You are right, they should rewrite the engine, but they didn't and they preferred enforce the development on the re-re-re-re-re release of titles like skyrim for every possible platform on the plant.

Look at what Larian did instead.. Took 6 years, added beta access and listened to the players. BG3 is far from being bug-free or "perfect" but they released a game that give almost total freedom on how you can play it, and doesn't feel like you are on rails every time.

The problem is bethesda and others "AAA" software houses for years just did the lazy job and now that a software house showed what 6 years of real development should look like everyone is doing the Pikachu face and crying because "We don't want BG3 to set a new standard". The issue is us, the players, that keep buying shit for too much money.

BG3 is unmatchable, not only for hogwarts legacy but for every other game.

Starfield on the other end.. is the same oblivion stuff but in 2023 and without 2023 capabilities

A raspberry with Adguard + unbound, a zimaboard with truenas scale running the -arr suite, nextcloud, homeassistan, homarr, headscale and caddy 2x2TB nvme and 3x 4tb HDD I recently got a new PC and I think I will convert it to being part of the homelab, it has a ryzen 7 3xxx and a 2070 super.

Ye you are right but I was talking of 3D enclosures where you can put a zimaboard or whatever mini pc.

The difference is that you need way more interaction. Expose a webserver on the internet and check how many requests you get from just bots.

You can control what you navigate and how to interact with the outside world, but you can’t control how the outside world will interact with your services.

Don’t expose anything from your local network to the internet (unless you want multiple new sysadmins in your house). Try tailscale instead.

Anyone knows if there is any project for a modular NAS? Have been looked into it for a while but without success

It's pretty funny, because from mechanicalkeyboards they suggested to post here because you have more knowledge on low profile keyboards.

Do anyone have feedback on this?

https://chosfox.com/products/chosfox-l75-keyboard-kit?variant=42798174732482

Looks promising

Row staggered but not splitted.

How much like the corne do you want it to be?

like a normal keyboard and not split

Also, how DIY do you want to get?

As long as no soldering is required I am up for everything

WannaCry targeted hospitals, businesses and similar machines.

WannaCry targeted everything with SMB exposed, blindly.

Also, you should read more about security through obscurity, the fact that "no one will target you because you are a low-value target" is a false sense of security.

I don't know why the author of the video didn't mention it but LockDown mode is really useful.

At least for me the default is lockdown mode on and appropriate exceptions for websites I trust.

I believe the risk of running outdated software is super inflated and mediatic, 99% of people would be absolutely fine running a version of Android from 3 years ago or Windows 8.

That's the same thing people running windows XP on internet were thinking in 2017.

Then WannaCry arrived and they got their data encrypted :)

Perhaps images, video, font etc. rendering could be compromised?

Yes, it already happen in the past. Also the Wi-Fi and Bluetooth stack got exploited, like multiple kernel drivers.

But it shouldn't be a matter of "in the past was X exploited?" but more on having a correct security posture.

Honestly if you are arguing about wasting a "perfectly working phone" you should blame it on the vendor, especially Android devices vendors have this let's say "defect" of dropping the support after 4/5 years.

Also not going to talk about custom ROMs (with the super rare exclusion of some) managed by god knows who, without any security team behind.

Since even the NFC and Cellular Network stack got vulnerabilities the only way you would consider an old phone "safe" to use is just turning it into the equivalent of a local ARM server.

Also pretty fun seeing the replies in the original post talking about how Google Play store shouldn't have malware on it.

Do anyone knows if it support local-only without joining the p2p network?

Exploited in the wild, reported in April, no fix since then?

Edit: looks like it was fixed on the 26th of April, why is tagged as 0day?

Ahaha I had this exact same experience. Locked out because bitwarden didn’t get the code correctly. “Luckily” the jwt token never expires so I was able to log back in without the 2FA.

You think that being convicted for lifetime is a solution anyway?

Honestly curious, why? I live in a country that doesn’t have it but I don’t see downsides if the crimes committed are way too bad. For example, why keeping alive (with contributors money) a serial killer?

So in the end you got removed.. I honestly have no idea how they want to do an IPO like that

I wonder if people when talking about AI just ignore the fact that it’s software and has the same issues and vulnerabilities related to that.. recently I see a lot of posts talking about “AI security” and in the end are stuff known since 1995…

I was thinking about that just today, I have something like 30+ services running on a single compose file and maintenance is slowly becoming hard. Probably moving to multiple compose file.

Thanks. I have never seen the last thing, what the numbers indicates?

What am I looking at?

I use the Inbox-Zero method

https://youtu.be/al1QXFQjq1s

So far no issues.

Soon, people will join the strange and buggy world of YouTube alternative frontends

Because I wanted to try if others URI schemas were supported instead of http / https. file:// was a valid one. Don't worry, the day an attempt of data exfil will happen, you will not see it though your console logs.

Take a look at my answer there. It was my fault apparently.

TL;DR: I set the image channel icon to /etc/paswd and forgot about it, people saw a suspicious call and panicked, sorry.

Is this, by any chance, originated from the sub called ignore me? In that case is probably my bad because is set as the image of the channel. I was playing with lemmy in the previous version and forgot about it, sorry.

I created that channel to investigate why the lemmy instance was hanging every time there was a symbol in the URL, added that URI as icon for fun and forgot about it.

That alert appears because your browser is trying to load an image with that path, nothing dangerous or remotely exploitable, don't worry.

Edit: I removed it so you shouldn't see the alert anymore.

P.S. no, it's not trying to steal anything, it's your browser trying to load that file as an image but instead of being let's say this url: https://beehaw.org/pictrs/image/c0e83ceb-b7e5-41b4-9b76-bfd152dd8d00.png (this sub icon) , it's this one file:///etc/passwd so you browser is doing the request to your own file. Don't worry, nothing got compromised.

/cc @shellsharks@infosec.pub

Data mining maps to geolocate stuff

Playing around with the SecureFlag platform, pretty interesting IMHO. Also want to start a new language to stick with, I am pretty undecided between Zig (but is not memory safe by design) elixir (functional programming still isn't my thing) and nim (can't handle any more language with indentation-based codeblocks).

Any suggestion is welcome, I will use them to build mostly security tools.

Why Russia thinks they cooperated with Apple when the agencies can just buy 0days from the resellers?

Especially Adblock 😵