Shahriar's recent activity

  1. Comment on 780GB of data, tools, and source code were stolen from EA by purchasing a stolen cookie to get access to the company's Slack and social-engineering an IT Support employee in ~tech

    Shahriar
    Link
    I'm surprised this hasn't been the case before. It is only just recently where browsers like Firefox 86 isolate cookies to only the domain that the cookie originated from.

    A representative for the hackers told Motherboard in an online chat that the process started by purchasing stolen cookies being sold online for $10 and using those to gain access to a Slack channel used by EA. Cookies can save the login details of particular users, and potentially let hackers log into services as that person. In this case, the hackers were able to get into EA's Slack using the stolen cookie.

    I'm surprised this hasn't been the case before. It is only just recently where browsers like Firefox 86 isolate cookies to only the domain that the cookie originated from.

    2 votes
  2. Comment on Battlefield 2042 official reveal trailer in ~games

    Shahriar
    Link
    When I first read it, I mistakenly thought it was Battlefield 2142. Hopefully from what I can tell, this is a prequel to a Battlefield 2143; Pan-Asian Coalition faction can be seen in this reveal...

    When I first read it, I mistakenly thought it was Battlefield 2142. Hopefully from what I can tell, this is a prequel to a Battlefield 2143; Pan-Asian Coalition faction can be seen in this reveal trailer.

    The century gaps between Battlefield 1942, now 2042, and 2142 make interesting story-lines.

    4 votes
  3. Comment on China's censorship is far reaching. Searching for "tank man" on some image search engines brings up zero results. in ~tech

    Shahriar
    Link Parent
    I get similar results. On Bing, searching for it under "all" and not "images" warrants me a top image straight from Wikipedia. DuckDuckGo, same thing, except they don't embed images from top link...

    I get similar results.

    On Bing, searching for it under "all" and not "images" warrants me a top image straight from Wikipedia.
    DuckDuckGo, same thing, except they don't embed images from top link searches.

    1 vote
  4. Comment on Where'd You Go? in ~life

    Shahriar
    Link
    That was a strong comic, thank you for sharing!

    That was a strong comic, thank you for sharing!

    4 votes
  5. Comment on If I'm using Cloudflare for my domains, do I need to bother with LE? in ~comp

    Shahriar
    Link Parent
    Would this differ from other CDN or "Edge" networks like Netlify? Netlify allows custom certificates, but even their own managed certificates are issued with Let's Encrypt, where it would not be...

    The key thing to understand is that an origin certificate is issued and signed by Cloudflare, and is trusted by Cloudflare. If you were to use such a certificate at the edge, your web browser would cry foul and say "Who the fuck is Cloudflare?". They are not a trusted CA.

    Would this differ from other CDN or "Edge" networks like Netlify?

    Netlify allows custom certificates, but even their own managed certificates are issued with Let's Encrypt, where it would not be part of the trust chain process.

    Thank you for taking the time to explain; I understood your explanation for CloudFlare as:
    Browser -> CloudFlare's TLS -> CloudFlare Edge -> Origin Server TLS -> Origin Server.

    As CloudFlare uses its own certificates to process between the browser and my origin server, it's not truly E2EE as they issued the certificate and would have their respective private keys. Although they seem to support certificates on the Origin Server issued by a Certificate Authority like Let's Encrypt. The chain in its entirety is not independent from CloudFlare.

    Netlify can manage this automatically with Let's Encrypt, but they are not using a "hack" of their own Certificate Authority like CloudFlare is using here.

    Here is the documentation I was trying to understand with Netlify.

  6. Comment on Our digital pasts weren’t supposed to be weaponized like this in ~tech

    Shahriar
    Link Parent
    Was this excerpt out of the whole article with no comment to add intentional? A good read, thank you for sharing. For others, I'd recommend reading the entire article!

    Was this excerpt out of the whole article with no comment to add intentional?
    A good read, thank you for sharing.

    For others, I'd recommend reading the entire article!

    7 votes
  7. Comment on What's a cool and not-well-known thing that people can do with their phone/computer? in ~tech

    Shahriar
    Link Parent
    Cute website, thanks for sharing!

