Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)S

sylver_dragon

@ sylver_dragon @lemmy.world

Posts
5
Comments
685
Joined
2 yr. ago

  • If you play a multiplayer game, and lose, who is the author of your defeat?

    Jump

  • The person who authored the cheat(s) the other person is using. Because clearly, if I lost they must be cheating. /s

    For many games, I'd argue that you are to blame for your loss. Assuming the game is based purely on skill, then your ability to execute said skills is the only factor which matters. Consider something like Chess, where the game is solved and one's ability to win is really down to your ability to memorize board positions and recognize the optimal move. If you lose, it's likely because you failed to pick the optimal path.

    This is mitigated, to a greater or lesser extent in games where chance plays some role. It's entirely possible to chose an optimal path, but have RNGesus decide that you get to lose today. Some games provide some ability to manage the risks created by randomness, but you often have some reliance on "luck". Obviously, the more luck dependent a game is, the less control you have over winning/losing.

    And then there is the issue of other players who can affect the outcome. If you play a game where there are more than two players, the other players may be able to change the course of the game enough that, no matter how well optimized your choices, you cannot win. This leads to the classic "kingmaker" problem in board games. It may be that someone who is themselves unable to win is in a position to directly effect the outcome of the game in such a way as to make another player win or lose. So, maybe you played a very good game, but the kingmaker decides that you lose.

    Ultimately, the answer to the original question is, "it depends". And there are a lot of factors one must look at to come to an answer. And that answer is unlikely to be whole one thing or the other.

  • Stack overflow is almost dead

    Jump

  • Not terribly surprising, Google would often direct me to StackOverflow threads as I was googling for an answer to a question. And as often as not, either the question was closed; or, instead of anyone providing an answer, the commenters would spiral off into questioning everything about the original question asker's life choices. While I do get the whole XY Problem, this sort of thing seemed to be over-used on SO.

    Granted, I don't know if AI answers are any better. Sure, they can answer a lot of the simple questions, but I've not seen them be useful on hard, more obscure questions. Probably because those questions don't have ready answers on SO.

  • Go-Based Malware Deploys XMRig Miner on Linux Hosts via Redis Configuration Abuse

    Jump

  • We learned this lesson over two decades ago. If you put your database server on the internet, you should lose your internet privileges. At minimum, the companies hit by this should consider the coin-mining done on their systems as a consulting fee from the hackers demonstrating how fucking stupid it was to set it up this way.

  • Is there a way to avoid those holes?

    Jump

  • If someone asks you if you're a god, you say YES!

  • When is democracy appropriate and when is it not?

    Jump

  • It's a matter of circumstance. Authoritarianism is only useful in situations where time pressures make the slow, deliberate decisions of democracy unworkable. Combat is a good example of this. When the shells are raining down around you, there isn't really time to hold a vote on how to proceed. So, in such situations there is usually a chain of command which is given authoritarian control. Other emergent situations will also often require similar levels of top-down control. The person in charge may not make the best or fairest decisions in the heat of the moment. But, inaction will almost certainly be a worse choice.

    The other side of this is, when the situation isn't emergent, a democratic (well, really semi-democratic, but I'm going to use "democratic") system is likely the best choice. And those democratic systems would be wise to prepare for the emergent situations by identifying and designating the people who will be handed dictatorial control when the fecal matter hits the air circulator. And the system for identifying when the emergency has ended, how dictatorial power is unwound and how the performance of the person handed that power is to be judged.

    The reason I hedged with "semi-democratic" is that a truly democratic system can have issues too. The classic "tyranny of the majority" problem. As any majority could override the rights of a minority in a truly horrible fashion. The solution being things like constitutional democracies, where the power of the majority is limited in specific ways (e.g. unrevokable rights).

  • Have you given up on America?

    Jump

  • No, but the country has problems. It's always had problems. Even with all of the economic hardship and political strife we have today, most people are safer, healthier and have better prospects today than they have had in most of US history. It's by no means perfect and we have a lot of work to do. But, giving up and checking out has never improved anything. It also doesn't help that we have a steady drip-drip-drip of negative information fed to us by our phones and algorithms. We are also facing one of the largest Constitutional Crises in US History, with the President pushing the boundaries of his Constitutional powers. Even if nothing breaks, we are likely to see many changes from all this. Hopefully, those changes result in better guardrails on the Presidency. And maybe even a repudiation of the Roberts Supreme Court. But, such a future is hard to see when we are in the middle of the storm.

