You can find a password checking utility on haveibeenpwned.com (the tool doesn’t send your password to the server, but only the first 5 characters of the hashed password, which is very safe). There are CLI tools on GitHub you can use to bulk test passwords. They also provide a downloadable list of hashes.
Alternatively, check if your password manager has a built-in tool for checking for passwords in known databases.
Alternatively, just start changing passwords, regardless if they’re in the breach or not. Prioritize the ones with financial information, then the ones with personal info, the ones you visit frequently versus some shitty site you visited once that made you make an account back in 2011, etc.
I know that’s a lot of accounts for some people but you don’t have to do them all at once. Go reset a password or two on a site today at lunch. Then do another one tomorrow. And a few the next day.
I actually remember reading about an app or feature on a password manager that would do something like this. Rather than bark at you to reset 100 different accounts at once, it would just give you 1 or 2 random accounts a day to go reset the password on.
What’s more insane is that some of those passwords in the lists are I still live intrusions that companies haven’t acted on, like for example my Dropbox password is there and that’s a new password that I just gave them a few months ago before I deleted my account
Woah I would never do it and would never tell you that I did it because I 100% didn’t do it. The fact there are two new repos in my github is totally a coincidence.
I’m more worried about what’s going to happen to all the self-hosters out there whenever Cloudflare changes their policy on DNS or their beloved free tunnels. People trust those companies too much. I also did at some point, until I got burned by DynDNS.
We start paying for static IPs. If cloudflare shuts down overnight, a lot of stuff stops working but no data is lost so we can get it back up with some work.
They’re just creating a situation where people forget how to do thing without a magic tunnel or whatever. We’ve seen this with other things, and a proof of this is the fact that you’re suggesting you’ll require a static IP while in fact you won’t.
Where I live, many ISPs tie public IPs to static IPs if they are using CG-NAT. But of course there are other options as well. My point was that the other options don’t disappear.
Though I do get the point that Cloudflare aren’t giving away something for nothing. The main reason to me is to get hobbiest using it so they start using it (on paid plans) in their work, or otherwise get people to upgrade to paid plans. However, the “give something away for free until they can’t live without it then force them to pay” model is pretty classic in tech by now.
However, the “give something away for free until they can’t live without it then force them to pay” model is pretty classic in tech by now.
Yes, this is a problem and a growing one, like a cancer. This new self-hosting and software development trends are essentially someone reconfiguring and mangling the development and sysadmin learning, tools and experience to the point people are required to spend more than ever for no absolute reason other than profits.
Well, the issue here is that your backup may be physically in a different location (which you can ask to host your S3 backup storage in a different datacenter then the VMs), if the servers themselfs on which the service (VMs or S3) is hosted is managed by the same technical entity, then a ransomware attack on that company can affect both services.
So, get S3 storage for your backups from a completely different company?
I just wonder to what degree this will impact the bandwidth-usage of your VM if -say- you do a complete backup of your every day to a host that will be comsidered as “of-premises”
if you backup your vm data to the same provider as you run your vm on you don’t have an ‘off-site’-backup, which is one criteria of the 3-2-1 backup rule.
When it actually backfires. Right now, no company was actually hurt by doing stuff like this - quite the opposite, they get a boost since they close down their ecosystem further forcing people to buy their stuff.
There will be “boycotts” but in reality it will blow over in two to four weeks, with people forgetting “an outrage” that didn’t reach 99% of their target users at all.
Sadly it does not matter. The company could keep the battle going for close to a decade until there is a final decision. It is financially draining and you have to give up a lot of time in order to attend the hearings (or even travel to the correct jurisdiction).
Firstly, imposing on someone else’s intellectual property is not “illegal”, because that usually refers to crimes. This is a civil issue, as in the some company is demanding the dev stops or else they’ll sue him or something.
Secondly, it doesn’t really matter whether the dev is “right” or could prevail against a legal claim - because you just wouldn’t bother trying. Imagine you have an ok job, take care of your family, and made this plugin on a whim just because you can. Your days are full of taking your kids to the park, spending time with your wife, playing around with your hobbies, that stuff. Maybe you’re not wealthy, but your salary is enough to look after your family and make your mortgage repayments. Then Haier threatens to sue you, and although you could likely prevail mounting a defense would probably cost you a years worth of mortgage repayments. Maybe you could represent yourself but that might take a years worth of saturdays writing and responding to legal stuff that you don’t really know much about. Bear in mind that there’s no financial support from the open source community.
It just doesn’t really matter whether Haier has a legit claim.
Yeah, you’re right, that’s the problem. That system makes sense if big corpos use it to “test” each other for copyright infringement, but when an individual gets involved they just get steamrolled wether they’re in the right or not, since the system assumes they have a team of lawyers on retainer in order to work as intended.
Not a lawyer; would this likely stand up in court? Obviously I wouldn’t risk it were I the dev, but just curious.
It’s pathetic that I’ll happily recommend my Emporia Vue2 energy monitor to folks running HA — not because it works out of the box, but because the company is aware of the community integration projects and seems ok with it, even if they don’t actually support it. (ESPHome Firmware flash gives you local control — It’s been pretty great!)
Not a lawyer; would this likely stand up in court?
I’m not a lawyer either, but I don’t think so.
The developer of this Home Assistant integration is German. European law allows people to reverse engineer apps for the purpose of interoperability (Article 6 of the EU software directive), so observation of the app’s behaviour or even disassembling it to create a Home Assistant integration is not illegal.
In general, writing your own code by observing the inputs to and outputs from an existing system is not illegal, which is for example how video game emulators are legal (just talking about the emulator code itself, not the content you use with it).
If it’s a Terms of Service violation, it’d be the users that are violating the ToS, not the developer. In theory, the Home Assistant integration could have been developed without ever running the app or agreeing to Haier’s Terms of Service, for example if the app is decompiled and the API client code is viewed (which again is allowed by the EU software directive if the sole purpose is for interoperability).
The code in this repo is likely original Python code that was written without using any of Haier’s code and without bypassing any sort of copy protection, so it’s not a DMCA infringement either.
bleepingcomputer.com
Top