There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

dadrad , to memes in feeling old now?

Yep, me this year. 😅

LittleBorat2 ,

Wasnt it great when we ruined the paper napkin industry and did not buy houses in 08? Good times.

ILikeBoobies ,

At least you’re still rad

EmperorHenry , to memes in feeling old now? avatar

the oldest millennials are 44 actually

Brocon ,

Yes. And our back tells us sometimes.

MentallyExhausted ,

I’m a young, spry, 39 year old millennial and my back is killing me.

DakRalter , avatar

I’m 39 and my hips are already gone and I have trigger thumb.

LittleBorat2 ,

My back is fine but I don’t do physical work. I just sit around and that’s probably worse in some cases.

rowrowrowyourboat ,

Turning 43 this year if you take the common 1981 as the cut-off.

eldavi ,

they’re starting to say it closer to 1985 now; according to the 95% of the fellow millennials i talk to

RestrictedAccount , to technology in Self-Driving Tesla Nearly Hits Oncoming Train, Raises New Concern On Car's Safety

This picture does not look like what happens to a car when it is hit by a train

Annoyed_Crabby ,

Because it didn’t get hit by a train. Driver steer the car away from the passing train and hit a stop light.

deegeese ,

Can’t view, got a link?

50MYT ,
KISSmyOSFeddit ,

"It wasn’t in self driving mode at the time of the accident."

  • Tesla legal team, probably
Alexstarfire ,

Probably technically true. He had to steer it away from the train.

Bitrot , avatar

It’s what happens when the driver swerves into the crossing arm pole to not hit the train in front of it.

wander1236 , avatar

That might explain why the title says “nearly”

tyo_ukko , to programmerhumor in Is this a graph?

Do I understand this correctly, that the first astronaut’s realization is that all data structures are graphs?

If yes, that doesn’t make much sense. How is an array a graph?

ReginaPhalange ,

One could make the case that we can transform an k size array to a k-vertex-connected graph

Because traversing from one element to any other element is an O(1) operation using index arithmetics.

Same for n dimensional matrices.

Zerush , to memes in USB tunneling avatar

The upside is where is the USB symbol on the plug, easy.

fatalError ,

That may help in the case of a properly installed usb port, but what if the port is upside down? Or what if it’s a vertical port? Is upside left or right?

mexicancartel ,

You should get familiar with your own ports. You not gonna flip the ports

fatalError ,

Not talking about my ports. Also ports can be installed the wrong way by the manufacturer. I had a pc case that the front usb ports upside down. But again, usb ports can be installed vertically, in which case it won’t matter if you know which is up or down your usb plug, because now it’s left or right

mexicancartel ,

I mean, if your manufacturer installed USB ports the wrong way, you have to get familiar to know which direction the ports face(the wrong way if ports are wrong), then you only have to see the usb since you already know the ports

fatalError ,

What about the back of your tv? Or friend’s PC? Or library computer? Or phone charger? Or… Any other Universal device using the Universal Serial Bus…

You may learn YOUR devices, but you may also have to interact with other devices at times and USB didn’t make it easy in the past.

Now, type C is a thing and it helps with plugging it in right the first time, but that one has the HUGE issue with allowing any protocol since USB 1.0 and everyrhing else is optional. So even though you can plug a type C monitor into a type C microphone, nothing will happen, so it’s not stupid proof anymore.

mexicancartel ,

True, but rare. Back of your TV? You’ll defenitely see it while plugging in because you wouldn’t even know where the ports are otherwise. Other’s devices don’t work but you still can flip it three times since thats rare

mexicancartel ,

True, but rare. Back of your TV? You’ll defenitely see it while plugging in because you wouldn’t even know where the ports are otherwise. Other’s devices don’t work but you still can flip it three times since thats rare

DakRalter , avatar

My old Lenovo tablet has the USB port upside down on the plug, and consequently, the micro USB also plugs into the tablet upside down. And for some reason, stupid thing always breaks the little notches on the micro USB, so you have to position everything in a way so that it won’t slide out while charging.

helenslunch , to technology in Self-Driving Tesla Nearly Hits Oncoming Train, Raises New Concern On Car's Safety avatar

Craig Doty II, a Tesla owner, narrowly avoided a collision after his vehicle, in Full Self-Driving (FSD) mode, allegedly steered towards an oncoming train. driving inattentively.

Stalinwolf , (edited ) to memes in feeling old now? avatar

Sometimes it’s weird to look back on middle school, and the teachers who brought our generation up as young kids being told about the future. I’m an adult now, and I feel like an adult now, but in a way it feels like I’m still a part of that group of dumb and naive kids. It doesn’t feel that long ago at all. But the reality is that all of us are now pushing 40, and our time there is now wholly irrelevant, and we’re so far removed from those years that it’s fucking wild. A lot of those teachers are probably dead now.

I don’t know how to articulate what it is I’m meaning to say here. It’s just weird that we were kids so recently. I don’t feel like my life has gone by all that fast, but middle school to 40 somehow did all the same. I feel my age, and I feel as though I’ve lived to my age, but my memories don’t feel distant whatsoever. It feels like that was nine years ago.

