It's sort of happening already. Members of FIDO threatening to block KeepassXC users [0] from logging in, unless KeepassXC complies with FIDO demands regarding specific implementation
Why not? That's exactly what we did when we ventured onto the high seas and across unknown continents. The spirit of adventure and all that. I'm sure you'd have many thousands of volunteers.
Do you have the same attitudes towards helmets whether you're walking on the street or riding a motorcycle? I'm assuming not, because you understand they are different risk profiles.
When risk profiles differ, so do the mitigation strategies. One of the ways spaceflight manages different risk profiles is by implementing a risk-based approach. For example, NASA classifies their software risk based on probability and severity. When risk is high, they leverage more requirements and more oversight as a way of mitigating the risk to an acceptable level.
What you seem to be insinuating is we should be willing to accept more risk. While I agree in principle, the hard part is getting stakeholders (from astronauts to contractors, administrators, politicians, and taxpayers) to agree. They get a say, too.
It is possible they received a reward, it just isn't publicized.
"The decision to pay a reward is entirely at our discretion. You must not violate any law. You are responsible for any tax implications or additional restrictions depending on your country and local law. We reserve the right to cancel this program at any time."
Their keyboards, while pretty, are made of cheapest ABS plastic. One of my keys became stuck just 2 months after the purchase, because of the crack on the keycap fitting. Corsair also refused to replace it.
That's the really bizarre thing... I came here to ask about it after getting confused when the article implied this (30 tests, 30 different residential IPs). It seems like this shouldn't work at all if connections to the Disney plus site involve any kind of state.
Is this a content-unblocking exception, and normally everything is routed through the same NordVPN edge server? Assuming that's the case, this seems like a great way to get your account banned at Disney plus the moment they decide to crack down on this. Assuming you have a session ID cookie with the site, no legitimate user is going to be sending that cookie from a different IP address on every page load. This should be very easy for them to catch.
Does it still works if you use DNS over HTTPS ?
I'm curious to see if the traffic is redirected because they dectected disneyplus.com DNS request or if it's destination IP based
If it uses a new IP for each new request, that's a way to block this, is it not? Normal traffic will mostly keep the session on the same IP, not have a new one for each new request.
> You don't have to worry about cache rules, but what about your bill with Cloudflare?
> 5$/month plan is kinda open ended, you pay for each request above included in the plan (0.5$ for 1 million requests)
> With a high-perfomance language like Golang for example, I could write a script that's making 500req/second to your site. That would cost you 20$/day.
> With Github Pages it wouldn't cost you anything (or they might disable your page if it costs too much bandwidth, not sure)
500req/s would result in you being ratelimited by the global worker ratelimit though unless you distributed these requests across multiple IPs.
This is not metadata analysis resistant, so Mozilla could still technically see who is sending files to who (unless you use Firefox Send in Tor Browser - not sure how well that works).
That's not to say this service isn't useful, but it's not a drop-in alternative to OnionShare.
Because it's stored and that would require a round trip to your auth server on every request. Plus, its security requirements are far higher than the access token, so you don't want to be flinging it all over the internet. It only ever goes between your users and your auth server.
My AdWords account got locked a few years back. It was my first attempt to try AdWords on my website. I've loaded around $20 and it almost immediately got locked (not a single ad was shown/clicked). I could never unlock it or retrieve my money from it. So Google has my 20 dollars now.
I recently got a letter in the mail (from EY if I recall correctly) who on behalf of Google, asked me if I wanted to collect the unused balance from an inactive account (with options on how to receive said funds), otherwise it will go to your states' unclaimed funds. Perhaps check there to see if it got sent there?
Whoops, yeah, I guess it depends on how many years back it was. I guess it's better advice for what to do when it happens. That said, I know at least bank's website allows disputing transactions over a year old but I'm not sure if they allow over 2 years or not (you may have to call).
[0] https://github.com/keepassxreboot/keepassxc/issues/10407#iss...