b3_k1nd_rw1nd's recent activity

  1. Comment on Something I always wondered: Why did Dave Chappelle get a bigger backlash for what he said about the trans community compared to someone like Bill Maher? in ~talk

    b3_k1nd_rw1nd
    Link Parent
    you mean his bit about Madison Cawthorne? that got blowback? Even Madison is on record as finding it funny...

    I also believe that the views people claim Chappelle has are mostly taken WILDLY out of context (as mocked in his last special with the bit on the handicapped.)

    you mean his bit about Madison Cawthorne? that got blowback? Even Madison is on record as finding it funny...

    5 votes
  2. Comment on Something I always wondered: Why did Dave Chappelle get a bigger backlash for what he said about the trans community compared to someone like Bill Maher? in ~talk

    b3_k1nd_rw1nd
    Link Parent
    /u/papasquat was comparing their respective shows. if you want to compare numbers, you got to compare their stand-up specials numbers. The ratings of a stand-up special by any current comedian...

    /u/papasquat was comparing their respective shows.

    if you want to compare numbers, you got to compare their stand-up specials numbers.

    The ratings of a stand-up special by any current comedian will always be more than a regular TV show, even more so considering HBO is on a premium channel.

    Although, I wonder where Deadline got that info since Netflix is notorious for not publicly sharing viewing metrics.

    3 votes
  3. Comment on Something I always wondered: Why did Dave Chappelle get a bigger backlash for what he said about the trans community compared to someone like Bill Maher? in ~talk

    b3_k1nd_rw1nd
    Link Parent
    his talk show is one of the highest rated shows on HBO...

    his talk show is one of the highest rated shows on HBO...

    1 vote
  4. Comment on Something I always wondered: Why did Dave Chappelle get a bigger backlash for what he said about the trans community compared to someone like Bill Maher? in ~talk

  5. Comment on Something I always wondered: Why did Dave Chappelle get a bigger backlash for what he said about the trans community compared to someone like Bill Maher? in ~talk

    b3_k1nd_rw1nd
    Link Parent
    Then how did you hear of Dave Chappelle?

    Then how did you hear of Dave Chappelle?

    3 votes
  6. Comment on Something I always wondered: Why did Dave Chappelle get a bigger backlash for what he said about the trans community compared to someone like Bill Maher? in ~talk

    b3_k1nd_rw1nd
    Link Parent
    I don't know if I understand what you mean that Dave is a bit more relevant?

    I don't know if I understand what you mean that Dave is a bit more relevant?

  7. Something I always wondered: Why did Dave Chappelle get a bigger backlash for what he said about the trans community compared to someone like Bill Maher?

    I have watched all of Dave Chapelle's specials and I occasionally watch Bill Maher whenever I can stomach his supposed "free speech" show. Don't remember it verbatim but Dave Chappelle made fun of...

    I have watched all of Dave Chapelle's specials and I occasionally watch Bill Maher whenever I can stomach his supposed "free speech" show.

    Don't remember it verbatim but Dave Chappelle made fun of the trans community and took an empathetic approach to individuals such as J. Rowling who view the trans issue as a threat to womanhood (or something to that effect). He also however expressed support for a trans-woman being allowed to use a woman's bathroom so his opinions on this subject seem a bit mixed.

    However, Bill Maher acts as if trans issue is the biggest issue of our time and that its the real reason that Kamala Harris lost the election. And is opposed to any sort of gender-affirming care as far as I can tell and thinks that cause L.A. has more people who identify as trans than Texas, that it's almost mostly a geographically based fad and what not. I will also never forget a clip of his show where him and Piers Morgan were telling Katie Porter about the threat that trans-women have to cis-women. It struck me as funny that 2 white dudes decided to take it upon themselves to tell a woman that trans-women pose a threat to her and she was just like ".....no I think I'm fine.".

    But the release of Chappelle's specials were met with protests at the Netflix headquarters, whereas I don't remember people ever protesting in front of Bill Maher's studio even though I think he's far more in the camp of "trans movement has gone way too far" and says far more things that I would assume they find offensive or upsetting. what gives?

    23 votes
  8. What is your opinion whenever you see news/opinion that tech companies are relying more on chatbots rather than junior developers/interns?

    I see that in the headline from time to time. Not really sure how prevalent it is and it's pretty disappointing news. but I also can't help but think: the news articles are probably overblowing it...

    I see that in the headline from time to time. Not really sure how prevalent it is and it's pretty disappointing news.

    but I also can't help but think:

    1. the news articles are probably overblowing it and it's not probably not as prevalent as it's being portrayed
    2. that any tech company doing that is shooting themselves in the foot. in total, I was an intern at various companies for a little under 3 years. I don't doubt that the work I did for the majority of the my co-ops were all things that could have been done by a chatBot. writing unit tests and small scripts and etc. but they were invaluable to me (1) understanding what is expected of me in a professional environment and (2) gave me a basic idea of how to code in a professional environment (2) gave me alot of perspective on what technologies and tools I should spend spare time learning cause my university very much focused on dinosaur-era languages, for the classes that did teach any coding related skills. same for the friends I went to uni with. So all I think is maybe in the short term, they are saving money on not hiring interns/co-ops/junior devs to do work that can be done by a bot but I feel like in the long terms that will reduce the number of intermediate/senior devs on the market which means they'll be in higher demand and cost more money.
    26 votes
  9. Comment on I've always found the common approach that websites take to changing the email associated with an account iffy but I am not sure if I am wrong in ~tech

    b3_k1nd_rw1nd
    Link Parent
    I never said losing access to non-email address accounts is as bad as losing account to email address accounts. I just said the workflow for non-email address accounts is basically not secure at...

