Why would doing this to 125K accounts give them access to one account per day? The chances of guessing 6-digtis pin code for each account is the same (10^6) regdless of how many accounts your are attacking

It's never truly guaranteed and the numbers aren't quite one account per day at 125k accounts, but:

10^6 digits = 1,000,000 possibilities

125,000 accounts x 4 attempts per account per day = 500,000 attempts per day

---

1-(1-1/1,000,000)^500,000 ≈ 39%

So every day they have a roughly 39% chance of success at 125,000 accounts.

---

At a million accounts:

1-(1-1/1,000,000)^(4×1,000,000) ≈ 98%

Pretty close to 1 account per day

Off by a factor of 4 but the concept stands.

---

And 125k accounts will be close to guaranteed to getting you one each week:

1-(1-1/1,000,000)^(7×4×125,000) ≈ 97%

What are the chances of getting 500,000 guesses (4 each for 125,000 accounts) wrong ? My math says 60%, so probably not one account per day, but if they keep it up for a week and everything else holds, there's only a 3% chance they haven't gotten any codes right.

Guess the same code for every account.

Imagine the extreme case, where they pinged one million accounts and then tried the same code (123456) for each one. Statistically, 1 of those 1,000,000 six-digit TOTP codes will probably be 123456

NVR is to distinguish it from DVR, Digtal Video Recorder (ironically it's not really digital, more like analog) It's much cheaper than NVR, because the camras are simple and diffrere the encoding to the DVR unit. And there XVR with can combine both Network and Digital cameras

NVR is to distinguish it from DVR, Digtal Video Recorder (ironically it's not really digital, more like analog) It's much cheaper than NVR, because the camras are simple and diffrere the encoding to the DVR unit. And there XVR wich can combine both Network and Digital cameras

Which is odd because the first time I heard the term DVR was in the late 1990's, referring to the box that was used to record TV signals digitally for playback and/or ad-skipping. The term distinguished it from things such as VCRs, which recorded in analog, on tape. Those DVRs were, in fact, digital.

If the recorder uses digital video as its storage, it's a real DVR, even if the video input is that weird HD variant of NTSC that's everywhere in security cameras

You don't need HACS, just download frigate integration to config/custom_components in your HA folder

Great, hacs seemed overly complicated. Appreciate the note!

To be fair the app itself wasn't compromised, heck even the server wasn't breached, it was just a database open for everyone!

Thats true of the first hack, the photos. But I dont believe that is true for the 2nd, the messages.

Everything works as it has been designed. I wonder which companies will start using this excuse after being hacked.

Most likely, you're being sarcastic, but just to put this out there, that would be like me publishing an app where you just write text into a box and click submit and I promise in the app store info and privacy policy that submitting it just causes it to get erased, but the information is actually being sent to all your worst enemies.

> it was just a database open for everyone!

All good then!

New lesson is learned about tiktok and live streams

It's not a problem with PRs if you use Squash merge, the developer can make any number of changes to that PR but in the end, only the final version (in this case it doesn't include .DS_Store) will be commited. even the .DS_Store file will not be in the git index

That sacrifices the git history though. It turns the PR into a huge atomic change instead of a series of step-by-step changes that are easy to review.

"Google F1 Preview Experimental beat the record of the fastest man on earth Usain Bolt"

It wouldn’t be a surprise if that were covered by an NDA, but it also wouldn’t be surprising if it weren’t

anonymous app submissions will make the app store more dangerous. You can go the extra mile and create a company or legal entity if you want to hide your name, but it's straightforward for gov. to get your identity no matter what, they can just ask Apple or Google