At this point, Prime doesn’t make sense if you want to save on shipping. It made sense because it included a lot of good stuff (video before ads, some music, shipping, games) but just for shipping, there were better options.

I basically overpaid but didn’t care out of convenience - partner sometimes watched prime, I ordered occasionally, played some included games. But the changes to video were so shady that I cancelled it.

What’s confusing about wine prefixes apart from the fact that wine itself doesn’t come with a graphical interface to manage them? On a Deck, Steam should handle these for you

I don’t really agree with the video for a number of points though I’d say that changing the port is not a security, but a convenience feature.

Privileged port is probably the best argument, however the attack mentioned here would only work for users not having connected to the host before, as otherwise you’d get a host key check failure. The host key wouldn’t be readable by an attacker in the case mentioned, and you wouldn’t be able to steal passwords if the user has a key authentication only.

Only allowing certain IPs won’t work in a lot of non-commercial environments, and fail2ban can be used for DOSing the server as the attacker can spoof the sending IP to a legitimate one, denying access.

Nur eine einzige Möglichkeit verhindert Stau für alle: die Autobahn muss in jede Richtung so viele Spuren haben, wie es Fahrzeuge gibt.

There was a slight bonus in there for him to, genius doesn’t work for free

Please don’t bring in this worn out Reddit joke

I worked in software certification under Common Criteria, and while I do know that it creates a lot of work, there were cases where security has been improved measurably - in the hardware department, it even happened that a developer / manufacturer had a breach that affected almost the whole company really badly (design files etc stolen by a probably state sponsored attacker), but not the CC certified part because the attackers used a vector of attack that was caught there and rectified.

It seemingly was not fixed everywhere for whatever reason… but it’s not that CC certification is just some academic exercise that gives you nothing but a lot of work.

Is it the right approach for every product? Probably not because of the huge overhead power certified version. But for important pillars of a security model, it makes sense in my opinion.

Though it needs to be said that the scheme under which I certified is very thorough and strict, so YMMV.

My router will still block all ports not explicitly allowed for the hosts regardless of protocol, it’s a firewall after all and not just NAT. Just because the host addressable doesn’t mean its ports are reachable.

Dazu kommt dann auch noch die komplett falsche Vorstellung, dass Kranke immer zuhause im Bett liegen.

Und selbst dann… wenn ich persönlich krank im Bett liege und jemand klingelt stehe ich nicht auf. Was wäre denn dann das Ergebnis des Besuchs? Ich muss sowieso für fast niemanden die Tür öffnen.

And the Bible being a justification for state executions is such a horrible excuse.

Which part of the Bible allow that? Is it this “an eye for an eye” thing? And if yes, do those people referring to it also honor the other verses in Leviticus (i.e. not eat shrimp)?

Salt the hash with something unique to that specific user so identical passwords have different hashes

Isn’t that… the very definition of a Salt? A user-specific known string? Though my understanding is that the salt gets appended to the user-provided password, hashed and then checked against the record, so I wouldn’t say that the hash is salted, but rather the password.

Also using a pepper is good practice in addition to a salt, though the latter is more important.

*In animal models.

For isotonitazene, which is related to etonitazene, activity in animal models is 1000 times as potent as morphine, while in humans, it’s “only” 60 times as potent, according to Wikipedia.

The actual numbers for each I didn’t find, but I guess that’s because there were no human studies.

Isotonitazene is a benzimidazole-derived opioid analgesic drug related to etonitazene, which has been sold as a designer drug. It has only around half the potency of etonitazene in animal studies, but it is likely even less potent in humans as was seen with etonitazene (1000 times as potent as morphine in animal models yet only 60 times as potent in humans).

Testing is actually mandatory, what’s not mandatory though is to do it before deploying.

what’s feurking

An optional step in the développement process

Emacs? When there’s ed? Talk about bloat…

Skylines is ok, it never clicked for me, consider it more of a city painter than a management game… That plus Paradox’ DLC policy made the game quite unattractive to me rather quickly. And it was very car-centric.

Unfortunately, I’m unaware of a serious contender.

Personally I’d love to see more wider usage of S/MIME and/or PGP.

I’d rather see less. https://www.latacora.com/blog/2019/07/16/the-pgp-problem/ is a good summary about the issue and they have a shorter follow-up post about why encrypting mail in general is bad at https://www.latacora.com/blog/2020/02/19/stop-using-encrypted/

What I take issue with actalis, is that they don’t just sign your private key but you actually get the private key from them. It then depends on how much you trust the issuer.

By definition, that key can no longer be considered “private”.

Ich muss dabei leider am dieses Zitat denken, auch wenn es dort um die USA geht:

I have a foreboding of an America in my children’s or grandchildren’s time – when the United States is a service and information economy; when nearly all the manufacturing industries have slipped away to other countries; when awesome technological powers are in the hands of a very few, and no one representing the public interest can even grasp the issues; when the people have lost the ability to set their own agendas or knowledgeably question those in authority; when, clutching our crystals and nervously consulting our horoscopes, our critical faculties in decline, unable to distinguish between what feels good and what’s true, we slide, almost without noticing, back into superstition and darkness…

The dumbing down of American is most evident in the slow decay of substantive content in the enormously influential media, the 30 second sound bites (now down to 10 seconds or less), lowest common denominator programming, credulous presentations on pseudoscience and superstition, but especially a kind of celebration of ignorance.

Wenn ein Ende zum BSI führt

Kann mir nicht vorstellen, dass die da Lust drauf haben. Da landet eher bei irgendeiner Polizei. Oder man macht einfach die Stasi für sowas wieder auf, die kennen sich mit Postkontrolle ja aus.

l haven’t played Planet Coaster, but my impression was it’s more of a coaster builder than a theme park manager? A lot of “hardcore” players play OpenRCT 2, and for a slightly more modern take on the genre there’s Parkitect. But classic RCT hasn’t been replaced