bamboo
@bamboo@lemmy.blahaj.zone
- Comment on D-Link refuses to patch a security flaw on over 60,000 NAS devices — the company instead recommends replacing legacy NAS with newer models 3 days ago:
If you’re using one of these models, it’s highly recommended that you replace your NAS system with one that’s still receiving patches from the manufacturer. If that isn’t possible right now, Netsecfish suggests restricting access to your NAS settings menu/interface to only trusted IP addresses. You could also isolate your NAS from the public internet to ensure that only authorized users can interact with it.
Emphasis mine, regardless of this incident, even with a brand new supported model, it shouldn’t be exposed to the internet. Half the reason these security issues are such a big deal is because manufacturers wanted to make things simple and designed it to sit on the open internet, so they wouldn’t have to deal with support requests. Now their customers are exposed because of poor recommendations and the lack of updates.
- Comment on Question about Firefox - any way to open specific sites as if they were an app or program (similar to an option in Chrome)? 1 month ago:
I use PWAs for Firefox and they work ok, although I don’t have the issue you mention. For me, in Ubuntu, if I open a link in a PWA for Google Chat, then the link opens in the PWA firefox window, not my main browser window. Maybe there’s a setting I missed?
Also, the PWA acts like a separate browser, so opening Google Chat requires you to log in again to Google on the same machine. And if you open up a paywalled link, and it opens in the PWA, then you have to log in, even if you’re logged in in Firefox.
Overall 5/7 rating on usability, but did allow me to get completely off of Chrome
- Comment on [deleted] 1 month ago:
public facing is fine
Not exactly, if it is something unintentionally public facing, that can get you charged with access a computer without authorization under the the Computer Fraud and Abuse Act. This happened in this case: en.wikipedia.org/wiki/Goatse_Security#AT&T/iPad_e…
sending a HTTP request with a valid ICC-ID embedded inside it to the AT&T website, the website would reveal the email address associated with that ICC-ID.
On November 20, 2012, Auernheimer was found guilty of one count of identity fraud and one count of conspiracy to access a computer without authorization
More information: www.wired.com/…/hacking-choice-and-disclosure/
- Comment on My friend gifted me a "fighting RPG" that turned out to be something else entirely 2 months ago:
This is kinda the plot of a Black Mirror episode, Striking Vipers.
- Comment on Anyone else get random cancellation emails from onlyfans? 2 months ago:
Sounds like someone accidentally created an account with your name. As someone who has firstname.lastname@gmail.com this happens a lot. About 10 years ago, amazon.ca allowed you to create an account and start using it without verifying control of the email address. I woke up one day and saw all orders someone made, their address, last 4 digits of their credit card number, etc. Customer service doesn’t care. Ended up having to reset their password to get them to stop.
- Comment on That article made me realize how insane Image Generators already are. 2 months ago:
Yeah, clearly the author doesn’t know about the Loch Ness monster
- Comment on If Biden died tomorrow and Harris took over? and she won the election also. Could she work full two terms or would it count as one when Biden died? 2 months ago:
Biden resigning now just to make Trump’s hats invalid would be the best Dark Brandon move ever.
- Comment on If Biden died tomorrow and Harris took over? and she won the election also. Could she work full two terms or would it count as one when Biden died? 2 months ago:
If we’re being pedantic (and the Republicans would be), Harris already served as acting president for 1h25m on November 19, 2021 while Biden underwent a colonoscopy. If hypothetically Biden had died or resigned exactly 2 years into his term (January 20, 2023 12pm ET), and Harris assumed the presidency for the remaining two years, her total time would be over 2 years and she would be ineligible for a second term.
- Comment on Why is it that when I write on Googles keyboard on my phone and misspell something it has no idea what I am trying to write but if I Google the same word it knows instantly what the word is? 3 months ago:
It’s a calculated scheme to get you to do a search for “aniprrsperient” so they can sell you deodorant
- Comment on WhatsApp and Signal messages at risk of surveillance following EncroChat ruling, court hears | Computer Weekly 3 months ago:
They’ve said that they release the source code after it’s running in production:
sorry the source for one of our services was so far behind. We often don’t push source until we release things, and there were a few overlapping releases that happened in that period which made it awkward to push at any moment and put us behind. Additionally, we’ve seen a large increase in spam, and a reluctance to immediately publish the exact anti-spam measures we were responding with to a place where spammers could immediately see them combined with the above to cause this extreme delay.
- Comment on Why does 11:19AM have to look so much like 5 till 4PM? 3 months ago:
Clearly taking the 25 or 6 to 4 approach of writing a title
- Comment on A Black woman has never lost the general election for POTUS in US history but 46 white men have lost 3 months ago:
what are you talking about? racist? I think they’re saying that since ~2% of the population identifies as trans and more are probably eggs, we likely had one trans president before, but they weren’t out to the public, or perhaps even themselves.
