Second comment in the thread, since I decided to go hunting for alternatives: https://discuss.privacyguides.net/t/alternatives-to-privacy-com-which-dont-require-a-u-s-phone-number/30692
edit 1: Okay I am trying out Halocard right now. What the actual fuck, it sends the verification code via Whatsapp to the phone number I provide.
edit 2: no wait I received it as a text. It looks like whatsapp has a service to send text to people.
It is possible to detect and moderate them, as long as your mods haven't been disappeared and replaced by people who's job is to accept bribes. And also when we can actually see people's history, since reddit now has an option to hide your history from others because of course.
My usual method is to focus on content, rather than writing style. The AI bots can write a lot, or be brief, or whatever, but they don't actually contribute to the discussion. They just kinda paraphrase and restate what has been said, or when trying to sell a product they disagree and go "Are you sure this isn't an problem?" to everybody in the thread telling them that it's actually a skill issue.
Sometimes they'll be a little better, but it's often surface level stuff that can be found at the top of a google search of keywords.
This also makes it possible to tell the difference between ESL speakers who are using AI to clean up their writing style, and true bots. Since the ESL speakers will actually have something to say, but bots won't.
And then: https://xkcd.com/810/
Unraid is an example, that I consider fairly reasonable. Sure, it is a subscription.
But all of the services are docker containers. What unraid brings to the table is a nice management UI, and the ability to mix and match drive of different sizes in a single raid pool. It makes having a fairly resilient self hosting setup easier than trying to do all of this stuff from scratch.
Nice features sure, that many people find worth paying for, even if I don't. But they are just nice to haves. If the company ever dies, it's absolutely possible to export the data and move to say, portainer, or docker via the cli, or podman, or anything that can run containers.
On reddit, there is a community called r/progressionfantasy, which is about a specific type of fantasy fiction. They have a rule that self promotional posts (for paid books) must be preceeded by 10 comments, and actual engagement with the community.
This is a reasonable compromise, in my opinion. Known community member who has been answering questions and contributiting to discussions?
I would be okay if they dropped a paid product of good quality and with a reasonable business model (please no vibecoded slop).
But drive by ProductNameAccount users who have never posted on lemmy before a bunch of self promotional posts? Yeah ban that shit.
Privacy.com is, legally, a bank. Banks have always had aggressive KYC requirements, but it's only gotten worse in recent years.
I went through the sign up and they made me take pictures of my face with Persona.
Once I did that, I then declined to use this other platform, Plaid for storing my card. Instead I submitted my debit card information directly.
The logged in page said that my account was pending, and would be verified in a 1-2 business days. It's been like 5 days now.
I dug around on reddit, and found someone with a similar experience. They theorized that delayed, or even indefinite account "verification" is a way of soft punishing people who don't submit to every single privacy invasive thing.
I really only wanted protection from fraud, overcharching, and bad merchants, so I wish this was a feature my bank would provide.
only if it was so simple. you can set up routing restrictions between subnets on the IP level, but the switch will gladly forward all traffic anywhere inside of the VLAN, according to the destination MAC address. with that, a compromised system can confuse every other on the VLAN with ARP poisoning and faking DHCP servers.
This is what private VLAN's fix. The switch isolates all traffic, forwarding it to the firewall instead, where the firewall can then monitor and control it. It's usually done with a combination of port isolation, where layer2 traffic within a subnet is essentially blocked, and proxying the arp requests. Nothing can communicate with each other directly at the Layer 2 level, only with the switch, which then replies to all ARP requests instead. Then the switch forwards the traffic that was supposed to go to that IP address through the firewall and back as Layer 3 traffic.
with that, a compromised system can confuse every other on the VLAN with ARP poisoning and faking DHCP servers.
This is what Private VlAN's fix. Any ARP requests a device attempts is simply blocked at the switch level via port isolation. Only the switch is able to communicate with attached devices unrestricted. It serves the DHCP, and assigns and IP address... and then if the device attached to the port attempts to lie about it's IP address or the like, the switch simply ignores it since it knows what ports are supposed to have what IP addresses (port security).
This allows for much more granular isolation, but also a simpler architecture, since you can replace complex multi VLAN setups with fewer private VLAN's. Maybe even just a single private VLAN. I say VLAN's suck because by default, yeah they kinda suck. You pointed out the problems. I guess private VLAN's are a type of VLAN but they are a different thing, just like not having any VLAN's is really technically just one big VLAN.
yeah, that’s the easier part. but one of the databases is mysql, which I want to get rid of completely. and conversion is nontrivial. probably dbveaver could handle it though.
Is it a custom service? Or a service you are consuming from someone else? If the services supports mysql/maria/postgres, I would be worried that the adapter under the hood might be using different schema or something like that.
It does look like dbeaver has a data transfer feature: https://dbeaver.com/docs/dbeaver/Data-transfer/#supported-formats
Where you can transfer data across tables, across databases, and even across database types. There is also "Data export" mentioned on that page, where you can export data to json, or other non sql formats. If the schema match, maybe you could use that to transfer.
If the services supports both mysql and postgres, you might be able to start by making a backup of the mysql database, loading that into a test database, and then setting up a clone of the service, but pointed at postgres instead. Then you could investigate the schema, or safely attempt data transfer from the mysql replica into the postgres database. Or mariadb, but mariadb is compatible with mysql (fork of it), so I am assuming you meant postgres which is different.
Good practice exams will often be harder than the original test. Teachers do this in order to ensure you are prepared. If the practice test is harder, then the real test is easy. This is a pattern that I have noticed even in my college classes.
n reddit (ew) discussions are always making it like some terrifying thing.