    I even have hope for the slight voting majority which put Trump back in power. It's easy to dismiss those folks as a bunch of

    <insert invective terms here>

    . And some of them almost certainly fit those descriptions. However, there are a lot of them which are just scared and confused by the FUD sandwich being fed to them by the 24-hour news cycle, social media algorithms and politicians looking for easy votes. It's going to be hard work to pull them back off the brink. And if you're not up to that work, I understand. It's hard to want to put in the effort for folks who seem so far gone. I've spent a lot of hours arguing with folks with whom I disagree wholeheartedly. It's tiring and I can only take so much before I decide it's time to move on for a while. But, I would rather keep up the argument than let the country slide into full blown autocracy.

    So ya, I have hope. It's a grim hope and one which recognizes that we could lose. But, giving up now feels premature.

  • Rule of law is ‘endangered,’ chief justice says

    Jump

  • guys what the heck theyre putting micro chips in the cheese and using blockchains to track the micro chips

    Jump

  • I don’t get why people think putting manifests on a blockchain is a good idea.

    Because you can still separate many fools from their money by adding "blockchain" to whatever you are doing.

  • DOGE software engineer’s computer infected by info-stealing malware

    Jump

  • Fair enough, but absent any evidence that password reuse is leading to a problem, the article is trying to claim that him being the victim of previous breaches is somehow a failure of security on his part. That's just dumb. Maye he did reuse passwords and that's going to cause problems. But, absent any evidence of it, the whole article just comes off as yellow journalism, at best.

  • DOGE software engineer’s computer infected by info-stealing malware

    Jump

  • I understand your desire to be charitable or tempered, but this isn’t some random schmuck who made an oopsie and reused a password from a previous database hack.

    And nothing we know shows that he did that. Sure, he could have, and maybe he is that bad at security. The whole article is based on the supposition that he is reusing passwords. With no proof provided. If there's some evidence, then sure burn the witch. Otherwise, it's just baseless supposition.

    This idiot has his dumb fingers in vital government systems, and the fact that he didn’t clean up his security profile before wreaking havoc says a lot about his ability to do his job safely.

    There isn't anything he could have done about past breaches. As I said, my email is still in the HaveIBeenPwned database, not because I didn't clean up anything, but because I can't clean up anything. Once those creds have been published, they stay published forever. The only thing you can do is rotate any affected passwords and move on with life.

    And yes, the obvious failures on the DOGE website do speak to poor coding practices. I wouldn't hire the guy to code anything, but I still think the article is just over the top muck raking trying to turn breached credentials into a story which really isn't there.

  • DOGE software engineer’s computer infected by info-stealing malware

    Jump

  • I'm no fan of the folks at DOGE; but, I feel this bit is important to highlight:

    the presence of an individual’s credentials in such logs isn’t automatically an indication that the individual himself was compromised or used a weak password. In many cases, such data is exposed through database compromises that hit the service provider. The steady stream of published credentials for Schutt, however, is a clear indication that the credentials he has used over a decade or more have been publicly known at various points.

    I know that my own credentials show up in the HaveIBeenPwned database quite a few times. I've had the same email address going on three decades now and have been signed up to a lot of services which got breached. The result is that you can find my personal email address and the associated password for whatever service got popped. Does that mean my own security is bad and/or my credentials for anything else are compromised? No, because I use complex, unique passwords everywhere. Yes, if you dig through the data, you can find my username and password for Dungeons and Dragons Online. And that will net you fuck all, because that was the only place I used that password.

    Honestly, this article is more an embarrassment to the person who wrote it than the person it's about. Anyone who has had the same email address for any significant length of time and has used it to sign up to internet based services has probably had their credentials for some of those sites compromised. Sure, the OpSec and practices of folks in DOGE have been terrible, but all we know is that this user has had their credentials from other sites and services dumped, just like every other victim of such breaches. That's not news, nor does it reflect on the victims of those breaches. This is just a sad attempt at a hit piece, which only shows the author's lack of ability to find anything interesting to write about.

