Yes!
When I learned of Anna's Archive a few years back I too was frustrated by the lack of a short explainer of how to access single files, existence of an API, etc.
Now I'm envious of LLMs somehow
>> You know, it wouldn't kill them to add some fucking details to the main page rather than making you dig for it. The TL;DR:
WTF is a Anna's Archive: Hi, I’m Anna. I created Anna’s Archive, the world’s largest shadow library. This is my personal blog, in which I and my teammates write about piracy, digital preservation, and more.
WTF this post is about: Exclusive access for LLM companies to largest Chinese non-fiction book collection in the world.
Being in the same boat as you I switched to OpenCode with z.ai GLM 4.7 Pro plan and it's quite ok.
Not as smart as Opus but smart enough for my needs, and the pricing is unbeatable
Ditto. It is very very slow but I never hit quota limits but people on Discord are complaining like mad it is slow even on the Pro plans. I tend to use glm-*air a lot for planning before using 4.7
Actually, the real countermeasure to PTH is to disable NTLM auth and rely only on Kerberos (and then monitor NTLM as a very strong indicator that someone or something is attempting PTH)
Of course kerberos tickets can be abused too in a lot of fun ways, but on a modern network PTH is pretty much dead and a surefire way to raise a lot of alerts
(You are absolutely right that privileged accounts must never login on less privileged assets, however!)
Yeah...we just went through this process over here. I was more just making the point that "If its possible to use a system wrongly which undermines its security, it is already broken" isn't always true. I guess you could argue its NTLM there thats 'already broken', but the idea was more "SysAdmins are sometimes given red buttons to never press under any circumstances."
>Most TOTP apps support backups/restores, which defeats this.
Citation needed?
Yubico authenticator doesn't (the secure enclave is the Yubikey).
I'd be very surprised if MS Authenticator and Authy (which I don't use but are the most popular apps that I know of) support such backups
> Citation needed? Yubico authenticator doesn't (the secure enclave is the Yubikey). I'd be very surprised if MS Authenticator and Authy (which I don't use but are the most popular apps that I know of) support such backups
Google Authenticator has an export option that I've used in the past, so that one does it for sure. Authy allows cloud-based synchronization in any case, so exporting seems quite possible. MS Authenticator also allow cloud sync, so probably exporting is not difficult.
Well I don't disagree that it might be possible to abuse cloud sync in some way to export the secrets, but it's not quite as egregious as just including the secrets by default in an app backup
Not perfect, but (imho) still better than SMS 2FA, mail 2FA, or lack of 2FA
From someone who has not tried the software but might be interested if it gains traction:
You should decide whether you are building this for yourself or as a product to others. Each stance is perfectly valid but are somewhat not compatible, the software can be very opinionated or intuitive but attempts to be both seem to often fail.
If you are building opinionated software for yourself and are ok with alienating a part of the userbase: great, some great software are built this way! (Alacritty, Kakoune come to mind).
This should be clearly communicated to prospecting users though, it may need to convey "this software has strong opinions you may not agree with, that's fine but it may not suit you" somehow.
If you aim for maximum reach: expect your sense of what is "intuitive" to constantly be challenged, and to have to make many difficult compromises. You also need to take feedback from a more forgiving angle, and above all, assume good faith from your users. In this instance, GP stated their enthusiasm for your shared vision of the problem space, and your knee-jerk reaction was calling them a troll.
Builders of opinionated software should pay trolls no heed and refrain from engaging, and builders for maximum reach should think trolls don't exist.
footnote: `toad run` expecting a folder and not a command seems to fall in the "opinionated" ballpark
Bullshit journalism. This was not a post heist report, every buzzword chasing so called news outlets out there are repeating ad nauseam findings that were listed in a report produced by ANSSI in 2014! 2014! Eleven. Years. Ago! Did Louvre kept obsolete software around all this time, yes they probably did but this "Louvre" password claim just grinds my gears
Baseband SoC running their own OS independent from Android/iOS and staying asleep (while still listening for incoming signals) is very much no longer in conspiracy theory territory and more an established fact now. I don't have the source at hand but it's in one of the standards. And the purpose is very clear: LEA like Interpol must be able to locate any IMEI at any point if in tower range, regardless of the power state of the "main" OS
I don’t doubt SoCs have their own micro-OS, but I too would love to see a reliable source showing phones connect to towers when powered off. Wouldn’t this, at a minimum, violate FAA/EASA rules? Google tells me the cellular radio in an iPhone has no power when in airplane mode or when off.
Interesting, but you should probably use a control. Two phones, same hardware, same software. One inside the faraday cage, one outside, both in the same room with the same conditions otherwise.
Repeat the experiment a few times. Then cross over: liberate the caged phone, cage the free phone, and repeat the experiment a few more times. Or alternate the phones' positions between experiments. This mitigates hardware and software differences that might've been overlooked (such as a faulty battery, etc).
Analyze the results, draw your conclusions, publish, and encourage others to reproduce.
It would still be simpler for you to link to a credible source. A bit strange that you seem uninterested in doing so, and prefer to tell people to do their own experiments, in this case one that requires an extra phone and a week of time.
As a pentester, who does not love CVSS[0], I found the article explaining how to replace CVSS with CVSS very amusing
[0] CVSS is often poorly understood and used by internal teams so for our internal engagements, we prefer words like "minor", "medium", "major", "critical" to describe criticity and impact and "easy", "medium", "hard" to describe exploitation difficulty (which loosely translates to likelihood), and the reasoning behind all this is very similar to what CVSS does
The essence of it is that "PEF" is from the user's point of view - pain, effort (work around), frequency. "REV" is from the developer's point of view- risk, effort (fix), verifiability.
Something that has a low PEF score and high REV score would not be practical to fix while something that is high PEF and low REV is something that should be prioritized high.
First of all, I'm not a gun control activist, and I do agree with some of your views.
However:
> I think this is a uniquely American problem because America is a unique country. No other nations have the incredible wealth, diversity, and rights of America, and looking to other countries to emulate is imo, a mistake.
- increased wealth should be correlated with a reduction in shootings,
- population diversity is not a unique feature of the USA, it is comparable, or arguably lower, than most European countries,
- same for rights: the rights of a USA citizen are comparable to the average EU citizen. Many EU countries allow the possession of guns (although most forbid taking arms out of one's home unless it's for transport, e.g., to the firing range, and most EU states vehemently forbid concealed carry). There are some differences regarding Free Speech, however, where most EU countries allow it largely, but restrict hate speech more.
It's true that shootings are a somewhat unique USA problem, but I'd look more into cultural differences than into rights and demographics.
