Digital security Apprentice
- Generation 7. I realize you acknowledged the hardware age, but it's really the difference in my own workflows and experience.
I'm still on a Gen 8 i7 (with 40 GB RAM, to boot) T480s. I take pretty good care of my machine, so it's still in superb physical shape.
But, given today's massive webapps and video calls while having my workspace programs open, I'm in Hell. A failing keyboard would probably push me to repurpose the current machine and upgrade as well (and still replace the keyboard for kicks).
If I wasn't strapped for cash, I would have bought an AMD Framework eons ago.
- absolutely, i get this. i assume it's going to be a relatively small subset that go open in order to jump to an open platform. i'm not super familiar with the f-droid publishing ecosystem (or mobile publishing at all, admittedly).
i do wonder if there's regardless going to be some kind of (perhaps overwhelming) inundation.
- The consumer VPN heyday has long passed. Most Mullvad endpoints i use are blocked in increasingly more places, including and especially reddit.
It's the only VPN I've tried thoroughly, so i don't know how they and Proton compare today (or, really, ever). The landscape has been degenerating across the board, I reckon.
- > less likely to visit the site in the future or view it with contempt and abandon it a soon
> fiddling with a VPN is often more hassle than its worth and its just left always on.
Not to saying this is wholly preferable, but I have often found this to be beneficial for me in that it tends to deter me from wasting disproportionate amounts of time on crap web content (either that, or HN wins over that remaining browsing time when it's not blocking me :)
- Funny enough, seeing all types of different suggestions under the sun here in the sibling posts; it's also unsurprising, since I myself can't tell where the gap is between what the Pi offers vs. what you're hoping for, as that would have been the first thing I suggested.
In addition to all the other suggestions, you might look at PINE64's offerings. Maybe one of their tablets, their PinePhone, or one of their SBCs or SOCs.
- This is probably the best time as any I'll ever get to mention that Patrick Wyatt's[0] blog[1] is a gold mine of frontline, boots-on-the-ground accounts of making WarCraft II and other games.
- I too have heard about syncthing for the first time today but from a different submission[0] you might care to be aware of.
Although, I realize Android != Kindle's OS, so I'm not sure how much concern there should be.
[0]: https://www.hackerneue.com/item?id=46184730 "Syncthing-Android have had a change of owner/maintainer"
- This is absolutely the most charming thing I've seen in a hot minute.
For anyone also thoroughly enchanted like me, there is an additional, longer demo:
https://www.youtube.com/watch?v=WV52RtuWXk0
Living in software land, I do wonder how hard is the undertaking to build one of my own.
As a hobbyist cuber, this project reeks of icebreaking potential for the rest of the times I'm not actively solving -- leave it on my desk next to a cube... random coworker walks by, sees and grabs the cube, shuffles it, and chucks it into the SARCASM machine, enjoys a minute of novelty, ????, profit!
- 3 days ago, 429 comments:
- Hi, I'm not following the point being made.
I skimmed through all the articles linked in GP and finding them pretty relevant to whatever decision might have been made to utilize the AI system (not at all to comment on how badly the bad tip was acted on).
Hailing from and still living in N. California, you could tell me that this school is located in Beverly Hills or Melrose Place, and it would still strike me as a piece of trivia. If anything, it'd just be ironic?
- I must take a moment to second the bit about proper push-up form.
Fantastic exercise you can do just about anywhere.
I went an hour out of town to watch the Perseids a couple months back. I'm a bit of a gym rat, so I did sets of push-ups to keep my body temperature up, though I'm already shivering by the time I'm starting each set. So, I completely neglected to even think about the proper form (I made the classic mistake of squaring outward my elbows), and further aggravating the circumstances was dealing with the awkward road angles/grades.
With just a handful of sets, I'm pretty sure I permanently damaged my right shoulder. Ugh. The Perseids were fantastic, though :)
- You might check out the Keychron K3. The 500+ looks (at least, in the photos) so much like my K3 that I thought at first it was a collab with Keychron.
If you're looking at configurations that look very different aesthetically, keep in mind you can replace with aftermarket keycaps.
There are several variants of the "K3"; some configurations will have swappable switches, others not. Beware.
If you want software hackability as well, you'd probably go with one of the QMK/VIA versions.
- If it's just the keyboard appearance itself piquing your interest, you might check out the Keychron K3 (the brand has apparently grown a lot since I was last shopping around for keyboards, so it looks like they have a "K", "K Pro", and "K QMK" as well as several other "[Insert Letter Here]" lines of models now... back then all they had were K keyboards).
To clarify, this is to say I'm looking on their website right now and seeing at least five variants of "K3" alone.
It's hard to tell when all the promotional photos are showing either a partial shot or an aggressive angle, but it looks so much like my K3 that I actually thought they were going to say they collaborated with Keychron on the design.
- for anyone reading this actually interested, just FYI an improved model "HackRF Pro" is due for release in the next month or so, is backwards-compatible, and is what will come in at that $400 price tag.
years ago, there used to be a very abundant market for used or chinese clone HackRF One units, but i haven't been able to find any these days.
- I don't think you need to try to die on this hill (primarily remarking w.r.t. your lumping in Anubis with Cloudflare/Google/et al. as one). In any case, I'm not appreciating the proliferation of the CAPTCHA-wall any more than you are.
The mascot artist wrote in here in another thread about the design philosophies, and they are IMO a lot more honorable in comparison (to BigCo).
Besides, it's MIT FOSS. Can't a site operator shoehorn in their own image if they were so inclined?
- Hi there, thank you for chiming in.
Viewing the challenge screenshot again after reading your response definitely sheds light as to why I have no aggro toward Anubis (even if the branding supposedly wouldn't jive well with a super professional platform, but hey, I think having the alternate, commercial offering is super brilliant in turn).
On the other hand, I immediately see red when I get stopped in my tracks by all the widely used (and often infinitely-unpassable) Cloudflare/Google/etc. implementations with wordings that do nothing but add insult to injury.
Thank you for the thought you put into that. I think you guys hit it out of the park.
- So to follow up on my misconceptions, the RollBack attack it is based on is now implemented on underground firmwares and is what is novel. The research itself too is fairly novel and was published in 2022, capable (at least, on paper) of rolling back the cipher state on the receiver, preventing de-sync (and is the crux of why this submission is amazing).
The prior RollJam that I thought this was dates back to Samy's 2015 findings. It turns out 2015's RollJam (unlike RollBack) requires active interference and seems to necessitate the attacker being in the vicinity of both the remote and the receiver.
- Assuming it doesn't do anything else magical, I don't see much point in dignifying it with a web hit, let alone finding out its name.
It's odd to throw in the dark web, thousand dollar firmware bit when third-party firmwares are developed in the open and have long ago already implemented KeeLoq, but I guess they aim for sensationalism and shock value.
- I wouldn't call it a "good" fallback, but i do have a VPS handy with an always-on squid proxy (remember to bind only on localhost and use via ssh tunnel, or some other secure method, if anyone is going to get ideas from this comment) among the other things i use my VPS for.
I do find that different subsets of services tend to get blacklisted.
I remember starting this book back in college and rolling my eyes at this scene for being so campy and tacky that I just dropped the book.
I came back to it just a few weeks ago out of disbelief that that is where we've arrived today.