neatchee

neatchee , 21 days ago

ENORMOUS +1 for Sunshine + Moonlight. I'd play just about anything shy of a twitch shooter on it, if your network is nice and stable

neatchee , 29 days ago (edited 29 days ago)

Security professional here. This is legit a good call on their part. It's because those types of addresses won't bounce emails but aren't necessarily in your control; it's very, very easy to spam those petition forms with mail@ for a million real domains without bouncing the emails, making them seem legit.

You own your domain, obviously, so it's really as simple as creating a forwarding/alias address of "changeorg@domain.tld". If creating a forwarding/alias address is that much of a problem for you I suggest that you likely shouldn't be hosting your own email in the first place.

Your laziness isn't a good reason to be upset with a company taking steps to reduce their security overhead significantly

neatchee , 29 days ago

Yeah I agree that one seems silly on the surface but for their specific situation I understand why: services like Gmail allow using a + to create faux-labels. So for example foo@gmail, foo+bar@gmail, and foo+baz@gmail all get delivered to the same account. For change.org that's a problem because it allows a single email account to fill out the form many times.

Ideally, they would simply truncate everything after and including those symbols but it's possible other services have different rules (maybe yahoo let's you prepend faux-tags instead of appending them, or something like that) so simply blocking their use altogether could be the more robust solution

neatchee , 29 days ago

I imagine because it can't be used to add additional junk characters to the address, they probably just strip them out before doing their string comparison

neatchee , 29 days ago

I don't think the reason they're being used is relevant to their problem though. "Think like an attacker" wins the day here: as an attacker, I don't care what it's meant for, only how I can use it to my advantage. If it's something they observed as a problem, I understand why they would want to stop it.

As for "-", yeah, I don't have a particularly good explanation for that one except the assumption that it's something similar to + addressing on a different service.

neatchee , 29 days ago

Requiring SMS validation is a massive barrier to entry and not a viable option for a service like Change.org that relies on a certain level of participation.

There's literally another comment made at almost the same time as yours complaining blocking the use of + and such is too high a barrier to entry and just the devs being lazy. Meanwhile your suggestion is raise the barrier to entry even higher if you care about uniqueness of submissions

It's a no-win situation for Change.org so they went with something that meets their business needs. Can't really expect much else from them tbh

neatchee , 29 days ago

You're not wrong, but this isn't really a security matter, it's an "apparent uniqueness" matter. Their goal, I assume, is to satisfy critics enough that a given petition's participants are sufficiently unique while keeping the barrier to filling out the form as low as possible. So they end up in a situation where neither of perfect, but they're both "good enough" for what the business needs.

I dealt with this in the anti-cheat space: my goal was never to remove all cheating, because that's too expensive (insanely so). My goal was to make the public believe they weren't playing against cheaters too often. If the solution was forcing the cheaters to perform at a level that was just below the most skilled human players, that was actually a success, because if the players can't differentiate between cheaters and pro players, then they can't effectively determine how prevalent cheating actually is.

Part of me hated that we had to treat it that way, but another part of me understood that if I pushed too hard on "eliminating cheating" my department would become more costly than it was worth and they'd pivot away from gameplay that needed anti-cheat at all

neatchee , 29 days ago

Good info! Sounds like a nightmare :x

Yeah, I can't say their solution is the most elegant but it certainly makes a kind of sense when their criteria for success is "maximize participation while satisfying 'uniqueness' critics"

neatchee , 29 days ago

Funny you mention the robocall thing... I'm literally leaving a company that works on that problem (though not as their primary business) Wednesday. It was a short stint - mostly because they are resistant to solving massive technical debt problems and I'm not trying to doom my future self - but what I witnessed was....depressing. Getting anything done was like pulling teeth, and that's with the recent FTC pivot to taking this stuff more seriously. STIR/SHAKEN is a reasonable start but it still has almost no teeth behind it.

I'm with you on the identity issue. I mean, if we're being really honest, the only people losing out by not implementing strong personal identification verification are the legitimate end users because the threat actors have gotten so unbelievably good at fingerprinting user behavior. And it's only going to continue getting worse. With ML growth as unfettered as it is, there is nothing we can do. So I'd much rather take the reigns and make identity verification a robust feature instead of a bug we can't squash.

neatchee , 29 days ago

As it ever will be, much as it may pain our moral sensibilities.