  • What are your thoughts around the death of Larry Henderson and Ryan Hinton, and the actions of Rondney Hinton Jr.?

    Jump

  • When people stop believing that justice is possible via the government system, they will seek it through other means. It doesn't make it right, but it does provide a warning that the system is failing.

  • ServiceNow acquires Data.World months after snatching up Moveworks

    Jump

  • ServiceNow is very much aimed at the managers. It's good at reporting metrics like SLAs, ticket counts and anything else management dreams up to track metrics on. The interface for analysts putting data into it is slimy shit on toast. I swear, one of the questions I plan to ask, the next time I'm interviewing for a job is, "what do you use for security case management". If the answer is "ServiceNow" or "ServiceNow Security Incident Response (SIR)", that's going to be a mark against that company. The only thing worse than ServiceNow ITSM is ServiceNow SIR. It's all the terrible design of ITSM, but with basic security case management features implemented by clueless idiots.

  • USDA chief says agency is trying to fill key jobs after paying 15,000 to leave

    Jump

  • The entertaining question would be: what do the salaries of the new employees look like, compared to the old ones? I'd suspect that the administration is thinking they can fire a well experienced, but expensive employee and hire on a cheap replacement. However, I also suspect many of those positions are fairly specialized and they are going to end up paying to get rid of all that experience and then end up paying a premiums to hire someone with the needed experience for the position.

  • Fighter jet landing on USS Harry S. Truman aircraft carrier goes overboard, forcing pilots to eject

    Jump

  • “the arrestment failed,” said the official

    I wonder at the nature of that failure. I'd immediately think this means "the cable broke" or "the hook broke". But, it could also mean "the pilot missed the cable and failed to respond correctly".

  • What are the privacy concerns for using Discord?

    Jump

  • I think it's best to start with the classic mantra:If you aren't paying for the service, you are not the customer, you're the product.

    It's easy to think that Discord isn't reading your messages or listening to your calls, because the utilize End to End Encryption. And this is a good thing for them to be doing. It means that no one can intercept the conversation, as it passes over the web. However, there is one glaring loophole, the data is decrypted by the Discord app on your device. Does the Discord app then send any/all of that data up to their servers? Probably not, but they probably also have the app scan it for keywords and categorize it so that they can upload that metadata about you to their servers. Also, for public Discord channels, you can bet that they are reading, scanning, and categorizing everything on those channels. The Discord app is also collecting as much information as possible about the device you are using it on.From their Privacy Policty:

    Information about your device. We collect information about the device you are using to access the services. For example, this includes information like your IP address, operating system information, browser information, and information about your device settings, such as your microphone and/or camera.

    The ultimate goal of this is to use this data to build a customer profile of you and sell that profile to advertising firms. As for how bad this is, that's up to your personal level of paranoia. For most people, this is probably a reasonable trade off, most of the time. If you are not the type of person who needs to protect their privacy carefully (e.g. a journalist in a hostile government) and the conversation you are having isn't all that important (e.g. talking about a video game), then it's probably fine. But, if you are having a conversation which might actually matter or you are worried about a repressive government, then maybe pick something with a better privacy track record (e.g. Signal).

  • Trump shut down program to end human waste backing into Alabama homes, calling it 'illegal DEI'

    Jump

  • Roll Tide!Brown tide.

  • Seriously Jesus, who was doing that for that to be added 😭

    Jump

  • Sorry, just recognized my typo, I meant to say "I wouldn't be surprised..."., Not sure how I missed that.

  • If you had to ruin an entire app/website by integrating automatic logout, which app would you choose to achieve maximum damage?

    Jump

  • That depends on the use case. For drive encryption, a centrally assigned and managed password is fine. It provides for protection of data at rest while also ensuring that a single point of failure (the user) won't remove access to the data contained on the encrypted volume. Since it's not intended to prove identity, that risk needs to be mitigated by a different control.