gotodengo's comments

Cheaper, sturdier, and more easily swappable than NVME while still being far faster than spinning discs. I use them basically as independent cartridges, this one's work, that one's a couple TB of raw video files plus the associated editor project, that one has games and movies. I can confidently travel with 3-4 unprotected in my bag.

There's probably a similar cost usb-c solution these days, and I use a usb adapter if I'm not at my desktop, but in general I like the format.

Phishers are working completely blind, thus any amount of info going back to the phishers is a benefit to them.

Just getting server logs from an opened link lets them know their messages aren't being quarantined and their server is reachable through the target's firewall.

The user agent and how the links are accessed give info about who is opening them (A few every couple minutes == all good, 10 links sent to 10 different employees all opened within seconds with a non-standard user agent == you're being investigated and should burn the domain)

It's been a few years since I've done phishing engagements so details may vary with how things are done today. But the goal is to limit any information going to the bad guys. Let them think their messages are being blocked until they go elsewhere.

*edit: That being said, phishing at least one person at a large company is not particularly hard. There's too many companies using domains indistinguishable from shady links for one thing. Limiting engagement is good, but companies also need to be prepared for the eventuality that somebody will get fooled.

I'm on year 10 of learning my second language and passed through a variety of teaching/learning methods. Intensive FSI courses, immersion including output as early as possible, self guided based heavily on reading and vocabulary, etc. While I get by mostly fine and now live in my second language, my listening is definitely my weakest skill.

Anki is probably my most beneficial single tool. Though if I were to do it over again I'd follow more or less the poster's strategy. Maybe 80% comprehensible input for listening and 20% Anki for vocab building. At least until I could watch native TV without much effort. I've played around a bit with LLMs, but still haven't found a really great use case for my study.

On the otherhand I think consistent practice (with growing difficulty) trumps technique. Whatever process keeps you motivated to practice month after month is most important.

Their site will break consistently in any case. Running a site in 2024 comes with a responsibility to update regularly for a good reason.

There are more than enough forgotten kebab shop restaurant pages that are now serving malware because they never updated WordPress that an out of date certificate warning is a very good "heads up, this site hasn't been maintained in 6 years"

If we're talking hosting even a static HTML file without using a site hosting company, that already requires so much technical knowledge (Domain purchasing, DNS, purchasing a static IP from your ISP, server software which again requires vuln updates) that said person will be able to update a TLS cert without any issue.

Looks like those generic rings are supported by gadgetbridge[1] so barely any hacking needed for 100% on device processing and storage.

I have a miband I use with gadgetbridge. I'm reasonably happy with the app, and it has visibly improved over the last year (it also wins by default being opensource + the only option for keeping data private) but the watch is a bit bulky when sleeping or typing so I stopped wearing it.

I can't imagine $10 hardware will be particularly accurate, but cheap price + data control is enough to give me an excuse to play with one.

[1] specifically rings intended to be used by the QRing app - https://gadgetbridge.org/gadgets/wearables/colmi/

For various reasons I started to open a bank account with Mercury, before deciding to use another provider.

When I said I'd no longer be finishing the application and to please delete my passport info, first they ignored the second part. When I replied again asking them to delete my data they replied about KYC laws and assured me the data was securely stored of course.

At that point I gave up. Maybe they could delete the data if I fought, maybe their hands were tied, maybe me fighting would end up flagging my info as a money laundering risk. But I immediately imagined exactly this leak happening.

They're not the only vendor affected that had my data, nor is this breach the first, but that's the one that stings the most.

Anecdotally I'm being swarmed by text message spam for the first time in months. I have to assume people are running through new breach data to find live numbers.

This is part of my concern, as well as the potential dilution of power features. See Firefox's recent decision to stop supporting the compact styling due to low usage.

It is a topic which does have ongoing discussion within the Blender community going back a few years [1].

[1] https://devtalk.blender.org/t/huge-issue-community-split-bet...

I have to admit, I'm a bit concerned about Blender's future development.

I've been a Blender user for 15 years, I jumped on somewhere before the 2.4 redesign.