Just like I feel like I was still living at home with my dad a few years ago, but I’ve been living in another country away from my parents for 7 years now, and my dad had been dead since last May.

He was such a good dad.

MoonMelon , (edited )

Condolences for your dad. 42 here, my dad is showing his age majorly now.

Looking back I know I lived every single hour but huge leaps of time are just gone. Like, entire jobs I worked for years I have maybe a half dozen memories. On top of that our work product is gone, the company is gone, the building is gone, the entire industry is changed… it’s like it was all a dream. I definitely understand the old man looking at a city and saying, “this was all orchards”. I used to think it was a wistful phrase, but it’s also an expression of disbelief. When we were embedded it all seemed so important. But it all shuffled off with zero fanfare. It really changes how you experience life, and that’s how I “feel old”.

macrocarpa ,

our parents felt the same thing

Your dad simultaneously saw you as the baby who slept securely in his arms, the child he saw through junior school, the teen who he tried to help steer past his own mistakes and the adult he wistfully spoke of with pride

Imagine how good he must feel to know that you remember him this way.

Flummoxed ,

You have put it in the perfect words. Thank you.

Stalinwolf , avatar

Thank you. This is a beautiful sentiment.

spirinolas ,

I lost my last grandparent this Easter. She was much younger then my other grandparents. The 3 of them would be over 120 years old now. I’m a millenial, I’m 40.

MehBlah ,

Its always good to hear that some of them were good people.

Ragnarok314159 ,

I took my kid to the doctor, and when we left she asked if we could go visit the places I grew up and went to school. Drove by my grade school but didn’t stop in, still in session. Went by my junior high and there was my science teacher, she was probably a few years from retirement.

I said hi and we talked for a bit, told her “no, not a parent, you were my teacher almost 30 years ago”, and she got a huge smile on her face and was really happy one of her students recognized her and talked with her for a while.

Made the trip worth it, but I am glad she didn’t remember me. Was a shithead kid in junior high, but I think we all kind of were at that age.

Flummoxed , (edited )

This is the absolute best gift you can give a teacher, to come back and say to us, “You made a difference; I remember you.”

We don’t get to know if we really did anything unless this happens.

Source: watching my mum as a 40+ year teacher and my own 10+ years in the profession.

ETA: Space I could not live with.

PsychedSy , to memes in feeling old now?

What timing. I turned 41 this week.

Peddlephile ,

Happy birthday. I turned 40 this week too. Yay us.

PsychedSy ,

I don’t know if I’m okay celebrating a cyclist, but happy bday!

Arfman , to technology in Self-Driving Tesla Nearly Hits Oncoming Train, Raises New Concern On Car's Safety

You’d think the driver would have start hitting the brakes seeing how fast it was going towards the gates

friend_of_satan , to technology in Self-Driving Tesla Nearly Hits Oncoming Train, Raises New Concern On Car's Safety

What new concerns? All I see are preexisting concerns.

Nom , to technology in Self-Driving Tesla Nearly Hits Oncoming Train, Raises New Concern On Car's Safety
RedWeasel , to programmerhumor in that ain't legal either

Seriously. If you are going to do it, write in assembly or something else no one understands.

Ineocla ,

Tbh jia tan really wasn’t lucky some mf at Microsoft noticed a 500ms delay in ssh. The backdoor was so incredibely clever and Well hidden and ingenious i almost feel bad for him lmao

conditional_soup ,

A really good point I heard is: this was likely a state actor attack, so how many others just like this are out there, undiscovered?

B0rax ,

Unpopular opinion: what if it was not a state actor and just some bored person somewhere that thought it would be cool to own a bot net?

What if this is just one of many backdoors and it’s just the only one we found?

thisisbutaname ,

I heard that person actively contributed for something like 2 years, providing actually useful contributions, to gain the level of trust needed to plant that backdoor. Feels a bit too much to chalk it up to boredom.

As for the second part, that’s an interesting question. Are there lots of backdoors and we just happened to notice this one, or are backdoors very rare exactly because we’d have found them out soon like in this case?

Appoxo , (edited ) avatar

You’d be surprised what I manage with motivation and boredom.
You’d be surprised what a highly skilled scalled person can manage to achieve.

Boredom, Skills and Motivation are dangerous things to have if improperly handled.

neeeeDanke ,

highly scalled person

You might be on to something, it might have been the lizzard people!

trolololol , (edited )

Another speculation from the suse team was a private company with intent to sell the exploit to state across actors

I think there’s lots of known backdoors that are not publicly disclosed and privately sold.

But given the history of cves in inclined to believe most come from well intentioned developers. When you read the blogs from the Google security team for example, it’s interesting to see how you need to chain a couple exploits at least, to get a proper attack going. Not in this case, it would make it very straightforward to accomplish very intrusive actions.

PapstJL4U , avatar

The design is Moriarty lvls of complex. State actor might be too specific, but everything but a group of people would be highly unlikely.

agent_flounder , avatar

Nobody is both that bored and that motivated. Unless paid.