    Cute website, thanks for sharing!

    2 votes
  8. Comment on Pressing flesh against flesh 🤝: The multi-skin toned handshake emoji reveals that it is more than a routine gesture in ~tech

    Shahriar
    Link Parent
    Honestly, that surprised me too haha.

    Honestly, that surprised me too haha.

    1 vote
  9. Comment on Pressing flesh against flesh 🤝: The multi-skin toned handshake emoji reveals that it is more than a routine gesture in ~tech

    Shahriar
    Link
    Here is Google's blog post about the topic citing the same author OP linked, who is Google's creative director for emoji.

    Here is Google's blog post about the topic citing the same author OP linked, who is Google's creative director for emoji.

    3 votes
  10. Comment on FDA to propose ban on menthol-flavored cigarettes, with industry likely to challenge in ~health

    Shahriar
    Link Parent
    Use of e-cigarettes has skyrocketed, especially in youth, thanks to increasing market popularity from brands like Juul using aggressive marketing targeted towards certain demographics with popular...

    On the other hand, it feels extremely symbolic, especially considering that it was done ostensibly to look out for black people.

    Use of e-cigarettes has skyrocketed, especially in youth, thanks to increasing market popularity from brands like Juul using aggressive marketing targeted towards certain demographics with popular flavours. I don't believe this is a symbolic move towards the black demographic of America, more so, a reactive move to minimize any further impacts on the healthcare system and the longevity of those who have been marketed these products.

    6 votes
  11. Comment on Epic Games paid developers about $11.7 million for the games they gave away for free on the Epic Store from December 2018 to September 2019 in ~games

    Shahriar
    Link
    I wonder how much it cost them for titles like GTA V.

    I wonder how much it cost them for titles like GTA V.

  12. Comment on Relative student ability is remarkably static and predictable from pre-K to college and beyond in ~humanities

    Shahriar
    Link
    I find it interesting the arguments brought up by the author. They seem to go against the grain of what is commonly mentioned in culture and media; decrease classroom sizes, bring forward equal...

    I find it interesting the arguments brought up by the author. They seem to go against the grain of what is commonly mentioned in culture and media; decrease classroom sizes, bring forward equal chances of opportunity.

    One of many similar excerpts in the article the author mentioned:

    Now it seems to me that the most likely, most parsimonious explanation for all of this is genes. I’m not going to try and summarize the entire field of behavioral genetics/social genomics, nor am I qualified to argue in its defense. But there is a very large body of research that lends credence to that idea. (And, as I have said, a very large body of criticism against it.) Again, I consistently find it hard to understand how genetics, which influences absolutely every other part of who we are as organisms, would have literally no impact on cognition and the mind. That this idea is not just prevalent but rigidly enforced as a matter of social dogma is baffling to me.

    They obviously go into more detail with why they hypothesize this, and I find the article a very interesting read.

    5 votes
  13. Comment on Micromort in ~health

    Shahriar
    Link
    Interesting to see the comparisons of each event that would classify as a micromort. Liked comparing the differences between flying and driving, the former being extremely safe in comparison.

    Interesting to see the comparisons of each event that would classify as a micromort. Liked comparing the differences between flying and driving, the former being extremely safe in comparison.

    3 votes
  14. Comment on If I'm using Cloudflare for my domains, do I need to bother with LE? in ~comp

    Shahriar
    Link Parent
    Is there any article one could read that describes this process? It's to my knowledge that the origin certificate pretty much behaves as a Let's Encrypt certificate here and does not change. Would...

    Cloudflare decrypts and re-encrypts using a different cert to serve to the end user

    Is there any article one could read that describes this process?

    It's to my knowledge that the origin certificate pretty much behaves as a Let's Encrypt certificate here and does not change.

    Would assigning an origin certificate by Let's Encrypt, for example, ensure it would be end-to-end encrypted?

    Sorry for all the questions, I'm just having difficulty understanding why CloudFlare's origin certificate behaves so differently.

