• 6 Posts
  • 153 Comments
Joined 1 year ago
cake
Cake day: August 27th, 2023

help-circle
  • ChiefSinnertoMemes@lemmy.mlFree Thinker
    link
    fedilink
    arrow-up
    1
    arrow-down
    5
    ·
    3 hours ago

    Do you trust any government?

    Imagine Donald Trump becomes communist and seizes the means of production and gathers all of the wealth America has that will be owned solely by the government he’s running. Do you really trust that he would have your best interest at heart or would you be concerned that he’d exploit us plebs?

    Distributism isn’t flawless, but a million miles better than communism.




  • I think there’s lots of reasons. I may or may not have work/worked for a bank. Typically, they use HSA’s tied to large range systems like z/OS that generate the seed. The seeds themselves are secure and are not really prone to time attacks like authenticator apps/soft tokens sometimes are.

    Its a stupid trade off tbh. However, I think its less likely for people to call in frantic because they can’t get into their bank account because everyone are more likely to retain access to their phone and/or email than for the bank to support a 3rd party authenticator app that may or may not be backed up from another 3rd party software.

    Also, over time, the authenticator apps can get off sync by a few seconds. That’s why its typically offset by 30 seconds when you set it up on most sites, which lessens the likelihood of it getting too off sync for it to work. However, it widens the gaps for time based attacks to bypass 2fa altogether. RSA Securid, I believe, is only like 3 seconds by default but don’t quote me on that. That’s why you gotta replace the hard tokens for those every 60 months. The battery in them slows down the clock and it gets out of sync.

    I could be wrong, but i believe every time you shut your phone off, technically, gets your soft tokens out of sync ever so slightly too. I once had an authenticator app on a phone where the battery died or something that prevented me from turning it back on. It took like a month or two before I could get back in it. By the time I did, none of the soft tokens worked anymore because it became offset by more than 30 seconds.







  • I’ve seen DS9 multiple times, but I have no clue what you’re talking about on some of these. Please enlighten me.

    A trans lesbian officer

    Are you talking about Jadzia/Ezri-Dax? If so, neither are trans. The parasite, Dax, in them has no gender but can go to different hosts that have genders.

    A gay interspecies couple

    Are you talking about Odo and Kira? While Odo doesn’t have gender, I wouldn’t call it a gay interspecies couple. That’s kind of a stretch.

    Edited for format








  • Yup. You can only add the nopax flag as root, so if your system is already hosed, not much else you can protect. Root has access to ring 0 so anything goes with access like that. Stuff like pax would slow them down for sure and stop script kiddies, but root access is root access.

    No privileged accounts can’t do anything with the nopax flag. That’s why you should configure your system to not run things as root as much as possible. Personally; on desktops, I don’t even use a sudoer natively. I have to su into my sudoer account in order to run root commands.


  • GrSecurity adds so many layers of protections to the kernel. They are literally decades ahead of the vanilla Linux kernel in terms of security. With all of the hardened GrSec settings checked/configured correctly, it stops the majority of 0 ring exploits (at least when I was running it before they went full GPLv2).

    PaX is an awesome part of GrSec. Mprotect stops any read and write and execute access to memory in both user and kernel lands (only rx or wx). Stuff like web browsers won’t work unless you have a program to mark it in elf to not use pax. However, this kills a lot of exploits with that turned on by itself (though there are probably work arounds if you are developing exploits which the other features would hopefully catch). That’s why people installed 3rd party unmainlined security patches, but that’s just me maybe idk.

    I hope this venture will be more fruitful than the copy paste code that people kept trying to push to the hardened Linux kernel project (despite the maintainers best intentions and countless efforts to stop that)