MSids

The core features of a WAF do require SSL offload, which of course means that the data needs to be unencrypted with your certificate on their edge nodes, then re-encrypted with your origin certificates. There is no other way in a WAF to protect from these exploits if the encryption is not broken, and WAF vendors can respond much faster than developers can to put protections in place for emerging threats.

I had never considered that Akamai or Cloudflare would be doing any deeper analytics on our data, as it would open them up to significant liability, same as I know for certain that AWS employees cannot see the data within our buckets.

As for the captcha prompts, I can't speak to how those work in Cloudflare, though I do know that the AWS WAF does leave the sensitivity of the captcha prompts entirely up to the website owner. For free versions of CF there might be fewer configurable options.

Can you educate me on the negatives of Cloudflare?

My company is on Akamai, who has a pretty solid combined offering of WAF, DNS, and CDN, and yet I still feel like their platform is antiquated and well overdue for a refresh.

Thinking back to log4j, it was cloudflare who had the automatic protections in place well ahead of Akamai, who we had to ask for custom filters. Cloudflare also puts out many articles on Internet events and increase adoption of emerging best practices, sometimes through heavy shaming.

Very cool 😎 what a time to be alive for a handheld gamer. The Turnip drivers seem to have very active development, and even in the months I've owned the Odin 2, the updated drivers have solved several minor problems on Yuzu/Suyu/Sudachi.

If Linux or Steam Deck OS ever comes to the Odin 2 I will probably wait a long time before I consider trying it out. At this point in my life I don't have as much mental energy after work to tinker and when I pick up the Odin 2 I really just want it to work. When the Retro Game Corps guide for Steam OS on Odin 2 drops I'll know it's time.

This is an entirely different segment of gaming but recently I have been reaching more for my AYN Odin 2 Pro. I love the size and battery life and how I feel like I can pick it up and jump into a game quickly.

Android isn't perfect and emulation is in a funny spot right now with the switch emulators pivoting what feels like every few weeks, but it's an incredible device.

That said, the Deck is quite a bit more capable with a higher quality library of games. Valve killed it with the Deck and the Odin is not nearly a full replacement.

Eyyy yes! I just picked up an MZ-N505 a few months ago! It's been great at work to quickly start music without staring at my phone for 5 minutes first.

Your link is to example.com

At my work we pay auditors to assess our security controls and I would chose a different company if I thought they were being anything less than honest with us on their findings. The agreements and SOW are set up at the beginning of the engagement, so the investigators get paid regardless of their findings. It's not like the bond rating agencies on Wall Street.

Yo, every pet owner on the planet thinks their pet is perfect and its like pretty much almost never the case. Pet owners will downvote me, but that piece of chewed trim is not cute. Property damage to rentals caused by pets also keeps property vacant between renters for repairs.

The subscription model is, in my opinion, dumb. If they need it to work, maybe they should buy games instead of studios. I can't work out exactly how long term patching would work though, unless they kicked back a maintenance fee from sales and gamepass usage to the studio.

I was into film and digital photography for a while before I met my current girlfriend. Her family has always been into birdwatching. Once I realized the new challenge of photographing birds it was a whole new world of photography for me. It's definitely part of my identity at this point. Enjoy this great blue heron.

Every game on Steam that uses the publisher's launcher.

This seems like a bit of an odd way to accomplish what they are trying to do. The law seems to target the export of these weapons to cartels rather than US individuals who simply do not use .50 cal weapons in crimes.

The added component which allows victims to sue manufacturers reminds me of the scene in Thank you for Smoking where they discuss suing general motors if one of their vehicles is used during a drunk driving accident. It's pretty dumb and undermines the whole law.

It's not lost on me, I get it, don't pretend like you're the only one who understands how advertising works on the Internet. That's the agreement with anything you don't directly pay for. The fee that Kago is asking for is unreasonable in my opinion.

You don't think it's possible that the accusations were mostly unfounded and the LTT crew are just decent people? They did bring up some issues with onboarding which are completely expected on smaller companies.

When I worked at an internet provider, Netflix sent us a cache (I'm sure they have several at that ISP now). I can't imagine it cost them more than a few thousand dollars, as it was just a bare bones box full of hard drives. We gave them free power, internet, and rack space in our data center. Every night during the slow period it would fill up with whatever they thought would stream the next day.

There was nothing to do with neighborhoods, the cache served customers all over Maine and they didn't pay us anything. Netflix's costs are more likely content and licensing.