    I never said losing access to non-email address accounts is as bad as losing account to email address accounts.

    I just said the workflow for non-email address accounts is basically not secure at all imo.

    1 vote
  10. Comment on I've always found the common approach that websites take to changing the email associated with an account iffy but I am not sure if I am wrong in ~tech

  11. Comment on Why is Cloudflare trusted with encryption? in ~tech

    b3_k1nd_rw1nd
    Link Parent
    The implication being that if they are going to serve cached content on your behalf, it needs to be delivered in the encrypted format that the browser is expecting given it's an HTTPS connection...

    In order to do anything useful, a CDN has to terminate the ssl connection.

    The implication being that if they are going to serve cached content on your behalf, it needs to be delivered in the encrypted format that the browser is expecting given it's an HTTPS connection which means cloudflare needs to encrypt it before sending it on behalf of your reverse proxy?

    And because the cloudflare tunnel feature is utilizing the already existing CDN network, it's a lot less hassle for them (and the developer) to just rely on cloudflare to do what it does best and serve content it itself encrypts?

  12. I've always found the common approach that websites take to changing the email associated with an account iffy but I am not sure if I am wrong

    I have changed my email more than once, just as part of customizing my online identity and all that. and that obviously required me to login into any accounts I had and updating the email...

    I have changed my email more than once, just as part of customizing my online identity and all that.

    and that obviously required me to login into any accounts I had and updating the email associated with them.

    the most common workflow I have found is
    login -> navigate to settings page -> edit the email field to the new email -> go to the inbox for the new email -> click confirm on confirmation email

    then you can go to that website and do the forgot password, provide your email and change the password and get complete control.

    I have always found that workflow weird cause it's the most prevalent one I have come across and seems so susceptible to tampering.

    if someone leaves their laptop unattended for 3-4 minutes in public while visiting a bathroom (which happened often in the library of my university), there was nothing preventing me from going to their Facebook or whatever account they had open on their computer, changing the email to my own email and then clicking confirm on my inbox once I am back at my desk.

    and most people don't have 2FA so that would effectively give me control of their account.
    Hell, my university once had a potential data breach and they were 99.999% sure the data was not actually accessed by a malicious actor but still sent a mass email saying that they were advising everyone to change their passwords. a classmate of mine in the software systems program's attitude was basically "oh well, who cares?" and I just facepalmed internally.

    there are maybe 3 websites I have come across that instead first send a confirmation email to your current inbox and after you confirm on that, then you get a confirmation email on the new email inbox. which isn't perfect but I feel like it's a bit more sensical and the best you can do without involving 2FA.

    even then, that's also susceptible to the situation I described above if the user is always logged into their email.

    I find it odd that websites don't prompt for a password as part of the email update process (or better yet 2FA with an app as even prompting for a password isn't a guarantee if the user has the password manager as an extension in their browser and they recently unlocked it before leaving their session unattended) to ensure that email changes are always done by the account owner.

    16 votes
  13. Comment on Question about REST APIS and encryption in ~tech

    b3_k1nd_rw1nd
    Link Parent
    oh I know, I was just curious how they do it. I have no delusions that my server will never be as secure as what google has nor is there a point to making it as secure. My website will never be as...

    You don't need the same level of security Google has.

    oh I know, I was just curious how they do it. I have no delusions that my server will never be as secure as what google has nor is there a point to making it as secure. My website will never be as enticing to hackers as Google :P

  14. Comment on Question about REST APIS and encryption in ~tech

    b3_k1nd_rw1nd
    Link Parent
    Good Lord! I both feel amazed by what they have setup and also weirdly feel disappointed I am not embarking on an original idea :sweat_smile:. I think I figured no one else would want to invest...

    Good Lord! I both feel amazed by what they have setup and also weirdly feel disappointed I am not embarking on an original idea :sweat_smile:.

    I think I figured no one else would want to invest time in an open-source e2ee encrypted budgeting software when banks have the budgeting software market cornered.

    Nevertheless, thanks for the link

    1 vote
  15. Comment on Question about REST APIS and encryption in ~tech

  16. Comment on Why is Cloudflare trusted with encryption? in ~tech

    b3_k1nd_rw1nd
    Link Parent
    so these seem to be the relevant snippets describing the technical harms From...

    so these seem to be the relevant snippets describing the technical harms
    From https://web.archive.org/web/20151205093315/https://digital.report/experts-concerned-kazakhstan-plans-to-monitor-users-encrypted-traffic/

    Committee for Communications, Informatization, and Information at the Ministry of Investment and Development, [...] would be introducing the national security certificate as of 1 January 2016.
    the users must install the national certificate on all devices used to access the internet, including mobile ones. The national operator will publish step-by-step installation instructions on its website by the end of 2015 (see the cached Google page of the Kazakhtelecom press release).

