Still annoying that the app is not available globally, just prevent the creation of accounts by checking the location? Moved abroad where Claude is available, but still have an EU App Store account because you can't easily switch countries with existing subscriptions, especially music.
I think there’s a setting to enable cloud storage, so as long as you’re logged into Firefox Sync/Chrome it can be synced but has to be triggered manually to sync/merge the filter lists.
I've got that set up, but it doesn't seem to work: https://github.com/gorhill/uBlock/wiki/Cloud-storage I've followed the steps carefully a coupe of times, but still no luck. The page does include the caveat "Cloud storage services offered by specific browser vendors have limitations and quirks and are out of the control of uBO" which seems to be the case for me.
> If syncing is enabled, the data is synced to any Chrome browser that the user is logged into. If disabled, it behaves like storage.local. When the browser is offline, Chrome stores the data locally and resumes syncing when it's back online. The quota limitation is 100 KB approx, 8 KB per item. Consider using it to preserve user settings across synced browsers.
Yes, same browser since uBO just uses the `browser.storage.sync` API.[1] The sync storage is quite limited but uBO compresses the data to make the most of the limited storage.
Are there any somewhat easy-to-use solutions to isolate a development environment? Preventing or at least decreasing the damage malicious packages could do? Like deleting files or uploading a private ssh key/keychain to a 3rd party server?
I was looking into things like GitHub Codespaces, I believe they're isolated per repository and integrated into VS Code, but I'd like something I could run on my machine or a server of mine.
Seriously, but make multiple user accounts on your computer. That's the traditional UNIX way of enforcing isolation, and it goes back to the days of hundreds of people sharing one single UNIX machine.
I wanted to like Vultr. I gave them a fair chance but then they changed the IP on my VPS without telling me. It changed from a Swedish IP to an American IP overnight and left me confused in every way.
Everything broke and support wasn't willing to explain what happened. It felt like they decided my account was suspicious and they routed all my traffic through some firewalled/monitored egress to inspect my traffic. I couldn't even SSH in, I had to go the the dashboard and grab the IP they had reassigned to my host.
Really? That sounds extremely shitty. As a customer of Vultr, it makes me a bit scared, but during the 5~ or something years I've used them, that never happened to me.
You'd be doing everyone a service by continuing to dig out a reason for why that happened, and if they don't provide it, lambast them over social media or something so they do provide some sort of justification.
It happened probably 6-7 months ago and worse yet, services I had downstream actually were sensitive to the geolocation of the caller. Fortunately I caught it quickly enough when someone I was working with tried to SSH into the host and couldn't.
Surely the account was being paid via cryptocurrency however it was already verified through the linking of an actual traditional credit card like they required.
Tailscale is just great! It's so easy to use, I have it running on all my devices and servers, so I can connect to them from wherever I want, and with the "Exit Node" feature you can also select a system to route all traffic through (and switch easily between them, at least on mobile).
Tailscale still takes some rather drastic measures to make itself work magically which have occasionally broken other things.
For instance, I can't connect to a work VPN (vpnc) properly while tailscaled is running because Tailscale hijacked my resolver entirely. It does that even on resolved.
Concurring with Tailscale's ease of use, though for mobile clients I found it was more reliable to have a wireguard accessible tailscale peer rather than rely on Tailscale's app.
I'm not, but just yesterday or the day before I was thinking maybe I'd write a simple application to take the URL and make decisions what to do with it afterwards based on whatever data I decide is relevant (time of day, domain, etc). If I had access to what the source application was that would be ideal, but I doubt Windows 10 supplies that.
Lots of bug bounties are really just hush money, that you have to sign an NDA to get.
Always just publish your research. You can optionally offer it privately to the affected party in advance, but don't agree to any TOSes to do free work.
Yep, you should really give up significant income from companies that do responsible vulnerability disclosure in the name of a random HN's commenter's values.
I assume lots of bug hunters (especially those from third world countries or those currently unemployed) depend on the bounty money to support their livelihoods.
That’s a bit like hitting the slots to support your family. Not only do you have slim chances to find anything that pays out a worthwhile sum, even if you do find such a bug they might come back with a “sorry, already reported”. If they get back to you, that is.
This is why I think a third party bug bounty middleman service is inevitable. They will be better equipped to exact appropriate remuneration and develop relationships.
Companies should be trying really hard to avoid this happening by offering better rewards with less hoops to jump through.
Agree. It is a business opportunity. It will have to be a US based company as only those will have enough funding to both fight the legal fights and lobby for legal protection.
For the first few years the company will be considered a level just above common criminals. After a few while, they will be considered an essential consumer protection service.
Any corporate is going to make you sign something to receive the cash. The terms would not normally be as strong as an NDA though, otherwise we wouldn't see any bounty reports.
It is. But the subscription money is not the worst. You also have to agree to the terms of the developer account to open the account. Which means it will change the terms of your relationship with Apple before even getting any penny.
