I like Hikaru, though I find GothamChess easier to watch, and more to my level. Also helps he is absolutely excellent in maintaining viewer attention. He is an excellent story teller.
If you question whether your electronic device is compromised, it probably is.
If you question if your electronic device has exploitable vurnabilities, the answer is absolutely yes.
Don't store private info on your electronics, if you can't handle them leaking. (Nude photos, bank credentials)
Commercial VPNs are not as useful and secure as you think.
I personally cover the front facing cameras on my laptop and mobile, on the assumption that if someone were to gain access to my phone, that's the first thing they would look at.
Don't connect to random public WiFi. If you do, don't login to any online account on it, or send confidential information.
> Don't connect to random public WiFi. If you do, don't login to any online account on it, or send confidential information.
While this is good advice in general, I have seen that people do end up having to connect to public WiFis in general (airports, traveling in a foreign country, lost LTE connections). I advise people never to accept "Insecure connection" warnings in browsers, with TLS in place and HSTS, practically the risk is very low.
MitM on android works very well if you just use an app without a browser view. Android don't tell you that the certificate was changed and the app developer usually don't care to pin the certificate or check for the issuer. When using a random wifi, use a vpn just to be sure.
People can't distinguish the official wifi from a rouge one if it "sounds" official. Just go to a crowded place, name your wifi "Joes Coffee Shop" and people will connect to it in no time.
I guess the point is about MiTM which you have not really answered, MiTM requires the man in the middle to present a webpage / api to the user over https with a valid certificate so that the browser or the android app would make connections to it. They just don't accept all tls certificates as valid, only the ones signed by CAs trusted by the device. It is the same for android. I guess you are confusing certificate pinning with standard TLS. Certificate pinning is an additional measure and prevents against compromised CAs etc. Standard TLS itself is sufficient to prevent MITM over https.
> MitM on android works very well if you just use an app without a browser view.
Do you have any examples showing this? Popular http clients like okhttp on mobile devices do perform TLS validation based on trusted CAs stored on the device. You would have to go out of your way to make them trust self-signed certificates to perform MITM or compromise a CA to issue you a certificate to allow MITM.
Mitm attacks are still a thing, but personally I wouldn’t bother with it. It’s much easier to go the social engineering route, ie post on Facebook a picture of my “old” dog (really a random dog) with the text “flash back to my first dog Tessie! You will always have a place in my heart :) post in the comments about your first dog”
And boom now you have their answers to security questions to reset their passwords.
> boom now you have their answers to security questions to reset their passwords.
Are there any example of this actually happening? It seems like an old wives tale. The simpler explanation for why these posts are so popular is that they generate a lot of engagement, especially in the form of unique comments and number of commenters, which is a signal used for ranking and helps increase reach of these accounts.
> Commercial VPNs are not as useful and secure as you think.
That's highly contingent on the "as you think" part.
For example, I use ExpressVPN on public WiFi networks because I trust them a whole lot more than random public WiFi providers. Sure, they have access to the URLs I've accessed while using their service. Then again, so does my ISP.
The crucial part is, said random public WiFi providers won't have access to that data.
Additionally, and much more importantly, some public WiFi providers try to MITM secure connections, which is effectively prevented when using a trustworthy VPN.
While public Wifi providers may try to MITM, TLS effectively prevents that from happening unless you are prone to accept "insecure certificate/connection" warnings.
> While public Wifi providers may try to MITM, TLS effectively prevents that from happening unless you are prone to accept "insecure certificate/connection" warnings.
For connections happening via a browser that's true. For other applications, it depends, since those might happily accept a certificate that has been tampered with without the user being aware of it.
> That said, why did you choose EXpressVPN?
Put snarkily: Because I'm not Edward Snowden and I'm not subject to the same kind of threat level.
At the time (2018), ExpressVPN for me was the right choice in terms of sufficient security for my requirements and - not to be underestimated - user experience.
