I'm not a cryptographer (so maybe this is wrong), but my understanding is that although it's possible to modify the cipher text, how those changes modify the plaintext are very difficult (or impossible) to predict. That can still be an attack vector if the attacker knows the structure of the plaintext (or just want to break something), but since the checksum is also encrypted, the chances that both the original file and checksum could be kept consistent after cipher text modification is basically zero.
JuxtaposedJaguar
joined 1 year ago
In exchange, FF uses Google search by default. So they're also getting direct value from the deal.
The classic gonewild is a bit sexist, though. They say it's for porn of all sexes, but male posts get buried. It's fine to be female-only, but then just say that.
The real problem is the government not protecting consumers from such predatory business practices. It's almost certainly not legal, and if it is then it shouldn't be. After 3-4 companies are absolutely destroyed, companies will stop doing it.
Ever since we found out that Grindr has been tracking their users' locations at all times and then selling that data to private companies, Grindr has been dead to me.
If you care about security, use FDE. Then a text file with proper file permissions is probably fine.
Pi-hole works by giving clients non-routable addresses in response to DNS queries of known ad-serving domains. If the client (web browser, phone, smart device, etc) doesn't let you set its DNS server (as many no longer do) and doesn't obey DHCP, then you can't feed them those addresses. You could block outbound DNS traffic from all clients except your Pi-hole, but in response some clients will just refuse to work entirely. And if they require DNSSEC (or DoT/DoH with a pinned certificate), there's nothing you can do.
Customers have more power than companies would like you to believe. Politely explain the situation to customer support, and ask for a refund. If they refuse, mention that you purchased a game that was promised to work for at least several months, and you haven't received the product you paid for. Because of that, you're considering charging back through your bank. If that doesn't work, say you'll charge back if they don't refund. If that doesn't work, actually charge back through your bank. Banks are surprisingly cool about it as long as you don't do it too often. Of course, you need to buy the game directly (no account balance) from a credit card.
Just don't be a jerk to the support person, because it's almost certainly not their fault. It's also less likely to get you what you want. They'd rather give you what you want so you go away, and you just need to give them reasons that they can relay to their supervisor if necessary.
Business decisions are almost always influenced by the personal preferences of people in charge. While OP probably can't change the existing infrastructure right now, when the infrastructure is eventually changed, OP's pro-Linux input could make a big difference.
Does anyone else prefer no MOTD? You can SSH into your server without clobbering your scroll back buffer. It makes everything feel more seamless.
Isn't that also true of an encrypted checksum, though? For some plaintext block q there is a checksum r, but the attacker can only see and modify the encrypted q (Q) and encrypted r (R). How any change to Q would modify q (and R to r) can't be known without knowing the encryption key, but the attacker would need to know that in order to keep q and r consistent.