troed

Great idea. How can we submit this to all AI scrapers?

/cybersec red teamer

Agree - I enjoyed it a lot.

Will Nextcloud run apps not marked as compatible with that version?

All social media is overrun by troll factories with the purpose of sowing discord. I just assume all such accounts are “bots” (although often human-run).

(Yes, some try to sign up also to Mastodon et.al. - but are usually spotted)

This is why Bitcoin was invented.

No, really. We’re discussing this on a decentralized technology because we know that centralized control is bad - and that applies to the technology of monetary transfers as well.

Too bad it was then mostly used for speculation instead of actually building up an internal economy where we wouldn’t now have to care what itch.io’s payment processors think.

For some reason DHL managed to get a null-string into their system a few years back, which meant that any DHL shipments to me - no matter what the seller had entered - had “null” as the receiver in the system.

Everything else was fine, address and tracking numbers sent to me etc - but I did have a few interesting discussions at pickup locations that wanted to see identification matching the name in the system …

Example (not specifically about Rest but vape detectors in general):

Several things can trigger a false alarm, including aerosols from cleaning products, emissions from cooking stoves in kitchens, and vibrations.

Spray-on deo, hair spray, baby powder, perfume etc are all likely to create false positives yet the hotels just charge instantly from a single detection event.

https://vapecould.com/blogs/news/vape-detector-an-in-depth-look-at-the-pros-and-cons

(not from the reporter but another guest covered in the story)

charged $500 for vaping

Yeah I think this is where Rest’s scam will come undone. While you could, in theory, claim you didn’t know your sensors could make faulty detection from hairdryer use, claiming to accurately be able to detect vaping will not survive a technical inquiry.

This means you’re a Cylon

Brought to you by (us) security researchers who will happily come in and sort out your security issues later. For a very hefty hourly fee.

So? Pubkey login only and fail2ban to take care of resource abuse.

My extended family use Matrix - including my elderly parents. It’s no more difficult to understand than any other service.

That’s all FUD. Matrix is as secure as Signal if you - like Signal - rely on a single centralized server. Actually, since you can host it yourself, it would be even more secure since you don’t need to trust Signal.

(I defend infrastructure and perform hacks against cryptograph & protocols for a living)

Matrix

Agree, I was just commenting on why 255 in itself isn’t “weird”. I find myself doing comparisons of the “value == variable” type even in languages where you cannot assign by mistake. Some of us old farts code from muscle memory … :)

a limit of 255 character. Why not 256? Why such a weird number in general?

255 chars + ‘\0’ = 256

Not weird at all.

No, it most definitely does not need to be private. The idea with salt is to invalidate rainbow tables. If you’re “keeping it private” it’s just another password.

The salt and the password (or its version after key stretching) are concatenated and fed to a cryptographic hash function, and the output hash value is then stored with the salt in a database. The salt does not need to be encrypted, because knowing the salt would not help the attacker.

https://en.wikipedia.org/wiki/Salt_(cryptography)

Sure, but when we talk about the computation then the number of rounds is by far the more important factor compared to password length.

The discussion is about whether 24 characters indicate cleartext though - not whether password lengths should be in the gigabytes.

That’s the same as “cleartext” for someone who works in security though, since that means anyone with the private key can decrypt the password.

While I’m not arguing for doing the crypto client side, the salt isn’t needed to be private - only unique.