    It seems that the certificate will be used not only for HTTPS connections but also for other TLS encrypted connections, including FTPS, IMAP and SMTP with TLS”, states habrahabr.ru. Technically speaking, the new certificate, when installed by a user, would replace the security certificates already installed on websites, with the national certificate ‘acting’ as an intermediary between a user and a site. This is precisely what encryption technologies were intended to eliminate.

    the intelligence services could conduct unlimited MITM attacks and decode any encrypted data. Securitylab analysts believe that the initiative is intended to **intercept all SSL traffic in the region. **

    From https://www.theregister.com/2015/12/03/kazakhstan_to_maninthemiddle_all_internet_traffic/

    This spying will be made possible by insisting everyone installs a "national security certificate" on their computers and mobile gadgets – most likely a root CA certificate just like the ones found in Lenovo's Superfish and Dell's Superfish 2.0 scandals.

    This cert will trick web browsers and other apps into trusting the telco's systems that masquerade as legit websites, such as Google.com or Facebook.com. Rather than connect directly to those sites, browsers will really be talking to malicious man-in-the-middle servers.

    The implication being that they can intercept all the SSL traffic in a region by taking control of the ISP data-links and thanks to the bad server cert, they can pretend to be a website they are not.

    However, MITM would necessarily mean they are also forwarding those requests to the legitimate site no? Cause otherwise, technically speaking, they're not "in the middle", they're actually doing the responding themselves too.

    1 vote
  17. Comment on Question about REST APIS and encryption in ~tech

    b3_k1nd_rw1nd
    Link Parent
    Actually, the more I think about it. Given that my machine is publicly accessible only via Cloudfalre Tunnel, I doubt I even need to do any hardening. I gotta imagine any local configurations I...

    It's worth it to spend a little time learning to harden your server so that you don't have to write the whole application to run in browser. But don't stress too much, talented hackers aren't wasting time on random servers so mostly all you have to protect against are low effort bots hitting common ports and endpoints and common software (i.e. Worpress). The most important thing is to stay on top of patches.

    Actually, the more I think about it. Given that my machine is publicly accessible only via Cloudfalre Tunnel, I doubt I even need to do any hardening. I gotta imagine any local configurations I make are meaningless compared to what Cloudflare does to secure its connections.

  18. Comment on Why is Cloudflare trusted with encryption? in ~tech

    b3_k1nd_rw1nd
    Link Parent
    How is that a MITM attack? My understanding of MITM is both the sender and receiver are legitimate participants in a conversation, they just don't know their communication is being read. but what...

    However, a trusted CA can be used to perform man-in-the-middle attacks if it handles the traffic.

    The attacker intercepts all client traffic, specifically feeding it a bad server cert. Client thinks they're using their bank's cert, but it's using the attacker's. The attacker then proxies all of the client's requests, decrypting from client, then re-encrypts with real cert to forward to website, repeat in reverse.

    How is that a MITM attack? My understanding of MITM is both the sender and receiver are legitimate participants in a conversation, they just don't know their communication is being read.

    but what you are describing is a malicious website (which I guess in this example is the receiver) that the user interacts, not knowing its malicious.

    1 vote
  19. Comment on Question about REST APIS and encryption in ~tech

    b3_k1nd_rw1nd
    Link Parent
    something I remembered, until Tailscale Funnel is publicly available, I am stuck with Cloudflare Tunnel and they handle the packet decryption. So if I want my data to be protected from Cloudflare...

    something I remembered, until Tailscale Funnel is publicly available, I am stuck with Cloudflare Tunnel and they handle the packet decryption. So if I want my data to be protected from Cloudflare (just cause I don't like that they technically can see all my data), I have to encrypt myself before sending it to my server.

    So, if I want to perform server-side validation, I'd have to first decrypt to do that anyways. Or use Homomorphic encryption as @archevel suggested (thanks for the link btw,I didn't know about that).

    So maybe I will look into that.

  20. Why is Cloudflare trusted with encryption?

    I am a big fan of Cloudflare Tunnels, it's let me muck about with quite a few low risk apps and it's been fun. one thing that's always bothered me though is the SSL setup. According to their...

    I am a big fan of Cloudflare Tunnels, it's let me muck about with quite a few low risk apps and it's been fun.

    one thing that's always bothered me though is the SSL setup.

    According to their website, only enterprise users are allowed to manage their own TLS private keys.

    I can kinda understand the logic behind free accounts not having that perk.

    But if you are someone who really doesn't like cloudflare reading your traffic or you are a business, it seems odd to me that it's not being demanded of cloudflare that they make it more available for paid users to not expose their TLS private keys to cloudflare.

    Why are so many folks OK with cloudflare essentially being able to read all their traffic?

    or am I overestimating how many people are using the Pro and Business account? is the majority of their users just Free or Enterprise?

    24 votes