> The Sega Channel was an online game service developed by Sega for the Sega Genesis video game console, serving as a content delivery system. Launched on December 12, 1994, the Sega Channel was provided to the public by TCI and Time Warner Cable through cable television services by way of coaxial cable. It was a pay to play service, through which customers could access Genesis games online, play game demos, and get cheat codes. Lasting until July 31, 1998, the Sega Channel operated three years after the release of Sega's next generation console, the Sega Saturn. Though criticized for its poorly timed launch and costly subscription fee, the Sega Channel has been praised for its innovations in downloadable content and impact on online game services.
Tangental, but I found 'Have I Been Pwned' useless too because you can't enter your email and find leaked passwords associated with the address, instead you have to enter each password (and repeat for every password you want to check).
I know there's an explanation that the raw password is not being sent and instead being hashed locally and only part of the hash is sent. But I don't know how to verify that and it feels wild to type passwords into a random website. (if anyone knows how to verify HIBP does only what it says it does [rather than blindly trust and hope for the best], would love to read more about it)
I always thought that it could be reasonably simple to have a safe alternative. Have people enter a SHA256 of their password instead, and match against a database of other hashes.
Almost everyone interested in checking for password leaks knows how to generate SHA256 of a string. And those who don't shouldn't put their passwords on the internet.
Or even better, generate hash for all passwords in the database, package these hashes together with a simple search script and let people download it. That way, you are not sending any information anywhere, and noone can exploit the passwords, because hash is a one way function.
Then again, that download could be really large. I admit I have no idea how much storage would that take. But it's just text, so easily compressible. And with some smart indexing, it should be possible to keep most compressed and only unpack a relatively small portion to find a complete match.
Then again, I have virtually no background in cryptography, could be something horribly wrong with this.
When you do a check on https://haveibeenpwned.com/Passwords nothing is sent to the server. Instead the password is hashed locally and a list of the hash range is downloaded, which contains all the hashes and the number of occurrences.
The server doesn't receive the password, neither in plain-text nor hash form.
It would be easy enough to add this as a "secret" feature:
* user submits password
* gets hashed client side
* server compares it against stored hashes
* server also re-hashes the stored hash, and compares it against the hash received from the client
This would effectively mean that either entering the password, or the password hash would correctly match, since when entering the hash you are effectively "double" hashing the password which gets compared to the double hashed password on the server.
The upside is that users who don't understand hashing or don't feel like opening a sha256 tool wouldn't have to change their behavior or even be confused by a dialog explaining why they should hash the input, while advanced users could find out about the feature via another channel (e.g. hackernews).
The downside would be that it adds an extra hash step to every comparison on the sever. It's hard to know how expensive this would be for them.
Care to explain how you can tell what scripts gp was sent for the page https://haveibeenpwned.com/Passwords and what scripts he will be sent on future visits?
Well of course a hostile actor could use this incredibly accessible resource to test a bunch of emails and find their passwords.
Though perhaps there could be a service where you enter in an email address and it sends an email to that address containing the passwords. That would be a slightly more complicated server to set up though
> (if anyone knows how to verify HIBP does only what it says it does [rather than blindly trust and hope for the best], would love to read more about it)
I recall HIBP documents their hashing protocol so that it should be possible to have a non-web client you can trust more.
I don't know how to verify what the website does, but I think that in a few minutes I'll be able to put together a CURL call that does what we're hoping the website does.
Delivery apps like Grab and Uber Eats are even worse since they have even more perverse incentives (minimising delivery time and maximising 'sponsored' listings).
Other than being willing to scroll a lot, I haven't found any great ways to find new restaurants when using delivery apps, and I'm sure I use them far less because of the tedium involved. I think scraping listings and re-doing the algorithm yourself (as per post) is perhaps the best approach. E.g. Just being able to rank by user rating and filter for no less than 200 reviews and within 5km would be an outstanding improvement on the status quo, which is always the 50 closest restaurants to the delivery address - what a coincidence! - with a few 'sponsored' listings thrown in.
> Bypassing the Mouse.. I use Vimium in the browser.
Vimium seems great for navigation.
