eBay is very different across countries. In Germany, eBay listings are free again for private sellers after they noticed the exodus to other platforms. I know this is not the case in other countries, so talking about eBay as a general platform is very difficult.
Can you please elaborate how it is "asking for it" if we assume the basic auth password is reasonably complex and kept as safe as, say, the SSH login credentials of the same server?
You shouldn't be logging in to a server via SSH using a user+password combo, instead use a public/private key combo which is considerably more complex and can't effectively be bruteforced like a user+password.
Most web servers don't really come with any built in defense against brute force attempts vs Basic Auth gates, so unless you've set something up to protect it, someone with enough time will eventually get in.
Genuine question that I haven't found a good solution to yet, if I want to just go to any old computer and ssh into my server, do I have to carry around a USB stick with the ssh key on or something? because I sure as hell wont be able to just remember it
In that case I'd normally recommend a bastion host with SSH MFA and fail2ban. It'd be publicly available and have SSH keys for other machines. Or you could look at setting up a VPN solution with MFA, but never have a password only admin login exposed to the public Internet.
That's my point - if you have a reasonably secure password (let's say 50-100 characters, fully random), it's extremely unlikely that anyone is ever going to even get beyond the basic auth prompt.
Then you should also be worried about bugs that let you log into an SSH session without providing your SSH certificate, passkey or whatever. Authentication bypass can happen with pretty much any buggy authentication method. None of this is inherently a problem of passwords or basic auth.
Again, the premise was that phpMyAdmin is secured behind basic auth. It doesn't matter how secure or insecure phpMyAdmin is, it only matters how secure whatever webserver is that it is served through. phpMyAdmin code isn't even touched before the basic auth login was successful. Only after that, it becomes relevant, in that you either find a hole in phpMyAdmin itself, or you have to break another (hopefully strong) password for the MySQL login itself.
You can easily put phpMyAdmin behind basic auth as an additional security layer, completely bypassing any PHP execution and letting the web server completely handle the authentication. It's exactly what I have done multiple times in the past. Arguably phpMyAdmin's direct integration is a less secure way of doing it, but do we even know if it's the basic auth itself that was bypassed, or was it just the case of a weak password?
A password is just plain text, which apart from being bruteforced, can easily be phished. There are so many things wrong with using a password even if it's fairly complex. Instead, stick to passkeys and SSH keys
The point of the fish doorbell is educating people about what lives in the water. There would be much less resource-intensive ways of "solving" the problem, if that was the goal.
Just goes to show that even the most obscure comments can net thousands of views, considering only a small percent of people that have read the comment will actually engage, and that small percent was over 4k folks. Kind of puts things in perspective for me.
Changing the duty cycle of a square wave is called Pulse Width Modulation and is an extremely audible and iconic sound. If you have ever heared music any on the Commodore 64, you will familiar with its sound. PWM is also available in many professional synthesizers of the same era.
Yes! My dad has an old Commodore 64 and I vaguely remember a skiing game. I think it's so cool what folks were able to accomplish musically on such limited systems at the time
I was using a W500 (same generation) until 2018 or so. Upgraded RAM, installed an SSD, and it was my daily driver until the end. But already back then it started to become unbearbly slow especially with background procesesses like file syncing to different machines.
reply