Other VPN products I tried out back then were more difficult to install and use (sometimes significantly so) and suffered from slow or even regularly dropped connections.
TLS validation is enforced in all mobile applications unless you have spyware/malware which would use insecure CAs or self-signed certificates. Please see my comment above https://news.ycombinator.com/item?id=34159195 All standard mobile clients do TLS validation. They just can't be MiTMed by anyone using self-signed certificates/CAs which is how most mitm tools work (e.g. mitmproxy) Do you have any examples of apps not doing TLS validation?
I am really surprised to see this misconception.
> Put snarkily: Because I'm not Edward Snowden and I'm not subject to the same kind of threat level.
Well that is alright, we should all make decisions based upon our own threat models. It is just that in that case you are also at no risk with public WiFis unless you are sincerely looking for a fully secure alternative.
What does it have to do with app store? Insecure apps which might not respect server TLS certificates / settings or communicate over plain HTTP will be insecure to use over a VPN as well. A VPN is not an alternative to not using proper TLS validation.
You specifically mentioned TLS being enforced in mobile apps. For non-mobile apps such an enforcement either happens through an app store vetting process or the operating system restricting access to non-secure API calls.
I also didn't say a VPN is an alternative to proper TLS validation. It just prevents public WiFi networks from trying to intercept (improperly validated) connections.
I said "mobile apps" to exclude browsers which do similar validation anyways. And it is the same process for mobile apps, only apps designed in an insecure manner (to choose to ignore cert warnings, use custom TLS clients etc) would fail validation and there is no reason to use such apps, it does not matter whether you use a VPN or public-wifi.
Yea, but that's not _my_ problem. My problem is "fuck comcast".
As for the public wifi, i get that i can't trust my random Dropbox VM for example, but i can surely trust it more than an actively hostile public wifi, no? If i can't trust any remote computing VM, how can i host anything on infra i don't own?
Can't help but notice that no timeframe was published. How long was the exercise? A month? A week? A day?
In any-case, whether the problems plaguing the Puma are fixable by retrofitting, or if a new design all together is necessary, is a real question with some effects to note.
After all, replacing electronic parts is completely different from replacing key mechanical systems or even sections of the hull.
From what I can Google it wasn't like there was one thing that broke on all the vehicles, more like each vehicle experienced some sort of failure. I did see electronics seemingly being too fragile to stand up to the concussion of gunfire being mentioned. So overall it seems fixable, and not exactly shocking for a complicated new project, but definitely embarrassing.
> What does 'SSE' stand for in the following code sample: <pasted fetch-sse.js>
"In this code sample, 'SSE' likely stands for "Server-Sent Events". It is the name of the fetchSSE function and it is used to fetch data from a server using the Server-Sent Events protocol. This protocol allows a server to push data to a client in real-time, rather than requiring the client to continually poll the server for updates."
Not sure how accurate this is but it gave me enough information to look into it more!
Not necessarily correct.
The reason of the invasion might be because of russian adherence to the heartland theory, creating defensive depth.
Might be Putin's megalomania, need for approval rating back home, maybe the oil prices rose and they took the opportunity, maybe to prevent Ukraine from joining the EU/NATO.
Could be a thousand and one differing things, or all of them at once.
What is correct? No one but Putin (and maybe not even him) knows.
That quote is indeed his. I listened to Shannon Lee's (his daughter) podcast, and she told the story of when he understood it.
Apparently when his martial arts teacher told him he was too forceful, to be more like water, and then banned him from practicing until he understood. Short story, he went on a boat ride, got angry, started punching the river, then he got that aha moment.
Bruce Lee was actually a really wise dude. I also highly recommend the podcast.
As an Israeli former soldier, could you elaborate?
I remember our commanders telling us that there used to be a trafficking route through the border of Egypt, but it stopped when the border patrol improved, couple years back. They were smuggling Eastern European girls to prostitute.
Did something change to your knowledge? Or are you talking about another route?
