biscuitswalrus

Oh I think I've met you! You must be my coworker!

Just joking of course, looking fun of a privacy focused person while making a point my coworkers also don't read. I'm glad you didn't delete the post though, I enjoyed the journey. You did read, you're better than my coworkers.

The messaging around this so far doesn't lead me to want to follow the fork on production. As a sysadmin I'm not rushing out to swap my reverse proxy.

The problem is I'm speculating but it seems like the developer was only continuing to develop under condition that they continued control over the nginx decision making.

So currently it looks like from a user of nginx, the cve registration is protecting me with open communication. From a security aspect, a security researcher probably needs that cve to count as a bug bounty.

From the developers perspective, f5 broke the pact of decision control being with the developer. But for me, I would rather it be registered and I'm informed even if I know my configuration doesn't use it.

Again, assuming a lot here. But I agree with f5. That feature even beta could be in a dev or test environment. That's enough reason to know.

Edit:Long term, I don't know where I'll land. Personally I'd rather be with the developer, except I need to trust that the solution is open not in source, but in communication. It's a weird situation.

Now I'm not part of this, but a international student just got scammed $170 000 dollars over 3 months. They believed that the police had seized their Australian bank account and were contacting them related to their identity being stolen. It wasn't at the time of call, but the international student, maybe 25, was fully profiled. They knew where he studied, who they had been talking to. At the time of call, the poor kid thought he was talking to the police, gave every bit of information including bank account which had mfa, but undid it and and followed the scmmers requests believing he would be deported. He called home to his parents and asked them for more money even in order to build a new account because he believed is other one was frozen, the new account was under order and control of the scammer who this kid trusted. The scammer even made this kid move into a hotel for a week as their "premise needed to be searched" it wasn't for a month after this that it was found because the kid believed he couldn't tell anyone before the school (where he was attending but kept leaving to take calls which is a no no) had to tell the kid that absenteeism will result in the student visa being cancelled. At that point it all came out, month and more of being scammed.

My point is, no it's not business. Just look at the YouTubers, just watch Jim Browning. Just ask people, it's a multi billion dollar industry. And it's not limited to rules like 'business'.

There are massive collections of databases online that find where breaches have occurred allowing attackers to dump the database of that service, then collect all those database dumps together to identify all known accounts under an email address. Then once that email account ever has a password breach attackers can look up and see 'was this password used also on other accounts' and attempt to use the same email and password on them. Moreover they will just try that email regardless of known affiliation, if they already have a user name and password across many online services, it's safe to assume this will work sometimes. This is the essence of a credential stuffing attack.

https://www.abc.net.au/news/2024-01-19/what-is-credential-stuffing-scams-how-to-prevent-and-protect/103367570

https://www.abc.net.au/news/2023-05-18/data-breaches-your-identity-interactive/102175688

I've used abc here since I believe they write better for a lay person.

Edit: I should mean to say, they can also create a profile of you and your many email addresses as demonstrated.

You realise if it's saved you can now use features that are built into the software, that get saved, like using 'track changes' to accept or discard edits granually. You have file system level version control to choose previous versions, you have an undo feature built in. Three different tools to use.

Not really, you can leave auto save on, and use the inbuilt track changes function. Best of both worlds.

Have you tried using file versioning, or using review (track changes) functions to propose changes so you can choose to accept edits or decide against them? It's like there are specific features for this scenario that allow you to save, have backups and have that control.

This is an insane scenario: my software design decision is, despite recovery mechanisms like previous versions, file history, and undo mechanisms, I'm afraid if a cat uses a keyboard I'll accidentally save changes I don't want to a word document.

Lol. The only user error was choosing libre office instead of a user friendly software stack that has reasonable defaults and r recovery mechanisms.

There's a few random projects that aim to store bulk data and human information in durable materials.

https://www.popsci.com/technology/5d-disc-stores-500-tb-of-data/

Professor Peter Kazansky, from the ORC, says: "It is thrilling to think that we have created the technology to preserve documents and information and store it in space for future generations. This technology can secure the last evidence of our civilisation: all we've learnt will not be forgotten."

I'm learning most of the articles are all based on this guy from 2013 until now it's still been in mostly research phase though proof of concepts have been done.

I'm trying to find evidence of another thing I swear I heard about where someone had some instructions from first principals how to read the data, but all the way from something like understanding the language to data format. I listened to something in a tech podcast but can't find it.

It should make me irrationally angry, but no, it's a rational hatred. It burns even more intensely.

The guy said brute force but meant credential stuffing.

Basically using an army of remote compromised devices to use known user name password combinations. If they used the same email and password that was found on another compromise, then their account would successfully be logged in first try from a unique ip each time.

Not to boast MS, but its service life is longer than Linux at 10 years. Lts on Linux is generally at best 8. Ltsc on Windows is much longer. Windows 10 released on 2015 and the ltsc ends at 2027 on the enterprise channel, or 2025 for the consumer general availability.

I'm only commenting because I dislike misinformation more than I dislike MS.