Re: CoD - I loved it. Laughed my ass off. Absolutely a big fan of creative approaches to getting cheaters to tell on themselves. I proposed something similar to my team when we had a problem with players manipulating the position of objects in the world so they were directly in front of the player: add an object of the same type inside map geometry and attach a "kill volume" to it, so it was like a landmine. Move the object in front of the player and they instantly die :P Wish we'd done it but couldn't get the level designers' time to implement it unfortunately

One we did do though: back when the product I worked on was on PS3 one of the big problems was hacked consoles spoofing platform entitlements (the thing that tells the game what purchases they should have access to). So we added an entitlement that couldn't be acquired in any legitimate way, and gave you a specific item in game. Then we just checked player inventories once a week for anyone with that item and banned their account, their console, and any account that played on that console for a meaningful amount of time. Did the same thing with an item you could only get to by clipping through geometry. Even put the word "intrusion" in the item's name haha.

The cheats are so technically complicated at this juncture that the creative stuff is often the most effective. I mean, people are literally voluntarily installing hypervisor rootkits to run the cheats, so they can talk to their drivers below even the kernel. It's so hard to come to with technical solutions to a problem like that that doesn't wind up costing massive server processing power to validate every input.

neatchee , 29 days ago (edited 29 days ago)

Oh yeah don't get me wrong, I think change.org as a product is hot stinky garbage. I don't take anything they produce seriously lol

I just don't expect them to do anything differently under the current circumstances is all heh. And their business is married to the design at this point, so I don't see them pivoting any time soon. As you suggest, they need a competitor that can do it right to come along and actually produce some kind of meaningful results in the political arena, but that's a whole other can of worms.

I literally have an idea for this, and am kinda just sitting on it until I find the right people. I've been on the lookout about 10 years now for a) someone with a comprehensive understanding of constitutional law and b) someone with a comprehensive understanding of political finance and lobbying, both of whom also need to be progressive and interested in 501(c)(3) work. A bit of a unicorn :p

neatchee , 29 days ago

Yes! I LITERALLY just set up my stuff there a few days ago for TSA Precheck and CBP because I'm heading to Japan next month. I love what they're doing.

neatchee , 29 days ago

My understanding is that signing a petition and creating an account aren't necessarily linked, and it's up to the person who created the petition whether verification is required.

neatchee , 29 days ago

Right I'm saying I always thought that was an optional feature, determined by the person who created the petition. I don't think it's a universal requirement for all change.org petitions

neatchee , 29 days ago

For the same of checking uniqueness it's probably fine to just ignore them. Yeah, it sucks if johndoe@obscure.domain and john.doe@obscure.domain can't sign the same petition but outside of the big email services I imagine that kind of collision is pretty rare

neatchee , 27 days ago

Let em figure it out. Wasting their time is a core strategy in reducing their impact and will to continue cheating

I certainly didn't share it myself but it's possible my old boss did!

TBH, in my very personal opinion the third party anti-cheat apps are like 50% placebo. Just makes people feel better. They are very protective of their "secret sauce" but I can say none of them are anywhere close to perfect. The thing they're best at is taking the easy stuff off our plates so we can focus on the more difficult problems of hardening the game itself and analyzing telemetry.

neatchee , 30 days ago

Gee, I wonder if there are other groups of people who have been painted with one brush. Perhaps the is a group that is assumed to be less skilled at STEM jobs. Or another group assumed to be more prone to criminal behavior. Wouldn't that just be something? /s

We men, especially we white men, get a fraction of the same treatment women and minorities have been getting for hundreds of years and freak out over how unfair it is. And that's an excuse to demand everyone use kid gloves when talking about these issues?

If you're only doing the right thing because people recognize you for it, I suggest you may not really be doing the right thing. If you're a good person, then you should understand why the average woman may show fear and caution when encountering an unknown man.

