HackerTrans
TopNewTrendsCommentsPastAskShowJobs

currysausage

no profile record

Submissions

Stalwart v0.16: A New Foundation

stalw.art
5 points·by currysausage·3 ay önce·1 comments

Hackers Exploit Free Firebase Accounts to Launch Phishing Campaigns

gbhackers.com
1 points·by currysausage·5 ay önce·0 comments

Updates to the pf packet filter in FreeBSD and pfSense software

netgate.com
3 points·by currysausage·10 ay önce·0 comments

Thundermail and Thunderbird Pro Services

thunderbird.topicbox.com
8 points·by currysausage·geçen yıl·0 comments

One-Core-API Project

github.com
2 points·by currysausage·geçen yıl·0 comments

Tell HN: Microsoft Remote Desktop app for iOS does not verify server certificate

1 points·by currysausage·2 yıl önce·0 comments

comments

currysausage
·2 ay önce·discuss
Yeah, I fell into that rabbit hole once. Tried all abuse channels that I could find. network-abuse@ refers you to the Google Cloud abuse form. They ‘are not able to take action on this report since the IP mentioned in the report is not hosted on Google Cloud.’ Gmail abuse doesn’t even bother to reply (why should they, it’s not about Gmail after all). In the end, I just blocked DKIM identifiers related to Firebase via Rspamd.
currysausage
·2 ay önce·discuss
Great post. Very minor nitpick: ‘The small element must not be used for subheadings; for that purpose, use the hgroup element.’

‘The small element represents side comments such as small print. Small print typically features disclaimers, caveats, legal restrictions, or copyrights. Small print is also sometimes used for attribution, or for satisfying licensing requirements.’

(https://html.spec.whatwg.org/multipage/text-level-semantics....)
currysausage
·6 ay önce·discuss
When I need a refresher on the basics of Python, I refer to Python Distilled, and when I want a deep dive, I turn to Fluent Python. Reading these books makes me feel like I'm sitting next to an experienced, witty colleague.

I will take a look at Python Crash Course.
currysausage
·11 ay önce·discuss
The web frontend could still send secrets to third parties.
currysausage
·geçen yıl·discuss
Aptos replaced Calibri in Word and Excel.
currysausage
·geçen yıl·discuss
One upside of this reimplementation is that we can now enjoy state-of-the-art Electron-level loading times when opening a new Explorer window. /s
currysausage
·geçen yıl·discuss
There are, of course, web email services that purport to encrypt messages. But they store encryption keys (or code and data sufficient to derive them). These systems obviously don’t work, as anyone with an account on Ladar Levison’s Lavabit mail service hopefully learned. The popularity of “encrypted” web mail services is further evidence of encrypted email’s real role as a LARPing tool.
currysausage
·geçen yıl·discuss
I believe the sentence from the RFC:

[XHTML1] defines a profile of use of XHTML which is compatible with HTML 4.01

is technically incorrect. While the XHTML 1 compatibility profile was compatible with HTML 4 as implemented by major browsers, that wasn't actually HTML 4. HTML 4 is based on SGML, while what was implemented was a combination of HTML 4 semantics with the tagsoup parsing rules that browsers organically developed. These rules were only later formalized as part of HTML 5.

The compatibility guidelines do recommend a space between <br and />, but (at least according to https://validator.w3.org/ in HTML 4 mode) this doesn't change anything about <br /> being a NET-enabling start-tag <br /, followed by a greather-than sign.

Enter this:

  <h1>Hello<br />world</h1>
and select "Validate HTML fragment", "HTML 4.01", and "Show Outline". This is the result:

  [H1] Hello>world
(Obviously nitpicking, but that's my point: the nitpickers can be out-nitpicked.)
currysausage
·geçen yıl·discuss
This is especially ironic, considering the same people will gladly use XML syntax and serve it as text/html. Historically, this has only worked because no relevant browser has ever implemented SGML (and NET [1], in particular), as required by HTML standards up to version 4 [2].

[1] https://en.wikipedia.org/wiki/Standard_Generalized_Markup_La...

[2] https://www.w3.org/TR/html401/conform.html#h-4.2
currysausage
·geçen yıl·discuss
CERT stands for Computer Emergency Response Team.

CIRCL, the supposed operator behind gcve.eu [1], "is the CERT for the private sector, communes and non-governmental entities in Luxembourg" [2].

[1] https://gcve.eu/contact/

[2] https://en.wikipedia.org/wiki/Computer_emergency_response_te...
currysausage
·geçen yıl·discuss
If I remember correctly, W3C’s XHTML2 working group wanted a generic <h> tag [1], and WHATWG, focused on evolving HTML in a backwards-compatible manner, repurposed <h1> as a context-dependent heading tag instead.

[1] https://www.w3.org/TR/2010/NOTE-xhtml2-20101216/mod-structur....
currysausage
·geçen yıl·discuss
Fira was designed by world-class type designers, and it’s only free thanks to the funding by Mozilla and Here, so yes, definitely a different category.

Same goes for IBM Plex, by the way.
currysausage
·geçen yıl·discuss
Another nitpick: the attribute was called name, not id.

https://www.w3.org/TR/html401/present/frames.html#h-16.3
currysausage
·2 yıl önce·discuss
> use TPM (PCR 7+11) with a PIN

A power-on password (set in the BIOS) should also work, since without it the system will never get to the point where the TPM unlocks the FVEK, right?

I prefer this setup to a Bitlocker PIN because I can use a fingerprint instead of the power-on password on my Thinkpad, and because it should make the device largely unusable to a thief.

Of course, power-on password and fingerprint auth are only as strong as my TPM, but the same goes for Bitlocker TPM+PIN, right?
currysausage
·2 yıl önce·discuss
https://www.microsoft.com/en-us/windows/tips/clipboard-histo...
currysausage
·2 yıl önce·discuss
Looking for something like this right now. How does it compare to rclone [1]?

[1] https://rclone.org/sftp/
currysausage
·2 yıl önce·discuss
> That sounds like an Apple issue

True. But guess who’s paying Apple good money in order to remain the default search engine. Who knows what else might be part of this deal?
currysausage
·2 yıl önce·discuss
“Part of the Herald (Hong Kong) group of companies, Zeon Ltd is a leading manufacturer and distributor of clocks and watches, operating internationally in wholly owned offices in London and Hong Kong.”
currysausage
·2 yıl önce·discuss
As I understand it, before you open a (potentially dangerous) attachment in another app, it would be saved to your Temp or Downloads folder, where Defender would still have access.

A carefully crafted email (or PDF attachment) that exploits vulnerabilities within Thunderbird's HTML or image rendering (or its PDF.js sandbox) might still pose a risk, but probably less so than any random web page that you open in Firefox, where JS (which should be disabled in Thunderbird by default) is the primary attack vector.

Also, note that there is a setting called "Allow antivirus clients to quarantine individual incoming messages". With this enabled, "Thunderbird first stores each incoming message in a temporary file in the system temp folder" (where Defender would have access). "If the new message file still exists after being scanned by the antivirus software, then it is moved to your Thunderbird Inbox folder file." [1] If this is implemented correctly, it should only impact performance when receiving new emails.

[1] https://support.mozilla.org/en-US/kb/privacy-panel-settings-...
currysausage
·2 yıl önce·discuss
It looks like a PowerShell script is available now, but I don't think it's changing the partition size. Has anyone tried this out? https://support.microsoft.com/en-us/topic/kb5034957-updating...