Many jobs will already disqualify applicants if they don’t have any social media, or refuse to provide account names. The rise of cancel culture means many businesses are extremely risk-averse, and don’t want any employees who are prone to posting inflammatory things.

A honeypot is something that is intentionally left available, to alert you when it gets hit. In practice, they’re just a tool to tell security specialists when they need to start worrying; They wouldn’t be used by the average user at all.

The goal is to build your security like layers, and ideally have all of your services behind the secure walls. Between these layers, you have honeypots. If someone gets through your first layer of security but hits the honeypot, you know someone is sniffing around, or maybe has an exploit for your outer layer that you need to research. If they get through the second layer and hit your second honeypot, you know that someone is specifically targeting you (instead of simply running automated scans) and you need to pay closer attention. Etc…

Reinforcing the attack layer comes in two main forms, which work in tandem: Strengthening the actual layer, and reducing attack vectors. The first is focused on using strong passwords, keeping systems up to date, running something like Fail2Ban for services that are exposed, etc… The goal is for each layer of security to be robust, to reduce the chances of a bot attack actually working. Bots will simply sniff around and automatically throw shit at the wall to see if anything sticks.

The second part is focused on identifying and mitigating attack vectors. Essentially reducing the amount of holes in the wall. It doesn’t matter how strong the wall is if it’s full of holes for your server’s various services. The goal is typically to have each layer be as solid as possible, and grant access to the layers below it. So for instance, running a VPN. The VPN gets you access to the network, without exposing services externally. In order to access your services, they need to get through the VPN first, making the VPN the primary attack vector. So you can focus on ensuring that the VPN is secure, instead of trying to spread your focus amongst a dozen different services. If it’s exposed to the open internet, it is a new potential attack vector; The strength of the wall doesn’t actually matter, if one of those services has an exploit that someone can use to get inside your network.

Home users really only need to worry about things like compromised services, but corporate security specialists also focus on things like someone talking their way past the receptionist and into the server room, USB sticks getting “lost” around the building and plugged into random machines by curious employees, etc… All of these are attack vectors, even if they’re not digital. If you have three or four layers of security in a corporate setting and your third or fourth honeypot gets hit, you potentially have some corporate spy wrist-deep in your server room.

For an easy example, imagine having a default password on a service, and then exposing it to the internet via port forwarding. It doesn’t matter how strong your firewall is anymore. The bot will simply sniff the service’s port, try the default credentials, and now it has control of that service.

The better way to do it would be to reduce your attack vectors at each layer; Require the VPN to access the network via a secure connection, then have a strong password on the service so it can’t easily be compromised.

The bus didn’t stop though. He just hopped off while it was slowed down.

Yup, the sad reality is that you don’t need to worry about the attacks you expect; You need to worry about the ones you don’t know anything about. Honeypots exist specifically to alert you that something has been breached.

Just nobody wants to scan all 65k ports.

Shodan has entered the chat.

People misunderstand the “no security through obscurity” phrase. If you build security as a chain, where the chain is only as good as the weakest link, then it’s bad. But if you build security in layers, like a castle, then it can only help. It’s OK for a layer to be weak when there are other layers behind it.

And this is what should be sung from the hills and mountaintops. There’s some old infosec advice that you should have two or three honeypots, buried successively deeper behind your security, and only start to worry when the second or third gets hit; The first one getting hit simply means they’re sniffing around with automated port scanners and bots. They’re just throwing common vulnerabilities at the wall to see if any of them stick. The first one is usually enough for them to go “ah shit I guess I hit a honeypot. They must be looking for me now. Never mind.” The second is when you know they’re actually targeting you specifically. And the third is when you need to start considering pulling plugs.

He actually had a hand in tweaking Decima too! When he signed on with Guerrilla, they basically hadn’t planned on offering the engine for external use. It was something they had simply developed for themselves. Guerrilla gave Kojima the framework, and went “well you helped develop FOX, so help us develop Decima (the new name for the previously unnamed engine) too.”

The engine name is even a reference to Dejima Island, which was a Dutch trading port in Japan; For much of Japan’s history, the Dutch were the only ones allowed to trade with Japan. So the name has some strong symbolic meanings, with Guerrilla being a Dutch company and Kojima being Japanese.

Also, EGL is basically just a glorified web browser that only points to Epic’s website.

I mean, bare minimum that’s over $80 per report. Even if you only get one per hour, that’s still fantastic money by most metrics. That’s like $14k per month, or ~$170k per year. And that’s just the bare minimum fine.

