python has a number of these via pyupgrade, which are also included in ruff: https://docs.astral.sh/ruff/rules/#pyupgrade-up
it should be noted that this is different on Chrome https://browserleaks.com/chrome
it's free advertising
yes
> Some online streamers have been hacked as of late using AI models trained to steal their passwords using the sounds of them typing on their keyboards do you have any sources for that? I've only seen this mentioned…
it might have changed recently but i have previously created accounts by providing trash mailer addresses during creation.
at least in Germany it's not legal to require use of personal devices such as phones for your job.
> No, as they never get loaded into the ssh binary and are external programs communicating over an interface. my understanding is that the same would apply if you use ykcs11 in the OpenSSH agent instead of using it…
are you extending this to the usage of yubikey-agent and ssh-tpm-agent as well? both variants, whether it's using a PKCS11 provider using a standardized interface, or using a completely custom SSH agent, will need to…
have you considered using ykcs11? ykcs11 allows you to use the native SSH agent (or even no agent at all for individual ssh invocations) with an ssh key on a yubikey using their pkcs11 provider.…
wow, didn't know about `ip --color`, that's awesome
people don't care about false positives on CGNAT either, so not much difference to the IPv4 situation if you target /64s
note that this is technically against their TOS if not using paid accounts: > One person or legal entity may maintain no more than one free Account (if you choose to control a machine account as well, that's fine, but…
Quantum CA (brand, not operator)/HiCA still can't issue certs for domains they don't "control" by having RCE on the systems they point to. all CA requirements for validation still need to be fulfilled for issued…
you're free to decide who to do business with if you're not providing a core utility service. would you like to no longer receive water or electricity at your home because your utility companies don't like you, despite…
even though not explicitly, i have already answered your question. you should pass the transaction, as you should be in a neutral position. edit: to clarify, payment providers/processors nowadays are a core utility…
at best you suspect it, you don't know it unless you're on the sending or receiving side of the transaction. it shouldn't be my decision whether i want to allow the transaction, even if i wouldn't want to allow it. i'm…
you can also use it natively in non-browser applications. just the other day i've used it in a CLI application (which authenticated against web, but without real browser): https://github.com/Yubico/python-fido2
if you know about/suspect it you report it. how do you know with 100% certainty/due process that this is indeed the case and it's not just your ML algorithm going crazy? people can also pay with physical money if they…
while that may be useful to avoid dealing with torrents, many torrent clients support downloading only selected files from a torrent.
webauthn can very much be used in a desktop application, you're just losing the phishing resistance factor, as the application can choose what to send as identifier, which includes collecting tokens for other…
requiring a paid license for updates just leads to people not installing security updates.
you can have some fun with nginx if you can identify on your backend whether the request is coming from a malicious source, e.g. with X-Accel-Limit-Rate
I strip the referrer generally via https://wiki.mozilla.org/Security/Referrer, unfortunately it breaks a small number of sites very badly, such as web.archive.org and a few others. some of them claiming it was done to…
so they're trying to drive customers to those sites by making it even less desirable to not have automated solvers?
python has a number of these via pyupgrade, which are also included in ruff: https://docs.astral.sh/ruff/rules/#pyupgrade-up
it should be noted that this is different on Chrome https://browserleaks.com/chrome
it's free advertising
yes
> Some online streamers have been hacked as of late using AI models trained to steal their passwords using the sounds of them typing on their keyboards do you have any sources for that? I've only seen this mentioned…
it might have changed recently but i have previously created accounts by providing trash mailer addresses during creation.
at least in Germany it's not legal to require use of personal devices such as phones for your job.
> No, as they never get loaded into the ssh binary and are external programs communicating over an interface. my understanding is that the same would apply if you use ykcs11 in the OpenSSH agent instead of using it…
are you extending this to the usage of yubikey-agent and ssh-tpm-agent as well? both variants, whether it's using a PKCS11 provider using a standardized interface, or using a completely custom SSH agent, will need to…
have you considered using ykcs11? ykcs11 allows you to use the native SSH agent (or even no agent at all for individual ssh invocations) with an ssh key on a yubikey using their pkcs11 provider.…
wow, didn't know about `ip --color`, that's awesome
people don't care about false positives on CGNAT either, so not much difference to the IPv4 situation if you target /64s
note that this is technically against their TOS if not using paid accounts: > One person or legal entity may maintain no more than one free Account (if you choose to control a machine account as well, that's fine, but…
Quantum CA (brand, not operator)/HiCA still can't issue certs for domains they don't "control" by having RCE on the systems they point to. all CA requirements for validation still need to be fulfilled for issued…
you're free to decide who to do business with if you're not providing a core utility service. would you like to no longer receive water or electricity at your home because your utility companies don't like you, despite…
even though not explicitly, i have already answered your question. you should pass the transaction, as you should be in a neutral position. edit: to clarify, payment providers/processors nowadays are a core utility…
at best you suspect it, you don't know it unless you're on the sending or receiving side of the transaction. it shouldn't be my decision whether i want to allow the transaction, even if i wouldn't want to allow it. i'm…
you can also use it natively in non-browser applications. just the other day i've used it in a CLI application (which authenticated against web, but without real browser): https://github.com/Yubico/python-fido2
if you know about/suspect it you report it. how do you know with 100% certainty/due process that this is indeed the case and it's not just your ML algorithm going crazy? people can also pay with physical money if they…
while that may be useful to avoid dealing with torrents, many torrent clients support downloading only selected files from a torrent.
webauthn can very much be used in a desktop application, you're just losing the phishing resistance factor, as the application can choose what to send as identifier, which includes collecting tokens for other…
requiring a paid license for updates just leads to people not installing security updates.
you can have some fun with nginx if you can identify on your backend whether the request is coming from a malicious source, e.g. with X-Accel-Limit-Rate
I strip the referrer generally via https://wiki.mozilla.org/Security/Referrer, unfortunately it breaks a small number of sites very badly, such as web.archive.org and a few others. some of them claiming it was done to…
so they're trying to drive customers to those sites by making it even less desirable to not have automated solvers?