Amount of traffic is what matters. Are you saturating your pipe 24/7 for an entire month? Sure, you may have problems. But you'd have the same problems if you were torrenting (let's assume legal torrents here, I am not talking about copyright) or hosting a mega LAN party with hundreds of people streaming their games all at once.
Don't ISP's just charge per caps on ingress and egress volume?
From your comments it is clear that they don't. Super infuriating. Why should they care what I do with ingress and outgress that I paid for, as long as I am not hurting them.
His comments are based on fear-mongering he read somewhere or an overly-literal interpretation of terms and conditions written to cover the ISP's ass in every theoretical situation possible.
ISPs who enforce data caps already priced it in and technically have an incentive for you to exceed your cap as fast as possible so you pay to increase said cap (they can however still slow down your traffic as they wish, to ensure sufficient capacity for everyone).
ISPs who don't enforce a cap actually still internally enforce a reasonable cap of several terabytes at their discretion. And of course, they can and will use traffic shaping to ensure the integrity of their network so your usage doesn't affect others. If you exceed that soft cap consistently several months in a row they may get in touch, but other than that you're fine.
TLDR: host your server and enjoy. When you get to the scale of the next YouTube, then you have to worry.
Yes, though even though they can see that, as long as it's encrypted they can't know for sure, so as long as you don't cause problems they won't care at all that you're using it for something. In all my years I've never had an ISP complain about constant encrypted traffic, though some ISPs do have general data caps like Comcast.
"No. There has never been a U.S. President whose first name was “Bob.”
A few presidents had names that could be shortened to Bob—most commonly Robert—but no U.S. President has had the first name Robert, either. (There have been presidents with middle name Robert, such as James Earl “Jimmy” Carter Jr., but that’s different.)
So: no Presidents named Bob, and none named Robert as their first name.
> Jimmy?
(generic summary of who Jimmy Carter is)
> So he also isn't a Robert.
Correct — there have been no U.S. Presidents with the first name Robert.
A few had middle name Robert (e.g., James Robert “Jimmy” Carter does not have Robert as a middle name, for clarity — his middle name is Earl), but no president’s given first name has been Robert.
So your original statement stands: No “Bob” No “Robert”
Want a list of presidents by first name to double-check?"
My favorite part is it desperately inserting a Robert into Jimmy Carter's name to appease the context.
I wonder if a diffusion based LLM would avoid that kind of failure.
In practice this doesn't affect the overwhelming majority of people as they're either not going to be compromised (the most likely case) or, in the tiny chance they're compromised, they're not going to notice (in which case from their perspective it still "isn't broken").
It isn't like this is the original WinXP during the era where computers connected directly to the open internet and caught viruses just by existing, making computers groan and being very visible that something was wrong. Pretty much everyone is connected via a firewall and on top of that Windows has improved its security considerably over the years. And there are still security updates for browsers (the main vector for malware by far) that support Win8.x (e.g. Firefox ESR will be supporting Win8.x until next year and people have made Win7 and Win8 compatible builds for modern Chromium).
So it isn't surprising that for all intents and purposes it isn't broken, especially when the alternative is having to change to something that feels like downgrade in terms of UX. From a user's perspective it is a choice between the unlikely potential of something invisible perhaps happening (getting compromised) versus the absolute certainty of something very visible happening (having to get used to a worse UX). Considering Windows still tie security updates with everything else, it isn't surprising that people judge based on what they perceive the most.
Of course the best solution would be to switch to an OS where such choices are not necessary in the first place. I've been using Window Maker since early 2000s and the UI has remained the same since 1997 when WM was first made, aside from the occasional theme change (which is done only whenever i personally feel like it, i.e. is not forced on me) while at the same time i'm using the latest Linux kernel, C library, drivers, etc with all security fixes. I do not have any choice between having security fixes or using a GUI that i am comfortable with - i get to have both.
It is VERY much a "compromised but don't know it, or it doesn't slow down things or break enough for them to notice" territory.
The state of security is /awful/ for general users.
But they also can't figure out how somebody keeps getting into their email account, why they get text messages that quickly disappear from history, or what these weird charges that keep showing up on their bank statement are...
Software is not "broken" just because it doesn't get updated with new spyware and adware every week. This is a misconception spread by companies like Microsoft.
Unfortunately, these days it's arguably safer to run an unsupported version of Windows. Microsoft is obsessed with putting adware and features that put your data at risk into the OS, so it's not clearly the best choice to stay current any more.
who cares? it impacts nothing. windows updates are counter productive for a decade. "but security and zero days!!"
ok surely that firewall and home lab and ability to not download and run garbage is enough for someone on the supposed "hacker news" to handle. but no, we got heaps of people using "out of support" as some sort of argument whatsoever to upgrade to absolutely dogshit versions of windows. make it make sense
People get their identities stolen every day, and it is a super, super, super shitty process to go through depending on how deep it goes. It can change your life forever.
Having oldass OS and application versions make that a thousand times easier when you have so, so, so many CVEs you can exploit. And LLMs have been show to make this very trivial now.
All you need to do is click on the wrong pop-up, or the wrong link in your email, or tap something on your phone screen, or have a poorly configured (often from the factory) router, and the initial intrusion takes place. After that, an outbound encrypted session quickly gets setup, and congrats, now your network is acting as a residential proxy that can be sold to criminals that want to download CSAM from your IP, AI companies that will use your connection for scraping, and other elements that will either mine the data on your systems (your PII, logins, etc) and scrape your screens.
