|
Yes? Quickly, is 2700X better than 9700K? gently caress knows! I dream of a world where device performance is measured in Universal Work Units or UWUs, so we can have a single metric to compare them against.
|
# ¿ Dec 27, 2018 10:58 |
|
|
# ¿ May 9, 2024 08:52 |
|
Lutha Mahtin posted:some guy claims to have cracked open widevine drm That L3 security level is the "security through obscurity" variant which, no surprise to anyone, is vulnerable as hell if you try hard enough. Software obfuscation only. L2 and L1 are the security levels that try to actually involve OS/hardware in the protection. Always happy to see DRM crumble but this might not be that big an achievement. Then again, considering that only mobile devices get above L3 security, this is still something.
|
# ¿ Jan 3, 2019 10:20 |
|
sadus posted:Oh boy "Hacking Chromecasts/Google Homes/SmartTVs Progress: 7893/123141 [6.40973%]" What exactly is this hack? Surely it's not just "Chromecast listens for anonymous commands from the internet and asks UPnP to open the port"?
|
# ¿ Jan 3, 2019 11:23 |
|
geonetix posted:yes. yes it is. Turns out that no, Chromecast is fine and this is just lovely routers being lovely: https://twitter.com/SwiftOnSecurity/status/1081000904688656386
|
# ¿ Jan 4, 2019 12:06 |
|
Pile Of Garbage posted:chomecast having UPnP enabled by default: secfuck No, not necessarily. What you say about Switft is true but he does address this - UPnP is a wide-ranging suite of standards and he says Chromecast does not use the "open a port" variant that the lay audience might normally associate with UPnP. Unless he is flat out wrong in his facts, Chromecast is in the clear here. Other uses of UPnP are "media player" features. The Windows "Play To Device" function is UPnP, for example. I bet Chromecast does something in that style (Swift mentions SSDP, which is for finding devices).
|
# ¿ Jan 4, 2019 14:34 |
|
Celexi posted:Lmao i'll never understand turbo nerds hate of upnp "THEY SHOULD HAVE TO CALL ME TO OPEN THE PORT ON THE ROUTER" I wonder how they'll react when they realize what IPv6 does to this situation. Edit: Oh, is this what is holding IPv6 adoption back?! EssOEss fucked around with this message at 07:58 on Jan 6, 2019 |
# ¿ Jan 6, 2019 07:45 |
|
ErIog posted:how people deal with this situation on the compliance end of things in general because I imagine this situation is the state of most packages in most Linux distros. I have only dealt with PCI DSS compliance so YMMV but PCI is NOT at all about "you can't have vulnerabilities". It is about "you need to be aware of vulnerabilities and address them in the proper way", where "the proper way" can just be "acknowledge they exist and accept the risk" (hopefully after verifying the risk is negligible). For sure there are plenty of pointy haired bosses who just see it differently but tht's not compliance, that's incopetent bosses. ErIog posted:Is everyone just doing what ratbert suggested and compiling poo poo from source so they exchange known low/medium known CVE's with unknown zero days or is there a standard way people say, "This is the current state of things. It's not the best, but it's also just not that critical for our specific usage. This not only affects RHEL but also Debian. Considering the number of CVE's this package generates on a regular basis, I am not comfortable installing the most recent version in its untested state." Sounds like you did. Compliance processes are there to try to force blissfully ignorant companies into acting with some awareness of the risks that affect them. Evaluating the CVEs and going "yeah we're good" is exactly the right approach for you, it sounds.
|
# ¿ Mar 10, 2019 18:02 |
|
|
# ¿ May 9, 2024 08:52 |
|
Keepass for life! Has anyone found the ideal way to configure it for Google Drive syncing? I have the following issues: * On PC, sometimes * Sometimes, the Keepass database will just vanish from my Google Drive. I imagine it has to do with the different save modes and some race conditions and it was never a big issue (I can get it back from trash as soon as I notice it) but annoys me. * On Android, I could never figure out how to get it to automatically pick up my saved changes and upload them back to Drive - it seems to act as read-only copy.
|
# ¿ Mar 11, 2019 06:53 |