XML is a superior format to Json or yaml or any of those other trendy formats around today. It’s the hill I’m willing to die on because I’m right.
XML is a superior format to Json or yaml or any of those other trendy formats around today. It’s the hill I’m willing to die on because I’m right.
You were saying the input size doesn’t matter because you only store the hash which is always the same size. What I’m saying is that the input size really does matter.
You absolutely should set upper limits on all input fields because it will be abused if you don’t. Systems should validate their inputs, passwords included
deleted by creator
You can make a client hash it, but if you don’t reject large inputs to your API a client can send enough data to DOS you anyway.
The resulting hash will always be the same size, but you don’t want to have an unlimited upper bound otherwise I’m using a 25GB blueray rip as my password and your service is going to have to calculate the hash of that whenever I login.
Sensible upper bounds are a must to provide a reliable service not open to DDOS exploits.
Not necessarily. Presumably the change password form requires entering the old and new password at the same time. Then they can compare the two as plain text and hash the old password to make sure it matches, then if so, hash the new password and overwrite it. Passwords stored hashed, comparison only during the change process. A theme on this is checking password complexity rules during the login process and advising to update to something more secure. It’s possible because you’re sending the password as plain text (hopefully over a secure connection), so it can be analysed before computing the hash. This even works if the hash is salt and peppered.
Been running Ubuntu LTS releases on all my server VMs for 8 years and haven’t had a single problem. Absolutely solid as a rock. Fantastic support, loads of guides to do anything. Plus you can get 10years of support as a home user with a free Ubuntu Pro subscription.
I’d honestly just go Ubuntu server LTS and learn to configure it through the terminal. It’s not too difficult to setup. NFS and Samba shares.
If more than 0.1% of people do that I’d be flabbergasted
Use a better search engine.
Those of you who “can’t live without google”, need to get a grip.
Attackers need to access the system kernel to exploit the Sinkclose vulnerability, so the system would have to already be compromised. The hack itself is a sophisticated vector that is usually only used by state-sponsored hackers, so most casual users should take that into account.
So it’s a vulnerability that requires you to.already have been compromised. Hardly seems like news.
I can understand AMD only patching server chips that by definition will be under greater threat. On the other hand it’s probably not worth the bad publicity not to fix more.
I moved from an FX8350 to a R5 5600G a few years ago, having run it for about 9 years. Initially I didn’t think I’d notice much difference, but frankly it’s an entirely different ballgame.
At this point if you use Chrome I think there is something wrong with you.
“Already stable enough”
A big reason for owning a gun is protection of property. No one owns FOSS, so you can’t shoot anyone, and that’s no fun at all.
I’m no expert in JSON, but don’t you lose the ability to filter it before your application receives it all? If you had a reasonable amount of data then in SQL you can add WHERE clause and cut down what you get back so you could end up processing a lot less data than in your JSON example, even with the duplicated top table data. Plus if you’re sensible you can ensure you’re not bringing back more fields than you need.
It started with Emby and pihole. I’m now up to about 30 different services from Vault, email, 3CX, home assistant, firefox, podgrab etc.
I just setup netboot.xyz this evening as an experiment. Is pretty cool.
Yes you can do that. I do with opnsense. The username and passwd are not obvious though - they’re probably not what you use to login to the ISP portal with.
Most ISPs will have a brief FAQ on how to use third party equipment with the basics of what settings are important for your connection. You just need to enter them in to pfsense correctly. Also, sometimes searching for “<ISP_name> pfsense” can find useful blogs and articles.
Probably helps add a certain gravitas.