User Information

ElsieBreeze

Post Count:325
First Seen:6:06:58 PM 10/2/2020
Last Seen:6:54:38 PM 3/8/2020
Starting at newsest posts first

325: What's the best GPU for me to get? at 6:54:38 PM 3/8/20204287254
Please do not buy a laptop if you need a machine that can do GPU intensive work on a budget.

Please instead build a desktop PC.
Preferably with a Ryzen 3000 processor, x470 motherboard, 8/16GB of RAM, a boot SSD, 500W PSU, and dedicated GPU.
324: What's the best GPU for me to get? at 4:15:38 PM 3/8/20204286471

--Explosion-- wrote:

--Explosion-- wrote:

ElsieBreeze wrote:

Nvidia are the best available right now as far as I'm aware but I don't agree with their practices especially hostility towards people who use Virtualisation and the fact their drivers are closed source, with the FLOSS option for Linux (nouveau) being rather not very good. Might be worth waiting for NVidia Ampere / AyyMD's new offering to release.

Quad core or dual core? That's a CPU thing, but neither. Hexacore at least. AyyMD wins. In Lisa Su we Trust.

Dedicated GPU is the best option for you if you want to render with blender.

8GB of VRAM is a nice amount yes, it's useful for Waifu2x too, which eats VRAM when used with very high resolution images.
Okay! Thanks! I'll look at AyyMD, I hadn't heard of that before.
Nvm I'm stupid AMD=AyyMD.
You'll probably want to buy an NVidia GPU, and pair if it with AMD CPU if you can. Intel CPUs aren't the best for productivity.
323: What's the best GPU for me to get? at 2:06:38 PM 3/8/20204285851
Nvidia are the best available right now as far as I'm aware but I don't agree with their practices especially hostility towards people who use Virtualisation and the fact their drivers are closed source, with the FLOSS option for Linux (nouveau) being rather not very good. Might be worth waiting for NVidia Ampere / AyyMD's new offering to release.

Quad core or dual core? That's a CPU thing, but neither. Hexacore at least. AyyMD wins. In Lisa Su we Trust.

Dedicated GPU is the best option for you if you want to render with blender.

8GB of VRAM is a nice amount yes, it's useful for Waifu2x too, which eats VRAM when used with very high resolution images.
Natsuki is a good character. She reads the manga. I've never read a manga before. Sayori is cool but Monika is no.
Ah yes password security.

On all web apps I've ever made I've stored passwords in plaintext in the filesystem because I really don't understand how SQL works.

I store passwords for accounts in /dev/null, which I back up to /dev/sda every few days. I'm having trouble reading it though, it's all null? Do I need new drivers?

CatsUnited wrote:

Maximouse wrote:

Spaceflyer234 wrote:

pufferfish101007 wrote:

A suggestion:
For the username block, you could use scratch-api to attempt to use an existing user session, and if there isn't one, return null, and if there is one, return the username. I don't know whether this is a viable solution or not, or ehether it even needs a solution, but I think it would be cool.
That's not possible (I think) due to cookies.
And CORS.
Just use cors anywhere then?
CORS Anywhere wouldn't maintain the existing user session so it couldn't be used to find out the currently logged in user.
319: What's your desk/laptop? at 11:48:13 AM 2/8/20204282637

Maximouse wrote:

ElsieBreeze wrote:

- Removing utm_garbage=parameters: A what?
The URL parameters used by Google Analytics, like utm_source and utm_medium.
Ah. I see.
Support. Even though Scratch Mods are developed using the same browser technologies as websites (JavaScript, HTML, CSS & Co.), ones packaged as Electron applications have much greater access to your system and can perform a significant amount of damage with needed any higher privilege.

If the Scratch Mod is a web based one, that's fine, but if it's intended to be downloaded, it should be prohibited.

I believe this should also be extended to Scratch 2 mods entirely. With the death of Adobe Flash Player in the browser, users must download legacy, unsupported versions of Flash to run projects locally, which presents many dangers.

For Scratch 1.0 mods, I don't know how much access Squeak has to one's system, but I believe that only things using SqueakJS should be allowed to be advertised.