Things like the bear meme aren't asking about YOU. When people say "I'd rather choose the bear than a man" they aren't saying every man. Yes, the generalization stings when you think about it being applied to yourself. But if you truly understand the issues and the hypothetical you understand that the answer isn't about you. It's about what women have learned to expect when encountering a man they don't already know well enough based on prior experience

neatchee , 29 days ago

You're not listening. YOU are not portrayed as a predator. YOU need to take a backseat for the betterment of the lives of the victims of injustice. Just because something isn't your fault doesn't mean it's not your responsibility to deal with it when you are in the class of people benefitting from the injustice.

As the other commentor said: punching up is very, very different than punching down.

When a specific person treats you, specifically, poorly because you're a man, THEN you can talk about how you are not a threat, and try to convey that you are actually an ally (which is questionable based on your reactions here). But when there is a conversation about average behavior and expectations, side with the victims. You are not a victim. You do not lose more than you gain from being a man. Maybe you get weird looks when you're solo-parenting but you still make $1 to a woman's $0.79 or whatever the number is today for soemeone in the same job.

So please, stop focusing on yourself. It's selfish. Try to think about the bigger picture. And yeah, take one for the team when it comes to memes about bears

neatchee , 29 days ago

I don't normally upvote flagrant trash talk but gotdam this is so on the nose for the issue at hand that I can't help it. Can't unilaterally condone the tone but if there were ever a time, place, and subject, this is it

neatchee , 29 days ago

You're still not listening and it's obvious you don't want to. You seem incapable of stepping outside of your own lived experience and considering the experience of others. You take everything personally, rather than looking at why the generalization might be valid even if you consider yourself an exception.

I'm a 6'1" burly, hairy, white guy with a deep voice. My wife knows I couldn't hurt anyone. The stranger on the street does not. So I don't take it personally when women get startled in public if I'm unexpectedly boisterous near them. And I wouldn't take it personally if, given the chance, a woman chose to create space between us on an empty street at night.

The fact is, other men have made the world harder for us. And that sucks. But not nearly as hard as they make it for women. So if you're going to be pissy with anyone, aim your disdain at the shithead men who created this situation instead of the women who just want to feel safe.

It's easy to demand women "don't discriminate" against you. It's hard to demand men behave better. That's the difference between punching up and punching down. Learn to punch up instead of taking the easy way.

And to head off the obvious counter argument: it's different than race because men actually, demonstrably hold positions of power and privilege over women simply by being men. The same is not true of skin color, etc. Again, punching up vs punching down.

neatchee , 29 days ago (edited 28 days ago)

And that is the patriarchy in a nutshell: a system that is advantageous to men, and then teaches men to consider any critique of that system as a whole, rather than of individuals, a threat or insult to be stamped out with vehemence. The people who do this shit genuinely believe that it's unfair to be treated this way, never realizing that their attitude provides the infrastructure that allows thereally bad people to continue doing what they do.

It's like ACAB; it doesn't necessarily mean that every cop will abuse a minority given the chance, but that nearly every cop actively participates in a system that enables and protects the abuse of minorities, and that it is impossible to distinguish who the select few truly "good" cops are.

neatchee , 1 month ago

Exactly this. Everyone has their own preferences and judging a person as a good/bad fit solely based on their gender identity and not any sort of subjective compatibility is fundamentally transphobic. It's assessing that trans people are objectively undesirable. Pretty messed up.

neatchee , 1 month ago

First: don't be a loser. Refer to trans women as women. Or are you a captive to your barbaric past?

Second: you're allowed to have a preference, but projecting your preference onto the world is transphobic. Making a joke that implies all trans people are undesirable to everyone is transphobic and self-centered.

You can be a better person than this. Give it a try. Otherwise you'll be left behind as a relic of a less civilized time

neatchee , 1 month ago

You're so close to getting it. You literally just used the phrase "some people" and still can't grasp why the joke is transphobic for making a broad generalization about the desirability of trans women.

Because you're exactly right: some people don't. But other people do. Which is why the joke is transphobic for implying that the reader will immediately agree it's "bad news".

And don't give me some shit about the author and their characters because you and I both know that these are one-offs and the joke is "uh oh you got duped that girl is actually a guy hahaha"

neatchee , 1 month ago

And now you've entered the territory of labeling trans people as psychologically troubled. Clearly you're just a bigot.

