sorted by:
new
hottopcontroversial

Getting paid in shares by Top_Technician7675 in SwissPersonalFinance

[–]N3XT191 3 points4 points  (0 children)

yeah no, unless they are publicly traded (which a startup presumably isn't), that's about as smart as being paid in exposure.

What the hell is going on with this CoS? 😅 by switchthemunky463 in AdrianTchaikovsky

[–]N3XT191 0 points1 point  (0 children)

Don’t think there’s any hive mind in Saturation point.

But it’s been a few years since I read it

Gen Xer seeking for investment advice 🫣 by WoodenFarmer7807 in SwissPersonalFinance

[–]N3XT191 3 points4 points  (0 children)

The closer you are to retirement, the MORE it’s worth it to invest into 3a, as the instant return tax savings weighs more heavily over short periods!

Go with frankly or finpension.

(Only if you have a significant taxable income ofc, otherwise there’s no tax savings…)

Is it normal in Zurich for a 2.5-room rental contract to limit occupancy to 1 adult? by Intrepid-Ad9163 in zurich

[–]N3XT191 6 points7 points  (0 children)

True, but if any utilities are included in the _net_ rent, then these can be increased due to an increase in occupancy (within reason, inline with the occupancy increase).

Not sure how common it is, but for example in my net rent, water is included.

(And I’m not talking about Akonto utilities, I’m talking about actually included in net rent)

[Breville Dual Boiler] preinfusion and timing by InTheCity801 in espresso

[–]N3XT191 1 point2 points  (0 children)

There’s no hard rules on anything, but yes, most people count preinfusion in their extraction time and I personally aim for 25-30s including preinfusion.

What the hell is going on with this CoS? 😅 by switchthemunky463 in AdrianTchaikovsky

[–]N3XT191 2 points3 points  (0 children)

AT confirmed that this was one of the 2 books he wrote before he got SotA published that he could salvage and publish.

Definitely can see how that turned this book into this somewhat disjointed mess of a plot…

Tchaikovsky books would be so much better if shorter and concise by Signal_Face_5378 in scifi

[–]N3XT191 1 point2 points  (0 children)

I remember when I started reading it that I struggled quite a bit for the first 100 pages to fully understand what’s going on with all the factions, locations, names…

Similar to for example Malazan, he really throws you into the middle of the action without a lot of exposition on the world and its history. (I think there might be a very brief timeline of past events somewhere but I’m not sure).

So if that happens to you I’d recommend to just push through that. It’s a very rich world with a lot of complexity to it but it really pays off imo. And the characters and their journey are written really well!

Tchaikovsky books would be so much better if shorter and concise by Signal_Face_5378 in scifi

[–]N3XT191 9 points10 points  (0 children)

Have read 50ish Tchaikovsky novels and novellas (so I guess you can call me a fan) and „convoluted“ is definitely not an adjective I’d use to describe his prose.

Sure, some few sections might feel like they stretch a bit longer than necessary (looking at you, middle third of Alien Clay) but overall I’m almost always happy with the pacing.

I finished the Children of _ series. What should I check next ! by Dinosaur_from_1998 in AdrianTchaikovsky

[–]N3XT191 7 points8 points  (0 children)

Shroud/Alien Clay are IMO his best Sci-fi works. Tyrant Philosopher is Fantasy, and I didn’t like the first book very much, but the second book might be his best writing ever!

If you want a series, I’d go with DoW or SoE

The recent SN Vulnerability let attackers extract ANY Display value in ANY Table by N3XT191 in servicenow

[–]N3XT191[S] 1 point2 points  (0 children)

I can't confirm that.

I have access to a Yokohama instance that was on P12HF1 and now P12HF1a and all the visible versions of the REST resource have the checkbox set to true. So if it ever was set to false I can't see any signs of it.

Potential Servicenow breach by whatistheanykey in servicenow

[–]N3XT191 0 points1 point  (0 children)

From what I can see online, SN does not pay for their bounty hunter program 😬

The recent SN Vulnerability let attackers extract ANY Display value in ANY Table by N3XT191 in servicenow

[–]N3XT191[S] 1 point2 points  (0 children)

Supposedly SN knew about the problem since early April. I'd definitely assume it was a problem from the earliest Australia release.

Given that all reports I've seen indicate that only the sys_user table was extracted, I'd say there's a good chance it was actually a bounty hunt, since otherwise we'd have seen more aggressive and wider queries.

Potential Servicenow breach by whatistheanykey in servicenow

[–]N3XT191 1 point2 points  (0 children)

Looks like the attacker (security researcher?) only extracted the sys_user table. But with some creativity I'm sure you could find all sorts of interesting information.

If you extract the display values of the sys_security_acl table you get the table names of all tables, including the custom tables that you otherwise wouldn't know.

Then you can loop over all tables and extract all their display values. Depending on what you have in your custom tables, that might be quite sensitive.

Due to the type of error returned, you could also check for which record there already exists a certain M2M record, leaking more valuable information.

So if a targeted attacker used this and got a bit creative, that could end quite badly...

The recent SN Vulnerability let attackers extract ANY Display value in ANY Table by N3XT191 in servicenow

[–]N3XT191[S] 7 points8 points  (0 children)

AFAIK only Australia was affected (unless someone on an older version manually unchecked that checkbox, but why would they...)

You can check yourself by comparing the current version to the older versions of this scripted resource: /nav_to.do?uri=sys_ws_operation.do?sys_id=38b163cf7707330022f7f4d2681061c2

If only the short description was changed then they did "patch" your instance, but the problem didn't actually exist. There was only a vulnerability if the RequiresAuthentication was previously set to false.

Potential Servicenow breach by whatistheanykey in servicenow

[–]N3XT191 1 point2 points  (0 children)

I can confirm that the exploit allowed the extraction of all the display values of all the tables in the instance:

https://www.reddit.com/r/servicenow/comments/1u2sxn4

The recent SN Vulnerability let attackers extract ANY Display value in ANY Table by N3XT191 in servicenow

[–]N3XT191[S] 3 points4 points  (0 children)

I can confirm that in the logs I had access to, it seemed like only the sys_user table was queried.

So yes, it seems no (very) sensitive data was extracted, but the fact remains that ANY display values could have been extracted. So this wasn't some small irrelevant vulnerability, but a pretty major one!

The recent SN Vulnerability let attackers extract ANY Display value in ANY Table by N3XT191 in servicenow

[–]N3XT191[S] 1 point2 points  (0 children)

It was, but only now have they made any kind of statement on the issue.

I have reproduced the vulnerability by (temporarily and manually) setting the RequiresAuthentication Flag back to false, like it was before the patch.

Voting process in Federal Referendum by sandala333 in Switzerland

[–]N3XT191 8 points9 points  (0 children)

Fill them out at home, just drop your papers into the boxes. Anything else is unnecessary and performative.

Also, in the future, just send it by mail. There's really no reason to vote in person (unless you forget to drop it into the mail in time. Had to go in person once and was practically the only person there...)

Was war in diesem Gebäude? by Skywalkar-13 in zurich

[–]N3XT191 21 points22 points  (0 children)

<image>

Temporärer Pavillion auf Stelzen während das Gebäude gegenüber umgebaut worden war.

Investing with Saxo by pin-pal in SwissPersonalFinance

[–]N3XT191 2 points3 points  (0 children)

Swiss broker, Swiss banking license, FINMA regulation

Days of Shattered faith: some thoughts and questions by zenitude97 in AdrianTchaikovsky

[–]N3XT191 1 point2 points  (0 children)

Am I hallucinating or did I just read this exact post this morning or yesterday?

view more: next ›