CatsUnited wrote:

During the latter half of 2019, I was very active on the forums (I was making nearly 1000 posts per month) and I didn't actually come across the 60 second rule that often. While it would be nice to have a shortened slow mode, I don't think it would've helped me significantly during that time.
I don't come across it at all now that I'm not posting nearly close to that rate
Come on CatsUnited you're almost at 16,000 posts

Anyway I rarely come across the 60 second rule, and when I do, it's often from a very short post that doesn't really add much so I just decide to leave and make a longer post elsewhere.

Support if it only applies to people above 15,000 posts like CatsUnited
316: What's your desk/laptop? at 11:20:29 AM 2/8/20204282589

pufferfish101007 wrote:

--Explosion-- wrote:

pufferfish101007 wrote:

Haha! I have something better than all of you! I have a phone! But not aby old phone - no, I have a samsung galaxy s4 mini, running android version 4.4.4! I have 4mb of intetnal storage and no sd card! Beat that!
It's very cute
4mb?! That is a TINY amount of storage!
Yep! I know! I was jokong when I said it was good (:
I can live with it though.
GSMArena says it has 8GB of internal storage, not 4MB. https://www.gsmarena.com/samsung_i9190_galaxy_s4_mini-5375.php
I assume there may be modes that exist with only 4GB of Internal Storage, but that's still not 4MB.

My Galaxy Note 2 from a year before the S4 Mini has 16GB so I very much doubt it'd drop all the way to 4MB the next year

Speaking of Android Devices~~~
This is my phone.


And this is my tablet.


I have a steam link somewhere too…
315: What's your desk/laptop? at 11:11:11 AM 2/8/20204282573

A-E- wrote:

  • Userstyles
  • Userscripts
  • ToS Evaluation
  • Skipping hCaptchas
  • Uploading images to the forums
  • Having a pretty NTP
  • Blocking trackers
  • Web3
  • IPFS integration
  • Intercepting CDN requests
  • Making things secure
  • Removing utm_garbage=parameters
I wanna play a guessing game

- Userstyles: Stylus
- Userscripts: Tampermonkey / Greasemonkey / Whatever the cool kids use nowadays like idk XSS the LastPass Extension to add userscript functionality
- ToS Eval: Wakarimasen lol
- Skipping hCaptcha: !!!!!!!!!!!!!!!
- NTP: A what? Network Time Protocol?!?!?!??!?!
- Blocking Trackers: Is it uBlock origin?
- Web3: Is it Metamask?
- IPFS Integration: The desktop ap is better
- Intercepting CDN requests: Is it Decentraleyes?
- Making things secure: Is it setting “dom.security.https_only_mode” to “true” in FireFox?
- Removing utm_garbage=parameters: A what?

herohamp wrote:

fdreerf wrote:

If your post takes less than 60 seconds to write, you're doing something wrong.
Potential dupe?
Yes it is a duplicate of that post, but that was 5 years ago. On the topic of posts taking longer than 60s this reply for instance takes less than 60 seconds to type for anyone who can actually type at a reasonable speed.
What's your WPM again

herohamp wrote:

ElsieBreeze wrote:

This would be a nice option to have, yes. I would love to see TOTP too, because TOTP is much less annoying to use than email verification IMHO.
TOTP would be much better than Email Verification
Yeah but rescuing TOTP codes from the hellish depths of LastPass:tm: Authenticator:tm: is awful.

thr565ono wrote:

ElsieBreeze wrote:

thr565ono wrote:

herohamp wrote:

-snip-

The IP and HTTP cookies work, even in private tabs
What do you mean by “HTTP cookies”? I assume you mean cookies that are set via HTTP headers, like the ones responsible for CSRF and login sessions, but those are still verified against what's stored client side. If there is no data client side, they have no data to check against what's stored on the server.

It uses fingerprints to work out the device, and if cookies are wiped, recreates them
Have you got any examples of this kind of system on other sites/services?

This would be a nice option to have, yes. I would love to see TOTP too, because TOTP is much less annoying to use than email verification IMHO.

thr565ono wrote:

ElsieBreeze wrote:

-snip-

I think that this would help, as almost everyone cannot bypass a fingerprint, HTTP cookie and a IP ban. (see my other topic for more info in Suggestions about Bans https://scratch.mit.edu/discuss/topic/427804
No. Almost everyone definitely can bypass these things.

