> IP based exclusion should not be considered a security measure
Apologies in advance if I'm missing something obvious here, but are you saying an IP allow list is not a standard security practice? If so I'd appreciate further explanation.
It's useful when the client always has its own static IP that _doesn't change_ between sessions. In this case, where the public facing IP may be shared by thousands of users, it provides no real security. All you'd have to do to gain access would be getting the client IP and finding some way of getting on the same network. Which in many cases could be as easy as subscribing to the same cell network or other ISP, or connecting to the guest wifi network of an office building.
Thanks for filling in the details. I agree that an IP allow list works best for users who are alone on an IP that doesn't change often, which is the case for a majority of home internet users but not when they're away from home.
Unfortunately there's an increasing number of home internet connections behind CGNat, as IPv4 adresses run out (and IPv6 doesn't gain momentum, heaven knows why)
I guess it's partially because ISPs are perfectly happy selling crippled internet connectivity as the base service and charging hefty premiums for "luxuries" like static IPs. It has also become common to only offer static IPs to business customers.
IPv4 addresses have run out, everything has been allocated, and they are now being traded.
IPv6 is slowly growing in popularity. Google stats are close to 50%. If your ISP has IPv6, you might be accessing Hacker News with IPv6 since they added support recently.
It doesn’t matter. UK education is flawed already by the time a student reach tertiary. A levels leave such a gap in people that I would go as far as adding it to the reasons for the country issues. People in the UK, even if they study at Oxford, are likely more ignorant than many Europeans having done classical studies in high school.
I am saying that these rankings are onanistic if you factor in that post industrial education has already fucked up British education. I don’t mention which country in Europe because it could be many, most of them actually have classical studies with schools up to 18-19 where you study all the subjects.
The UK system ranks a fair bit above the antiquated German system, you should be aware that there are 3 types of schools, with only one that teaches Latin etc., and the other two of them are considered shit, one German even told me that if you go to the lowest level of secondary school, your best bet is to just kill yourself. But it's certainly neat meeting lots of young Germans who studied Latin in school but nevertheless know absolutely no Latin once you ask them about it. Fabulous system.
Then explain why people from southern Europe who can stomach English weather can come to London with a 2:1 degree or lower bachelor degree, speaking a language that its not theirs and compete on the job market with people with a 1st degree from a brick lane university?
Also those people don’t say full fat coke referring to a regular coke because they did biology instead of just math and physics from 15 years old and don’t have £80k of student loan to repay.
UK is suffering from the education it offers its people.
This is apparent in the law system having to be super simple to be understood to a point that it is not fair. For example, the £100k treshold for child benefits that is per person instead of per family income because people would struggle to follow it.
There are many examples to this. I wish all British people would speak another language properly and spend some time in continental Europe instead of comparing themselves to USA on matters of education and welfare.
What is there to explain? Your examples make no sense, aren't even bad things, or are purely anecdotal. For example, that smart people from Southern Europe can move to London and thrive is something Britain can be proud of. There certainly aren't any immigrants moving to any continental European countries and getting the top jobs, they're invariably reserved for the locals. The fat coke thing is nonsense, it's just a turn of phrase, that you never came to understand that says more about you than anyone else. Having a shit tax system like the household vs personal income thing is nothing unique to Britain. And if Britain was so uniquely poorly governed, the continental countries would be wildly better governed, but they're not. Some are, some aren't.
Anyway I don't know what happened to you in the UK but I'm sorry that it did.
I am just in the 1% top UK earners working 25 hours a week from the comfort of my sofa with my average European education, broken English and working class background.
I feel shame for how easy was for me to get a great life in this country when most locals struggle with social mobility.
I get that full fat coke is an idiomatic phrase but it stems from honest ignorance towards macronutrients. I am a diabetic type 1, I had to explain that carbohydrates and alcohol can affect your blood like sugar to endless British people lol
Please, if you are monolingual and monoculture, just have some healthy skepticism about well eradicated habits in this society. That’s what I want to inspire in my friends
I lived here for over 20 years. Speak other two languages natively because my parents were from two different European countries. This is an informed opinion not hearsay!
> I get that full fat coke is an idiomatic phrase but it stems from honest ignorance towards macronutrients
You don't understand. It's literally just a reference to full-fat and semi-skimmed milk, like a small joke. It's OK to not understand, you're not from the UK, but it's a bit outlandish to turn your own failure to understand a very basic joke into grand claims about British education lol.
I think you've just been living in the UK too long and should probably go home. You sound completely depressed. 20 years in a country you hate populated by people you despise sounds like Hell. It's not too late to make a change. Where's home for you then?
I don’t hate UK, otherwise I wouldn’t be so critical about it, I wouldn’t care if I hated it.
It’s okay if you wanna keep the head in the sand. I get it. It’s better if you don’t know any better. People who are themselves ignorant cannot see other people gaps.
Btw look up the reasons Coca Cola rebranded the Coke Zero to Coke Zero Sugar, and why it all stemmed from UK.
I live in Germany and speak German so that criticism doesn't really apply to me and as far as I'm concerned you're not talking about me, just my home country.
But yes, you hate the UK clearly, though I guess you predictably now refuse to admit it to the person you're trying to troll, because that would be far too vulnerable. To admit to me now that you've indeed wasted 20 years of your life in a country you hate is absolutely tragic, that's a life wasted right there, and there's no way of getting that time back. No wonder you're so angry.
> People who are themselves ignorant cannot see other people gaps
Literally seeing other people's gaps is the easiest thing of all lol, another gem from you, the enlightened continental European who nevertheless refuses to say where they're from (quite cowardly I might add, after all, why do you care what I think?). That's how we can critique, for example, top level footballers despite not necessarily being any good at football ourselves. It's introspection that is hard.
Yes but SHA1 collisions are easy enough to engineer, so even then compromise is probably possible.
(I don't know how hard it is to push a different object to an existing SHA on GitHub—I'm guessing that you probably have to remove all references to the original object at that SHA?)
SHA1 collisions are easy, but nobody has publicly revealed a second-preimage attack. With a collision you create two inputs that hash to the same output, with a second-preimage attack you are given one existing input & have to find a second input that hashes to the same output. Collisions are much easier since you can control both inputs.
That's a good point. Setting up a benign release first that you have engineered a same-hash malicious release you can swap in later is a higher bar than gaining control of a repo and immediately replacing a popular release.
On its own, immutability isn't a complete solution to supply chain attacks. Software still needs to be updated and those updates could contain malware too.
You need immutability and something like sandboxing where actions cannot e.g. dump the memory of the runner process to steal secrets.
The alternative is vetting every single line of code in every dependency and every subdependency perfectly for every update, which is not realistic.
I don't care too much about the hardware spec. That's not why you buy a Nintendo. I hope Nintendo modernizes its software. I am talking about the UI and its multiplayer user experience.
Preventing any modern chat/voice feature under the excuse of wanting to protect children from online danger is a laughable as it is solvable by expanding the parental control features.
I am optimistic regarding this as Nintendo seem have turned its vision to taking a bit more risks as hinted in games like Super Mario Wonder that try to innovate in the multiplayer space. You'd say that that is not much but very few would have foreseen such a move from Nintendo.