Muted and reported for blatant bigotry. Nobody wants you around. Enjoy your isolation

neatchee , 1 month ago

Yeah, their truly bigoted attitude came out down that so I just blocked and reported xD

neatchee , 1 month ago (edited 1 month ago)

Troll mode: Rip the first 5 minutes of each movie then splice in Rick Astley

Troll activist mode: Rip the first 5 minutes of each movie then splice in Richard Dawkins' The God Delusion live reading

Troll comedian mode: Rip the first 5 minutes of each movie then splice in Monty Python's The Life of Brian

Activist mode: Find a set of movies to rename that teach about the harm religion has caused

Ethical absolutist mode: Refuse to host them, and explain why

Non-confrontational familial support mode: Give Mom a unique user and make the god movies only accessible to that user

In all seriousness it depends on what your priorities are. Is it more important to you to provide judgement-free support to your mom so she knows she can rely on you, or is it more important to try to reduce harm in the world by deplatforming harmful media? Or maybe it's more important to try to teach your mom what's wrong with those movies and you can come to an arrangement where she can watch those movies only if she agrees to watch movies you choose in equal amounts (since you can track it) to counteract the propaganda?

What is most important to you?

neatchee , 1 month ago

Susanne, you're all that I wanted of a girl
https://youtu.be/wNF_B6_AiPE

neatchee , 1 month ago

Just to make absolutely sure: you are POSITIVE that the device you've been renting is a MoCA-WAN router, and NOT a cable modem?

In the US at least, most of the single-unit devices that receive a coax input are DOCSIS 3.x, not MoCA. They are combining two pieces of hardware in a single physical unit: a docsis modem and a router.

Prior to having fiber internet, when my provider was Comcast, I owned two separate devices instead of renting the single device from my ISP: a DOCSIS 3.1 modem from Arris, and a standard Ethernet router

Just want to make sure you are absolutely confident about what your ISP is actually providing before you spend money on new hardware :)

neatchee , 1 month ago

Based on your edit, what you need isn't MoCA. What you need is a cable modem and a router (preferably as separate units, not a combo one like you have. Happy to explain why if you care)

• What is your ISP?

• What is your current advertised upload and download speed for the internet plan you have?

• Do you get TV or phone service through the same provider?

• Is your house wired for Ethernet? Coax? Both?

• How many people live with you?

• How many sqft is your home?

• How many devices well be connected? How many are wired? How many on WiFi?

• What is your use-case? Simultaneous streaming in 4k and latency-sensitive gaming? Mostly non-competitive gaming? Big downloads? Do you plan to stream content from your home while traveling or similar?

Help me help you :p

neatchee , 1 month ago

That's a non-trivial number of devices, so I would recommend a decent router that will last into the future, including service upgrades. Especially if anyone in the house is gaming and streaming movies at the same time

I recommend purchasing the modem and router as two separate units.

For the modem, because you have symmetric gigabit service, you'll need one that supports gigabit upstream. That means the less expensive SB8200 is out. Instead, you're looking at the ARRIS SURFboard S33. You can also find a comparable product from Netgear, the CM2000

For your router, I personally like and trust Asus. Their user interface is robust but user-friendly, and their firmware is well supported by the home networking community (including a stellar 'expanded' version called AsusMerlin that frequently has features pulled into the official firmware)

While you could go with an older model that only supports WiFi 5 (AC), those models have reached end-of-life and will only receive critical security updates. Instead, it's worth spending a bit more for the WiFi 6 (AX) version.

The minimum you'll want to support a symmetric gigabit connection like what you have is the Asus RT-AX86U. However, to support possible higher speeds in the future, and to get the most rock-solid performance, I recommend the Asus RT-AX88U. This is what I personally own for my symmetric gigabit connection

NOTE: There are older versions with the same model number that have extra LAN Ethernet ports (8 total) and no 2.5Gbps port. Do NOT get them! There are known issues when using ports 5-8 on these units

Again, you could find a similar product in the Netgear Nighthawk brand.

Anything above that is going to be extra bells and whistles. Things like extra WiFi bands, stronger radios, more 2.5Gbps ports, support for link aggregation, and some one-click gaming features that I personally think aren't worth the money.

Depending on the size of your home and your personal use case, you may also find value in adding mesh WiFi nodes to your network. Asus and Netgear both have their own implementations here. Asus' version is called AiMesh and is pretty seamless. All of their modern routers can act as the primary mesh node.