Hideo Kojima had the FOX engine developed for Metal Gear Solid V, because he was tired of game devs thinking they knew better than him. He’d ask for something specific, and the game devs would do it differently because they thought they knew better. So he created his own engine, to be able to go “fucking fine, I’ll do it myself.” Essentially, he was tired of having his ideas filtered through the game devs, so he created his own engine to be able to understand how the engine worked and have a more direct hand in the development.

And MGSV is one of the most well polished games in history. The story is a hot mess because there was some politicking tomfoolery between Kojima and the publisher… But the actual gameplay is top notch, and the game runs smooth as butter on even low-end systems, while looking amazing.

The irony is that Konami almost immediately abandoned the FOX engine, due to the aforementioned politicking. Kojima left the company, and the engine was quickly relegated to only being used for bad soccer games that Konami cranked out every year. Then once the PS5 came around, Konami didn’t want to update the engine, so they abandoned it entirely.

like they like to do with fan games/projects/etc.

Cries while staring at the defunct AM2R project

Not really; The emulator doesn’t use any copyrighted code, but the ROM is copyrighted. That’s just basic IP law.

What is fucked up logic is Nintendo encrypting their ROMs, then providing decryption keys on the console. So the emulator itself is legal, but actually booting a ROM requires decrypting it, which requires keys from a legitimate console. Nintendo has argued that those keys are illegal to use in an emulator, even if the user rips them directly from the console that they own. So you have the keys. You own the console they’re stored on. But it’s illegal to use those keys anywhere except on the console they came on, because Nintendo said so.

Yeah, lots of people don’t realize that the public education system was designed to prepare kids for factories. It goes all the way back to the Industrial Revolution, when parents were working 16 hour days in the factories. They needed some way to keep their kids occupied while dad was stamping steel and mom was weaving fabric. The factory workers lived in corporate-owned towns, and all of their needs were (hopefully) covered by the factory owners. And along this line of thinking, the factory owners started public schools, both to keep the kids occupied during the day, and to prep them to work in the factories once they were old enough to know how.

Basically everything about modern education is run like a factory. Everything is standardized to the median 85% of the population; students who deviate too far from that are punished or segregated via special education. You work (study) when the bell tells you, eat when the bell tells you, shit when the bell tells you. You’re expected to sit quietly and do your work, no socializing except when the bell tells you. Et cetera… The entire idea was to give students a baseline level of education that they would need to work in the factory, and prep children to work in factories under the same grueling conditions.

It’s not super intuitive.

There’s also the fact that instances can simply choose to ignore delete requests. Because that’s all it is; A request. Let’s say I post on .world and it gets federated to other instances. If I then delete that .world post, there’s nothing requiring those other instances to actually delete anything. .world simply sends a delete request, but the individual instances can choose to ignore it if they want.

That’s a large part of why the “I delete my content after a day or two so LLMs can’t use my data” crowd is so stupid. If someone was looking to train an LLM on Lemmy data, they’d simply set up an instance to aggregate posts, and refuse to delete anything.

It definitely hasn’t aged well, but that’s largely because the humor was based on pop culture references. Talking about Jessica Simpson isn’t really cool anymore. But that the time, it was a sort of revolutionary thing to have games reference current pop culture. It made the games feel fresh, especially if you played them right at launch.

Were they great games? No. But from a gaming culture standpoint, they had a surprisingly large impact. Game devs learned what did and didn’t work in regards to the references and gameplay, and that alone makes them culturally important.

Also, games deserve to be preserved even if they didn’t have a massive impact on gaming. Even old Flash games have massive preservation efforts, because every single game was someone’s pet project. Imagine saying the same thing about a bad film. Sure, a modern 4k re-release may not need to exist, but that keeps it in modern formats and makes preservation easier.

Except that bots already have a higher pass rate than humans, so the captcha isn’t even good at preventing bots.

I have like a dozen Gmail accounts, and I know plenty of others who do too. Before I owned my own domain, I used the different accounts for different things.

Yeah, all of the “vibes are off” jokes aside, TikTok is drastically different after the ban was lifted. I have gotten straight up racist and fascist propaganda on my fyp, and there are a lot of sympathetic comments on those videos. But I never got those videos before, because my algorithm was automatically filtering them out. It’s almost as if the app has been programmed to bypass the algorithm and occasionally show alt-right talking points to everyone, just in the hopes of casting as wide a net as possible.

Also worth noting that breaker ratings are for instantaneous usage. A 15A 120v breaker can only actually support 12A of continuous usage. But it says 15, because most things use a little extra power when they first turn on. AC system spinning up the fans and compressor, for instance. Spinning things up takes more power than keeping it moving. If you put a 15A device on a 15A breaker, it would likely trip as soon as that device turned on. In that instance, you’d likely use a 20A breaker to support the 15A device instead. But that 20A breaker would also call for upgraded wiring and outlets which could support 20A.