There have been some really awesome advances in Blender over the past two years. Things that really changed my typical workflow in an absolutely good way, Eevee and all of the node work for a couple amazing new additions.

They've also changed a lot of things, namely keybindings, UI, certain modifiers, that had been done in a certain way, and that I'd committed to muscle memory, for over a decade. Those changes also had the effect of breaking years worth of accumulated tutorials and bookmarks as the workflows they mentioned are not longer relevant.

It's intensely aggravating to spend 10 minutes figuring out how to do something that you used to know how to do with the flick of a wrist. Especially when you fall back to searching how to perform the action and only find 4 year old stackoverflow posts which state the old way to do it.

I've even recently taken a weekend reimplementing the old full color icons, which required a full custom compilation, due to the lack of contrast in the new uneditable monochrome replacements.

I fully admit this may just be my initial steps into the grumbly guy who doesn't like change in my software. But I can't help but compare Blender to Firefox.

Awesome tech and a great mission, sometimes aggravating UI and workflow changes, important relationships with would be rivals.

As someone who is also still on Firefox, my opinion is that loads of cash didn't necessarily turn out great for them either.

For me at least I consider my custom hacked up, modified keybindings as best they can be, Blender to be nearly feature complete for the work I do. It's awesome that it being opensource has allowed me to nudge it in the direction that works for me. Like I said though, as a long time user I am a bit concerned.

I was mostly treading water in my Portuguese practice for the past few years, before getting remotivated this year and making some decent progress.

I agree with many of TFA's points > To learn a lot from reading, you need to read a lot, and for that you have to understand at least the gist of what you are looking at.

Reading was huge for me. After "speaking" the language for 5 years I finally read a full novel. I immediately noticed improvements in my writing and understanding. A few weeks later I finished reading a second novel and am now on to the third.

(I really recommend The Martian by the way, it seems like it's been translated a ton, and it's written in a mostly first person diary style so the tenses are fairly simple while being more engaging than kid's books)

My issue is that the last year or two has seen a huge amount of technical improvements that I genuinely love.

Those improvements are combined with UI and workflow changes which are big enough changes that you can't fully copy over your old defaults.

I'm still using the new versions, and some of the workflow changes are genuine improvements as well. But I can mirror the GP comment of spending an hour googling something that I knew how to do by muscle memory in an older version. With the majority of results being older than a few months and not showing the current way to do it.

*Edit: in the time I wrote this comment the GP comment appears to have been flagged (I don't recall if it said anything overly mean or anything, that may have something to do with it if so). The concern about the UI and workflow changes is real and has been brought up for a couple of years now however ([1], among others)

[1] - https://devtalk.blender.org/t/huge-issue-community-split-bet...

>"we're gonna turn it back on in four weeks"

This is my recurring issue when I see most "changes we're making for the election" posts. Sure this seems like a good step for this election.

Fake news and the destabilization it can bring isn't just an American phenomenon though. Are they going to apply these precautions to elections in Brazil, or Myanmar?

I'm making RoomWithAView [1] in Godot. Not quite a productivity app, more an apartment builder/computer interface. Although on a bit of a hiatus (and a bit buggy) for the time being.

I'm pulling in desktop screens to VR which can be moved and placed as wanted. Working on pulling in individual applications and doing application launching. Aside from that it exposes a good bit of file system access in game. So a decent amount of stuff a productivity app may want to do.

I'm not a Unity guy but I briefly tried VR in Unity and the support seemed quite fractured. SteamVR has multiple versions across stores/github and I wasn't sure which to use, ditto for various tool kits. Godot I just downloaded a sample project and striped it down then worked off that.

The hardest part is doing anything non-gamey. Occasionally I'll make a help post and people will just reply "why would anyone want to do that?" but the C# support means you can use just about any libraries out there, so pretty much anything is possible with enough fiddling. I dropped the idea but even had OpenCV working with the Index's webcams at one point.

[1] https://ark1ve.itch.io/roomwithaview

This review seems oddly combative.

