• DigDoug@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    Imagine downvoting “Be careful what you expose to the internet”. I thought I’d got away from Reddit.

    • Appoxo@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      0
      arrow-down
      1
      ·
      edit-2
      2 months ago

      The core message is (to me) fine.
      What I kind of dislike is the delivery.

      Btw: Can someone tell me why the path-guessing is so dangerous?
      I don’t care if someone can guess the path for the.rise.of.the.linux.ISO.720p.DD.H264.mp4 and wants to download it.
      Not like any damage or (interactive) intrusion was made into my network

      • Saik0@lemmy.saik0.com
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        2 months ago

        Btw: Can someone tell me why he path-guessing is so dangerous?

        Cause organizations like Sony have already done things like installed rootkits on people’s computer. Now imagine they realize this is a flaw in some media setups the their legal departments start actioning on it. (generate a rainbow table of common names for files, and common paths used in linux/docker containers… running 10000 http requests on a server over a few minutes is child’s play)

        All it takes it one thing to parse on a list that never had a physical release and now your whole server will be subject to discovery at the court case.

        If you have literally no illegal content on your server, no problem… other than that you’ll be on the hook to provide proof of rights to have the content… and possibly at worst rights to distribute (they accessed it without authentication, so literally anyone else could have too).

        Edit: Oh but hold on! I hear you say that it would be illegal for them to scan your computer like that…

        Except it isn’t. There’s no law that says you can’t try to navigate to a URL. There are laws that say that you can’t bypass attempts to authenticate/protect content… but remember the endpoint isn’t behind authentication.

        • Appoxo@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          2 months ago

          Except it isn’t. There’s no law that says you can’t try to navigate to a URL. There are laws that say that you can’t bypass attempts to authenticate/protect content… but remember the endpoint isn’t behind authentication.

          Assuming I am from the US?
          Because if so, it doesn’t apply

          But I appreciate your time for the explanation.