- Comment on Does voting for Biden change anything if I live in a deep red area of my state? (Ohio) 3 months ago:
Absolutely yes. Every vote for Democrats is a vote against Trump. He has such a weak ego, your one vote along with millions of other votes against him will drive him crazy. Death by 81,283,098 cuts.
- Comment on Disney hack leads to 1.2TB of Slack communications leaked online 3 months ago:
I’ve never heard of an on prem offering, which tier is that on? None of the plans mention it? slack.com/pricing
- Comment on Hey guys I love Jodie Foster so much any tips on how someone like me can impress her? 3 months ago:
She was 12 years old when she was in Taxi Driver, her breakout role.
- Comment on Disney hack leads to 1.2TB of Slack communications leaked online 3 months ago:
I had to manage a Slack migration to another org we were merging with. As the owner, normally I couldn’t even see the names of private channels, but when it came down to the migration, upgrading the account to Business+ tier, the full export included everything (private channels and DMs), which we imported into the new org.
Slack sends notifications to all Admins that the export was happening, and i’ve only seen that notification once after using Slack for 10 years.
- Comment on Disney hack leads to 1.2TB of Slack communications leaked online 3 months ago:
I don’t think Slack has a self hosted version, and does not offer IP allow listing. There’s nothing preventing someone to go to disney.slack.com. I think when they say “internal” they mean for internal employees, and not like a thing for fans.
- Comment on Netflix Starts Booting Subscribers Off Cheapest Basic Ads-Free Plan 4 months ago:
Wow what a dumb way to basically gatekeep me from even moving to the ad tier.
- Comment on Poor Sega just didn't get the timing right. 4 months ago:
They just really wanted to release on 9/9/99 no matter what.
- Comment on Quora’s Chatbot Platform Poe Allows Users to Download Paywalled Articles on Demand 4 months ago:
Usually NYT sets a cookie to track how many free articles you read and once you exceed that, you get the paywall. The bots probably don’t set/send the cookies, so NYT doesn’t block them. Also, I’d imagine the bots are coming from various different IPs so even server side blocking based on IP wouldn’t block everything and eventually the bot would get to the article. User Agents can also be spoofed.
- Comment on Steam Summer Sale - Top Deals 4 months ago:
How is this different from Factorio?
- Comment on Eric “ConcernedApe” Barone Can’t Let Go Of Stardew Valley 5 months ago:
I thought $0.50 was low for this math to work out, but turns out 30 million copies of Stardew Valley have been sold, so that’s $15 million, which over 60 years is $250k/year.
Still though I have no clue if $0.50 is normal take home per copy sold for a self published game (it seems low), but I’m very happy he’s doing well for himself and hopes he makes more per copy sold. I’ve bought the game 4 times, so I’m doing my part!
- Comment on Comcast Unveils Peacock, Netflix, Apple TV+ Streaming Bundle 5 months ago:
Why use JustWatch.com when you can follow this guide to know where to watch King Kong vs. Godzilla (1968)
- Comment on Nearly all Nintendo 64 games can now be recompiled into native PC ports to add proper ray tracing, ultrawide, high FPS, and more 5 months ago:
Exactly, with Nintendo’s existing IP and old gamers dying, they need a way to get younger generation exposed to what kids in the 80s and 90s grew up with and make sure that it’s plastered on all the streaming websites to get maximum exposure.
- Comment on If you or somebody you know ever fell for a romance scam, how did you or the person fall for it? 6 months ago:
I have the worst f***ing attorneys
- Comment on Bitwarden has launched a new authenticator app 6 months ago:
What’s wrong with Authy?
- Comment on If you or somebody you know ever fell for a romance scam, how did you or the person fall for it? 6 months ago:
What was the scam if he was reimbursing her? Was it to generate Amazon reviews?
- Comment on [deleted] 6 months ago:
I’ve been on flights where they have announced to the cabin about someone with a severe nut allergy, and based on anecdotal evidence of a sample size of 3 or 4, nothing bad happened on the flight.
- Comment on ByteDance won't sell TikTok, would rather pull it from the US 6 months ago:
No need to guess, it’s all outlined in the bill:
- ByteDance has 270 days (+90 days at president discretion) to divest of TikTok and sell to an entity not affiliated with an “adversary country” (China, Iran, Russia, N. Korea).
- If they don’t sell, hosting providers of TikTok application (servers, storage, app store, etc) will be fined up to $500 times the number of users in the US if they continue to host the application
So basically, the law will impose a fine of US hosting providers of the app. If the app moves all services overseas to foreign entities, then the app presumably will continue to work even if banned if already installed (plus the website if hosted overseas).
ISPs and search engines are explicitly exempt from the bill so there is no mechanism to ban connections to TilTok servers or links to TikTok.
- Comment on The walls of Apple’s garden are tumbling down 6 months ago:
Say what you will about Apple, they are masters of spinning their shortcomings as groundbreaking achievements. When they refused to unlock the iPhone of the san bernardino terrorist attack, it was framed as an act of preserving user privacy, but brushed over how willing they were to hand over the iCloud backups if the police would have brought the iPhone to a known WiFi network for the backup to be uploaded.