• 0 Posts
  • 13 Comments
Joined 1 year ago
cake
Cake day: December 26th, 2023

help-circle
  • I think what happened here is that something went wrong and messed up the permissions of some of the users files. MS help suggested that he login as an administrator and reatore the intended permissions.

    I don’t work with Windows boxes, but see a similar situation come up often enough on Linux boxes. Typically, the cause is that the user elevated to root (e.g. the administrator account) and did something that probably should have been done from their normal account. Now, root owns some user files and things are a big mess until you go back to root and restore the permissions.

    It use to be that this type of thing was not an issue on single user machines, because the one user had full privileges. The industry has since settled on a model of a single user nachine where the user typically has limited privileges, but can elevate when needed. This protects against a lot of ways a user can accidentally destroy their system.

    Having said that, my understanding of Windows is that in a typical single user setup, you can elevate a single program to admin privileges by right clicking and selecting “run as administrator”, so the advice to login as an administrator may not have been nessasary.


  • Fetlife is not a dating app. They have actively not implemented features such as filter by age/gender in order to avoid becoming a dating app. If you are looking to get involved in your local kink community, Fetlife is the answer [0]. For anything else, it is garbage. If you try using it to get laid, you will just be pissing a bunch of people off.

    [0] At least for my local kink community. Other areas might vary.


  • If that were the case then they would have written that into their constitution 70 years ago. And they wouldn’t have assasinated their own prime minister 30 years ago.

    Heck, the current minister of national security Ben-Gvir was rejecting from mandatory constriction by the IDF, and convicted in an Israeli court of supporting (Jewish) terrorism after being indicted by an Israeli prosecutor.

    These are not things that happen in a country that is unified in its goals.


  • The Israeli government has no idea what it is doing. Literally. The current government was a barely held together coalition prior to October 7. In the direct aftermath, they formed a unity government and war cabinet that collapsed last week.

    Their prime minister has been indicated on corruption and bribertmy charges, which are currently on hold for obvious reasons. By most indications his primary motivation in this matter is to stay in power himself, with Israel’s national interests being secondary.

    Individual members of IDF leadership have called Israel’s stated objectives “unachievable”.

    Israel simultaneously wants to live in peace as a liberal Jewish state without commiting any form of ethnic clensing; and achieve its manifest destiny of establishing a Jewish theocracy across Judea and Samaria.

    These are deep questions that get to the core of what Israel is and stands for. Questions that are to be answered by the Israeli constitution in the 50s. That never happened because Israel was never able to agree on a constitution [0].

    Right now, Israel is just reacting, without any long term strategic vision. Various factions are trying to use that chaos to advance their own long term vision.

    [0] Which led to the big judicial reform constitutional crisis that was a giant political crisis before October.



  • I’m one of those security specialists (although not on mastodon). To be clear, if a vulnerable version of libxz were included in a distribution that we actually use; this would be an all hands on deck, drop everything until it is fixed emergency.

    Having said that, for an average user, it probably doesn’t matter. First, many users just don’t have the vulnerable version installed. All things considered, it was found very quickly; so only rolling release distros would have it. Additionally, it appears that only .deb or .rpm based distributions would have it. Not because they are particularly vulnerable, the attack explicitly tests for it.

    However, lets set all of this asside and assume a typical use is running a vulnerable system. In my assessment, the risk to them is still quite low. With most vulnerabilities, the hard part is discovering it. Once that happens, the barrier to exploiting it is relatively low, so you get a bunch of unrelated hackers trying to exploit any system they can find. This case is different; exploiting it requires the attackers private key. Even though the attack is now widely known, there is still only 1 organization capable of using it.

    Further, this attack was sophisticated. I’m not going to go as far as others in saying that only a state actor could do it. However, it is hard to think of anyone other than a state actor who would do it. Maybe a group of college kids doing it for the lolz research? But, if the motivation us lolz, I don’t see them pivoting to do anything damaging with it. And even if they wanted to, there would still only be a handful of them. In short, this is one of those cases where obscurity works. Whoever did this attack does not know or care about Joe the Linux user; and they were probably never going to risk burning it by exploiting it on a large scale.

    However, setting all of that asside, suppose you were using vulnerable software, and someone with the private key is interested in your home system. First, you would need to be running OpenSSH on a remotely accessible interface. [0]. Second, you would need your firewall to allow remote SSH traffic. Third, you would need your router to have port forwarding enabled; and explicitly configured to forward traffic to your OpenSSH server [1].

    If all of that happens; then yes, you would be at risk.

    [0] Even though the attack itself is in the libxz library, it appears to specifically target OpenSSH.

    [1] Or, the attacker would need some other mechanism to get on the same network as you.


  • homura1650@lemm.eetoAutism@lemmy.worldWhy is it so hard for you?
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    2
    ·
    10 months ago

    Until I noticed what community I was in, I interpreted it completely differently. The women is engaging in a niche hobby of making something in a particular and esoteric way, and the man just bought a mass produced version of the thing; thereby completely missing the point of what she was doing.

    Like, if I wanms building a chair using hand tools and an unproccessed log. Sure, you could go to a furniture store and buy a chair, or maybe Ikea and “build” one; but that completely misses the point.



  • There are still a lot of rather arbitrary decisions to make.

    Is 4/pi inside or outside of the summation?

    Is it (-1)^n+1 or (-1)^n with an additional negative sign in any of the other natural locations for it.

    Is the e term outside of the fraction with a negative exponent, or part of the denominator.

    Do you start with n=0 or n=1 (and adjust the terms inside the summation accordingly)

    Did they expand (2n+1)^2?



  • Not nessasarily, the protocol could be written so that an instance simply tells other federared instances “X of my users upvoted this, and Y downvoted this”.

    The tradeoff being that instance then have less tools to work with to moderate voting. Instead of being able to do global vote ring detection, the most they can do is look for abuse on their own server, and trust that every instance they vote-federate with does the same. Even then, with every instance trying to be vigilant, no one instance would have the info to detect a cross-instance abuse.



  • Agree on going with safty razors, but once you are there, you don’t want to cheep out. The one option my local grocery store carries is a $20 that is complete junk. I invested $70 in a Henson safty razor and never looked back. They also have a $250 offering for people who want the benefits of a safty razor without the cost savings.

    For blades, I actually splurge and buy the $0.20/piece offering from Feather instead of the $0.10/piece ones that Henson sells. Still cheeper than the $0.80 safty blades the grocery store sells, or the checks app $4.50/piece cartridge blades the store sells?!?

    Moral of the story: go cheap, but don’t be afraid of spending a little money to do so.