It would be nice if it only considered alphanumerics. Downside: punctuation can mean a lot in poetry. Upside: people might make punctuation less meaningful just to have more strings to try.
i remember a long time ago i was told north korea was a dark spot on earth when viewed from space, interesting to see it on an actual light pollution map. not that north korea is alone in this aspect.
The employees and their contractors and related at Discord corporate can see your IP address too and much more. Luckily it won't be Microsoft owning it as they could correlate against their software empire too.
But Discord does have significant profit motive to collect information about you. In fact, their entire proprietary protocol, client, and restriction of clients is based around ensuring this.
He wasn't talking about mass data collection used to sell advertising, he was talking about a the admin of a server with maybe a dozen users having access to his IP, which potentially could be used for DDOS or geolocation. The kind of 'data collection' which could have visible impacts upon his life.
And I am saying that there are human people working at companies too. The only difference is that if they cause you indirect harm their legal liability is abstracted enough you can't do anything.
They're not talking about Discord and their employees having your IP, they're talking about teamspeak server admins being able to see it and using it for nefarious means. On Discord, just because someone joins a server you created doesn't mean you get their IP. With teamspeak being decentralized, your IP is sent to admins which are much closer and interested in the same topics you are, so if you make them mad, they have the ability to retaliate by performing a DDOS or geolocating you to expose your location. With Discord, there's trust that Discord isn't going to suddenly make your IP address public for some reason - even if you make an employee mad, them accessing your IP just to leak it would be jeopardizing their cushy VC-backed job all just to 'expose' someone on the internet.
Discord has the same issue, essentially everyone who works in a somewhat technical role has access to their moderation tools that have zero auditing and reports of abuse (reading people's DMs "as a joke") are not uncommon.
Discord also refuses to delete any data you give them. Deleting a Discord account sets a lockout flag, changes the nickname to "Deleted User" and resets the avatar to default. That's it. They don't even bother setting the user ID on your messages to something common, to a bot (and anyone who turns on developer mode) all your messages still contain your Discord ID.
I also learned from personal experience that they ignore any requests for deleting data coming in via GDPR. These people need to get slapped in a lawsuit.
> Discord has the same issue, essentially everyone who works in a somewhat technical role has access to their moderation tools that have zero auditing and reports of abuse (reading people's DMs "as a joke") are not uncommon.
This is the first time I hear of this, can you please link a source?
The Discord subreddit has a few threads about this, but it has always been an open secret back when the Discord Developers guild still existed. I'm pretty sure it got axed because some staff members got too memey about abusing their database access.
So Discord has the same issue should be Discord had the same issue - I also can't find any mention of such abuse of power. The only thing is supposedly this Trust & Safety employee that revoked the vanity url /furry to give it to another server[0], and T&S needs full database access like that for obvious reasons (even if this employee did abuse it).
That's one incident. I'm talking about a pattern of behavior where staff members act unprofessionally. That includes telling your users "I can just change your ID lol" even if they don't end up doing it.
Discord didn't fire the person who was joking about database edits the most (or anyone to my knowledge). All they did was close the outlet for staff to show their badge off and brag about it. That doesn't fix anything, my assumption is that this is still going in.
It does, but that is not always an option. What if you shared personal information on a server you no longer have access to? Your only option is to wait a week for your data export and then wait another 2-3 weeks for a support ticket to get to the stage of threatening Discord into actually removing individual messages. What if you're being stalked? What if you said something incridebly dumb on a server you assumed was limited to very specific people? A month to removal is untenable. Discord needs searchable dashboard that allows one-click removal.
Discord considers all servers public, not because they actually are (many are for friend groups or even classes etc.), but because that'd mean your consent for keeping any message you send is in question whenever someone is invited to a guild you were not expecting there. Their argument against removal is always "following public conversations is in the public interest". Any European court would tell them to fuck off if someone finally sued them over ignoring GDPR requests, because in the end most Discord servers (absolute numbers, not by volume) can not be considered public.
Not only that, Discord communities are all invite-only, even the discoverable ones are technically invite-only (discoverability process of Discord requires a permanent invite).
> Discord needs searchable dashboard that allows one-click removal.