Personally I do not game on WiFi, so I went with 3x Asus ZenWiFi AX Mini (XD4) mesh nodes. They can be connected wirelessly to the main router, or by Ethernet to reduce latency. If I were going to be gaming on WiFi, I would have gone with the beefier ZenWiFi AX (XT8) nodes instead

Hope that helps, and let me know if you have any questions! Happy to go into more detail on whatever you need

neatchee , 1 month ago

I tried a smaller Lemmy server first and it didn't meet my needs.

I used reddit in two specific but different ways:

1. About a dozen subreddits that I would visit individually. Small Lemmy instances work fine for this. Just subscribe to the ones I care about

2. Browsing r/all, taking in whatever was popular at any given moment. This only works on big Lemmy instances with wildly diverse federation.

I love the firehose of "what bizarre things bubbled to the top today? Oh snap, there's a scandal in the professional bowling community. This Farscape meme is hilarious even without context. Wow, look at that crazy picture of an owl riding another owl riding a bear" or whatever.

There was never enough content on small Lemmy servers to satisfy that itch. But scrolling the main feed on lemmy.world is good enough

neatchee , 1 month ago

While you may be correct, that was my experience. As a new user, I joined two Lemmy instances, was unsatisfied with the full feed on both, and said "screw it, I'm going to the biggest server".

The problem with telling people they can fetch the missing comms are threefold:

1. It becomes a perpetual maintenance task. New communities are being created all the time and I don't want to have to reference other servers' feeds regularly to stay up to date on the newest stuff. I might as well just be on that other server

2. Part of the joy of the firehose is seeing when some completely obscure community has a wildly popular post that one time because it's extra funny or shocking or whatever. Those posts just won't make it to most smaller servers.

3. It's an "unknown unknowns" problem. Sometimes you know what it is that you don't know and can go find it. But often I don't know which things I don't know, so I can't seek it out to add to my server. The beauty of a big server is that I don't have to do that legwork or even think about it.

All it takes is one user on the server subscribing to the Western Spotted Bull Frogs community for me to see it when they have a post blow up. The chances of one such user being on my server go way up here on lemmy.world. I'm sure there are smaller servers that are "good enough" in that regard. But why would I bother when I have what I want right here?

Not trying to be argumentative, just calling out what I see as a fundamental truth about Lemmy, compared to other fediverse applications. Like, on mastodon a big server's fedirated feed is more or less unreadable. That makes smaller servers appealing as it helps prioritize what makes it into the feed. On Lemmy, the voting system does that prioritization, removing one of the big reasons to avoid larger servers in the first place :)

neatchee , 1 month ago

That's actually a GREAT idea.

Server admins should be able to opt-in to pulling in the top N posts per hour/day/week from connected instances. Could even have an option like "if a community shows up more than X times this way, subscribe the server to that community", and then toss all that stuff into Discover section or something.

neatchee , 2 months ago (edited 2 months ago)

The shame of it is that despite this limitation LLMs have very real practical uses that, much like cryptocurrencies and NFTs did to blockchain, are being undercut by hucksters.

Tesla has done the same thing with autonomous driving too. They claimed to be something they're not (fanboys don't @ me about semantics) and made the REAL thing less trusted and take even longer to come to market.

Drives me crazy.

neatchee , 2 months ago

Right? Waymo is already several times safer than humans and tesla's garbage, yet municipalities keep refusing them. Trust is a huge problem for them.

And yes, haters, I know that they still have problems in inclement weather but that's kinda the point: we would be much further along if it weren't for the unreasonable hurdles they keep facing because of fear created by Tesla

neatchee , 2 months ago

You don't need to be online or use a digital device to be tracked by your metadata. Your credit card purchases, phone calls, vehicle license plate, and more can all be correlated.

Additionally, saying "just don't use a phone" is no different than saying "just wear a mask outside your house". Both are impractical, if not functionally impossible, in modern society

I'm not arguing which is "worse", only speaking to the reality we live in

neatchee , 2 months ago (edited 2 months ago)

I know what you're arguing and why you're arguing it and I'm not arguing against you.