To someone that doesn't know that they are using Windows, yes, the tests will be terrifying and difficult to study for. Often people are scared of computers and technology, and actively avoid knowing. But now, they will essentially have to cram a massive amount of information, since they are starting from scratch. And for those trying to break into cybersecurity from nothing, that is a common scenario.
For people who already know what a virus is, and how to spot phishing links, the test will be a lot less of a struggle. Now, you should study, in order to figure out gaps in your knowledge compared to what sec+ covers, but it won't be a nightmare.
clicks profile
Love computers, art, and nature.
You actively like computers instead of being scared of them. So I don't think you'll find the test terrifying.
No, it would actually be quite easy to spot.
Nixpkgs templates the source code url fro the url, and then it injects a variable
Here is an example from bash:
pname = "bash${lib.optionalString interactive "-interactive"}";
version = "5.3${fa.patch_suffix}";
patch_suffix = "p${toString (builtins.length upstreamPatches)}";
src = fetchurl {
url = "mirror://gnu/bash/bash-$%7Blib.removeSuffix fa.patch_suffix fa.version}.tar.gz";
hash = "sha256-DVzYaWX4aaJs9k9Lcb57lvkKO6iz104n6OnZ1VUPMbo=";
};
If the url were to be changed, it would show up as a change in git when someone is reviewing before merging.
weren’t they having access through peertube? you can’t revoke access to something that needs it.
The peertube database did not have the vulnerable extension enabled. They got access but connecting to another database:
We did not have pgcrypto installed in the peertube database, but I overlooked that someone could connect to the main postgres database if they say had a nodejs plugin running.
From that database they escaped. So if they only had access to the peertube database, that path would have been cut off for the attackers.
also at that point, the question arises why not just run everything in qubes OS, each service in its own VM and its own VLAN.
VLAN's suck. They allow for traffic to travel within each VLAN them, unmonitored and unrestricted. Sometimes red teamers call that "hard outside, soft inside, like an eggshell".
Better, is a private VLAN. Private VLAN's enable the firewall to monitor or block all traffic within them. For many usecases, a single private VLAN can replace the complex, many VLAN setups that people spend so much effort setting up. You just block everything within itself from communicating with eachother, and then you can explicitly allow the stuff that actually needs to talk.
Often, there is no reason to allow devices with a VLAN to communicate with eachother. And even if you are allowing intra-pvlan communication within a private VLAN, you can now monitor the traffic, which you can't do with a regular VLAN.
Qubes OS
Yeah. That's basically what virtual machine or application kernel based runtimes are doing. The trick is that they are designed for this usecase, with the goal of making the isolation as cheap and performant as possible. Qubes runs full Linux VM's since it is designed for a desktop isolation usecase.
Anyway. It's a matter of threat model and effort. I like application containers/vm container runtimes due to how simple and easy they are to run, and the clear security benefits they provide. Install in < 30 min, configure the container runtime, restart your containers, done. Switching from a regular Linux desktop to Qubes is not as simple, so it's harder for me to recommend that, and it becomes a matter of threat model.
It's also common to separate services out in different Proxmox VM's, which offers isolation benefits akin to Qubes.
I run 3 separate database servers on the same OS because I made a bad decision at one point, and I regret it. I just don’t have time to merge them.
Congrats on the security isolation!
In all seriousness, you should be able to migrate them into the same database by dumping the database with pg_dump or a similar utility, and then loading them up using pg_restore. Other databases have equivalent tools. I used the Dbeaver open source database GUI to do this a few days ago.
Unfortunately, there isn't really a good solution for remote controlling android or ios devices. Meshcentral can view, but not act. Also, the user must initiate the connection from their end.
I was investigating this (for android tablets), and the solution I came too was to enable android debug tools (adb) over wireless (but in this case, remotely), vpn the phone into a remote server to connect them. Then, you should be able to run adb commands remotely (which lets you uninstall apps). And then over adb, you should be able to stream the screen and control it via genscrcpy.
Actually, the first solution I was going to use was device farmer: https://github.com/orgs/DeviceFarmer/repositories , but the above is basically how device farmer works.
I eventually gave up on remote controllung android devices because it wasn't needed and it would have been a complex deployment.
A simpler solution for your usecase is probably to spend a night cleaning up her phone, and then enable kiddie mode on it. That would disable app installs unless she calls you to approve it. In addition to that, (idk about ios), but you can actually install apps on android devices remotely via the google play website.
It has installed suspicious certificates.
I dug into this, and it looks like it has been fixed: https://github.com/rustdesk/rustdesk/discussions/6444#discussioncomment-12039260 , and no longer does that.
So Rustdesk can be used entirely open source (since the proprietary management web UI is not critical), and it no longer installs certs.
So maybe it had problems a while ago, but it looks clean in these regards now.
Other fun answers:
This site is: https://youraislopbores.me/
This site is a "fake chatgpt" where you can pretend to be chatgpt or ask questions to people pretending to be chatgpt.
This happens on Reddit, and basically my problem is that these users often don't have enough experience to be able to actually give solutions. Reddit is full of people who think they have a good solution, dealing with comments of people explaining that what they are struggling with is actually a solved problem (or a skill issue). No one cares about your vibecoded slop that implements 1% of the features of an existing open source solution (they used to not be vibecoded but we still didn't care). It being paid and proprietary is just even more annoying.
My idea of requirement to engage with the community is also about being able to ensure that the users are technically competent. If they are experienced, it will show up in the discussions we can see and review. For their benefit, if they lurk, then they can take a look at what is being used, and what problems actually exist, instead of making assumptions.
If they really believe their product is so good, they can spend a few weeks helping people with Linux questions and sharing their (non product related) insightful thoughts on Lemmy so I don't dismiss them instantly when they finally advertise it.