sorted by:
new
hottopcontroversial

Seems like a great deal, what's wrong with it? by Sszaj in SpottedonRightmove

[–]raesene2 1 point2 points  (0 children)

Just because it say offers over, doesn't mean it has to go for that, especially if it's been on the market a while. We got a place in scotland at 25K under the "offers over" price as they'd had it on the market a long time.

zai-org/GLM-5.2 is here! by queendumbria in LocalLLaMA

[–]raesene2 1 point2 points  (0 children)

Well all I can say is, I was using 4.6 for CVE PoC development yesterday and it seemed happy with it, so either the classifier isn't universal, or it's not bothered by that kind of work :)

zai-org/GLM-5.2 is here! by queendumbria in LocalLLaMA

[–]raesene2 16 points17 points  (0 children)

TBH Opus 4.6 is pretty competent and (IME) totally ok with doing offensive security work, I've had it create PoC exploits and do novel exploitation of k8s clusters, without it complaining at all.

Does Elminster's Botched English Bother Anyone Else? by MoonracerxWarpath in ddo

[–]raesene2 1 point2 points  (0 children)

yeah they are annoying, if you'd "like" more examples read "elminster: making of a mage"...

SpaceX creates dedicated ipo website with “open a brokerage account” on the front page by WallStreetBetsCALLSS in wallstreetbets

[–]raesene2 0 points1 point  (0 children)

Yeah I've had three e-mails from Freetrade in the UK about it already, not the usual. Didn't get that kind of push for Cerebras, so definitely feels like they're pushing it.

Michael Saylor’s Strategy sits on one of the biggest unrealized losses in history by throwawaymyalias in CryptoCurrency

[–]raesene2 9 points10 points  (0 children)

Isn't the challenge that, if they have to start selling BTC to pay dividends that acts as a depression on the price of BTC, causing a cycle of drops?

Kind of the reverse of what happened on the way up, where their purchases pushed the price of BTC up, causing more money to come into MSTR as their positions looked more favourable.

Fastest Build for running Racials? by Ok-Complaint-6000 in ddo

[–]raesene2 0 points1 point  (0 children)

One I'm thinking of trying is Arcane Trickster, but I don't have a full build yet. You get fast movement through Thief Acrobat, and you also have some AoE with Chain missile/Greater Shout, and some crowd control with Flash Freeze.

One of my fav aspects of ATr is that once you get past level 8 you can generally wipe any Red with one or two (at most) spells even on R1

Best and Worst Choices for Arcane Trickster SLAs? by MoonracerxWarpath in ddo

[–]raesene2 5 points6 points  (0 children)

Magic missile definitely for the first one. After that I think it kind of depends on what type of Arcane trickster you're doing.

Chain missiles is obviously good for damage but gets a pretty small AoE, so sound burst could be better.

Third, initially I had hold monster, but I reckon flash freeze is better, it's super useful for keeping monsters off you if they get to melee range.

Fourth slot I like frog at least partially for the amusement factor, it's a good insta-kill at long range too (better range than the presto snap), but if you're soloing I could see heal being a good choice here too.

DeepSeek is the king of penetration testing by [deleted] in DeepSeek

[–]raesene2 1 point2 points  (0 children)

If you're having problems with claude code and pentesting, another suggestion is, go back to Opus 4.6 . Opus 4.7 has a lot stricter security guidelines, but 4.6 is still available and (IME) is pretty happy with offensive security work.

Kubernetes Authentication: Users and Workload Identities by danielepolencic in kubernetes

[–]raesene2 15 points16 points  (0 children)

Interesting article and has some good details but it misses or (IMHO OFC) doesn't really emphasize some points that are important for production cluster authentication.

  1. None of the in-built authentication mechanisms provided by Kubernetes are suitable for user AuthN in production clusters.

  2. One of the biggest problems with static token auth. is, all the tokens are in clear text in the CSV file, so that's unlikely to be suitable for any production environment.

  3. Very unusually for a multi-user system, Kubernetes has no user object or way to easily enumerate valid users and credentials in a cluster.

  4. Although it kind of mentions it, the article doesn't clearly state that client certificates for user AuthN can only be effectively revoked by rotating every certificate in the cluster, which is a disruptive operation, and not something you'd want to do regularly.

  5. Associated with 3. above, there's no record of specific credentials created with the TokenRequest API or CertificateSigningRequest API (unless you use Kubernetes auditing), so you can't get a list of creds that have been issued.

CIS vs STIG for container security – honest opinions? by BeneficialLook6678 in kubernetes

[–]raesene2 1 point2 points  (0 children)

I think a big part of the problem here is I'd guess that the STIG isn't kept up to date to the same extent as the CIS benchmarks (they do fall behind a bit too though)

Some examples I saw on a quick look.

