Yo peeps, I'm currently looking into TCF Vendors, Ad partners and their whole corporate greed hellhole of tracking. I am writing a paper on this, and would like for everything to be factually correct. However, I am struggling to understand one particular part of this "transparency framework" and hope someone can help me clarify on cookie-duration.

As seen in the first thumbnail, the cookie duration is listed as 180 days. However, upon selecting > Storage Details, each cookie is displayed in further detail. In this detailed section, there are additional cookies with duration as high as 1825 days, not 180... So which is it? Currently, I'm (obviously) assuming the worst, as in, it being 1825 and not 180 days. There are additional cookies on this list, see spoiler below, that have cookies with the duration of 180 days. Why are the cookies with the highest duration listed on the first page? And if the answer is that "it would look worse", then they also have cookies with lower amount of days than 180 that could have been used. There are multiple cookies with different durations, do all of them count?

If needed here is a spolier that includes all the cookies in detail from the Exactag GmbH vendor.

Exactag GmbH - Storage details

Name: exactag_new_adoptout
Type: Cookie
Duration: 1825 (days)
Domain:
Purposes:
Store and/or access information on a device
Refreshes Cookies: No

Name: exactag_new_ccoptout
Type: Cookie
Duration: 1825 (days)
Domain:
Purposes:
Store and/or access information on a device
Refreshes Cookies: No

Name: exactag_new_optout
Type: Cookie
Duration: 1825 (days)
Domain:
Purposes:
Store and/or access information on a device
Refreshes Cookies: No

Name: exactag_new_cpv
Type: Cookie
Duration: 1 (days)
Domain:
Purposes:
Store and/or access information on a device
Measure advertising performance
Measure content performance
Refreshes Cookies: No

Name: exactag_new_gk
Type: Cookie
Duration: 60 (days)
Domain:
Purposes:
Store and/or access information on a device
Measure advertising performance
Measure content performance
Refreshes Cookies: No

Name: exactag_new_uk
Type: Cookie
Duration: 180 (days)
Domain:
Purposes:
Store and/or access information on a device
Measure advertising performance
Measure content performance
Refreshes Cookies: Yes

Name: exactag_new_user
Type: Cookie
Duration: 180 (days)
Domain:
Purposes:
Store and/or access information on a device
Measure advertising performance
Measure content performance
Refreshes Cookies: Yes

Name: session_session
Type: Cookie
Duration: Uses session cookies
Domain:
Purposes:
Store and/or access information on a device
Measure advertising performance
Measure content performance
Refreshes Cookies: No

Let me know if any additional information is needed.

cross-posted from: https://lemmy.zip/post/14764738

Helldivers 2 Players Express Frustration On Steam As It Will Soon Require A PSN Account

Thought I'd share this beautiful source of hilariousness! These are quotes/discussions from IRC, saved for a reason. Worth checking out if you need cheering up.

Here's one of my favs from the list:

#104383 +(16153)- [X]

bloodninja: Baby, I been havin a tough night so treat me nice aight?
BritneySpears14: Aight.
bloodninja: Slip out of those pants baby, yeah.
BritneySpears14: I slip out of my pants, just for you, bloodninja.
bloodninja: Oh yeah, aight. Aight, I put on my robe and wizard hat.
BritneySpears14: Oh, I like to play dress up.
bloodninja: Me too baby.
BritneySpears14: I kiss you softly on your chest.
bloodninja: I cast Lvl. 3 Eroticism. You turn into a real beautiful woman.
BritneySpears14: Hey...
bloodninja: I meditate to regain my mana, before casting Lvl. 8 chicken of the Infinite.
BritneySpears14: Funny I still don't see it.
bloodninja: I spend my mana reserves to cast Mighty F*ck of the Beyondness.
BritneySpears14: You are the worst cyber partner ever. This is ridiculous.
bloodninja: Don't f*ck with me bitch, I'm the mightiest sorcerer of the lands.
bloodninja: I steal yo soul and cast Lightning Lvl. 1,000,000 Your body explodes into a fine bloody mist, because you are only a Lvl. 2 Druid.
BritneySpears14: Don't ever message me again you piece of ****.
bloodninja: Robots are trying to drill my brain but my lightning shield inflicts DOA attack, leaving the robots as flaming piles of metal.
bloodninja: King Arthur congratulates me for destroying Dr. Robotnik's evil army of Robot Socialist Republics. The cold war ends. Reagan steals my accomplishments and makes like it was cause of him.
bloodninja: You still there baby? I think it's getting hard now.
bloodninja: Baby?
--------------
BritneySpears14: Ok, are you ready?
eminemBNJA: Aight, yeah I'm ready.
BritneySpears14: I like your music Em... Tee hee.
eminemBNJA: huh huh, yeah, I make it for the ladies.
BritneySpears14: Mmm, we like it a lot. Let me show you.
BritneySpears14: I take off your pants, slowly, and massage your muscular physique.
eminemBNJA: Oh I like that Baby. I put on my robe and wizard hat.
BritneySpears14: What the f*ck, I told you not to message me again.
eminemBNJA: Oh ****
BritneySpears14: I swear if you do it one more time I'm gonna report your ISP and say you were sending me kiddie porn you f*ck up.
eminemBNJA: Oh ****
eminemBNJA: damn I gotta write down your names or something

Hi, reaching out here, as I assume and hope that this community is the one that has the better knowledge on the use of API keys.

