HackerTrans
TopNewTrendsCommentsPastAskShowJobs

aja12

no profile record

comments

aja12
·vor 4 Monaten·discuss
From an exterior viewpoint, all this portrayal of Trump as either insane or an idiot is as useless and dangerous as the sanewashing.

I believed Trump was insane/an idiot during his 1st mandate. I no longer believe so.

I firmly believe he is an ingenious antagonist with ulterior motives using advanced manipulation and destabilization techniques. He moved the Overton window so far and fast that the world doesn't know how to react, and any reaction will be too little too late.

Trump is taking the USA's economical/social structure apart at a frightening pace, and unfortunately a lot hinge on the USA elsewhere.

He should not be seen as incompetent/unfit for office, he should be seen as a hostile entity to get rid of yesterday.

And I fear it's too late, the USA won't react until he's made the "necessary constitution changes" and been elected for his 3rd mandate.

Getting rid of Europe's ties with the USA will be arduous but I don't see any alternative
aja12
·vor 5 Monaten·discuss
Yes! When I learned of Anna's Archive a few years back I too was frustrated by the lack of a short explainer of how to access single files, existence of an API, etc. Now I'm envious of LLMs somehow
aja12
·vor 6 Monaten·discuss
Being in the same boat as you I switched to OpenCode with z.ai GLM 4.7 Pro plan and it's quite ok. Not as smart as Opus but smart enough for my needs, and the pricing is unbeatable
aja12
·vor 6 Monaten·discuss
Actually, the real countermeasure to PTH is to disable NTLM auth and rely only on Kerberos (and then monitor NTLM as a very strong indicator that someone or something is attempting PTH)

Of course kerberos tickets can be abused too in a lot of fun ways, but on a modern network PTH is pretty much dead and a surefire way to raise a lot of alerts

(You are absolutely right that privileged accounts must never login on less privileged assets, however!)
aja12
·vor 6 Monaten·discuss
> cloud-based synchronization

Well I don't disagree that it might be possible to abuse cloud sync in some way to export the secrets, but it's not quite as egregious as just including the secrets by default in an app backup

Not perfect, but (imho) still better than SMS 2FA, mail 2FA, or lack of 2FA
aja12
·vor 6 Monaten·discuss
>Most TOTP apps support backups/restores, which defeats this.

Citation needed? Yubico authenticator doesn't (the secure enclave is the Yubikey). I'd be very surprised if MS Authenticator and Authy (which I don't use but are the most popular apps that I know of) support such backups
aja12
·vor 7 Monaten·discuss
From someone who has not tried the software but might be interested if it gains traction:

You should decide whether you are building this for yourself or as a product to others. Each stance is perfectly valid but are somewhat not compatible, the software can be very opinionated or intuitive but attempts to be both seem to often fail.

If you are building opinionated software for yourself and are ok with alienating a part of the userbase: great, some great software are built this way! (Alacritty, Kakoune come to mind). This should be clearly communicated to prospecting users though, it may need to convey "this software has strong opinions you may not agree with, that's fine but it may not suit you" somehow.

If you aim for maximum reach: expect your sense of what is "intuitive" to constantly be challenged, and to have to make many difficult compromises. You also need to take feedback from a more forgiving angle, and above all, assume good faith from your users. In this instance, GP stated their enthusiasm for your shared vision of the problem space, and your knee-jerk reaction was calling them a troll.

Builders of opinionated software should pay trolls no heed and refrain from engaging, and builders for maximum reach should think trolls don't exist.

footnote: `toad run` expecting a folder and not a command seems to fall in the "opinionated" ballpark
aja12
·vor 8 Monaten·discuss
Yet.

When ChatControl will be in place, it'll only be a matter of time
aja12
·vor 8 Monaten·discuss
Bullshit journalism. This was not a post heist report, every buzzword chasing so called news outlets out there are repeating ad nauseam findings that were listed in a report produced by ANSSI in 2014! 2014! Eleven. Years. Ago! Did Louvre kept obsolete software around all this time, yes they probably did but this "Louvre" password claim just grinds my gears