reddit.com. This should take you to a version of reddit’s interface which isn’t complete trash and it usually also allows you to bypass the need to login for NSFW content.