borari

Yes, vim.

No. You can have control over specific parameters of an SQL query though. Look up insecure direct object reference vulnerabilities.

Consider a website that uses the following URL to access the customer account page, by retrieving information from the back-end database: https://insecure-website.com/customer_account?customer_number=132355 Here, the customer number is used directly as a record index in queries that are performed on the back-end database. If no other controls are in place, an attacker can simply modify the customer_number value, bypassing access controls to view the records of other customers.

Every German person I’ve ever met talks so confidently about shit that you just kinda assume they know what they’re talking about, until they start talking about a domain you’re an expert in and you realize they’re actually kinda dumb but with good vocabulary.

lol. You mean vba macros.

It’s wild to see Chrome going from the browser to use if you had any tech sense whatsoever to being universally derided.

Safari also has it built in. This person is just saying shit to say shit I guess.

Exactly this.

@uranibaba@lemmy.world, I self host my media server, my *aars, my Usenet client, Home Assistant, dns server, and have some loud af r710s for standing up test AD and simulated network environments. My website is hosted on Google Cloud, moved from AWS bc free tier ran out and g cloud is like $0.42 a month. It’s just whatever makes sense for the thing being hosted.

I don’t have FDE (BitLocker) enabled on my Windows 11 gaming PC. It sits in my house and has nothing on it but video games and video game related shit. I don’t even have my password manager installed for logging in to Steam, GoG or whatever other launcher. I manually type passwords in from the vault on my phone if the app doesn’t support QR code login like discord. Also I paid for this ridiculous m.2 nvme drive, I’m not going to just give up iops bc i want my game install files encrypted.

I don’t use FDE on my NAS. Again it doesn’t leave my house. I probably should I guess, bc there is some stuff on there that would cause me to have industry certs revoked if they leaked, but idk I don’t. Everything irreplaceable is backed up off site, but the down time it would take to rebuild my pirated media libraries from scratch vs just swapping disks and rebuilding has me leery.

I have FDE enabled on both my MacBooks. They leave the house with me, it seems to make sense.

I don’t use FDE on Linux VMs I create on the MacBooks, the disk is already encrypted.

My iphone doesn’t have the option to not use FDE I don’t think.

I use encrypted rsync backups to store NAS stuff in the cloud. I use a PGP key on my yubikey to further encrypt specific files on my MacBooks as required beyond the general FDE.

I’m like a generation younger than you at least and I’m on the default terminal and tmux train, so I’m saying you’re not out of touch.

It has not defaulted to root prompt in many years.

Exactly. Internet delivered to the home by some form of wired connection will always be better than internet delivered via cellular, regardless of whether it’s an old-school hotspot or a newer 5g router with the cellular modem built in.

As far as ISPs go, Fios is pretty good. I have them, they’re relatively cheap for 1Gbps symmetrical, I regularly speed test at like 980Mbps, I get a regular public IP (no cgnat), the pub ip my router pulls only rotates when the router power cycles, the ONT box is just Ethernet so I can use my MikroTik and not have to dick around with making an ISP supplied modem/router pass through, idk I’m happy.

Not sure if they support ipv6 in my market, I just have all that disabled on my router. I know I know, I should stand it up, but I really don’t feel like it.

If Fios, Verizon hands down. Symmetric, they don’t do data caps, etc.

I’m not saying they’re a great company put anything, but the less bad in my opinion.

You’re asking how to set up c2 infrastructure. You’re asking this question on a programming community, not a cybersecurity community, which is an odd decision by itself. You have made it abundantly clear that you are not asking this bc you’re trying to start up some red team ae program at your work, you’re doing this to perform illegal activity.

Nobody is going to help you with this. No security professional is going to help you bc it’s completely unethical, and maintaining appropriate ethics is a huge part of maintaining employability in that sector. No one who does this stuff criminally will help you bc you’ve proven to have zero discretion and helping you will probably lead to the feds taking their front door off its hinges. Also you’re competition.

If you don’t know how to do this already, which you obviously don’t, you put in the work to learn this skill set. Once you’ve done that, doing it professionally is much more stable, and has a much better risk vs reward, than doing it illegally.

Damn. You’ve given me a vision of a future where people call applications that are installed locally and don’t leverage any cloud/server backend for any functionality “self-hosted” programs and I hate it.

It is pretty easy. There’s tons of tutorials and walkthroughs for doing it, but anyone familiar with UIs will be able to work it out pretty quickly I think. Maybe a friction point in using the filter query, but again there’s tons of walkthroughs and guides for using it online.

If you can’t conceptualize a packet, or sockets, or network flows, even with the help of online guides/manuals, I guess it wouldn’t be easy. In that case I’d be wondering why someone would want to use those tools in the first place though, as then they probably wouldn’t have the skills necessary to leverage the information gleaned from the tool in any useful way.

Edit - As we’re in the self-hosted community, I’d argue that anyone who is self-hosting anything would probably be able to easily install wireshark and view http requests, both individual packets and the stream as a whole.

deleted by creator

deleted by creator

I just installed it out of curiosity. The watchlist is the page that has your up next stuff in the first line, then like new movies added to your movies library, new shows in your tv library, etc. The discover section is what you’re talking about, and it’s still on its own discrete section.

I understand that, but they’re wrong.

That’s still just a cellular modem stuffed in to a much better router though. It’s a cellular connection. Yea, with 5g it’s a ton better than 3g, but it’s a cellular connection, provided to you by a cellular network operator. Cellular network operators are their own thing, regulated by the FCC as their own thing, whether the cellular connection is happening on your phone or on your cellular company provided router, it’s still connecting to the cellular network.

Look. Starlink is a satellite internet provider right? But you understand that no wires are physically connecting the starlink terminal to the starlink satellites right? It’s “wireless”. Starlink is not a WISP, it’s a satellite internet provider. T-Mobile or Verizon or whoever aren’t WISPs, they are cellular network operators. They are separate and distinct things.

Language has meaning, words have meaning. A WISP isn’t just an ISP using technology that doesn’t need a wire to your house, it’s a specific thing. You’re using it wrong.

Edit - I can put a SIM card in my MikroTik right now, then unplug the Ethernet cable that runs to my ONT box, and have unbroken internet access. That doesn’t suddenly make the cellular network provider a WISP, it makes them a cellular network provider. I’m accessing the cellular network. They’re providing me access to the network over cellular. Idk how else to explain this.