Sort of. The program uses a specific part of the website for its auto update. And it also didn’t do any kinds of TLS (https) validation (which would prevent changing the destination). They also signed their installers (which would throw an error if the file had been modified) but the auto update didn’t check for a valid signature. So basically the two big things that a browser would do when you visit the site to download the installer, the auto updater just… Wasn’t doing.

So people who visited the site to manually download the installer were fine. They would have been alerted if the TLS cert was invalid or if the installer wasn’t properly signed. But if you used the auto updater, you wouldn’t get any of those errors and it would happily install the malware.

They also weren’t doing any kind of SSL verification for the download request, nor were they doing any kind of hash verification or signing. The former would have prevented a redirect attack in the first place, and the latter would have prevented downloaded files from being modified or swapped out.

“Sign this NDA, and your consideration is that we won’t toss you out on your ass with a less-than-honorable discharge.”

He’s a former Major in the Army National Guard. I can guarantee he knows what the UCMJ is; He just doesn’t care.

No, each server is accessed separately. You can swap between servers easily, but there is no central way to browse all of your servers simultaneously. Jellyfin was designed specifically to rebel against Plex’s centralization, so that’s not a feature they’re ever likely to implement. There are ways to sync your watch history between servers, but it’s using third-party plugins.

The Tim Burton Batman movies. They’re hilariously bad, but make for a great time when you’re drunk with friends.

Or even worse… Supporting Palestine.

A lakh is 100k. So 5 lakh is 500k. Converted to USD, that’s around $5900 USD

Yup. For minor issues, first aid is all that is needed; you don’t need to see a doctor for a minor cut, as long as the first aid ensures it’s not infected. But for larger things, secondary aid is what provides more long-term recovery.

If someone dislocates a shoulder, first aid is putting it in a sling and bracing it against the body, so it doesn’t get worse (for instance, the tendons and ligaments in the shoulder joint can tear) before they can get to a hospital.

If someone is massively bleeding, first aid is stopping the bleeding to keep them alive until they can get rescued.

It can be, yes. One of the largest complaints with Docker is that you often end up running the same dependencies a dozen times, because each of your dozen containers uses them. But the trade-off is that you can run a dozen different versions of those dependencies, because each image shipped with the specific version they needed.

Of course, the big issue with running a dozen different versions of dependencies is that it makes security a nightmare. You’re not just tracking exploits for the most recent version of what you have installed. Many images end up shipping with out-of-date dependencies, which can absolutely be a security risk under certain circumstances. In most cases the risk is mitigated by the fact that the services are isolated and don’t really interact with the rest of the computer. But it’s at least something to keep in mind.

Or just get into CB radio. You can get a unit for like $100. No license required, and it makes road trips much more interesting, because it’s still used by a lot of truckers. Channel 17 for north/south travel, and 19 for east/west.

Some of us are old enough to remember when the entire point of cable TV was to avoid commercials. Over-the-air antenna TV was supported by ads. But then cable came along, and went “hey, what if we offered a paid TV service, without the ads?”

Then they realized they could just fucking double-dip and show ads anyways. And now they’re charging extra to skip those ads.

And we’ve seen streaming services start to take the same route. Some have started showing ads to paid users, then charging extra to avoid the ads.

According to .ml, anyone even slightly right of outright communism should be considered fascist. .ml is one of the more extreme hard left instances, so comments from the instance should be taken with that in mind. It is very heavily censored, so their users only ever see the “China and Russia did nothing wrong” type of rhetoric.

.world has issues, for sure. It’s the largest instance, and that comes with its own issues. But it’s definitely not fascist.

I mean, he switched to Linux and has advocated for gamers to do the same. So… Maybe?

It’ll be specific to the app you’re using. Tags aren’t natively supported by Lemmy, so they’re just something that the app makers add in. Sort of like RES on Reddit.

Yeah, they were exposed so quickly that the only explanation is that it was done on purpose. Russia literally had access less than 15 minutes after the accounts were created. That’s not enough time for a brute force attack, unless the password was literally “password”. And even then, Russia would need to know the usernames in order to begin the brute force attack.

Something something “the best time to plant a tree…” Yeah, it was needed then, but it’s needed now too.

Yeah, I love my catch-all email domain. If I start getting spam addressed to “Target@{my domain}” then I know Target sold my data; I can burn the account by auto-spamming everything addressed to it, and move on.

Yeah, this can be an unpopular opinion on Lemmy, because there’s a giant Linux circlejerk. But the unfortunate reality is that changing to Linux does have some major stumbling blocks. The “switching is so easy, just do it” crowd totally glosses over it, but that’s kind of rhetoric doesn’t help long term adoption. Because if some new user has only heard “switching is so easy” and immediately runs into issues, they’ll be more likely to go “well if it’s super easy and I can’t figure it out, I guess it’s just not for me” and abandon things.

There’s also a very vocal (and toxic) part of the Linux community that basically just screams “RTFM” at every newbie question. New users shouldn’t be expected to dig into a 350 page technical document just to learn the basics of their new OS.

I installed a bidet like two weeks before that entire shortage started. I have never felt more smug about a decision.