Is there any way to get vim keybindings inside text boxes? (I looked at 'wasavi' chrome extension which hasn't been updated in 8 years [0] and the website's down [1])
You could use real vim in there with ghosttext, but it's not a native integration, you'd have a separate editor window
Another upside is (if your editor is properly setup to not lose data) that a page crash will never lose your precious long carefully crafted comment since it will persist in the editor
I got a VPN in preparation for Australia's (even more draconian) "age verification" laws (those take effect in 4 days).
But what I'd really love (startup idea!?) is an app that let's you map websites to countries and it handles tunnelling that domain's traffic through the selected country's VPN.
For example, I'd like to view Reddit, YouTube, X, Facebook, Instagram and social media apps from a US IP (to avoid Australia's "age verification"), dailymail.co.uk from a UK IP (since it's blocked in Thailand), predication markets from a country that allows them, Imgur from a country that allows it, Spotify from any country so long as it's fixed (to avoid it randomly stopping mid workout with a 'your country has changed' notification).
Until something automated like this exists the current best solution is a VPN and manually switching countries when something you want isn't available from the current country, which isn't great UX.
Setting this up through your router / network infra is one possible path.
Another AU citizen here. I've been beefing up our home in prep for these laws too.
You can use policy based routing to send traffic through a few VPN egress points depending on either domain, or IP based country lookup. Most providers will let you keep simultaneous connections up. This then applies to all devices so streaming apps works well (e.g. for my partner to access her home country's public broadcaster) and any complexity remains hidden from others you live with. From there, a wireguard tunnel for personal devices back through home means you can keep these same paths active when mobile.
I'm looking forward to the level of networking and systems knowledge these laws will encourage across future generations.
After the article I set it up myself, it took me around a day I would say. It supports exactly what you're asking for, although it's not a comprehensive tutorial so you'll need to figure some things out on your own.
Full disclosure I ended up turning it off only 2 days later because it was causing too many issues with networking and I suck at networking-related things, but it was great while it was working. I plan on setting it up again in the near future.
I’ve seen people do this on the router level with a proxy, with imgur being the example - all other traffic just went as normal but imgur traffic was sent through a VPN.
However it was a very complicated setup with many parts and a home server so I would definitely like to see a proper app built around this that just handles everything for you.
> Is it possible to cancel out a complicated spin without painstakingly reversing every single move? Surprisingly, the answer is yes.
> Mathematicians Jean-Pierre Eckmann (University of Geneva) and Tsvi Tlusty (UNIST, South Korea) recently proved that almost any object—whether it’s a spinning top, a tumbling satellite, a twisted protein, or even a scrambled Rubik’s Cube—has a hidden “reset button” for its orientation.
> Instead of undoing the motion step by step in reverse order, you can take the entire original sequence of rotations, scale it by a certain constant factor (make every turn bigger or smaller by the same proportion), perform that scaled version once, then do it again—and the object snaps perfectly back to its starting orientation. Two scaled copies of the same motion are enough to erase it completely.
> It feels deeply counterintuitive. We’re used to thinking that rotations in 3D space don’t commute and that the only safe way to return home is to retrace your path exactly backward. Yet this new result reveals a previously unknown geometric symmetry: certain scaling factors turn the rotation group into something that has a kind of built-in “double and cancel” feature.
> The discovery applies to any rigid body moving in three dimensions and may simplify algorithms in robotics (for reorienting a robot arm without tracking every prior move), computer graphics, molecular dynamics simulations, spacecraft attitude control, and even some problems in quantum mechanics.
> In short, nature has been hiding a remarkably simple trick: sometimes the fastest way to undo a complex dance of spins isn’t to moonwalk backward through every step; it’s to perform an enlarged (or shrunken) version of the same dance twice.
> The Sega Channel was an online game service developed by Sega for the Sega Genesis video game console, serving as a content delivery system. Launched on December 12, 1994, the Sega Channel was provided to the public by TCI and Time Warner Cable through cable television services by way of coaxial cable. It was a pay to play service, through which customers could access Genesis games online, play game demos, and get cheat codes. Lasting until July 31, 1998, the Sega Channel operated three years after the release of Sega's next generation console, the Sega Saturn. Though criticized for its poorly timed launch and costly subscription fee, the Sega Channel has been praised for its innovations in downloadable content and impact on online game services.
https://en.wikipedia.org/wiki/Sega_Channel