The thing is there is no user→message mappings stored in their database. The data structures are designed for message→user traversal. Nothing like Facebook's user activity log.
with the amount of automated systems out there port-scanning IP ranges for vulnerabilities, being on discord with one (a vulnerability), even if discord exposed IPs, is not much more dangerous than just sitting around twiddling your thumbs waiting for a bot to hit your IP.
The risk of personal identification due to IP I can buy into; the risk that your already public IP may be exposed to a do-bad-criminal who wants to exploit you via Discord.. feels no more dangerous than having a vulnerable computer connected, anyway.
There are some games that run peer to peer connections, and for those to work, they require inbound connections to work. As far as the security of the average game codebase is concerned, I'd say it's pretty terrible as nobody really audits these codebases for buffer overflows/RCEs.
Source Engine (CS:GO, Team Fortress 2, etc) has a bunch of RCE that were disclosed to Valve years ago and which they did nothing about, and which have been released to public at this point. Join a server and they can RCE on your machine. Another one can be triggered just from a Steam invite.
Too bad Valve makes money now and not games, they can't even get a fix out after it's been disclosed for years.
Titanfall (the original) is another one (also Source Engine underneath but rewritten by Respawn/EA), a salty hacker who was mad he was getting rekt has been taking down the multiplayer service off and on for years now.
Last I heard he was starting to hit Titanfall 2 xbox servers too (since nothing has been done after years attacking the first one, why wouldn't he escalate it further?) and Respawn just don't care, they're done with it, they make piles of money from Apex now and don't care about supporting their older stuff.
As frustrating as it is, not a whole lot of people in the video game industry really care about that, and for those that do, they can't really do that much about it.
Once a game is sold, there's not much of an incentive to keep it alive other than making sure it's moderately playable so that they manage to sell expansion packs or downloadable content. A hypothetical "someone might overflow a buffer and run arbitrary code" bug is going to be pretty low on the list compared to "all the graphics are broken on the latest nvidia driver because our code base is held together by duct tape and wishful thinking."
Even for the developers that do care about writing decent code (and a lot of them do care about making great games), after 60 hours or more a week of fixing random bugs on Barbie's Plastic Adventures, Call of Battlefield, or Mobile Lootbox Idle Clicker, there's not that much motivation left at the end of the day to work on these kinds of issues.
It’s pretty frustrating with games like TF2 that still generate significant amounts of revenue but can’t even get major security problems patched let alone basic bugs fixed. And I’m not talking about selling new copies, I’m talking about hundreds of millions of dollars a year in lootbox revenue.
Games like DotA 2 that still get attention from Valve have all kinds of broken things. Bots were endemic in certain MMR brackets for a while (might still be, no idea), and they were pretty straightforward to detect. Multiple kinds of griefing were pretty much ignored, reporting players didn't do anything for a while, and so on.
Even Rockstar had the issue about load times for GTA online, which had they even bothered to look into it, would've netted them dozens of millions of dollars.
Until there's something absolutely catastrophic like a worm that spreads through a popular online game and formats hard drives/mines bitcoin/transfers all the hats to third parties, the industry will keep on doing the same thing as usual with no care. I wish it was different, but it's not, unfortunately. I definitely understand your frustration though.
this is true, but also goes for every internet-connected service that i choose to use, as far as my IP address goes
i've been invited to random, huge discord servers to play just one game, and after the games over i usually leave the server unless i know everybody. i never have to worry about the server admin or one of his buddies deciding they didn't like me for whatever reason and DDOSing the shit out of me for weeks, forcing me to change my IP address because i didn't use a VPN.
that's just personal; it could even turn a profit if a professional gamer joined a server, several users recorded the IP address, bet against them in an upcoming game, then DDOS'd the shit out of them.
The game server admin also sees your IP address though?
So unless you are only hanging out on discord and not actually playing you are still exposing your IP address.
Also only the voice server admin sees the IP address and not every user on the server, so your scheme wouldn't really work either.
If you're in a situation where you do not feel safe by the administration team of a server, you probably shouldn't stick around. While I do understand the concern about something like this, if the admin team are people you know and trust, this data is not going to be used against you.
