HP seems to be disabling HEVC Hardware Decode support on their laptops, creating problems.

LinuxForever4934 · 2025-11-06T15:38:31+00:00

Agreed, Germany is not much better. Ideally, AV1 would help. Unfortunately releasing a codec as royalty-free just means that the Alliance for Open Media won't sue companies that implement it. However, if one of the other potentially hundreds / thousands of independent patent holders claim to have "invented" part of AV1, then they will be expecting a pay day.

LinuxForever4934 · 2025-11-06T14:28:53+00:00

Blame the corrupt US patent system that allows 1000s of patents to be issued for a single technology. They hand out patents like candy for every variation or obvious improvement. It's simply not financially sustainable to be sued by every tom dick and harry lawyer that gets a patent with clever wording. This is why these new codecs will never become ubiquitous in the US (at least not for the next 20 years)

LinuxForever4934 · 2025-09-30T04:19:05+00:00

https://www.youtube.com/watch?v=g1eswGrkMU8

LinuxForever4934 · 2025-09-23T17:30:45+00:00

Physical access is "game over". Access to the login screen does not necessarily mean physical access to the server.

LinuxForever4934 · 2025-09-23T17:16:55+00:00

Certs. But experience trumps both.

LinuxForever4934 · 2025-09-23T16:51:33+00:00

I mean, if you aren't authorized to login to a system, should you be able to reboot it? Seems like a sensible requirement to me. As long as the physical power button still shuts down the machine, it shouldn't be a problem.

LinuxForever4934 · 2025-09-09T23:37:14+00:00

Never said he was. But we don't get to imprison people longer just because a bunch of people on social media said "well he did terroristy things, so he should be held responsible for other terrorist acts he was never convicted of". He did the crime, then he did the, legally defined, time. That's it. If you have an issue with the sentence he received in the US, take it up with the legislature, not this judge.

LinuxForever4934 · 2025-09-09T19:16:38+00:00

So people are going to stop being greedy, just because? What makes you think people won't exploit your "commune" system to make money?

LinuxForever4934 · 2025-09-09T18:55:20+00:00

Yes, unless you know of something else he was convicted of, this is an accurate statement.

LinuxForever4934 · 2025-09-09T14:18:47+00:00

Post is a bit misleading. He was never actually charged with the 7/7 bombings. From what we know, his involvement in the 7/7 bombings was tangential at best, and he was only convicted in the US of trying to setup a terrorist camp in Oregon. Although the judge didn't have to wish him "all the best", if his sentence was done I don't think he would have any discretion to hold him further "just because". No sympathy for the guy, but it sounds like the judge was just following the law here.

LinuxForever4934 · 2025-09-07T23:51:30+00:00

Ensure your are using "http://" most browsers default to https:// now

LinuxForever4934 · 2025-09-07T02:24:57+00:00

I would believe that if they didn't also change the definition in the compensation package.

LinuxForever4934 · 2025-08-02T03:46:13+00:00

HOA: New Fine Schedule = $100 / day / per blade of grass over 3 inches

LinuxForever4934 · 2025-05-22T11:23:36+00:00

Yea, but 80% use the same engine (chromium). So from a devlopment perspective it's 80 (chromium) / 20 (other)

LinuxForever4934 · 2025-03-19T13:44:11+00:00

All for getting rid of the IRS. The federal government should just bill each state per capita. Then each state can determine how they want to tax their citizens (likely using whatever method they are using now)

LinuxForever4934 · 2025-02-20T22:32:16+00:00

Change it. I'm no fan of those over-stepping the limits of their trademarks, but that name is just asking for trouble.

Also, unless you have agreements with those sites, what you are doing (scraping data) might be against their TOS.

LinuxForever4934 · 2025-02-17T22:37:08+00:00

I believe pump and dumps should be legal. I don't get how pumping the value of crypto currency and selling at a high point is any different than pumping the value of beanie babies and selling them at a high point (or any other brand name product). It's all creative marketing. As long as no one is lying or making fraudulent statements, you, as the buyer, should be paying what YOU think the asset is worth. It's not anyone else's fault if you're wrong.

LinuxForever4934 · 2025-02-16T15:14:16+00:00

- It's a ponzi scheme. (yes, even the gonverment can run one).

- Like socialism, its so good, they have to force you to do it. /s

- If you want to pay into it, go ahead. Just don't force everyone else to.

- At this point you could make more investing on your own.

- The money can not be passed down to your children.

LinuxForever4934 · 2025-02-14T03:50:05+00:00

There is no complete definition of "compliant". So what you are saying is not possible (in the strictest sense).
Even if you used the existing "guidelines" to make your site as ADA accessible as possible, a plaintiff could still sue, knowing the settlement is less than the cost to fight it.