I'm currently investigating a couple of free VPNs, e.g. APKs, for my thesis. I've stumbled upon many of these VPNs leaving API keys, auth key etc.. hardcoded into the app. However, one API key in particular is the one used by android.gms.internal.ads. This key is present in multiple different apps, not just VPN apps, but other complete random apps. Now, I am no programmer, and that's why I'm asking for some pointers to get a better understanding of this. How come this API-key, belonging to a Google Service, is present in so many different apps? I've tried to look it up, and found another malware report from 2021, that highlight finding the same API-key.

The API Key is: AIzaSyDRKQ9d6kfsoZT2lUnZcZnBYvH69HExNPE

Code example key being found in;

public final class zzadt {
    private static zzacy<String> zzdfw = zzacy.zzh("gads:safe_browsing:api_key", "
AIzaSyDRKQ9d6kfsoZT2lUnZcZnBYvH69HExNPE
");

Is there a good reason for this API key being reused so many times? Appreciate any pointers or help!

Just discovered that this feature is not available for Unlimited subscribers, but it is for Mail Essentials? Why would they not include this for the Proton Unlimited users? This is a bit infuriating tbh.

Hi, so am doing some research on some free vpns, and in one of them found a random google drive url, that downloads a "pu.pj" file. While the internet says .pj files belong to a nintendo64 emulator, I am not able to use it to open the pj-file. The contents of the pj- file is a 4608 long of ASCII characters. Which i've tried to decode but dont seem to be able to. However, the Linux command "file -C pu.pj" does give a bunch of strings, but it contains a bunch of random stuff, im not sure what to make of it. Anyone able to help me pinpoint this?

(ill re-upload if necessary) The contents of "pu.pj" here: https://paste.centos.org/view/953ab256 The contents of "file -C pu.pj" here: https://paste.centos.org/view/abfbdefc

This project looks highly interesting, so thought I'd share it as I haven't seen it mentioned on Lemmy yet.

Make your web services secure by default, fool attackers and protect your web services with the open source BunkerWeb solution.

• Github Link: https://github.com/bunkerity/bunkerweb
• Project Link: https://www.bunkerweb.io

BunkerWeb is a next-generation and open-source Web Application Firewall (WAF). Being a full-featured web server (based on NGINX under the hood), it will protect your web services to make them "secure by default". BunkerWeb integrates seamlessly into your existing environments (Linux, Docker, Swarm, Kubernetes, …) and is fully configurable (don't panic, there is an awesome web UI if you don't like the CLI) to meet your own use-cases . In other words, cybersecurity is no more a hassle. BunkerWeb contains primary security features as part of the core but can be easily extended with additional ones thanks to a plugin system.

Concept

Integrations

The first concept is the integration of BunkerWeb into the target environment. We prefer to use the word "integration" instead of "installation" because one of the goals of BunkerWeb is to integrate seamlessly into existing environments. The following integrations are officially supported :

• Docker
• Docker autoconf
• Swarm
• Kubernetes
• Linux
• Ansible
• Vagrant

Demo

A demo website protected with BunkerWeb is available at demo.bunkerweb.io. Feel free to visit it and perform some security tests. There is also a video demo available: https://yt.drgnz.club/watch?v=ZhYV-QELzA4

cross-posted from: https://slrpnk.net/post/8966140 Zoraxy describes itself as:

"General purpose request (reverse) proxy and forwarding tool for networking noobs. Now written in Go!".

Yet it seems to be packed with goodies and features, such as Geo-IP & Blacklist, ZeroTier controller integrated GAN, IP Scanner, Real Time Stats and even built in Uptime monitor. Addtionally, it can run via a single binary for those who don't want to rely on Docker. There is also an Unraid Template available from IBRACORP. Lastly the project is under the AGPL license 🌻

I also checked, and saw this was recommended on this community 9months ago, but didn't seem to get much attraction then. Has anyone tried this yet? It seems like a good alternative to say NGINX proxy manager and am wondering if I should switch, but wanted to hear thoughts first!