Trust is always important for these things, regardless of the platform. Discord didn't even have my email address for the four first four years I used it
I'm running my teamspeak instance within an LXC container on my physical host. So the only IP I do see is good old home (127.0.0.1). But admins better not use the IP-ban feature in this setup ...
I never understood what was wring people seeing my personal, private IP address...
I can call my ISP and get a new one in seconds, or turn my router off for 5 minutes to get a new one.
Not sure how using discord really solves the evil admin scenario though? Since the game server admin will still be able to see your IP Address.
I really have a hard time imagining a scenario where I can trust the game server admin, but not the admin hosting my voice server. Especially if it's some team-based game.
It is not P2P. The place where they most clearly state that as far as I can find is actually the documentation for their game SDK[1], but you can check that this is the case with netstat. In general it’s hard to get good voice or video chat with P2P connections because of the low upload of most residential internet connections, so few serious chat apps do it.
A problem is taking a company's entire Java codebase that's been running on Oracle JRE's, compiled with Oracle JDK's, written to work around Oracle bugs, for a decade, then trying to throw that on OpenJDK JRE's, compiled with OpenJDK JDK's. If it's a huge codebase then performance and runtime errors alone are concerning enough to stay frozen on 8 for as long as possible, without even considering code migration.
> just go with Fedora
I'm not disagreeing with this at all, but I do want to point out this was CentOS a couple months ago!
I'm sure you know exactly what you're talking about... but I can't really imagine what major incompatibilities you're seeing while doing these upgrades. Java is amazingly backwards-compatible in my experience. I don't think I've ever had to change anything during an upgrade, in my entire career, except sometimes a couple of minor things to do with Unsafe. I'd love to hear more and some concrete examples if you're able to.
I have no experience in upgrading Java versions or the corresponding code changes required. I have witnessed runtime differences, related to performance and GC behavior, from Oracle 8 to OpenJDK 8 that were unexpected enough to warrant temporarily sticking with Oracle in exactly one case.
That is eons ago, in Java 8 there were indeed differences between Oracle JDK and OpenJDK, this in no longer true since Java 10, even less so in Java 16.
Now, Java like C or C++, enjoys multiple implementations, so even across OpenJDK, J9, Azul, PTC, Aicas,..., there will be differences.
Having migrated some respectably sized projects to OpenJDK in my experience it's more work to migrate a codebase to a new Java major version than from Oracle to OpenJDK.
layman here. i understand that if said theoretical computer did exist, encrypted stored data using today's standards is for the most part compromised, outside of further obfuscation, which the popular opinion seems to believe only helps so much.
that means the past is compromised, with some amount of implementation afterwards. i've always wondered just how much the future is compromised.
i've always thought about encryption this way:
P = some degree of computational power
A = some small unit of P, like a laptop
B = the largest unit of P practically
possible under the same laws of physics as A
(data encrypted by A cannot be "cracked" by B in a reasonable amount of time)
so in my head, so long as a normal civilian can access qubit technology (likely questionable), encryption still works by increasing the number of rounds. what am i missing?
Quantum computers will have civilian access. They already do in fact. And the issue is that they change _the complexity_ for some algorithms so adding rounds isn't going to help.
We'll just migrate to quantum resistant algorithms like we migrated away from MD5.
CTRL+W messes me up sometimes. when i'm in split screen mode with two panes i'll often tap CTRL+W twice to switch panes. very confusing when you forget to exit insert mode.
it's nice not having to constantly lift my hand to use the mouse when i'm just looking through files and making small changes. i can keep my hands on the keyboard for up to an hour and get stuff done, so long as the task at hand only requires a command line interface and a text editor.
if you have the right of way, and you do not take the right of way, in most cases you are effectively disobeying traffic rules and disrupting the flow of traffic.
In rural areas where this is common there isn't traffic. Thus the politeness doesn't cost you anything. Also in those rural areas it is somewhat common for someone with the right away to have a reason to drive much slower than the speed limit and so giving up your right away makes things better for everyone - the other person doesn't have to try to pass you latter.
When there is traffic you giving up the right away is impolite to the person behind you and shouldn't be done. unless traffic is so heavy that you won't be able to move, and so you should give you your right away to someone who can go.