It's $35, it boots off the shelf Ubuntu, it has a real graphics chip, it does what it says it does. It doesn't have RF shields, and was probably designed cheaply, but it's $35.

Aside from the RasbperryPI (which obviously isn't x86) the review compares it to items which are 3x in price.

Admittedly, I assume that 3x price is probably closer to what the actual retail would be for this without the surplus angle. I think it being surplus is cool in a hacker kinda way, but I do see an issue there if you're concerned about longterm support.

Pen testing is a pretty big industry. I've used a handful of RATs for different purposes including at least one which was professionally developed and purchased (through my employer anyway)

I'll add however I've seen more than one sketchy dev hide behind the "It's just server admin software" angle. I'm not familiar with the software from TFA so I can't comment where that one stands.

I've been working on a game project over the past year. Everyone I had shown videos to was supportive. I felt like I got a lot done in a short few months. But no one other than myself had gotten their hands on the game proper.

I had planned on doing a single point of release when it was finished. I'd done that with a game release before however. After months of work release day came, the game flopped, and by a week later it was more or less lost to the void. Not wanting the same to happen on this project I changed my mind and released it as it was one random weekend.

It had very little documentation, and even worse known bugs and crashes. But a couple people downloaded it and one guy liked the concept enough to kick me $5. By the next week I had some more info on what those people liked and what they could live without. I had motivation to fix some bugs that I had learned to work around in my using of the game. My development rate on the game has gone up significantly since releasing it in an unfinished state, and the community is very small but two months later the game hasn't dropped into the internet void.

I can sympathize with the mindset of "I've been working on this in a vacuum and just want someone else to see it, warts (or lack of content) and all". In my case it's worked out for the benefit of the project as well.

This has interesting ramifications in areas which do have the ability to support power supply, but haven't implemented our style of loans tied to collateral (Edit: Or rather haven't implemented automated billing, pre or post paid, tied to an identity.).

I saw this in play in Mozambique. Few people had bank accounts, even fewer had mailing addresses, but many still had power.

Once a month or so you went down to the market and bought a little scratch off ticket worth X amount of power, I assume with the same one time use keys used on gift cards. When a house wanted hooked up to the grid they'd be supplied with a power meter which had a keypad. Type the numbers from your scratch off into the box, and it'd update it's counter with how much electric you had left.

A lot of things worked on this scratch off system, and it's one of the things I really liked. It enabled the power company to trust in their hardware instead of having to place trust in an individual. So the individual didn't have to provide any collateral. There was no credit check to get a new phone plan, because you either bought a scratch off that month or you didn't. No one came around to check your power meter unless there was something wrong with it, and they company didn't much care what it was supplying power to. I watched my neighbor build a new house and transfer his live box (quite dangerously) from his old to the new. The power company trusted the hardware, not a person or house it was tied to, so it didn't matter and there was never any record of what he was powering with it in the first place.

Absolutely agreed. Especially since, in spite of my disagreement with the handling of things, the sheriff may have a point in the authorization angle.

My initial comment pointed more generally to an example of politics within a company though.

I've had clients tell me to hit certain known vulnerabilities specifically.

I can see a situation where the decision to stay or swap off a system is being debated. If one party can send in testers and call out some vulns that might play to their hand.

For me it's less the duration of a holiday and much more about the content.

I've had 2 week vacations that consisted of some small important event like a family get together, but otherwise were largely spent on the computer. These usually fly by and suddenly I'm right back at work feeling exactly as I left.

Most long weekends of the year wind up more or less the same. With the extra day off barely even being noticed.

One time though, I saw and bought a cheap day of ticket to Puerto Rico over labor day. Left the laptop behind, found the first cheap place to stay once I landed, met some cool people while hiking and spent the whole weekend with them. It was by far the best vacation I've ever had, and the relaxation stuck with me for months.

I suppose I agree with the article, that length largely doesn't change your perception of the experience. So if taking shorter vacations means more experiences then it may be better. I think the important thing to note though is, at least for me to get anything out of it, it has to be an experience outside the norm and off the computer.

That's a good idea. I'll have to make a few uploads there.