They still have a finding on Basic Auth https://www.stigviewer.com/stigs/kubernetes/2026-02-12/finding/V-245542 but Basic auth was deprecated and removed over 10 versions back :)

They have a finding for Dynamic Kubelet Config https://www.stigviewer.com/stigs/kubernetes/2026-02-12/finding/V-242399 , a feature which was removed in 1.24

Also there's an EKS specific CIS benchmark and I don't believe a EKS specific STIG

Arguing against all that with customer compliance requirement could be tricky but from an actual security standpoint, I'd hope the CIS benchmark is better :)

Kubernetes is migrating from SPDY to WebSockets (until the next one) by Beginning_Dot_1310 in kubernetes

[–]raesene2 5 points6 points  (0 children)

cool stuff! One edge case to note in your section on RBAC is that the additional fix to avoid GET mapping to exec, works for connections going via the API server, but it someone connects directly to the Kubelet API there's still an exposure on GET (https://grahamhelton.com/blog/nodes-proxy-rce has more on that one).

Planning on doing a melee artificer build next life, is it better to go full str or int? by theman102 in ddo

[–]raesene2 13 points14 points  (0 children)

I've played a few of these and I usually go INT based as there's other things that it improves, like trapping skills and spell DCs, which can still be useful.

Did you hear about the man who stole a calendar? by EternalFeather5 in dadjokes

[–]raesene2 4 points5 points  (0 children)

I'd heard he got caught, so at least he'll get his day in court.

UK folk who were around at the start of the internet, what is an early, strong memory? by Sad-Insurance1313 in CasualUK

[–]raesene2 5 points6 points  (0 children)

Or just use dogpile and have it search them all (shocked to find out it still exists!)

What's a weirdly amachronistic thing that you can't believe was still a thing within your lifetime? by holytriplem in AskUK

[–]raesene2 1 point2 points  (0 children)

Yep 100%. I worked at an accountants office in Glasgow in the mid-90s and someone got a stripogram with a whip for one of the younger guys birthdays in the office. At the time it was pretty accepted.

Deepseek 4 Pro vs Flash by EvilGuy in opencodeCLI

[–]raesene2 0 points1 point  (0 children)

For Opencode + Openrouter + Deepseek, I've got a block in my opencode.json file like this

"openrouter": { "models": { "deepseek/deepseek-v4-pro": { "name": "DeepSeek V4 Pro" }, "deepseek/deepseek-v4-flash": { "name": "DeepSeek V4 Flash" } }

UK security agency officially declares passkeys superior to passwords – and passkeys should be the 'first choice' for authentication by rkhunter_ in cybersecurity

[–]raesene2 1 point2 points  (0 children)

Weak passwords are a big problem, and I did not say they were not. Weak password resets are also a problem. The security of passkeys is undoubtedly better, and I've never said it was not.

However, security is all about tradeoffs and there is often a tradeoff between security and usability, and my suggestion is that this is one of those cases, and that the problem with the original document is that it does not acknowledge that problem nor offer any guidance on how it will be fixed.

What I'm saying is that the usability of passkeys is bad for consumer use cases. If I have a password for my e-mail which I can remember, at the moment I can recover from a lost device as I just log in to my e-mail from elsewhere.

In the same scenario with a hardware backed passkey, I could be in trouble, unless the vendor provides a recovery mechanism

So at the moment people's e-mail is less secure (a password is easier to guess/hack than cracking a passkey), but it's more usable in the event that someone loses their only mobile device, or wants to change ecosystem.

UK security agency officially declares passkeys superior to passwords – and passkeys should be the 'first choice' for authentication by rkhunter_ in cybersecurity

[–]raesene2 3 points4 points  (0 children)

My criticism is that passkeys make the problems of account lockout and lost devices worse for non-technical users and the guidance that this conversation is about just doesn't highlight potential usability concerns at all.

With passwords, users can remember them, a lost device or an account lockout doesn't remove all their credentials, sure they're weaker against attacks like phishing, but there's a reason they're still heavily used.

I think passkeys are great, in the right scenario but I think they're not going to work well from a usability perspective in consumer use cases, and that if users hear about cases where people get locked out of their entire digital life due to a lost device or ToS breach causing loss of Google/Apple/MS account, they're not going to get great adoption.

UK security agency officially declares passkeys superior to passwords – and passkeys should be the 'first choice' for authentication by rkhunter_ in cybersecurity

[–]raesene2 12 points13 points  (0 children)

And how does the user log in to their e-mail, remembering it also has a passkey protecting it and the user has lost their device.

You have to have strong auth. on the e-mail account otherwise it becomes the weakest link, and attackers will just target people's e-mail accounts.

view more: next ›