Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)E
Posts
6
Comments
1467
Joined
3 yr. ago

  • I got an email from USAA yesterday excitedly telling me about their new voice ID feature. You can now contact them over the phone and manage your account with fewer security questions by having your voice analyzed. What could go wrong.

  • So there are two things that certificates are for. You already understand the first one, which is the cryptography itself. You can use them to encrypt your traffic so that information sent over the connection is not in plain text.

    The second thing certificates do, is the answer to your dilemma. Identification. For your browser to trust a website’s certificate, the certificate has to be valid for that website. What makes a certificate valid? The certificate has to have been signed by a trusted Certificate Authority, and the name on the certificate must match the website you’re visiting. If you were to ask “What makes a certificate authority trusted?” The answer is that your web browser and/or operating system come preloaded with certificates for trusted certificate authorities. These special certificates were used to sign the certificate of the website you’re visiting, which is another thing your browser checks for. A malicious third party can’t (easily) obtain a valid certificate/key pair for a domain that they don’t own. If your browser was presented with a fake certificate from the malicious third party, it would not connect and would warn you that your connection isn’t secure and would explain why.

    Now if more specifically, you’re wondering that if a malicious third party takes any given website’s public certificate, can it use that to decrypt your session? After all, that public cert is signed and trusted. The answer to that, is that when a certificate is created, so too is a private key file created. This private key is never presented to the public, and it’s the only thing that can decrypt sessions that were encrypted by its paired public certificate. So that third party could install that certificate on a web server theoretically, but they wouldn’t actually be able to decrypt anything because they don’t have the private key for the legitimate certificate.

    So in order for a man in the middle attack like this to work, they’d have to obtain not only a legit websites public certificate, but also the corresponding private key. OR, the third party would need to get access to your PC, and install its own certificate authority signing cert, so that it’s fake, self signed certificates are trusted by your browser. Both of these are possible, but at that point you’re not talking about an unknown man in the middle, the man would have to compromise one of the two ends.

  • Just hope they don’t have cameras.

  • It’s their company blog.

  • Yeah who’d have thought

  • Was this not already a feature?

  • A big differentiator in how you might want to tackle this depends on one question, are you planning on getting into Linux systems administration, like for work? Because if you actually really want low level Linux skills then that’s a whole slew of things you’ll need to learn from scratch. And it’s not just your Windows-only experience that’s holding you back, managing a server is different from managing your desktop.

    But if you’re not really interested in working in IT or all you really want to learn how to self host, you’re probably better off with an appliance, like UnRAID. These OSs abstract away much of the low level stuff so you don’t have to worry about it. Not the best way to learn how Linux works really well, but the easiest way to manage your self hosted environment.

  • I wish Empire of War had quicker AI turns. It’s my favorite one but you spend so much time waiting for AI turns to complete.

  • You didn’t just start using electric ones?

  • I switched away from google maps to Apple Maps a few years ago and I honestly can’t tell any difference. If google maps traffic data is better, it’s not in any noticeable kind of way for regular day to day usage.

  • 100% of the companies this article is about are American companies. The top talent the article describes live in the United States.

    0% of the countries that aren’t America are relevant to this article, my comment, and this thread. Including yours.

  • The article isn’t talking about Apple or Google adding privacy-invasive stuff. It's talking about protections being put in place To prevent you from being tracked by things like Apple’s Airtags

  • You think the market is fucking rational, here? I've got news for you, guy, regular people's view of this means fuck-all to these people and the only thing that matters to them is the stock price.

    The market absolutely props up "irrational decisions" and cutting employees to cut costs has been a bellwether for increasing stock price for forty fucking years now.

    That’s my exact point. I don’t think this is some conspiracy to secretly lay off people. I think this is just a more straightforward case of C-levels blundering around with decisions that make sense only to them.

    I think they absolutely thought RTO would be a benefit in some way, and after being proven wrong they just save face with corporate buzzwords.

  • I’m not sure if this was actually some kind of sinister plot, rather than incompetence and ego. You’re not the first to suggest that this is a way to lay people off without “having to pay severance”, but what really throws a wrench into that idea is that in most states they didn’t “have” to pay severance in the first place. That’s really more reliant on the employment offer or contract. There really wasn’t anything stopping these companies from just laying people off the normal way. The only other justification I’ve seen is that it’s a way to “avoid bad press”. But clearly it doesn’t because we all still know this is happening and we’re all still just as unhappy about it. If anything, it’s better for a company to just lay people off and spin it as a “cost saving measure” to appease shareholders, than make it look like top talent is leaving of their own volition. The latter makes the company look bad to both the general population and its shareholders.

  • They’re going to blame minimum wage raises, even though it was happening before the minimum wage raises, and in states where the minimum wage wasn’t raised at all.

  • But he didn’t lose “paying hours”.

  • Oh that’s what you mean, yeah they don’t make it easy to find. I only linked their site so OP could see the feature set. I run it in docker, and remove all the nonsense membership and newsletter features and buttons.

  • The part where you self host it? I don’t understand the question.