People have been saying this since he was forced into buying the platform. I initially thought that could be true too.

As time has gone on, however, I’m starting to think he’s just that incompetent

https://en.wikipedia.org/wiki/Coordinated_vulnerability_disclosure

Excel is one of those tools that punches way above its weight class. Which is why it’s so common to see in places where it should have been replaced by a proper database years ago.

I am not a material scientist, but I would wonder if molten metals would radiate too much heat to the environment causing an efficiency loss

I’m not sure I necessarily agree. Your assessment is correct, but I don’t really think this situation is security by obscurity. Like most things in computer security, you have to weight the pros and cons to each approach.

Yubico used components that all passed Common Criteria certification and built their product in a read-only configuration to prevent any potential shenanigans with vulnerable firmware updates. This approach almost entirely protects them from supply-chain attacks like what happened with ZX a few months back.

To exploit this vulnerability you need physical access to the device, a ton of expensive equipment, and an incredibly deep knowledge in digital cryptography. This is effectively a non-issue for your average Yubikey user. The people this does affect will be retiring and replacing their Yubikeys with the newest models ASAP.

Absolutely. If you are the CISO in a place where security is a top priority with adversaries that may have access to the equipment and knowledge to exploit this, you will absolutely want to retire the keys ASAP and replace them with the new model that is not vulnerable to this.

I’ve yet to find a better controller than the DS4.

It has the perfect feel in the hands. And with Steam’s controller support, Ive yet to have an issue with functionality or button remapping(I haven’t played crosscode, so no info there)

Sometimes people do the right thing for the wrong reasons.

My certs have all expired, but when I started I didnt have any at all.

The thing that worked for me was to apply to small businesses(Look into local MSPs). Places that have ~20 employees have much less rigor about certs and will more likely test that you’re amicable enough to mesh with the rest of the team. From there you can build experience and often get thr company to pay for your certs.

NTP is the one that comes to mind for me.

Basically every device uses it and until fairly recently was maintained by a single person

This is one of those weird things that venture capital does sometimes.

VC is is injecting cash into tech right now at obscene levels because they think that AI is going to be hugely profitable in the near future.

The tech industry is happily taking that money and using it to develop what they can, but it turns out the majority of the public don’t really want the tool if it means they have to pay extra for it. Especially in its current state, where the information it spits out is far from reliable.

I miss when viruses were fun instead of extortionate

While many of the CVEs are filed in good faith by responsible researchers and represent credible security vulnerabilities, a recently growing pattern involves newbie security enthusiasts and bug bounty hunters ostensibly “collecting” CVEs to enrich their resume rather than reporting security bugs that constitute real-world, practical impact from exploitation.

Oh, this is once again HR’s fault

This is explicitly against their TOS. Whether or not you’ll be found out is a whole other matter

deleted by creator

The argument is that “we would like to study these works of art in a purely academic setting, and are willing to limit access to academics only, we just need to make sure it’s going to work even if you guys stop supporting it”

The corporations involved seem to read this argument as “we are looking to start a game streaming service, please give us free access to all your games to distribute at our whim”

To be fair, comparing terminal to the registry is not comparing apples to apples. The registry is more like a complicated config file full of barely documented options. Still miserable to work in, but that’s beside the point.

The terminal equivalent to windows is Powershell which id say is much more favorable.

How?

I dual boot and use the command line a similar amount in both. cmd and powershell in windows are super useful for troubleshooting things that don’t work, or setting configuration options that are just not possible from the GUI, like disabling the hiberfil

Windows error messages are usually something to pay attention to if they generate a popup. But you can ignore most errors and warnings in the event viewer.

Linux is the same. If you get a popup, look into that, but if you see warnings or errors in a logfile then they can most likely be ignored if the app is working

It’s good opsec to have a VPN when torrenting but thats largely due to the risk of being identified commiting a crime.(Or at the very least, having your ISP send you an angry letter about copyright infringement)

If thats not part of your threat model, then you dont need to worry.