Zoraxy's Github list the following features:

Features

• Simple to use interface with detail in-system instructions
• Reverse Proxy (HTTP/2)
  • Virtual Directory
  • WebSocket Proxy (automatic, no set-up needed)
  • Basic Auth
  • Alias Hostnames
  • Custom Headers
• Redirection Rules
• TLS / SSL setup and deploy
  • ACME features like auto-renew to serve your sites in https
  • SNI support (one certificate contains multiple host names)
• Blacklist / Whitelist by country or IP address (single IP, CIDR or wildcard for beginners)
• Global Area Network Controller Web UI (ZeroTier not included)
• TCP Tunneling / Proxy
• Integrated Up-time Monitor
• Web-SSH Terminal
• Utilities
  • CIDR IP converters
  • mDNS Scanner
  • IP Scanner
• Others
  • Basic single-admin management mode
  • External permission management system for easy system integration
  • SMTP config for password reset

Screenshots

cross-posted from: https://slrpnk.net/post/8966140 Zoraxy describes itself as:

"General purpose request (reverse) proxy and forwarding tool for networking noobs. Now written in Go!".

Yet it seems to be packed with goodies and features, such as Geo-IP & Blacklist, ZeroTier controller integrated GAN, IP Scanner, Real Time Stats and even built in Uptime monitor. Addtionally, it can run via a single binary for those who don't want to rely on Docker. There is also an Unraid Template available from IBRACORP. Lastly the project is under the AGPL license 🌻

I also checked, and saw this was recommended on this community 9months ago, but didn't seem to get much attraction then. Has anyone tried this yet? It seems like a good alternative to say NGINX proxy manager and am wondering if I should switch, but wanted to hear thoughts first!

Zoraxy's Github list the following features:

Features

• Simple to use interface with detail in-system instructions
• Reverse Proxy (HTTP/2)
  • Virtual Directory
  • WebSocket Proxy (automatic, no set-up needed)
  • Basic Auth
  • Alias Hostnames
  • Custom Headers
• Redirection Rules
• TLS / SSL setup and deploy
  • ACME features like auto-renew to serve your sites in https
  • SNI support (one certificate contains multiple host names)
• Blacklist / Whitelist by country or IP address (single IP, CIDR or wildcard for beginners)
• Global Area Network Controller Web UI (ZeroTier not included)
• TCP Tunneling / Proxy
• Integrated Up-time Monitor
• Web-SSH Terminal
• Utilities
  • CIDR IP converters
  • mDNS Scanner
  • IP Scanner
• Others
  • Basic single-admin management mode
  • External permission management system for easy system integration
  • SMTP config for password reset

Screenshots

Zoraxy describes itself as:

"General purpose request (reverse) proxy and forwarding tool for networking noobs. Now written in Go!".

Yet it seems to be packed with goodies and features, such as Geo-IP & Blacklist, ZeroTier controller integrated GAN, IP Scanner, Real Time Stats and even built in Uptime monitor. Addtionally, it can run via a single binary for those who don't want to rely on Docker. There is also an Unraid Template available from IBRACORP. Lastly the project is under the AGPL license 🌻

I also checked, and saw this was recommended on this community 9months ago, but didn't seem to get much attraction then. Has anyone tried this yet? It seems like a good alternative to say NGINX proxy manager and am wondering if I should switch, but wanted to hear thoughts first!

Zoraxy's Github list the following features:

Features

• Simple to use interface with detail in-system instructions
• Reverse Proxy (HTTP/2)
  • Virtual Directory
  • WebSocket Proxy (automatic, no set-up needed)
  • Basic Auth
  • Alias Hostnames
  • Custom Headers
• Redirection Rules
• TLS / SSL setup and deploy
  • ACME features like auto-renew to serve your sites in https
  • SNI support (one certificate contains multiple host names)
• Blacklist / Whitelist by country or IP address (single IP, CIDR or wildcard for beginners)
• Global Area Network Controller Web UI (ZeroTier not included)
• TCP Tunneling / Proxy
• Integrated Up-time Monitor
• Web-SSH Terminal
• Utilities
  • CIDR IP converters
  • mDNS Scanner
  • IP Scanner
• Others
  • Basic single-admin management mode
  • External permission management system for easy system integration
  • SMTP config for password reset

Screenshots

Personally found this article highly interesting, it's very much worth a read. Have included the full article with images and links in the spoiler below 🌻

New Major Features for 3.0

• Upgraded to Fedora 40
  • KDE Plasma 6 - GNOME 46 - Linux Kernel 6.8 - AMD/Intel GPU driver upgrades
  • Ayn Loki Max Pro support
  • Ayn Loki Zero support
  • Improvements for supported handhelds
    • HHD Overlay is now stable
    • Gyro support parity with Lenovo Legion Go
    • Charge limits set for Lenovo Legion Go
    • ASUS ROG Ally custom TDP that use the kernel driver
    • Custom fan curve support for ASUS ROG Ally
  • Added CDEmu
  • Added Ollama ujust command
  • Added fastfetch
  • Added zoxide

All of that, and more details about the rest can be read on the announcement page here ---> https://universal-blue.discourse.group/t/announcing-bazzite-3-0/1218