• 0 Posts
Joined 4 months ago
Cake day: March 3rd, 2024


  • Nougat@fedia.iotoLinux@lemmy.mlWhy do you still hate Windows?
    20 hours ago

    The PIN is stored locally on the machine only. It doesn’t get synced with anything anywhere. It’s actually much safer to use a PIN for authentication because it’s four digits that you (well, maybe not you) don’t have to write down, and the only time it works is on the physical machine. The user account password can be long and/or complex, but if you’re only ever authenticating at the keyboard, all you have to remember is the PIN.

  • Nougat@fedia.iotomemes@lemmy.worldBasic American etiquette
    23 hours ago

    The Breakfast Gun goes on whichever side the diner’s firing hand is.

    Edits below!

    After some discussion and reflection, I agree with @[email protected] that the Breakfast Gun would indeed go on the left, “to show you plan for a peaceful meal.”

    Furthermore, presentation of Firearms depends on the level of dining:

    At a polite table, guests are expected to lay their Meal Arms down holstered, so as not to soil the table linens. Placing a Meal Arm directly on the tablecloth is a sign of disrespect.

    At a formal table, a Firearm Napkin will be provided for each diner. This allows diners to display their Meal Arms openly without soiling the linens.

    At a “high table,” Meal Arms will be provided by the host. These Arms, while fully functional, are adorned with many engravings and flourishes, as a demonstration of the host’s status, and the diner’s status as a guest at the table.

  • I’ll throw some more detail, still working from the “your computer” side.

    Your computer is almost certainly configured with a couple of DNS server IP addresses, belonging either to your ISP, or to some publicly available DNS server. When you’re going to www.hotmail[.]com, your computer just asks a DNS server that it is configured to ask - it doesn’t go to a root server (although it could, every computer is configured with root server IPs).

    But even before that, your computer first looks to its HOSTS file. That’s a local file that contains manually configured matches between DNS hostnames and IP addresses. Under normal circumstances, this HOSTS file would be empty, but it’s there. Side note: DNS (Domain Name System) is what replaced HOSTS files. Prior to DNS, a university network (for example) would distribute a hosts file for everyone to put on their computer, and that was it.

    Okay, www.hotmail[.]com isn’t in my hosts file, what next? Not a DNS server yet - next your computer will look to its local cache. You visited www.hotmail[.]com a couple hours ago, you haven’t rebooted yet, computer looks in its local cache and uses whatever it finds there.

    Not in the local cache? Now your computer asks the DNS server its configured to ask for everything. That DNS server has its own cache, so if anyone has asked it for www.hotmail[.]com recently, it already has it, and returns an answer to your query.

    If that DNS server doesn’t have the entry cached, it may be configured with forwarders. This essentially means “If I, a DNS server, don’t have a listing in my own cache, I will always pass the query to my forwarder instead of going to a root server.” There may be multiple layers of this kind of behavior, maybe the next DNS server even knows who’s authoritative for hotmail[.]com, and says “go ask them.”

    The last word, though, is always the root servers. Root DNS servers are authoritative for ‘.’ and they contain lists of TLDs and the DNS servers authoritative for those.

    Another thing to be aware of is that if a computer doesn’t have an IP address for a particular hostname (and it is not configured with a DNS server to ask for everything), it only returns “go ask this other DNS server” to the computer making the query, and then that computer goes and makes the full query to that DNS server.

    It is also important to make sure that the DNS server(s) your computer is configured to use are themselves trustworthy. “Dan’s Totally Not Sketchy I Promise Public DNS Server” could very easily be configured to believe it is authoritative for the hotmail[.]com domain, and hand you whatever IP address it is configured to hand out from its own “Totally Authoritative I Promise” zone file.

    And I forgot about TTL (Time To Live). TTL is measured in milliseconds, and generally speaking, only gets as short as fifteen minutes. If a cached record is older than the TTL, then the DNS server (or your local cache) will discard it and go ask for a fresh one. This does not apply to hosts file entries, or to static entries in an authoritative DNS zone file; those never expire.

  • Something which has not been mentioned yet - Russia controls DNS resolution for any .ru site, and here’s how that works:

    When you browse, say, www.yandex[.]ru, your computer needs to know the IP address of a server that hosts that site. Let’s say you are not using an ISP or public DNS server to get your name resolution from DNS hostname to IP address. (All of the following is essentially still what happens, just with a less complicated explanation.)

    First, your computer contains a list of root DNS servers. Every DNS query starts with a root server, and those root servers are associated with the often-excluded ‘.’ at the end, like “www.yandex[.]ru**.**” - that trailing dot at the end always exists, we just don’t type it.

    The root server says, “Here’s a DNS server which is authoritative for the .ru top-level domain, go ask them.”

    Then your computer asks the .ru DNS server where to find www.yandex[.]ru, and the .ru DNS server says “Here’s the server that is authoritative for the “yandex” subdomain under .ru, go ask them where their “www” host is.”

    Then your computer asks the yandex[.]ru DNS server where to find www.yandex[.]ru, then that DNS server says “Here’s the IP address that goes with that hostname,” and your computer asks the server at that IP for the website.

