From an exterior viewpoint, all this portrayal of Trump as either insane or an idiot is as useless and dangerous as the sanewashing. I believed Trump was insane/an idiot during his 1st mandate. I no longer believe so. I…
Yes! When I learned of Anna's Archive a few years back I too was frustrated by the lack of a short explainer of how to access single files, existence of an API, etc. Now I'm envious of LLMs somehow
Being in the same boat as you I switched to OpenCode with z.ai GLM 4.7 Pro plan and it's quite ok. Not as smart as Opus but smart enough for my needs, and the pricing is unbeatable
Actually, the real countermeasure to PTH is to disable NTLM auth and rely only on Kerberos (and then monitor NTLM as a very strong indicator that someone or something is attempting PTH) Of course kerberos tickets can be…
> cloud-based synchronization Well I don't disagree that it might be possible to abuse cloud sync in some way to export the secrets, but it's not quite as egregious as just including the secrets by default in an app…
>Most TOTP apps support backups/restores, which defeats this. Citation needed? Yubico authenticator doesn't (the secure enclave is the Yubikey). I'd be very surprised if MS Authenticator and Authy (which I don't use but…
From someone who has not tried the software but might be interested if it gains traction: You should decide whether you are building this for yourself or as a product to others. Each stance is perfectly valid but are…
Yet. When ChatControl will be in place, it'll only be a matter of time
Bullshit journalism. This was not a post heist report, every buzzword chasing so called news outlets out there are repeating ad nauseam findings that were listed in a report produced by ANSSI in 2014! 2014! Eleven.…
Baseband SoC running their own OS independent from Android/iOS and staying asleep (while still listening for incoming signals) is very much no longer in conspiracy theory territory and more an established fact now. I…
As a pentester, who does not love CVSS[0], I found the article explaining how to replace CVSS with CVSS very amusing [0] CVSS is often poorly understood and used by internal teams so for our internal engagements, we…
First of all, I'm not a gun control activist, and I do agree with some of your views. However: > I think this is a uniquely American problem because America is a unique country. No other nations have the incredible…
Oh please Apple is extremely user-hostile, going to great lengths to strip users of control of their devices, gaslighting them into staying in the walled garden (with great success), while simultaneously siphoning as…
An important part of GP's comment was "until proven otherwise" We have no proof of extraterrestrial life. Yet.
> A big part of the reason I use Apple products is that they protect not only me, but my family who don't know what the implications of sideloading are. I know that the apps my phone runs have been given the green light…
> Yes and infected Xcode and various SDKs you get on your laptop are actually the biggest threat to iOS security (other than just literally malicious devs). Devs torrenting an xcode and then infecting their users is a…
That's fallacious for two reasons: 1: you can set secure defaults at one place globally, but your code must be correct all the time to be free of SQLi 2: it's usually not the same persons who configure the DB and who…
Did you invite him on purpose?
Why are people downvoting your comment? It's not against the guidelines, is it? I strongly think you are wrong, and I strongly disagree with your points, but I don't see why your opinion should disappear, lest this…
Of course. And it's fine? I'm a proponent of GPL for this reason, I see it as an ideology to which I subscribe, I don't see the problem?
If you do that on the server side, per account, it works. Small DoS risk, but it remains acceptable
What's the harm? Having multiple alternatives to any component of the software stack is a good thing, and it fosters understanding and improvement, doesn't it?
Pivot into cybersecurity? As a pentester, a mountain of security bugs in a mountain of AI produced slop that no one understands is the ideal provider of job security, I guess Maybe pentesting can be partly automated,…
> Probably not worth the added complexity, but in theory, the package could be published immediately with the existing compression and then in the background, replaced with the Zopfli-compressed version. Checksum…
From an exterior viewpoint, all this portrayal of Trump as either insane or an idiot is as useless and dangerous as the sanewashing. I believed Trump was insane/an idiot during his 1st mandate. I no longer believe so. I…
Yes! When I learned of Anna's Archive a few years back I too was frustrated by the lack of a short explainer of how to access single files, existence of an API, etc. Now I'm envious of LLMs somehow
Being in the same boat as you I switched to OpenCode with z.ai GLM 4.7 Pro plan and it's quite ok. Not as smart as Opus but smart enough for my needs, and the pricing is unbeatable
Actually, the real countermeasure to PTH is to disable NTLM auth and rely only on Kerberos (and then monitor NTLM as a very strong indicator that someone or something is attempting PTH) Of course kerberos tickets can be…
> cloud-based synchronization Well I don't disagree that it might be possible to abuse cloud sync in some way to export the secrets, but it's not quite as egregious as just including the secrets by default in an app…
>Most TOTP apps support backups/restores, which defeats this. Citation needed? Yubico authenticator doesn't (the secure enclave is the Yubikey). I'd be very surprised if MS Authenticator and Authy (which I don't use but…
From someone who has not tried the software but might be interested if it gains traction: You should decide whether you are building this for yourself or as a product to others. Each stance is perfectly valid but are…
Yet. When ChatControl will be in place, it'll only be a matter of time
Bullshit journalism. This was not a post heist report, every buzzword chasing so called news outlets out there are repeating ad nauseam findings that were listed in a report produced by ANSSI in 2014! 2014! Eleven.…
Baseband SoC running their own OS independent from Android/iOS and staying asleep (while still listening for incoming signals) is very much no longer in conspiracy theory territory and more an established fact now. I…
As a pentester, who does not love CVSS[0], I found the article explaining how to replace CVSS with CVSS very amusing [0] CVSS is often poorly understood and used by internal teams so for our internal engagements, we…
First of all, I'm not a gun control activist, and I do agree with some of your views. However: > I think this is a uniquely American problem because America is a unique country. No other nations have the incredible…
Oh please Apple is extremely user-hostile, going to great lengths to strip users of control of their devices, gaslighting them into staying in the walled garden (with great success), while simultaneously siphoning as…
An important part of GP's comment was "until proven otherwise" We have no proof of extraterrestrial life. Yet.
> A big part of the reason I use Apple products is that they protect not only me, but my family who don't know what the implications of sideloading are. I know that the apps my phone runs have been given the green light…
> Yes and infected Xcode and various SDKs you get on your laptop are actually the biggest threat to iOS security (other than just literally malicious devs). Devs torrenting an xcode and then infecting their users is a…
That's fallacious for two reasons: 1: you can set secure defaults at one place globally, but your code must be correct all the time to be free of SQLi 2: it's usually not the same persons who configure the DB and who…
Did you invite him on purpose?
Why are people downvoting your comment? It's not against the guidelines, is it? I strongly think you are wrong, and I strongly disagree with your points, but I don't see why your opinion should disappear, lest this…
Of course. And it's fine? I'm a proponent of GPL for this reason, I see it as an ideology to which I subscribe, I don't see the problem?
If you do that on the server side, per account, it works. Small DoS risk, but it remains acceptable
If you do that on the server side, per account, it works. Small DoS risk, but it remains acceptable
What's the harm? Having multiple alternatives to any component of the software stack is a good thing, and it fosters understanding and improvement, doesn't it?
Pivot into cybersecurity? As a pentester, a mountain of security bugs in a mountain of AI produced slop that no one understands is the ideal provider of job security, I guess Maybe pentesting can be partly automated,…
> Probably not worth the added complexity, but in theory, the package could be published immediately with the existing compression and then in the background, replaced with the Zopfli-compressed version. Checksum…