|
OSI bean dip posted:Subjunctive is a really good person to comment on JavaScript's past and present really. I hate you.
|
# ¿ Oct 19, 2016 16:47 |
|
|
# ¿ May 11, 2024 12:44 |
|
Pretty high, it's just a chargeback.
|
# ¿ Dec 22, 2016 22:39 |
|
Cup Runneth Over posted:That's not actually totally secure from phishing. It's not even a little bit secure from phishing.
|
# ¿ Jan 28, 2017 19:23 |
|
OSI bean dip posted:stop making irrational decisions Sort of a big ask.
|
# ¿ Jan 28, 2017 23:17 |
|
apseudonym posted:Stop using ask Let's circle back on that later.
|
# ¿ Jan 30, 2017 15:32 |
|
flosofl posted:I guess I don't understand how any content blocker could work if it can't a) read the content and b) modify said content to remove certain elements for safari to present to you. So "read and modify" are expected behaviors for content blockers. Content blockers can just be policy functions. They get called by Safari with the URL of the script/image/iframe and then Safari acts on the answer. The content blocker never gets a reference to the document itself.
|
# ¿ Feb 3, 2017 16:34 |
|
Kassad posted:That's just what the permission would let it do. It doesn't mean it's actually doing that. It'd be very obvious if it did since the source code is up on Github. As long as the binary is compiled from unmodified code.
|
# ¿ Feb 4, 2017 03:53 |
|
Don't mention microphones, either.
|
# ¿ Feb 9, 2017 21:43 |
|
Saukkis posted:I've sometimes thought that the only solution to password reuse would be to use required patterns in the password. When you go to change the password the page would tell you that the characters 4-6 in your new password must be "hEo", choose whatever you want for the rest. But it would require large portion of sites to use random patterns to make reuse impractical. Some sites do this. I proposed it at Facebook, but the other mitigations in place were deemed strong enough that the user friction wasn't worth it.
|
# ¿ Feb 25, 2017 04:54 |
|
I would hope that it wipes all unallocated space.
|
# ¿ Mar 15, 2017 12:07 |
|
spankmeister posted:A rogue DNS is also possible How would that affect https and http differently? Some SNI interaction I can't quite see?
|
# ¿ Mar 17, 2017 19:46 |
|
Oysters Autobio posted:Are there any security concerns from Android Pay in terms of further personal information being stored on the smartphone? Talking about the usual malware, viruses etc. that may target Android Pay as an app itself. This is more of my concern here, though the whole liability shift is good to know regarding tap or no tap (can we confirm that liability shift is the same here in Canada?). Card data is usually stored in a secured environment (or protected by a key stored there) such as Samsung's TrustZone. apseudonym posted:Your phone is far more secure than your desktop, its fine really. Absolutely this, even given that you're more likely to have an attacker with physical access to your phone.
|
# ¿ Aug 28, 2017 16:29 |
|
You could test that by tethering to a phone if you're using wifi. How often does it happen?
|
# ¿ Sep 24, 2017 16:31 |
|
Cup Runneth Over posted:I was just going by the description of Superfetch on Microsoft's website. That also contains instructions on disabling it if you want. That page doesn't mention anything about it taking up untowards amount of memory, though?
|
# ¿ Nov 15, 2017 14:40 |
|
anthonypants posted:30% of your total memory is an "untowards amount"? Who knows how much of that was Chrome by itself. The page linked in the post to which I replied was about CPU usage and not RAM usage, as far as I can tell. Did I miss something? But using 30% of your physical memory could indeed be entirely reasonable, if it would otherwise be empty or occupied by less-important things.
|
# ¿ Nov 15, 2017 22:18 |
|
Cup Runneth Over posted:Superfetch is one of those annoying RAM-hogging Windows 10 features. Cup Runneth Over posted:I was just going by the description of Superfetch on Microsoft's website. That also contains instructions on disabling it if you want. Subjunctive posted:That page doesn't mention anything about it taking up untowards amount of memory, though?
|
# ¿ Nov 15, 2017 22:37 |
|
How would it decide where to look in RAM and when?
|
# ¿ Aug 2, 2018 17:24 |
|
Enjoy churning on the .NET and JS JITs! Would the call to mprotect block until the scan is done?
|
# ¿ Aug 2, 2018 18:29 |
|
You can also map memory w+x, so it wouldn’t really help anyway.
|
# ¿ Aug 2, 2018 19:25 |
|
I’ve twice tried to start writing a patient, compassionate post explaining where Duck went wrong, but I can’t get my head all the way around it. It is a lot to unpack. Wheels within wheels.
|
# ¿ Aug 23, 2018 18:55 |
|
error events fire for images that fail to load, so you could probably detect that case with decent accuracy
|
# ¿ Mar 6, 2019 20:56 |
|
Cup Runneth Over posted:But what separates it from a partial server outage or a bad connection? Partial server outage is something you attack statistically, by watching loads from different servers. Most pages will have many to choose from. Bad connection typically won’t just error your ad stuff, but rather different pieces each time — if it’s good enough to load the page. There are perf metrics you can use to see how different resources loaded. But honestly whether you have a pihole or a bad connection, if you don’t see my ads, that’s what I care about.
