My personal take on that issue is that fighting the vendor is ultimately a losing battle and the later you switch, the more painful it is. If Microsoft wants people to make a Microsoft account for using Windows in non-enterprise environments, it will eventually be impossible not to.

First and foremost, I do think Windows is the better choice for most people to play games on, mostly due to vendor support.

However, I’d say that a lot of people have some sort of issue with Windows, albeit probably less than they would have with some Linux distributions. I just wanted to express that “without headaches” is a goal that is maybe higher than necessary.

Well, is Windows?

Do you know of any place where sailors hang out?

He was just lucky there was no right wing podcast bro among them

And they said AI wouldn’t boost business. Who’s laughing now, haters?

The whole thing is just embarrassing. Anyone with a bit of understanding knew that the technology comes with huge risks (after all, there is no understanding, just the imitation of it). Billions have been poured into a glorified autocomplete in one of the biggest corporate FOMOs I can remember. Nvidia is (as much as I hate them, rightfully) laughing all the way to the bank. Crypto and now this allow them to practically buy Intel - back when AMD bought Ati, people speculated it’d be Intel buying Nvidia! Granted, Intel did their part too, but Nvidia selling cards that will be completely outdated in two years in unthinkable amounts is wild. And the best part is, except for them, everyone else lost money, like not even OpenAI themselves are making any, and this is with Microsoft subsidizing them. Absolutely insane!

It depends on the context. Let’s say their is a hard boss that you need 10 attempts for. It makes a huge difference if there is a checkpoint before it or if you have to do 5 minutes of chores again (I agree that these are extreme examples…)

Pretty sure it’s just that Steam will no longer function on 32 bit machines, not that it will no longer be able to launch 32 bit binaries. The latter would make it impossible to run your old games. The fedora proposal would have running 32 bit libraries on 64 bit systems impossible as well, as it included dropping multilib.

Look through the cockpit

Give him a rest, OK? It was a slow day

The 4k you find on streaming services can’t really be compared to the 4k you find on Blu-ray. It’s a different league. Turns out bitrate actually matters

Maybe if we curve the TV?

Client data absolutely is encrypted in TLS. You might be thinking of a few fields sent in the clear, like SNI, but generally, it’s all encrypted.

I never said it isn’t, but it’s done using symmetric crypto, not public key (asymmetric) crypto.

Asymmetric crypto is used to encrypt a symmetric key, which is used for encrypting everything else (for the performance reasons you mentioned).

Not anymore, this was only true for RSA key exchange, which was deprecated in TLS 1.2 (“Clients MUST NOT offer and servers MUST NOT select RSA cipher suites”). All current suites use ephemeral Diffie-Hellman over elliptic curves for key agreement (also called key exchange, but I find the term somewhat misleading).

As long as that key was transferred securely and uses a good mode like CBC, an attacker ain’t messing with what’s in there.

First, CBC isn’t a good mode for multiple reasons, one being performance on the encrypting side, but the other one being the exact reason you’re taking about: it is in fact malleable and as such insecure without authentication (though you can use a CMAC, as long as you use a different key). See https://pdf-insecurity.org/encryption/cbc-malleability.html for one example where this exact property is exploited (“Any document format using CBC for encryption is potentially vulnerable to CBC gadgets if a known plaintext is a given, and no integrity protection is applied to the ciphertext.”)

As I wrote in my comment, I was a bit pedantic, because what was stated was that encryption protects the authenticity, and I explained that, while TLS protects all aspects of data security, it’s encryption doesn’t cover the authenticity.

Anyhow, the point is rather moot because I’m pretty sure they won’t get a certificate for the IP anyways.

Public key crypto, properly implemented, does prevent MITM attacks.

It does, but modern public key crypto doesn’t encrypt any client data (RSA key exchange was the only one to my knowledge). It also only verifies the certificates, and the topic was about payload data (i.e. the site you want to view), which asymmetric crypto doesn’t deal with for performance reasons.

My post was not about “does TLS prevent undetected data manipulation” (it does), but rather if it’s the encryption that is responsible for it (it’s not unless you put AES-GCM into that umbrella term).

Right, and for the challenge, you need to have access to a privileged port (which usually implies ownership), which you won’t get assigned.

Let’s Encrypt are rolling out IP-based certs, you may wanna follow its development. I’m not sure if it could be used for your forwarded VPN port, but it’d be nice anyhow

It shouldn’t be because you’re not actually the owner of the IP address. If any user could get a cert, they could impersonate any other.

I believe encryption helps prevent tampering the data between the server and user too. It should prevent for example, someone MITM the connection and injecting malicious content that tells the user to download malware

No, encryption only protects the confidentiality of data. You need message authentication codes or authenticated encryption to make sure the message hasn’t been transported tampered with. Especially stream ciphers like ChaCha (but also AES in counter mode) are susceptible to malleability attacks, which are super simple yet very dangerous.

Edit: this post is a bit pedantic because any scheme that is relevant for LE certificates covers authenticity protection. But it’s not the encryption part of those schemes that is responsible.

But only so.

I don’t think they’re sensationalist, they just don’t sugarcoat the industry bullshit. And believe it or not, they need to make money from this, it doesn’t pay itself. It’s like saying newspapers should be free, or else informing the people isn’t their primary concern.

“A farmer wants the money. Giving the good away for free would be great if they just wanted to feed people, but that’s not their primary concern.” Can even play that game for nurses etc

If they acted differently, they’d probably be liable for illegal activity that they proxy for (this is for example relevant for the DMCA safe harbor).

Anyhow, when on their abuse page, I have an option for “Registrar”, which is used for “DNS abuse”, among others.

So people from low trust score environments like Linux

Linux user here, Cloudflare hasn’t blocked access to a single page for me unless I use a VPN, which then can trigger it.