CosmicTurtle

CosmicTurtle , 5 months ago

It shouldn't be done at all. If you're updating discord, you're writing something. That something should be, at the bare minimum, in a README file.

If you can't be bothered with Markdown, just do text.

I've never encountered this in the wild so I can't say for certain why a FOSS project would choose to do this.

Maybe they are trying to get more people on their server?

CosmicTurtle , 5 months ago

I haven't seen this either. OP, you got a link? I'd love to see what kind of software is doing this.

CosmicTurtle , 5 months ago

Troubleshooting I could see being in discord. But it shouldn't be the only option.

I got the feeling this is mostly niche stuff or very new developers that don't have GitHub experience.

You can integrate GitHub issues with discord. I imagine similar integrations exist with gitlab

CosmicTurtle , 5 months ago

The vast majority of my open source projects, I'm the only user. I release it open source because back in the day, GitHub only allowed open source projects if you want to use it.

But another reason is the hope that someone will find it helpful. If not the project itself but maybe the code.

I have one project that has a significant following and honestly it's sometimes very scary because I might not want to keep it updated because of my own interests changing.

CosmicTurtle , 5 months ago

You have to set up a proxy.

Even for those who are technical enough to set up a pihole, it's annoying to set up a proxy and some apps simply won't work with it.

CosmicTurtle , 5 months ago

Not sure if these instructions work. First result from Google.

CosmicTurtle , 5 months ago

If the attack was carried out over one IP address, they should have been able to detect it.

There is no real reason why 7 million different accounts access the site from one location.

I don't know how sophisticated the attack was but the future threat is instead of DDOS attacks would be distributed ACCESS attacks where millions of controlled devices attack a site with known credentials to download small bits of information over time. Even better if you can work out ahead of time the account's general location and then assign devices in the area to access that account.

CosmicTurtle , 5 months ago

Yup. I used ansible for a good year, maybe two, and found myself asking, "Why the fuck am I maintaining some abstract thing when I can just write a shell script and deploy that?"

Cloud orchestration is better done with other tooling. Honestly don't see a use case for ansible beyond physical data center deployments.

CosmicTurtle , 5 months ago

Yes but this wasn't a data breach. This was a data stuffing incident, meaning they took someone else's data dump and tried their email and credentials here.

• never use the same username and password in two or more places
• always use MFA, a hard token if you can like a yubikey

CosmicTurtle , 5 months ago

I use yubikey everywhere it's available for me. Initially, the first few websites in the early years were challenging. I think a lot of devs were still trying to figure out the workflow.

But today, it's usually as simple, or simpler, than TOTP.

So it might be worth trying again. I'd use a YubiKey 4 or higher if you can. If you have an older one, you may want to upgrade to take advantage of the newer technology like NFC and Bluetooth if you're into that.

I just wish YubiKey could store more than like 30 TOTP tokens.

CosmicTurtle , 5 months ago

Is it just me or is every new distro just a base with a different DE? I started to notice this a few years back but not sure if it was my imagination or something developers starting doing because it was easier to ship the DE as "the OS" than it was to instruct users on how to switch to their DE.

CosmicTurtle , 5 months ago

I mean.....are they good mods? Does the candidate have good code etiquette?

Honestly, the fact that a candidate would mod any game, let alone a hentai game, would be pluses in my book.

CosmicTurtle , 5 months ago

Time to buy shorts. Or puts. Or kangaroos. Whatever.

I don't know a fucking thing about stonks.

CosmicTurtle , 6 months ago

Doesn't surprise me one bit. I've noticed that a lot of websites will only accept .com and a few will only accept email addresses from popular providers (Gmail, Hotmail, outlook, etc.)

My guess is that it's trying to reduce spam and fake account generation.

CosmicTurtle , 6 months ago

The only correct regex for email is: .+@.+

So long as the address has a local part, the at sign, and a hostname, it's a valid email address.

Whether it goes somewhere is the tricky part.

CosmicTurtle , 6 months ago

Not necessarily shady.

I use 10 minute email if a merchant requires me enter an email account before seeing the total price on an item (including shipping). That's the most common pattern I've seen. My guess is that they want to ping you to complete the purchase.

Or a website might require free registration in order to view the content.

One place I use 10-minute email is actually Spotify. I didn't want to give them my Gmail address since your name is exposed to the world via their sharing API.

Don't get me wrong, there are a lot of bad uses for it as well. But privacy minded people use it too.

CosmicTurtle , 7 months ago

It took me...I'd say 2 years from being a full conservative to a left-leaning independent. And then another 2 years to being a moderate to progressive liberal.

It does happen. But some people are so rooted in their political identity that they will never change.