They are high thinking people will pay $5/mo for search AND being limited to 300 searches/mo. I avoid subscriptions at all cost, so if I were ever to consider paying for search it would need to be a completely forgettable number like .99/mo.

I wish the password autofill feature was more robust for Firefox on Android. Using it as my default password provider but it regularly does not pick up on password fields.

Chaotic me wishes they would kill Gmail. The next handful of cool things would surface from the ashes and I could finally cut ties with big G.

People can't let go of tipping. A few restaurants near me tried it and ended up closing.

Tipping isn't just a part of culture but it also breaks up the spend for the consumer. You commit to a $15 burger now, then the $3 of tip later. Integrating the tips with the cost makes it seem like everything is more expensive and also makes it not optional for how much you give.

In what non-US country is this the case?

I bought an Ayn Odin 2 recently and noticed how hard it was to find Russ/Retro Game Corp's site and videos even when searching directly for retro game corps. It was like the results some days were buried and other times I could find them in the top few.

Available to all Wikipedia+ subscribers

I hope this does not negatively impact the spotter community and ADS-B feeds.

Just curious, why is that a deal breaker? It seems like a mild form of anti spam protection, potential 2fa backup, and a way to uniquely identify users.

I felt bad doing it but had to do the same for the AMBER alerts. Maine got me a few times with child abductions at 3am. Spoiler it was a domestic issue and the abductor was a family member every time. Kids were fine.

I am on board with cancelling some student debt for those who are struggling, but I wonder if this is a good long term solution. How do we stop getting overburdened graduates into the debt machine at 22? Do we lower tuition costs, make college free, talk kids out of going, giving more government grants to low income students?

If the taxpayers are going to socialize anything I'd prefer to start with healthcare. That impacts everyone.

Plex, as a company, definitely is aware of what items are in your library but streams don't go through the Plex servers unless you use the Plex proxy service which is enabled by default but only used when the client connection speed is too slow to use the desired streaming setting.

Everyone who accesses their Plex externally should use app.plex.tv rather than NAT/port forwarding unless you're also doing IP whitelisting on the NAT (not feasible for most remote access scenarios, as IPs are dynamic in most cases). Jellyfin should never be exposed externally.

I work in a highly regulated sector of IT and have learned that even the most robust software will have serious exploits at some point.

Uh, case in point. You found a place trashed by pets, brought your 'shits and angels' in to wreck it more, and are oblivious to their effects on a home. This is what I was talking about.

It's done by IP address not phone or laptop GPS.

I was interested in Apple's approach where they would look at checksums of the images to see if they matched checksums of known CSAM. Its trivial to defeat by changing even a single pixel, but it's the only acceptable way to implement this scanning. Any other method is an overreach and a huge invasion of privacy.

Checksums wouldnt work well for their purposes if they could easily be made to match any desired checksum. It's one way math.

It must work like the music streaming model where Apple kicks back a fee to the devs based on monthly installs or usage to the dev. It probably works better than Microsoft's model of buying a developer, not committing resources to run them, then closing the studio.

Those are better, but are also not phishing resistant.

I always wonder why some people are so dedicated to Jellyfin. Even if JF had full feature and experience parity, it would still not have secure remote access the way Plex does. There is no need to port forward or NAT Plex for external access if you use app.plex.tv to access. With the threat landscape the way it is today, that is worth a lot.

Actually, at least in my state, tools and labor done by a landlord can't be listed as an expense for taxes. If they hire someone they can list it as an expense on taxes.

App-based TOTP are not phishing resistant and do not require any level of proximity to the login session. The future is more likely passkeys that use device TPMs.

It's actually a bit risky to keep a deposit. If the tenant says you've done so unjustly, and a court agrees, the LL can be sued for triple what they kept. I have an owner occupied two unit and it would really need to be a lot of damage with evidence of intent or negligence. Why risk keeping a deposit and then being sued for triple while still having to carry out repairs caused by a careless tenant or their animal.

My place doesn't make me any money, it's a loss every year, but at least I'm building equity right?

Interesting to think about. I wonder how much schools would need to scale back to make a noticable difference in tuition and what jobs would be cut in the process. At a time when private colleges are already struggling, it might be difficult to find the fat to trim.

Hopefully they won't have to provide a phone number to the restaurant

I have not looked into it for a while but I believe their servers broker a direct connection between the client and server.