“Man if we had the original source code, it’d be so much easier than reverse engineering this binary in Ghidra”

The source code in question:

This one is funny because it 100% still exists somewhere, but I haven’t had the chance to verify it again.

Okay so basically its a data recorder box (ex: brainbox) that connects to a bunch of industrial sensors and sends the data over the network with your preferred method.

Builtin firmware gives you an HTTP webui to login and configure the device, with a user # and password.

I think the user itself had a builtin default admin which was #0, which everyone uses since there wasn’t really much use for other users.

Anyway, I was looking at the small JS code for the webui and noticed it had an MD5 hashing code that was very detailed with comments. It carefully laid out each operation, and explained each step to generate a hash, and then even why hashes should be used for passwords.

Here’s the kicker: It was all client side JS, so the login page would take your password, hash it, and then send the hash over plaintext HTTP POST to the server, where it would be authenticated.

Meaning you could just mitm the connection to grab the hash, and then login with the hash.

I sat there for like 10 minutes looking at the request over and over again. Like someone was smart enough to think “hey let’s use password hashing to keep this secure” and then proceeded to use it in the compleltly wrong way. And not even part of like a challenge/handshake where the server gives you a token to hash with. Just straight up MD5(password).

It was so funny because there were like a hundred of these on a network, so getting a valid hash was laughably easy.

I never got to check if this was fixed in a newer firmware version.

VLC sucks ass when you want to do any type of live transcoding or remuxing without setting up a video stream. Especially with multichannel audio:

This has been an issue ever since feature added, the maximum bitrate you can set is 512 kb/s on every codec, despite codecs that support more.

The bug thread for this was basically “stop complaining about our shit UI and use the CLI”

Much prefer Kodi for this purpose, and an ffmpeg based player for lightweight stuff.

This is the general sentiment I’ve been hearing, though surprisingly a lot of people belive that these games will eventually reach steam machine anyway because it seems stupid to them that it never happens.

I didn’t expect it, but a lot of Xbox players I know are considering saving up for the steam machine because it replaces their need for a console + PC for games, and they are aware that Xbox has been pretty open to putting their games on PC anyway. Some even considered Nintendo emulation which is defnitley something I didn’t expect to see from Xbox only players.

Halo Infinite and MCC run just fine on Linux. If they were comfortable letting their core IP on steam, it would be easy and probably beneficial for MSFT to do the same for CoD.

I think the main holdout will be Epic Games, simply because they want to be a competitor to steam and they seem to hate the idea of giving valve any leverage in the gaming industry.

Oh lol, guess they inflated its capabilities ¯_(ツ)_/¯

That’s why it’s called “federated” and nont “decentralized”

Freenet/Hyphanet is I think too slow for modern internet users. P2P networks have always struggled with solving the service lookup and access problem.

Even advancements like DHTs or cheat methods like trackers will still only get you so far compared to plain old client server DNS.

No, EAC, BattilEye, and a handful of other anticheat solutions have a native user space linux binary, and wine provides a way for the windows portion to hook into the linux portion, allowing the anticheat host to work with wine/proton games.

This involves the developer enabling the option to allow this when building their game which most devs do except for the notorious few that refuse to enable it because they don’t want to spend the extra .00002% worth of budget into making proper anticheat solutions and instead rely on kernel rootkits to solve that problem for them.

Kinda late to this thread, but OP is pretty decent for the first 300 episodes, of which I recommend you watch One Pace or read the Manga instead due to Funimation’s absolute shit tier pacing and literal stall frame timing. Seriously you will waste a solid 1/3rd of the time on filler frames and static scenes because they want to make more episodes.

The writing itself is actually pretty smooth, and the filler content (not animation) actually fits so well you probably won’t even notice its filler, because it really adds to the world building and story (and afaik is actually written by the manga author).

Everything after than, just disregard it as a Shonen franchising product designed to make money, like Pokemon.

Meh, it’s okay

No, it’s more just that LTT is basically what the Verge or any ther subpar tech outlet could be if it had actual writing talent and a hint of tech literacy.

Emphasis on a hint of tech literacy.*

Most people actually into the tech scene don’t really watch LTT that often, or find their videos severely lacking.

tbf, LTT does do a better job of providing the lens of an average consumer, and Torvalds has always kept the idea that FOSS really should not disqualify anyone from participating. He is happy to have Linux used and shown off by megacorps or individuals alike.

Gonna become the $2 waterboard rag method for insubordination

I think he’s over blowing the 5 dollar wrench method.

Unless you live in a place where human rights are disregarded like every possible moment, they’d probably only resort to torturing you to gain access if they believe you are somehow connected or have ancillary evidence that points to you. IE that darkweb dude they tortured in Turkey to gain access to his encrypted laptop containing incriminating evidence.

Otherwise they’ll just do a preemptive raid hoping that it leads to new information.

Like right now border patrol has been forcing foreigners to show data on their mobile devices to see if you have any roasted vance memes so they can turn you away. But in many cases, it has been done because they already had you flagged as posting or sharing roasted vance memes online.

Of course you could also always be in a craphole country where they’ll torture you anyway, regardless if they have any reason to believe you are connected to something, but simply due to the fact that you opted to use FDE or any practical security scheme.

Can’t have ring -3 vulnerabilities if your CPU doesn’t have a ring -3

upgrade this vine era meme to cargo box brainrot plz

Couldn’t you just lazy build your own images if you don’t trust the source?

Even then most of these containerized apps can be run perfectly fine as a host binary, you just have to make your own start script and a systemd unit which isn’t that bad.

You could then build a completely custom image if you’d like, or move it into a VM if you don’t like the idea of running it baremetal.

How does it compare to Photoprism? Been on that solution for a while and I really like it, but have seen lots of people suggest Immich as well.

EDIT: https://github.com/photoprism/photoprism

the lemmy devs all on lemmy.ml

Something something platform foundation something something

Ubuntu and Docker.

Really? Netplan alone disqualifies Ubuntu as a “friendly stable starter distro”, and I can guarantee you that your guide will somehow become outdated with a single new Ubuntu release, or some poor soul who accidentally selected an LTS release.

Docker doesn’t matter as much, but there’s a reason beyond just FOSS licensing why podman exists.

Would highly recommend Debian instead.

I started on Ubuntu similar to this many years ago and both the server and desktop experience was not fun at all.

Same experience, thought desktop on linux was behind because I started on Ubuntu with GNOME.

Luckily tried XFCE on someone’s Debian install and realized GNOME just kinda sucked.

Even GNOME 2 was a pretty standard DE, 3 and 40+ just took a weird nosedive where they enforced their idea of the perfect DE, despite it breaking a ton of rules about good UX and removing a bunch of former features.

XFCE + Compiz was 100% worth the effort of doing it once and then being able to just copy to a new device.

Waiting for XFCE to complete their Wayland transition, and I’m gonna upgrade to Wayfire.

That being said, yeah I give KDE to basically everyone else new to Linux lol