Own a phone? Connect with mobile data and make an account with your phone. You've just bypassed a fingerprint, cookie and IP ban. Even better, the IPs assigned to phones using mobile data are very short lived and change extremely often, meaning you cannot identify that user based on IP.

thr565ono wrote:

-snip-

The IP and HTTP cookies work, even in private tabs
What do you mean by “HTTP cookies”? I assume you mean cookies that are set via HTTP headers, like the ones responsible for CSRF and login sessions, but those are still verified against what's stored client side. If there is no data client side, they have no data to check against what's stored on the server.

fdreerf wrote:

ElsieBreeze wrote:

fdreerf wrote:

But would anyone really do that just to evade a ban?
For the most part, EverCookies / Some amounts of Fingerprinting can be easily bypassed with a private tab or incognito tab, and IP bans can be bypassed with a HTTP proxy, or free VPN app. They aren't hard to get around.
That doesn't answer my question. Would someone actually do this in the first place?
The vast majority of people wouldn't bypass a normal IP ban in the first place, those I know who have bypassed Scratch bans and Scratch Network Bans multiple times would absolutely go through more lengths to bypass a ban even with more measures in place to try stop it.

I imagine the vast majority of people don't get permanently IP banned from Scratch in the first place.

thr565ono wrote:

herohamp wrote:

thr565ono wrote:

herohamp wrote:

No amount of IP rate limiting would work. Just reboot your router, use a VPN public or private, walk to the coffee shop, use a SOCKS proxy, use a HTTP(s) proxy, use TOR, or a whole slew of other things. Its always possible to evade IP restrictions

Except attempts to find who is using the computer, using info that is created by the user (accounts they attempt to log into, pages they visit, how fast they move the mouse (possibly), and other information not made by the computer, but by the user.
If this was not done carefully it would violate COPPA. This by itself is just super creepy and there is no way the ST would implement it.

I understand that this would probably be a bad idea, but if the ST want a fool proof ban method, it will work.
You can also try hashing and salting the data, to make it only be usable to verify which user is which.

Apparently, you can actually track someone by mouse movements, even in the Tor browser: https://www.zdnet.com/article/how-your-mouse-movements-can-be-used-to-track-you-on-the-tor-network/
The article you linked says that even though it's possible to do this, using it effectively is still very challenging.

ZDNet wrote:

The utilized techniques seems to be used in a rather basic form, time and mouse movements analysis are known in the research community to differentiate between devices/users, it still poses a challenge to use them effectively.

DownsGameClub wrote:

ElsieBreeze wrote:

thr565ono wrote:

Firstly, this is great.

Secondly, you can also track which computer is which even more reliably than IP addresses. Try https://amiunique.org/fp and you can see how much info about your computer is served to websites. They could use similar device fingerprinting to get bans working, and it is not at all easy to reset your device fingerprint, short of moving to a new laptop

Experienced web coders will know about HTTP headers, you can ask them in advanced topics.
(…)
Thirdly, bypassing fingerprinting doesn't require buying a new machine. Moving to a different browser - or even changing settings inside your normal browser, is sometimes enough to change your fingerprint. People who want to bypass it can, fingerprinting is usually only used for tracking users who don't know that it's a thing.
We're not discussing cookies though - we're discussing IPs, which are linked to your home network or “your computer” if you choose to use a VPN. And, to be frank, why would anyone want to use a VPN for a website used for children? The only need someone would use it for is to bypass the bans which are easily done (and makes me scream at users on my forum who are bypassing bans ).
I wasn't discussing cookies either, I was responding to thr565ono about their suggestion to use fingerprinting to identify users.

thr565ono wrote:

herohamp wrote:

No amount of IP rate limiting would work. Just reboot your router, use a VPN public or private, walk to the coffee shop, use a SOCKS proxy, use a HTTP(s) proxy, use TOR, or a whole slew of other things. Its always possible to evade IP restrictions

Except attempts to find who is using the computer, using info that is created by the user (accounts they attempt to log into, pages they visit, how fast they move the mouse (possibly), and other information not made by the computer, but by the user.
If this were possible and accurate, don't you think other sites would be using it?

Scratch doesn't have the footprint to collect enough data to positively identify users.

But do you know who does? Google. Google probably operates the largest data collection operation to exist, for the purpose of targeted advertisements. Yet even with all that uniquely identifying data, they can't automagically detect users who are ban evading with it.