I'm simply adding what I consider to be important context

And again, the things I listed specifically are far from the only ways to track people. Shit, we can identify people using only the interference their bodies create in a wifi signal, or their gait. There are a million ways to piece together enough details to fingerprint someone. Facial recognition doesn't have a monopoly on that bit of horror

FR is the buzzword boogieman of choice, and the one you are most aware of because people who make money from your clicks and views have shoved it in front of your face. But go ahead and tell me about what the "real threat" is 👍👍👍

neatchee , 2 months ago (edited 2 months ago)

That's why I put "real threat" in quotes ; I was paraphrasing what I consider to be the excessive focus on FR

I'm a security professional. FR is not the easiest way to track everybody/anybody. It's just the most visible and easily grok'd by the general public because it's been in movies and TV forever

To whit, FR itself isn't what makes it "easy", but rather the massive corpus of freely available data for training combined with the willingness of various entities to share resources (e.g. Sharing surveillance video with law enforcement).

What's "easiest" entirely depends on the context, and usually it's not FR. If I'm trying to identify the source of a particular set of communications, FR is mostly useless (unless I get lucky and identify, like, the mailbox they're using or something silly like that). I'm much more interested in voice identification, fingerprinting, geolocation, etc in that scenario

Again, FR is just...known. And visible. And observable in its use for nefarious purposes by shitty governments and such.

It's the stuff you don't see on the news or in the movies that you should really be worried about

(and I'm not downvoting you either; that's for when things don't contribute, or deserve to be less visible because of disinformation; not for when you disagree with someone)

neatchee , 3 months ago

Sometimes redundancy doesn't help when it comes to network traffic routing. That system is based heavily on trust and an incorrect route being published can cause recursive loops and such that get propagated very quickly to everyone.

There was a case like this a few years back where a bad route got published by a small ISP, claiming they could handle traffic to a certain set of destinations, but then immediately trying to send that traffic back out again (because they couldn't actually route to that destination), which bounced right back to them because of the bad route. It was propagated based on implicit trust and took down huge chunks of the Internet for a while

neatchee , 3 months ago

My brother lives in another country and WhatsApp is the platform that pretty much everyone he knows uses for free international communications

neatchee , 3 months ago

But Linux IS the superior desktop OS if you just give it a try! That's not a conspiracy or misinformation, just the truth!!! But they don't want you to know that (how do I type a really, really big "/s" on Lemmy?)

neatchee , 3 months ago

So? Who cares, as long as it impacts the ability of poll watchers and legal support to communicate about illegal manipulation?

neatchee , 3 months ago

Yup! BGP is an absolute mess and it is kind of a disgrace that it's still the lynchpin of the internet

neatchee , 3 months ago

Ahhh yes, let me just get all of my brothers' business' account's followers to switch to telegram. I'm sure they'll all be willing....

"Just use something else, duh!" is ignorant. Not everyone uses social media to just post memes and argue with strangers. Some people use it for making money, or for access to support resources, or for a specific community that is important to their well-being.

neatchee , 3 months ago

This is an example of how you can make factually true statements that are contextually irrelevant.

When a major outage occurs on the day in US politics when 15 states all vote for their party nominees, it's not unreasonable to question whether there was malicious intent.

You're like a "not all men" or "all lives matter" person barging into a conversation, hijacking a perfectly reasonable discussion to push your agenda. Just stop.

neatchee , 3 months ago

oh I see, you just suck at reading comprehension

Please go reread the post you replied to. Nobody, myself included, "decided it had to be about the US". They asked a question. They wanted to know if it could be malicious, and the thing that made them think about it was the fact it's Super Tuesday.

The only thing I've ever been arguing is that it is reasonable to think about whether BGP could be abused for malicious intent when you realize it's Super Tuesday. That's it. It's a reasonable connection to make that would precipitate the question. They didn't even ask "is this because it's Super Tuesday?"

But go off, chief. Can't pass up a perfectly good opportunity to let your angst out

neatchee , 3 months ago

I started ignoring them when they willfully disregarded my explanation in order to reiterate the same misunderstanding they'd already made, simply pointing at text and saying, effectively, "it means what I say it means". They have their view and nothing you or I can say will ever change it. Best to just ignore that type