Fixed my monitor rather than tossing more e-waste in the landfill. Replaced a couple blown caps and it’s running like a champ again.

I really don’t see why there are so many people around saying “it’s probably fine”

Because there is currently no direct evidence of anything amiss. From the linked article:

Technically, the changes made so far have been reviewed by some people and no obvious malicious modifications have been found; F-Droid also builds the app reproducibly and verifies whether the published code matches the binaries

Granted, someone could be playing a long game here. Get control, wait for the controversy to die down while playing nice, then do then rug pull when no one is watching anymore. That’s possible. It’s also quite possible that the previous maintainer got tired of doing a hard and thankless job for no pay and wanted to shed the whole thing. They found someone to hand it off to, and the new maintainer is just shit at open communications. That happens and is also possible. Whether or not it makes you change your usage of the package is down to your risk appetite. But, jumping at every shadow gets old quick and at some point you have to accept some risk. So, unless and until there is more evidence to backup the claim of foul play; or, if you have a really low risk appetite, this is one of those things which falls under “keep an ear open, but it’s probably fine”.

While it’s probably fine, it’s also worth remembering the FBI’s Operation Trojan Shield happened. Similar state sponsored APTs would be very happy to get into such a privileged position.

For now. Pray they don’t alter the configuration any further.

While this patch might stop some existing attacks, it’s not really a fix. First off, the type of people who might install a third party Windows patch are probably the exact same people who would be cautious about clicking on an LNK file embedded in a ZIP file. Second, even if this patch somehow became widespread, attackers would just shift their attacks into the 260 character limit. Sure, it would now be visible in the properties, people aren’t looking at the properties of LNK files.

The problem is this “vulnerability” is essentially “as designed”. LNK files exist to allow both pointers to other files and a quick way to run complex commands. It’s like calling powershell.exe a vulnerability, because it can be used to get up to all sorts of malicious stuff. Both are powerful tools on Windows, but those tools can be abused.

While I don’t doubt that we will, at some point, have something like data centers in space, it kinda seems like a bad idea right now. Doing some searching, it looks like the cost to send something to orbit, using SpaceX’s Falcon Heavy is something around $1,500/kg. 1, 2 For a server which weighs 2-3 kg, that’s adding a significant cost on top of the expensive hardware costs already involved. Though, on the plus side, without the environmental impact and lawsuits from local opposition, this cost could balance out.

Then they need to deal with cooling. Keeping data centers cool is already a challenge. One of the main reasons communities have been lining up against data centers is their water usage, which is used for cooling. In space, you can’t just tap into the nearest water supply. Radiative cooling sucks, sure you could just build a bigger radiator, but that’s more mass you need to send to orbit, more complexity and something else you need to worry about micro-meteors slamming into. The International Space Station already uses a large, complex system for cooling and it has nothing like the internal heating of hundreds of GPUs churning out furry porn.

Lastly, maintenance is going to be a bitch. Granted, Microsoft has show that it is possible to run a lights-out data center effectively by dropping it in the ocean. Though, the fact that we don’t see more of that tells me that the economics of it likely don’t pencil out well compared to just paving over more farmland and ignoring the poors whining about things like fresh water.

This really seems like one of those ideas where someone needs to tell Mr. Pichai to put the bong down for a bit.

The big ones for me were a frequent, sudden, urgent need to pee and getting up multiple times a night to pee. I also drank a copious amount of water. Like, the whole “eight glasses a day” thing which used to be popular was confusing to me, as I’d drink that much in the first couple hours of the day. I finally went in to the doctor and got a blood test and my A1Cs were well over the “welcome to Diabetes Land” number. With diet, exercise and drugs I’m well controlled now and caught it early enough that I still have good feeling in my feet. Given my family history, and all the shit I ate in my younger days, it’s not really a surprise. I just have to be more careful now, but I have discovered an enjoyment of climbing because of it.

Really, if you have any family history of diabetes, start visiting your doctor on an annual basis and getting a blood test. It’s simple, and catching it earlier is good for preventing problems with neuropathy in your feet.

Wait, I’m conscious enough to have questions? So, now what?

It’s a simple test really. Have you ever considered thinking about having a inclination to plug the drive in? Well it’s probably broke now.

In all seriousness, I used Zip and Jazz drives professionally back in the early '00s. And gods above and below we lost so many hours of work to them just crapping out. We used them for system imaging. We were building out bespoke servers and workstations for physical access control systems. We stored golden images on zip discs and would image completed systems to send to the customers along with their systems. We created those images on other zip discs before taking them to the one system with a cd/dvd burner. We chewed through so many zip discs it was crazy.

I finally setup the dvd burning station on a cart so it could be wheeled over to customer systems. It provided a PXE server to boot from and images to both load the golden image over a network switch and image the competed systems. The savings in time and dead zip discs was huge.

I get playing with those things for nostalgia. But the only thing they could be relied upon to do was die.

