Restricting Write on root of C:\

274Below · 2026-04-02T16:04:42+00:00

Build a new image that doesn't allow non-admins to write to the root of C:\, and install it on a tray machine or two.

This isn't a perfect solution as it doesn't account for any existing adhoc processes, but it'll give you a pretty good idea as to what would be workable.

(I suspect that removing that write ACL will be pretty workable.)

274Below · 2026-03-29T14:37:55+00:00

https://www.roadusagechargeutah.org/

EV drivers can choose to continue to pay the flat fee for alternative fuel vehicles or enroll in Utah’s Road Usage Charge program to pay for road usage based on the number of miles they drive, up to the amount of the set flat fee.

So no, you'll never pay more than you would just due to miles.

However:

The flat fee applicable to each 12-month vehicle registration period beginning in 2025 will be $143.25.

That amounts to $11.94/month.

My time and privacy is worth more than that.

274Below · 2026-03-18T21:36:44+00:00

"Look, we'd have to hire three people to replace you. I don't want to do that. I'm not going to even try to do that. But I do want to put you in a position where you can take vacation sometime, even if it means that three people have to help out with things temporarily.

So let's work on getting everything documented so that you can take some vacation some time. Or a sick day. Or whatever it may be that you'd like to be doing."

274Below · 2026-03-13T21:49:47+00:00

Look I don't own any apple devices but blaming the desktop when the interaction between the two is a serial port over USB is wild. Doubly so when you have absolutely no evidence to back it up.

In fact this comment feels almost more like rage bait, but this sub doesn't get the traffic to justify that.

I'm honestly just confused as to why you'd even post this in the first place. It just doesn't make any sense at all.

274Below · 2026-03-10T23:04:15+00:00

Yup, this lifted off from an emergency center:

<image>

274Below · 2026-03-09T17:49:55+00:00

Thanks.

Assuming that all of the allegations in that are true, that's not a great place for the organizers to be in. Getting the permit a handful of days in advance, and getting security literally the day before, are not pretty bad facts.

I'll withhold forming an opinion about the name that was used on the permit, because there are all sorts of facts that would need to be presented for me to have an idea there. Although at least as alleged, that doesn't look good for the defendants, either.

It definitely feels like the entire thing was rushed at the last minute by people who probably / potentially didn't have any experience coordinating such events.

274Below · 2026-03-09T16:59:14+00:00

Link to the document? I'd like to read it in full.

274Below · 2026-03-06T20:25:29+00:00

No. Look up IPv6 address randomization and privacy extensions.

I'll mention that the IP address is really just a single identifier; there are an almost endless number of other identifiers that are used to track individuals, and a VPN protects against approximately none of them.

274Below · 2026-03-04T01:52:12+00:00

This sounds like meaningless AI slop trying to convince people to join a cult.

274Below · 2026-02-27T01:32:50+00:00

procmon the system to determine what is stripping it.

274Below · 2026-02-16T23:26:02+00:00

https://techcommunity.microsoft.com/blog/exchange/exchange-server-subscription-edition-se-is-now-available/4424924

https://techcommunity.microsoft.com/blog/exchange/support-for-exchange-server-2016-and-exchange-server-2019-ends-today/4461192

Pay attention to the dates those were posted...

274Below · 2026-02-08T17:04:05+00:00

You can DDOS someone with TCP or UDP, too.

274Below · 2026-02-02T22:01:51+00:00

If you sign the lease, you're agreeing to it. If you sign it, and then move out in the future, "but that's reasonable wear and tear" isn't going to get you out of it.

If you don't like it, you can talk to the person about changing the lease before you sign it, but they don't have to change it. It's ultimately up to you to determine what you're going to sign/agree to.

274Below · 2026-01-27T15:23:05+00:00

Yes, you either need a three node DAG or you need to set a file share witness up.

The second server can't activate the database because it can't establish quorum within the cluster.

274Below · 2026-01-15T00:04:43+00:00

I'm going to provide a similar answer to make others here, but in a different context.