    1 vote
  15. Comment on If I'm using Cloudflare for my domains, do I need to bother with LE? in ~comp

    Shahriar
    Link Parent
    Where does having CloudFlare origin certificate here break the chain of trust and the end-to-end encryption?

    An origin cert does not provide end-to-end encryption, because the issuer is in the middle of the chain. It would not be appropriate for actual sensitive information imo.

    Where does having CloudFlare origin certificate here break the chain of trust and the end-to-end encryption?

    1 vote
  16. Comment on If I'm using Cloudflare for my domains, do I need to bother with LE? in ~comp

    Shahriar
    Link Parent
    I'm having issues understanding this. What differs CloudFlare's certificate from Let's Encrypt certificate? Assuming you are using the full or strict setting. You could use Let's Encrypt instead...

    An origin cert does not provide end-to-end encryption, because the issuer is in the middle of the chain.

    I'm having issues understanding this.

    What differs CloudFlare's certificate from Let's Encrypt certificate? Assuming you are using the full or strict setting.
    You could use Let's Encrypt instead of CloudFlare as the "origin" web server certificate.

    It is to my knowledge that the chain of trust would be broken if a trusted certificate authority is not used, or CloudFlare's certificate; which the latter is not valid directly connected by a browser to the web server and not via CloudFlare CDN. What repercussions could one face if they were to use CloudFlare's certificate?

    1 vote
  17. Comment on Sixty-week delay on router orders shows scale of chip crisis in ~tech

  18. Comment on What are some analog alternatives to digital services or products that you use? in ~talk

    Shahriar
    Link
    I've taken up paper books and writing letters at an exponential rate from nothing during the pandemic. Always read paper books as a child and in my early teens, thought I would get back into it....

    I've taken up paper books and writing letters at an exponential rate from nothing during the pandemic.
    Always read paper books as a child and in my early teens, thought I would get back into it. Arguably, I've never stopped reading and enjoy reading in-depth articles about a plethora of topics, but they are always on a digital screen (e.g. phone, monitor). Writing letters does indeed make it more personable and offers a level of intimacy that is hard to match with current events and technology at hand.

    6 votes
  19. Comment on I called off my wedding. The internet will never forget in ~tech

    Shahriar
    Link
    This is a great point from the author. The ease of access to archiving what is most dear and important to us is amazing especially compared to photo books, just mere two decades ago being the...

    This monetization of emotional memory isn’t just off-putting in theory; it can also inhibit personal growth, as I was slowly learning. “Forgetting used to be the default, and that also meant you could edit your memories,” says Kate Eichhorn, who researches culture and media at the New School in New York City and wrote the book The End of Forgetting. “Editing memories” in this context refers to a psychological process, not a Photoshop tool. The human brain is constantly editing memories to incorporate new information and, in some cases, to cope with trauma.

    This is a great point from the author. The ease of access to archiving what is most dear and important to us is amazing especially compared to photo books, just mere two decades ago being the norm. At the same time it can affect us negatively by not allowing the person to move on. Be it good or bad, there's continuous memories being being renewed and witnessed again. Not by our perception of the events, but by archived data, whatever it may be.

    All along there was the option to go nuclear. The big delete. I could trash all my old photos in Apple’s and Google’s apps, obliterate accounts, remove widgets, delete cookies, and clear my browser cache again and again. I could use Instagram’s archive tool, tell any and every app I no longer wanted to see their crappy ads until they got the hint, and quietly unfriend and unfollow. I could turn off On This Day notifications in Facebook and untag my ex’s face.

    I managed to do half the work. But that’s exactly it: It’s work. It’s designed that way. It requires a thankless amount of mental and emotional energy, just like some relationships. And even if you find the time or energy to navigate settings and submenus and customer support forms, you still won’t have ultimate control over the experience. In Apple Photos, you can go to Memories, go through the collage the app has assembled for you, delete a collage, untag a person or group of people, or tell the app you want to see fewer Memories like it. The one thing you can’t do? Opt out of the Memories feature entirely. Google’s options are slightly more granular: You can indicate that there’s a time period from which you don’t want to see photos, in addition to hiding specific people. Which works, I suppose, if the time period you’re considering isn’t eight years.

    7 votes