But if you don't care about your life becoming a living hell, then I can't make you.
This happens all the time, every day.
If you have a car, you maintain it. If you have a bike, you maintain it. Power tools? You maintain them. Your electronic devices also need to be maintained. They have access to your most sensitive data, and potentially private conversations.
Did you know that a lot of current home router NAT implementations are currently broken, in particular for UDP traffic handling, and you can therefore spoof your way into the network?
I had a 5 or 6 digit ID which was pretty good for a kid not from the Bay Area, but I never got into slashdot flame wars. I still reflexively check it many times a day.
Considering I'm going 40 years strong of not once falling for a phishing scam, I feel pretty confident in my assessment that I won't do so in the future. It has to be an exceptionally good phish to get anyone moderately technical to even take a second look. And even then, generally one can tell upon a second look. It's not hard to not get phished.
It's also happened with code pushes on GitHub, which didn't get caught in code review, and has compromised build processes by introducing a malicious domain that is visually identical.
I felt the same until my company's IT department got me with a (thankfully simulated) well-made phish on some bleary-eyed morning after a birthday party when I was only half awake.
Everybody feels confident until a slip happens. It's really just a function of probability and time acting against you as well as anybody, just like companies shouldn't ask themselves whether they'll be hacked, but when.
It also seems to me that phishing has become vastly more sophisticated in recent years, IMHO mainly due to 3 issues:
1. A growing number of huge data leaks that enable scammers to profile and target possible victims to an unprecedented degree and attack them using unexpected vectors. I remember my feelings sinking the day I received the first phish that contained basically all my personal data to address me. Once it's out there and traded, there ain't no getting back. As a consequence, spear phishing has become much more automated and widespread.
2. Proliferation of 2FA, often via email, as a supposed remedy-for-all which leads to a false sense of security.
3. The sheer ignorance of some actors that continue to undermine all the best awareness efforts and normalize insecure practices. For god's sake, I've received unsolicited emails from my bank as well as from globally acting online retailers telling me to click on a link and log in to solve some issue. To my great astonishment, both turned out to be legit. What the hell were they thinking?
Really, I wish all of us good luck. But I don't feel so confident anymore, rather like an unwilling participant in a lopsided arms race, where the adversaries have great resources at their disposal, and I have nothing more to rely on than my wits. ... Actually, put this way, it sounds like a classic cyberpunk tale. There's some appeal to it, I admit, but still.
Do most consumer APs/routers allow you to just change the MAC address on the fly? I don't think the ones I've owned have ever allowed that. But that would certainly be interesting to try (if you were somewhere without any other address interference that would tip it off)
Pretty sure the laptop I had from like 2012 until 2018 could do that. Haven't tried anymore since (haven't played around with deauths) but I thought this was common functionality
Consumer router firmware UIs, typically owned by ISPs, I'd not expect that yeah. Some don't even let you pick a WiFi band anymore and require other changes to be submitted through an ISP portal on the web somewhere (thinking of Belgium here, not sure which ISP it was)
Some will let you change it but it's almost always static since changing AP MAC Address will cause network disruptions for all connected clients.
Sure, some hacker somewhere will screw with these databases by rotating their AP MAC Address regularly but 99.9% are not going to touch it and 99.9% is good enough for location databases.
The site says: "People like a challenge and playing against other people is often how games provide this challenge. Competition by itself is not necessarily a dark pattern. Classic games like chess and checkers, and most sports have competition. It's when competition is combined with other dark patterns that problems arise."
And this is true. In particular, competition where you gain rewards for staying on top of leaderboards, and there is a pay-to-win element. Competition isn't necessarily bad, competition can be fun, "but how is this game using competition" something you should think about before you get into a new game.
Sure but they have no room for this level of nuance on their actual ratings, it's just a checkbox for 'game has competition' which always counts as a 'dark pattern' for the purposes of the overall score.
The person who wrote that text and the person that coded the website need to get relationship counseling; every page on the website except that paragraph treat competition as one more bad point ok the bad points scale.
It's all too common to make a taxonomy of potential problems and then when deciding how to sum it up just throw up your hands and say each potential problem is worth one point.
Solo/single player games are common now, but looking at pre computer history the majority of games are sports where you're competing against others either alone or in teams and board/card/dice games where you are competing against others (and probably gambling too).
Sure there are some solitaire card games, and toys like yo-yos, kendama and the like that could be classified as games. But competition defines most of what we consider "games" up until computers were able to simulate the other players in the form of hostile/friendly npcs, computer controlled 'players' etc.
See second paragraph. 'Basically all' may have been an exaggeration, but the crux of my argument is that the concept that human beings know as a 'game' up until the advent of computer games more often than not involved competition.
Computers didn’t introduce the notion of solo play and there are examples of games throughout history that are not about competition.
Archery, for example, has its roots in improving your skills for the battlefield. But archery as an hobby, which goes back as long as the bow was invented, is simply for the enjoyment of doing it.
Kids playing together with toys is not a competition. Lego/Meccano/building blocks. The list goes on.
You're allowed to like dark patterns. Doesn't make them any less dark. They manipulate you to get you to play more. But you are allowed to enjoy it. Trying to save your ego or pride by pretending is silly.
Creative Cloud and DAWs. Those are my only reasons and basically the only reasons I ever hear from people. A Linux port of Photoshop would probably put a small dent in Windows' market share at this point.
reply