    Again, Russia controls DNS resolution for anything at .ru. All they would need to do for any subdomain beneath .ru is provide their own authoritative DNS server for yandex[.]ru - or for any other whatever[.]ru DNS name. They could then redirect all browsing traffic to anything under .ru to anything they wanted.

    Those FBI takedown pages? This is exactly how that is done. The FBI doesn’t reconfigure a server at the “correct” IP; they redirect DNS for the subdomain to their own IP and own web server in order to display the takedown page. That operation is performed within legal limits, but from a technical perspective, such an operation could just as easily happen outside of legal limits, especially when the party trusted to properly respond to DNS queries is Russia.

    tl;dr: Russia can very easily redirect any traffic to any .ru site to anywhere they want.

  • Nougat@fedia.iotomemes@lemmy.worldPls Respon
    13 days ago

    I worked in IT for a company that did the warranty financing for about four months many years ago - so I wasn’t directly involved in the scamtacular stuff. There were actually two sides to that business. The commercial warranty financing was legit: businesses that needed to have warranties on expensive construction equipment (for example) would finance through us, because those policies were expensive.

    Once I figured out exactly what was going on on the consumer warranty financing part, I was looking for another job. And then some other company came in and bought the consumer part, lots of people got laid off, and while I was not one of them, it hastened my exit.

    The whole thing on the consumer side is just barely this side of legal, but it is most definitely not ethical. Most of the people who were on the hook for these policies were just being preyed upon and squeezed for money. Lots of elderly, lots of lower income people just looking for something to protect themselves, lots of people with mental health issues.

  • Nougat@fedia.iotomemes@lemmy.worldPls Respon
    13 days ago

    Who wants to hear all about why that extended warranty industry exists? Because I know.

    Okay, a couple of votes, here goes.

    First, let’s talk about what an extended warranty is. It is an insurance policy. There is a deductible. The amount you pay for this policy is the premium, just like any other insurance policy. When something breaks on your car, you make an insurance claim. This may be “you pay for the repair, parts and labor, and then make the claim yourself”; it can also be "the shop gets authorization from the warranty insurance company, and proceeds with the repair, then the check for the claim goes directly to the shop (with you paying the shop directly for the deductible and whatever the insurance company didn’t pay for).

    Sounds like a kind of good deal, right? Insurance to pay for car repairs, just like you have insurance to pay for healthcare. Hold your horses.

    There are two kinds of automobile extended warranties: inclusive and exclusive. An inclusive warranty only covers items included on a list of covered items. These are generally bad, because the list of items covered is generally things that aren’t going to fail anyway, or if they do, will not cover necessary associated parts or labor, which makes it less likely that an owner would complete the repair work. Generally, things like “hoses” are not on the list, which gives the insurance company the power to deny coverage of an air intake “hose” or a power steering “hose” or an AC refrigerant “hose” – even though those things (and frankly regular old coolant hoses anymore) have very long lifespans.

    An exclusive warranty covers everything not on a list of items. These kinds of coverages can be all right, as the list of non-covered items generally specifies wear and maintenance items. If you are buying a car from a dealership, new or lightly used, you may be offered such a policy, and it may be suitable for you - but read all the details in the contract.

    The shady spam call extended warranties will always be inclusive policies, and they are never worth buying.

    That’s it, right? Scammers sell shitty policies and avoid paying claims? Nope, we’re not done yet.

    Remember how these are insurance policies? Just like homeowners insurance, comp/collision/liability insurance, if you cancel the policy before the term is up, you get a prorated amount of money back from the insurer. If your policy costs $1000, and the policy is for five years, and you cancel after 2.5 years, you get $500 back. Since these are insurance policies, you can do that with these extended warranties as well, but that is never advertised. Keep that bit of information about cancelling in the back of your head for now.

    So a scam caller gets a mark on the phone, gets them half interested in this “extended warranty” (by failing to identify it as an insurance policy and by overstating what it actually covers). But the mark doesn’t have $2500 (they’re always way too expensive). Not a problem, you can make monthly payments! All you have to do is pay 10% now, then small monthly payments for … kind of forever! This is called financing.

    One, when you finance an extended warranty, you’re paying interest on top of the premium, because you are essentially taking out a loan to pay the full premium cost, and then paying off that loan. The scammer transfers you to their “finance department” to finalize everything. This is probably an entire different company which only finances extended warranties. (I worked for one, briefly.) At no point do you ever find out that you are taking out a loan. They don’t pull credit, you don’t have to “qualify” beyond paying the 10% right now. Why is that?

    Remember about cancelling and getting refunded? The loan is collateralized with the insurance policy. You pay the 10% right now, and if you never make another payment, the lender simply cancels the policy, and the lender receives the refund for the unused portion of the policy term. And they’ve made at least some profit, because that 10% “down” covers more than the first several months of policy payments. Every additional loan payment is 100% gravy for the lender, so they will run their own in-house collections department (probably one or two people) who will call and angrily harass the mark incessantly.

    Scam caller gets their “commission” for selling the policy, insurance company gets paid for some amount of policy term (which probably hasn’t had any claims made against it), loan company gets some profit from their “efforts,” and the mark is out at least $250 and gets collections calls for the rest of their life.