Due to lemmy.world blocking pirating communities, I will now be using [email protected]
Iirc the way that blind works is by verifying you work at a specific company but then that email address cannot be used again.
It’s not associated with your specific account.
Someone who worked at blind explained that but there’s no way to know this for sure.
I’ve actually given this a lot of thought over the years. The biggest issue for me is all my AWS services that no one in my family knows about.
So the idea would be to, at minimum, let my family know what services are being used.
Unfortunately there isn’t a turn-key solution. I’ve seen a number of well-meaning solutions and some that are quite novel but they all suffer from the same problems: how do you deal with false positives and how do you verify your deadness.
I imagine that the problem is similar to the Yellowstone trash can problem, in that any solution to mitigate one will make it harder on the other.
The best solution I’ve found is to have a two-person solution, similar to launching a nuke. You have automation that tests if you are active that emails a close friend or relative to verify you are indeed dead.
Ideally there would be more than one person on this list a confirmation from two people would kick off all of the automations you code.
Privacy: I have blinds on my windows. I control whether they are open or closed, but they aren’t secure. You could break a window and look inside if you really wanted to.
Security: my glass storm door has a lock. But privacy is only there when I close the front door.
There is overlap between these two concepts but one does not imply the other.
These states:
At least Amazon is thinking of the shareholders.
The hardest thing about Linux Mint is installing all of your software. It’s daunting even for very established users.
I moved from Ubuntu to LM a few months ago and I’ve enjoyed it.
I’ve requested confirmation and have only gotten it once or twice.
What I’ve started doing is actually just sending them their same exact terms via their corporate registered address (regardless of their instructions) with the arbitration clause and jury trial waiver and just about anything I don’t agree to removed. I tell them so long as they continue to provide the services to me, that they implicitly agree to the terms I’m sending them, with any further updates requiring them to send a registered (not certified) letter.
I intentionally do not provide any way for them to identify my account except for the return address.
I figured if I ever had to go to court, one of these things would happen:
So far, no company has ever written me back or turned off my access to the site.
I suggest everyone do this because these forced arbitration clauses are very anti-consumer and we need to start clawing back our rights.
Car companies have definitely imagined this. And if they could, they 100% would.
The problem is companies that fully take advantage of open source, as is their right, and then fully expect the volunteer dev to provide support them when they have a Sev 1.
Sure they read the license and saw that it was free, but they didn’t read the part that it was free but offered literally no support.
The amount of money that my company has made on the backs of open source developers is probably in the literal billions. But we don’t give fuck squat to them outside of one day a year that we contribute code back to a few select libraries.
I think I used to do something similar with email spam traps. Not sure if it’s still around but basically you could help build NaCL lists by posting an email address on your website somewhere that was visible in the source code but not visible to normal users, like in a div that was way on the left side of the screen.
Anyway, spammers that do regular expression searches for email addresses would email it and get their IPs added to naughty lists.
I’d love to see something similar with robots.
It was but my understanding is that the patent on RDP lapsed. It’s why Oracle VirtualBox uses RDP as their virtual desktop protocol.
No, it was a few years back when a researcher found that there was a plain text file of county employee social security numbers just sitting inside the JavaScript of a government website.
There are too many Google results from the upcoming election for me to sort through but suffice it to say, the guy was a class A idiot.
It reminds me of a lawmaker in one of the flyover states that wanted to make it illegal to look at the source code of a website.
Think about this for a second.
And realize that this twat is writing laws.
Given the number of TV shows and movies around this topic, I can sense this change coming.
If I have to interact with someone that’s wearing goggles, I might go full Luddite.
It’s sad that so many plugins like this exist.
Remember ExpertsExchange? They charged people for the correct answer but was in the top 10 results. They got blocked very quickly when Google, yes Google, allowed you to block any site from your search. That feature is now gone and you have to specify that in your search terms.
For those who are unfamiliar with both Bandcamp and Bandcamp Friday, can you ELI5?
Back then, Amazon was the shit. My GF at the time and I cancelled our Costco membership because shipping was good and selection was better.
Now, Amazon is shit. And now back to buying in-store whenever possible. And got a Costco membership again.
I have a running cart in my Amazon and about once every two weeks I’ll hit the purchase button.
Just not worth it anymore.
If the attack was carried out over one IP address, they should have been able to detect it.
There is no real reason why 7 million different accounts access the site from one location.
I don’t know how sophisticated the attack was but the future threat is instead of DDOS attacks would be distributed ACCESS attacks where millions of controlled devices attack a site with known credentials to download small bits of information over time. Even better if you can work out ahead of time the account’s general location and then assign devices in the area to access that account.
I use yubikey everywhere it’s available for me. Initially, the first few websites in the early years were challenging. I think a lot of devs were still trying to figure out the workflow.
But today, it’s usually as simple, or simpler, than TOTP.
So it might be worth trying again. I’d use a YubiKey 4 or higher if you can. If you have an older one, you may want to upgrade to take advantage of the newer technology like NFC and Bluetooth if you’re into that.
I just wish YubiKey could store more than like 30 TOTP tokens.
They don’t need to be a techie. Just someone who can click a button.
I am remembering Julian Assuage has/had a payload that was distributed via BitTorrent. The file was encrypted with a private key and his public key was posted either as a file in the package or on the site where the magnet file was downloaded.
Before he was arrested, he encouraged everyone to download the file and sit on it and to keep seeding it. He said in the event of his untimely death, the password would be released for everyone to decrypt.
That would be another option but you sort of need the notoriety to make this work.