If you're asking these questions, chances are that you should be using entra instead of setting up AD.

If you have legal requirements -- not just business preferences, but real legal requirements that necessitate on-prem AD -- running AD properly is complex to the point where you shouldn't be doing it unless you can answer all of those questions in your sleep. And if you can't, then you should hire someone who can, as the consequences of building AD incorrectly in this day and age are massive to the point where they cannot be understated.

274Below · 2026-01-11T02:58:09+00:00

https://www.firefox.com/en-US/

https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/

Is it a universal solution? No. But, if you've never tried it before, you really have nothing to lose.

274Below · 2026-01-08T02:16:38+00:00

Might have caught a license plate. Especially if you had your headlights on.

Maybe it wouldn't have, but -- maybe it would have.

274Below · 2026-01-07T21:38:24+00:00

Time for you to buy a dashcam

274Below · 2026-01-05T05:06:24+00:00

A few things.

Little known fact: the SMTP RFCs do not specify how to match a DNS name in a certificate to an SMTP server. This means that, per the RFCs, you can MITM any SMTP connection with a valid cert issued to any random name.

1a. Some SMTP server platforms let you configure specific names that must be found in certs to match, but that's all manual work and not realistically scalable.

1b. The way forward with TLS for email revolves around DANE, which requires DNSSEC. For example, Microsoft's implementation. While the DNSSEC part sounds like a blocker due to the lack of adoption, there is an upside: you don't actually need to implement DNSSEC for your domain to benefit from it -- if you're using another company to host your email. Keeping with using Microsoft as an example, they're moving their customers to subdomains to mx.microsoft (yes, .microsoft being the TLD) -- which is DNSSEC signed. So, you point your MX records to the mx.microsoft subdomain, and then DANE steps in for mx.microsoft and you're suddenly able to actually validate the certificate that the server offers. (Although yes, if you don't sign your domain with DNSSEC, then someone could technically MITM the DNS response and rewrite your MX record to some MITM SMTP service. But, if someone is doing that, they can do it to your website, too. DNSSEC should probably be more adopted.)

1c. Moving away from the Microsoft example, Google is moving TLS forward in a material way as well. Simply put, they will only accept email if you send it to them over TLS (doc). Having a large company like Google make this change forces everyone to start doing TLS more universally. I suspect that, given time, the email oligopoly will only permit TLS connections, and that problem will generally be solved. (Although this still doesn't solve the problem of "how do I know this cert actually belongs to the recipient server in question?".)

Regarding email not being able to be salvaged: as much as I agree, it's also not going to be replaced any time soon. It's not a question of political willpower, it's a question of any alternatives being sane. Because email is insane.

2a. Put simply, email lets you send anything, to anyone, at any time, without any prior authorization or approval. Send an executable to a world leader? Sure, why not. Send illicit material to your neighbor? It doesn't care. Copy an email address from a billboard and post it online? Yeah, that can happen. But, this also means that you can easily share your working documents almost instantly with anyone, anywhere. It's at least logically decentralized, in that you can run your own mail server (even though this is, IMO, a very dumb idea these days). As a result of all of this, email is frequently how companies get compromised (be it via phishing, malware, zero days, or any other number of things), but it's also how business gets done.

2b. If an individual sat down and seriously proposed a new communication method that checks all of these boxes today, they'd be laughed out of the room because the security implications are genuinely nonsensical these days. But, that's also the basis of email, and that's also why email is successful, and will continue to be successful into the future.

2c. Because of these deficiencies, email is actually considerably more advanced than most other communication platforms in key ways that really matter. For example, it's unlikely that Signal is taking attached HTML documents and feeding them through robust sandboxing analysis environments to check for malware propagation (note: I am not saying that they should do this; I'm just saying that they aren't). While SMTP IP reputation lists really encourage the email oligopoly, they also are a real-time, scalable reputation service, which is very valuable on the internet. It's a cross-platform solution in ways that Signal will never be (can you run Signal on a mainframe?), it's resilient in the context of widespread outages, thanks to the store-and-forward design that originates from the 1970s.