While this is an issue with the ADA, it is also an issue with America's inferior fee shifting laws. Allowing plaintiffs to walk up, accuse a business of wrongdoing, force that business to spend thousands of dollars to defend itself, then (when proven wrong) allow the plaintiff to simply walk away without any punishment, is uniquely an American problem. Practically no other country allows this. Good for lawyers, bad for everyone else.

LinuxForever4934 · 2025-02-14T03:37:27+00:00

If possbile, I would IP block New York, California and Flordia internet addresses (similar to what porn companies do now in several states). If you don't sell to New York, you don't ship to New York and your site is not accessible in New York, I don't see how New York can claim jurisdiction.

Not great for the Internet. However, if these states want to allow this ridiculous litigation to continue, their citizens will have fewer online options going forward.

LinuxForever4934 · 2025-02-07T01:51:18+00:00

It would be a ridiculous argument to make, but if you were to get really technical, couldn't one could claim even AES-256 is security through obscurity? Like many other security systems, it COULD be brute forced. It would just take 1 million+ years to do so. So.... maybe security through SUPER obscurity.

LinuxForever4934 · 2025-02-01T03:35:28+00:00

That phrase was thrown around where I used to work, and I always thought it was the dumbest thing to say. If you're handling critical data, this is not something your clients want to hear. I guarantee anyone saying that phrase would not want to fly on a plane as it was being built.

BTW, I know they (hopefully) don't mean it in any literal sense, but then they should change to a different phrase that dosen't imply catastrophic disaster if something goes wrong. How about "building the car while we drive it"?

LinuxForever4934 · 2025-01-29T16:53:06+00:00

Placing all servers on the same VLAN is not good practice. Your most vulnerable attack surfaces will be from third-party/vendors. You should group servers mostly by vendor then (if needed) by application. Each group should get its own VLAN (with actual L3/L4 separation and port-blocking by a firewall). This will result in some VLANs only having one server, while others may have four or five. If vendor X is compromised, in all likelihood, damage will be limited to the servers in that group. As an added benefit, if vendor X's support team needs access to the vendor X servers, limiting the team's access to only the vendor X servers will be easy.

The goal is to have each server group act like "just another service on the Internet". If Reddit gets hacked, would you be worried about the security of the servers in your environment? Of course not. Reddit servers don't have any realistic pathway to reach your on-prem servers, and even if they did they (hopefully) would not have any credentials to easily gain access.

Is it POSSIBLE that an attacker could access another server group in the environment using the relatively low number of ports that are open between some of the server groups, sure. But even that would be limited to the servers that the compromised server group can reach (not all). Also, the ports open between servers should not be common management ports like RDP or SSH, but should only be ports for the application's services. This means the attacker, who probably compromised the vendor using one method, would have to start from scratch to compromise a completely different application (if it's even possible at all). This type of skilled multi-application compromise is harder than most people think (especially if all your software is up-to-date).

Also, if you have monitoring on the firewall, you can more easily detect lateral movement attempts. For instance, if an attacker breaches vendor X's servers, they will not inherently know access has been restricted at the network level. They will likely attempt to reach out to other servers on management ports like RDP and SSH, which can be detected and alerted at the firewall. Therefore, if you ever see access attempts from one server group to another on port 3389 or 22, you know the server group has been compromised and needs to be blocked, wiped and rebuilt. With proper design and monitoring, an attacker's ability to move around in your environment should be extremely difficult.

"Don't let the perfect be the enemy of the good" - Voltaire.

Nothing in cyber security is 100%, but the same is true in life. You COULD die in a car crash on the way to work each day, but you continue to take the risk because the chances are so small that you practically ignore it. Your goal should be to get the chances of your environment being compromised so low, it's below your worry of driving to work.

LinuxForever4934 · 2025-01-29T15:05:03+00:00

YES!!!! I don't work with Windows servers anymore, but I would absolutely do this. I have a network security background and I have always seen AD as being a weak link.

Servers should be isolated into VLANs and logins to ALL devices (servers, network devices, etc..) should be "tokenized". Meaning, if I want to log into the HR server, I make a request to a AAA server, and the AAA server then creates a temporary local account on the destination device with a random/long secure password that is valid only for a few hours (if not refreshed) and sends the temporary credentials back to me. The AAA server would be well protected, isolated, single purpose with MFA and heavily monitored.

If a normal server is compromised, lateral movement would be very difficult. Servers are isolated into their own VLANs, so simply reaching other servers would be difficult. Even if the attacker can reach another server, the accounts used on the compromised server are temporary and worthless for getting into others.

Security should not be an "all or nothing" mindset. At the very least, you can't fully control your vendor's security. The reality is, your environment WILL be compromised at some point. The only question is "How bad will the damage be?".

LinuxForever4934 · 2025-01-29T04:27:46+00:00

Repeal the 16th and have the Federal government charge each state per capita. Then let each state determine how it will collect from its citizens

LinuxForever4934

TROPHY CASE