|
# ¿ Mar 6, 2019 21:16 |
|
There are definitely anti-adblocker systems that will pop alternate content for pihole/hosts-file style network-level blocking. Curse (owned by Twitch) was testing one for a while as long as 18 months ago. I don’t know which part of “did too few of my ad scripts/images load? show alternate content” you are thinking is hard to do, though, so maybe there’s a particular component that’s non-trivial.
|
# ¿ Mar 6, 2019 21:26 |
|
Cup Runneth Over posted:So... blackhole the alternate content too, then? What I'm saying is that you cannot create a website that doesn't work properly if its ads don't load and not adversely affect random users who have nothing to do with the demographic you're trying to target. You can absolutely do that with adblockers because you can positively identify them as having one. You can only negatively identify a user as having loaded your ads. Identifying the alternate content...now that’s a challenging problem, since it can be just a big article-obscuring div and text, or served from the same server as the primary content (which is the usual case, because it’s just part of the site infrastructure). You might have noticed in your analysis that this is indeed how most of the adblocker interventions are structured already. The point of detecting an ad blocker is that you don’t want people reading your content without seeing the ads. Whether that’s intentional or due to some very specific and weird network failure, the effect on the business is the same. If a very unusual network failure is keeping just ad content from loading, consistently across page loads, you can live without that one-in-a-million reader until they get to a better network. It’s fine to affect random users, as long it’s not many of them, and you are talking about a pretty bizarre case indeed.
|
# ¿ Mar 6, 2019 22:45 |
|
Heners_UK posted:I think physical security is as good as it's going to get short of an IronKey, at least as far as my knowledge goes. WRT paper, I'm avoiding due to needing to update or cycle these from time to time. Is it hard to print new ones and replace the piece of paper in the safe?
|
# ¿ Apr 7, 2019 02:13 |
|
Just set a password. It’s easy.
|
# ¿ Apr 2, 2020 23:26 |
|
There’s also Bitwarden, which does multi-device TOTP and client-side encryption.
|
# ¿ Jun 14, 2020 02:44 |
|
postfix had it out of the box first, IIRC, but there were a couple of m4 packages that made it work on sendmail too.
|
# ¿ Feb 2, 2021 06:01 |
|
BobHoward posted:(If I were you, I'd look into running tools like git on WSL2 - I haven't used it personally but from what I've heard it probably works a lot better on average than cygwin.) Yes, much better.
|
# ¿ Aug 7, 2021 21:56 |
|
gmail file preview is several layers of defense. burning a powerful exploit like that likely means a very targeted attack
|
# ¿ Jan 14, 2022 01:22 |
|
2: BitWarden
|
# ¿ Jul 23, 2022 14:27 |
|
Duplicate passwords let the store compress better, so you’re really just being environmentally friendly.
|
# ¿ Nov 5, 2022 18:07 |
|
Yeah, we use 1Password at work so I could have a family license for free (or have the company pay for it, I forget) but I’m sticking with (paid!) Bitwarden. I don’t know if I’ll ever host my own storage, but the fact that it’s possible makes me feel better about the odds that someone could offer a compatible service if the wheels fell off. Wish it worked better offline, though.
|
# ¿ Nov 5, 2022 23:07 |
|
Ooooh, that’s interesting!
|
# ¿ Nov 6, 2022 18:58 |
|
RFC2324 posted:my home lab is hilariously overengineered I love it.
|
# ¿ Nov 6, 2022 21:41 |
|
My daughter (high school) had an assignment this week to spec out a PC build for a fictional graphic designer, and two of the items the teacher expected to see on the list were antivirus software (he recommended ESET) and malware removal software (MalwareBytes). I explained to my daughter that we are a Windows Defender house and that I would come and talk to the teacher if he objected. Some things are worth fighting for.
|
# ¿ May 26, 2023 21:23 |
|
Ynglaur posted:Graphic design, you say? Isn't the answer "use a Macbook"? We had that discussion and decided that it would probably not meet the requirements of the assignment. I think she mentioned it in her overview though.
|
# ¿ May 26, 2023 21:35 |
|
Definitely the system builder’s responsibility to calibrate things before delivery. I don’t think my old Spyder or whatever still works any more, so I just use rtings’ profiles and live with it.
|
# ¿ May 26, 2023 23:10 |
|
Saukkis posted:Isn't the recommendation to regularly recheck the calibration because monitors wear out and age. Yeah, that’s why I originally got the Spyder but the display I had at the time (some Dell thing) didn’t drift enough to be worth recalibrating before I forgot about doing it.
|
# ¿ May 27, 2023 02:59 |
|
|
# ¿ May 11, 2024 12:44 |
|
Cup Runneth Over posted:Oh certainly Those are tools for use by parents to supervise children, but we want tools to supervise parents.
|
# ¿ May 27, 2023 17:36 |