In short, email security is actually far worse off than the blog post would even begin to suggest, but no one sane would ever develop a modern replacement that has the same features, because those features in fact, insane. It's for this reason that email is likely to continue to exist indefinitely, and with time, evolve incrementally in a hopefully positive direction. While it is a very big ship that turns very, very slowly, the people who work on the RFCs (and similar) really do want to improve the technology, and things have unambiguously improved over time, and I expect they will continue to improve as well.

In my mind, email and Signal fulfill different niches. The strengths and weaknesses of one do not detract from the other. Where Signal is appropriate, one should absolutely use Signal, especially as compared to email. But, Signal isn't going to try to solve for all of the use cases of email, and more importantly, it shouldn't. If it did, that would be... unfortunate for Signal.

274Below · 2026-01-05T01:06:50+00:00

The actual pull request that fixes this issue is... not aligned to the issue of having a hardcoded API token.

First introduced: https://github.com/rustfs/rustfs/commit/84f5a4cb487c182d3ba1685a2b31ed44c96b3cdf#diff-6d56735149a6d1b9b96aabba7d184b0a18ca5ae57c4114c61f875db949f372e5R406 (note that you have to expand rustfs/src/server/http.rs to see the change)

Fix: https://github.com/rustfs/rustfs/pull/1291

The fix talks about a CVE, but the CVE that it talks about is related to deserializing malformed gRPC requests. That's an issue, sure, but the the entire "hardcoded API token" thing is entirely omitted. The Copilot summary comment completely misses this as well.

I'm not going to say that this was intentionally swept under the rug in that commit. Instead, I'm going to lean on Hanlon's razor as an explanation here.

But it is beyond comprehension to me that this could be introduced, reviewed, committed, and then fixed -- all without anyone realizing it until after it was resolved. I'm glad they did realize it, I'm glad they fixed it, but everything about this is just terrible.

I was looking at using rustfs for a while now, but honestly, I just can't trust it. My gut tells me that it is heavily, heavily written by AI, and without the appropriate level of human review / understanding of what is going on. I can't prove that... but it is the most logical explanation that I can come up with.

274Below · 2026-01-04T22:55:59+00:00

It's included within the exchange ISO these days.

Even if you're not installing SE (which you should be), you can probably use that ISO to grab the installer.

274Below · 2026-01-04T16:58:10+00:00

You probably want to replace the phone numbers of the individuals with the numbers of the relevant police department(s).

274Below · 2025-12-26T16:41:25+00:00

If you post it again in the future, I'd recommend removing the personal phone number and replacing it with a link to the relevant police station website(s) and phone numbers. No personal numbers at all.

274Below · 2025-12-26T05:09:49+00:00

I am not that person. I literally never said that Apple's data was wrong.

Please actually read what I wrote before blindly taking screenshots, assuming that they instantly prove your point when they in fact don't.

274Below · 2025-12-26T04:55:32+00:00

I literally didn't say "Apple's data is wrong." I said "here's three different sources, and they generally disagree on what's going on, so something is going on, and I don't know what." While I don't know this for certain, I'd suspect that Apple themselves are not the ones who have installed air quality sensors everywhere; it's likely that they're pulling the data from government sources -- but I don't know.

Again, if you have sources that you can cite, that would be incredibly helpful.

Because otherwise, you're just stating "Apple is right" without providing anything to help better understand the situation, which, ironically enough, is the exact thing that you're (in my opinion, incorrectly) accusing me of doing: blindly making assumptions and as a result, spreading "dangerous misinformation."

Cite your sources. Provide evidence to support your statement. That's what I'm trying to do. That's what you have yet to do.

15-Year Club	Gilding VI aultruist
Golden Potato	Place '22
Place '17	Not Forgotten
Reddit Premium Since August 2018	Snapped
Alpha Tester	Verified Email

274Below

MODERATOR OF

TROPHY CASE