TwitchingCheese

@TwitchingCheese@lemmy.world

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨The Mozilla Graveyard⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Seeing “the source is available here on GitHub”, “the project was forked and is now maintained as (other name)”, etc. after most of these really helps show the difference with Google. Well that and the length of the article, Google has far more deaths under their belt.
⁨Comment⁩ on ⁨WordPress.org bans WP Engine, blocks it from accessing its resources⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Wow Matt really looking bad on this one. This just reeks of trying to push out a major business competitor to wordpress.com and abusing control over wordpress.org to do it.
⁨Comment⁩ on ⁨2.9 billion hit in one of the largest data breaches ever — full names, addresses and SSNs exposed⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
Yea that’s a tough system to design for. Ideally you want sensitive stuff like that, where you don’t care what the data is just that something matches it, stored as the results of a one-way hash function.

The problem is that most of the data you’re going to want to secure is pathetically tiny. 10 digit SSN? My phone can brute force that in a few minutes if you’re doing raw hashes. Gotta salt them. But now you have a tradeoff decision, salting every one uniquely is best but now your comparison needs to do [leaked data] × [customers] checks to find matches. Same salt on all of them and as soon as one is cracked they all are.
⁨Comment⁩ on ⁨Let's blame the dev who pressed "Deploy"⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
I get that it’s not the point of the article or really an argument being made but this annoys me:

We could blame United or Delta that decided to run EDR software on a machine that was supposed to display flight details at a check-in counter. Sure, it makes sense to run EDR on a mission-critical machine, but on a dumb display of information?

I mean yea that’s like running EDR on your HVAC controllers. Oh no, what’s a hacker going to do, turn off the AC? Try asking Target about that one.

You’ve got displays showing live data and I haven’t seen an army of staff running USB drives to every TV when a flight gets delayed. Those displays have at least some connection into your network, and an unlocked door doesn’t care who it lets in. Sure you can firewall off those machines to only what they need, unless your firewall has a 0-day that lets them bypass it, or the system they pull data from does. Or maybe they just hijack all the displays to show porn for a laugh, or falsified gate and time info to chaos for the staff.

Security works in layers because, as clearly shown in this incident, individual systems and people are fallible. “It’s not like I need to secure this” is the attitude that leads to things like our joke of an IoT ecosystem. And to why things like CrowdStrike are even made in the first place.
⁨Comment⁩ on ⁨Shopping app Temu is “dangerous malware,” spying on your texts, lawsuit claims⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Oh don’t worry, they’re going to try and kill that too before it hurts them too much, and with the audacity of calling it the “American Privacy Rights Act”. eff.org/…/eff-opposes-american-privacy-rights-act
⁨Comment⁩ on ⁨Shopping app Temu is “dangerous malware,” spying on your texts, lawsuit claims⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
How about pass and enforce strong digital privacy protection laws you fucking cowards. When other countries spy on us it’s scary and bad, but for US companies? Best we can do is ban porn and demand backdoors to stop E2EE messaging.
⁨Comment⁩ on ⁨xkcd #2932: Driving PSA⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
A.k.a. a Michigan Left, one of those things like roundabouts that’s safer and more efficient but people get annoyed at.
⁨Comment⁩ on ⁨[MEGATHREAD] Starfield - Your experiences!⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
No ultrawide, despite literally having it running on an ultrawide monitor at their Gamescom booth.

No HDR, well, except in the menu and load screens.