AMD changes rules, denies researcher $10,000 bounty after taking 124 days to patch security flaw
4d 13h ago in technology from www.techspot.comThey use https now, but use CRC for signature verification:
AMD told MrBruh that all update communications now use HTTPS and that updates undergo signature verification. The researcher says he verified the HTTPS claim, but found only a CRC32 check on the downloaded executable, which is not considered a cryptographic signature.
I could be wrong here, but I believe they should use a combination of SHA256 and PGP for signature verification.
The problem with using CRC32 is it reversible and has high collusion rate. An attacker can easily make a file the generates the same hash. This tool a few minutes of searching online. It appears that people who work at AMD don't even know how to do proper research. All they have to do is look up how to make a secure updating process.
'Fired? But I Maintain All the Software!' Light Novels Get TV Anime
5d 2h ago in anime@ani.social from www.animenewsnetwork.comI bet we will be getting stuff like this more often. Can't wait for "I can teleport now, I don't have to be stuck in traffic. I now can have a life" Anime.
'Fired? But I Maintain All the Software!' Light Novels Get TV Anime
5d 2h ago in anime@lemmy.ml from www.animenewsnetwork.com
Silicon Valley's AI elite are shelling out as much as $6,000/hour for 'nerdy escorts' who can talk tech and crypto
5d 7h ago in technology from finance.yahoo.comI don't think there is any fucking involved, probably lots of crying though.
[DISC] Ubunchu! Chapter 1
5d 16h ago in manga@ani.social from mangadex.org
Relatable
5d 17h ago in FunnyPanels@ani.social from lemmy.dbzer0.com
All nose
5d 18h ago in FunnyPanels@ani.social from lemmy.dbzer0.com
Don't mind the egg
5d 18h ago in FunnyPanels@ani.social from lemmy.dbzer0.com
Practice makes perfect
5d 19h ago in FunnyPanels@ani.social from lemmy.dbzer0.com
Gotta Catch 'Em All
5d 19h ago in FunnyPanels@ani.social from lemmy.dbzer0.com
Meaningful
5d 20h ago in FunnyPanels@ani.social from lemmy.dbzer0.com
LibreOffice slams Euro-Office as ‘de facto ally’ of Microsoft
6d 2h ago in technology from blog.documentfoundation.orgI believe they are using a modified version, not 100% sure. But in my opinion they should let the user decide on install.
https://news.ycombinator.com/item?id=47559056
I honestly blame ISO they should have never approved this format. https://www.ip-watch.org/2008/04/01/office-open-xml-officially-approved-as-international-standard/
Teardown Confirms the Trump Phone Is a Gold-Painted HTC U24 Pro
6d 2h ago in technology from www.ifixit.comYes, with truth social pre-installed
Bluesky Is Bringing Reddit-Style Communities Later This Year
6d 3h ago in technology from www.androidheadlines.comI have an account but I forgot the password and I used a throw away, so I can't get it back. The problem with blusky it didn't advertise itself very well, not many people even know it exists simular to Lemmy.
Sonarr downloading .exe
12d 3h ago in piracy@lemmy.dbzer0.comThere is a fee but it is negligible, you just need to buy on sales. As for indexers just get a one or two life times and it will pay itself over time. I only have one subscription indexer, the rest are life time.
This is last year's black Friday sale: https://www.reddit.com/r/usenet/comments/1p3ajl6/_/
Never buy usenet full price
You can get it some usenet providers for as little as $30 year which is $2.5 a month, maybe ever cheaper.
Lots of them offer trials if you just want to try it
Lime is the issue, I removed it for this exact reason. I mainly use usenet if I want torrents I will look for it manually. Usenet is way safer than torrents from my experience.