First off, why does a beer company have personal data on customers? It seems like the best protection for this data would be, don’t have it in the first place. You sell beer, you don’t need to hoover up personal data on people to make and sell beer.

“That reflects a wider truth that companies are investing more than ever in digital defences, yet adversaries continue to outpace them, exploiting weak links in supply chains or breaking in through trusted partners,” he (Shankar Haridas, head of UK and Ireland at ManageEngine) added.

Ya, they are spending money, but failing at basic cyber hygiene (read: documentation, patching and network segmentation). But hey, I Mr. ManageEngine here will be happy to sell us another product which just papers over the failures to get the basics done. And it will almost certainly have “Agentic AI” to do…something.

The compromise seems to have started with network equipment at one site, impacting the OT environment and potentially expanding into IT systems

I’d bet a lot of money the Asahi security team had been screaming about the OT environment being a big, juicy target for a long time. But, applying security controls in the OT environment is hard and scary and might cause a blip in production. So nope, all those shit-boxes running Windows XP must never be touched. Also, NDR is expensive and hard, so stop asking about it. But yes, those same shit-boxes really do need to be fully internet connected and logged on 24x7 as a local admin, with the same password everywhere, because identity management is hard.

We seriously need to start dragging CTOs, CIOs and CEOs out into the street, tarring and feathering them when this shit happens. Also, the companies making the OT systems need to have their entire management put through a chipper shredder the first time one of them suggests that their systems just shouldn’t be patched. If your shit is so fragile that an OS patch might break something, chipper shredder goes BRRRR…

Sorry, OT systems are a bit of a pain point.

The one argument for a multi-magazine setup would be ammo versatility. E.g. One magazine holds FMJ or the like for soft targets while the second holds armor piercing for hard targets or explosive/incendiary for anti-material. It’s not a great argument for it, and it’s probably why we don’t see it all that often. But, the good idea fairy is a regular visitor to the arms manufacturing industry.

Ya, AI as a tool has it’s place. I’m currently working on documentation to meet some security compliance frameworks (I work in cybersecurity). Said documentation is going to be made to look pretty and get a check in the box from the auditors. It will then be stored in a SharePoint library to be promptly lost and ignored until the next time we need to hand it over to the auditors. It’s paperwork for the sake of paperwork. And I’m going to have AI spit out most of it and just pepper in the important details and iron out the AI hallucinations. Even with the work of fixing the AI’s work, it will still take less time than making up all the bullshit on my own. This is what AI is good for. If I actually care about the results, and certainly if I care about accuracy, AI won’t be leaned on all that much.

The technology actually it pretty amazing, when you stop and think about it. But, it also often a solution in search of a problem.

Coming soon:
Assassin’s Creed: Long March

Which, might not be the worst game ever. The politics of it would be interesting though.

There are a number of sites which provide either labs or virtual machines which are intentionally vulnerable. Some provide other resources to help learn.

• https://tryhackme.com/
• https://overthewire.org/wargames/
• https://crackmes.one/
• https://portal.offsec.com/labs/play
• https://www.hackthebox.eu/
• http://flaws.cloud/

I’d also suggest getting a good foundation in programming and building systems.

For the ones they own or have a contract with, probably. However, there are two problems with that.

1. It will do fuck all for the AI models which are just scraping the internet and which have no contractual agreements with the blog (e.g. all the big ones).
2. It’s a fixing a problem the blog hosting platform created. They likely have a data sharing agreement with some organizations to make the scraping easy for those organizations (e.g. direct content database access). So, they are like the mob, offering you “protection” so long as you pay them not to break your shit.

Was going to say the same. I work in cybersecurity and while I have avoided the management track like the plague, I do recognize that it’s a fairly reasonable progression for someone in any tech field. Even if you don’t end up pursuing management, knowing how to speak to management will make your job in cybersecurity easier. Project management is also a worthwhile skill to pick up and that often comes from business school.

The Last Emperor was a semi-biographical movie about the last emperor of China. He ended up imprisoned and re-educated by the Chinese Communist Party after they took power. He’s not exactly a sympathetic figure (he worked with Imperial Japan and their atrocities in China). But, it would seem to fit the request.

Location: ~87% of respondents are from Canada

As others mentioned, this would be an interesting data point to validate. I’m not familiar with the server side of Lemmy, but does the server provide any logs which could be used with GeoIP to get a sense of the relative number of connections from different countries? While there is likely to be some misreporting due to VPN usage and the like, it’s likely to be a low enough number of connections to be ignored as “noise” in the data. Depending on the VPNs in question, it may also be possible to run down many of the IP addresses which are VPNs in the connections logs and report “VPN user” as a distinct category. This would also be interesting to see broken out by instance (e.g. what countries are hitting lemmy.world versus lemmy.ml versus lemmy.ca etc.).

All that said, thank you for sharing. These sorts of exercises can be interesting to understand what a population looks like.

The nets are not there to prevent suicides. The nets are there to prevent the company losing business. So long as they are able to say, “look we care about our workers”, western companies won’t be pressured into changing suppliers by slactivists on twitter.