B0rax ,

You forget that a lot of brilliant open source projects are one man shows from geniuses somewhere around the world. They are usually not paid.

In the other hand, if you get your hands on a powerful botnet, you can rent out its services (like ddos for example) for quite a bit of money.

GissaMittJobb ,

Realistically I think it’s probably easier to acquire a botnet of less secure systems. This was a targeted attack.

B0rax ,

Easier, yes. But some people will do stuff because it is more challenging.

InputZero ,

Yeah, well that’s just, like, your opinion, man. (You mentioned the word opinion in a post referencing The Big Lebowski. I had to. Thank you for coming to my shit post.)

SzethFriendOfNimi , avatar

It’s scary to think about… a lot of people are now thinking about how we can best isolate our build test process so it works as a test suite but doesn’t have any way to interact with the output or environment.

It’s just blows my mind to think of the levels of obfuscation this process used and how easy it would be to miss it.

Vilian ,

the guy was even in microsoft he was at his house testing debian

RegalPotoo , avatar

Jia Tan probably wasn’t one person - most likely the identity was operated by a team of people at an intelligence agency, probably Russian or Chinese

TheGalacticVoid ,

I’m surprised that nobody suggested that he was a kidnapped dev. This seems like a different implementation of the pig butchering scams that target ordinary people.

davel , avatar
TheGalacticVoid ,

I wasn’t joking.

A good chunk of scam calls and texts come from people who themselves are victims of kidnapping. Many of those victims (primarily in Asia) got into the position they were in because they were looking for work, went to a different country to start a promised job, and then got trapped and forced to work for scam centers that do social engineering attacks.

These scam centers are sophisticated to the point where they can develop very legitimate-looking crypto trading platforms for targets in the US and other wealthy countries. They then assign one of the kidnapped people to a target. These kidnapped people then social engineer their way for months to get what their captors want - usually money in the aforementioned trading platform. Then, they cut all contact once they have control of the funds.

How does this relate to XZ? Well, if they can kidnap ordinary people looking for jobs, there’s not much stopping them from including devs in their pool of targets. Afterward, it’s just a rinse and repeat of what they’d done before.

If you want to look more into pig butchering, John Oliver has a great episode on it.

davel , avatar

You don’t kidnap extremely highly skilled internet malware developers and force them to code for you, you just pay them appropriately.

TheGalacticVoid ,

The malware, sure, but you’re ignoring how they were able to push the malware in the first place.

Iapar ,

Jupp. If you trap someone highly skilled and give that person a weapon, the chances are good that this person will use that against you.

Like how does a less skilled person know that this code will not send location to the police with a message?

TheGalacticVoid ,

A bit late, but the police are often paid by captors, so calling the police just leads to punishment.

OurToothbrush , (edited )

Any sources there or do you just lie for fun?

Edit: an article on this kind of

kieron115 ,

All they did was offer an opinion, chill.

winterayars ,

There’s a high likelihood it was Russian or Chinese work tbh. That’s a pretty reasonable take.

ElCanut ,

Aggressively writes a backdoor in COBOL

Wooki ,

Whoa hol up.

Write the build script in assembly?

Thats not okay man.

RedWeasel ,

No, it this case the backdoor. Hide it in plain sight.

Bene7rddso ,

Assembly wouldn’t run on multiple architectures

RedWeasel ,

Neither does the blob it downloaded. Would you think twice about AVX10 support if it was commented as AVX10 support in a compression library? Some might, but would they be the ones reviewing the code? A lot of programs that can take advantage of “handwritten” optimizations, like video decoders/encoders and compression, have assembly pathways so it will take advantage of the hardware when it is available but run when it isn’t. If the reviewers are not familiar with assembly enough something could be snuck in.

systemD is using dlopens for libraries now and I am not convinced malware couldn’t modify the core executable memory and stay resident even after the dl is unloaded. Difficult, yes, but not impossible.

HeyThisIsntTheYMCA , to memes in feeling old now? avatar

Have been for a bit

Rhynoplaz ,

It’s not really a shocker when you get reminded every year.

EmperorHenry , to memes in USB tunneling avatar

look at the plug and look at the hole. Square peg square hole

Hotzilla , to memes in ts moment

I refuse to use discord, it is basically malware. Selfhosting is the only way, and TS3 works great for that.

putty ,

how is discord malware?

Mubelotix , avatar


  • Loading...
  • lepinkainen ,

    The “servers” are actually called “guilds” in the API.

    Servers are just a marketing term

    JackbyDev ,

    They’re called servers in the UI though. Also, confusingly, there is a new feature coming called guilds.

    cobra89 ,

    Lol wut, they never claimed servers were independently controlled. Maybe you just didn’t look into what you were signing up for.

    When you go use different servers on Minecraft realms are you under any impression those are not controlled by Microsoft?

    When you choose a different server on World of Warcraft do you think it’s a non-blizzard server?..

    Like just because you put yourself into a state of bad false assumptions didn’t mean they tried to trick you. People have been saying this about discord from the beginning you just never cared to look.

    Did you actually think this or are you just inventing a person in your mind that this has happened to? Lol

    JackbyDev ,

    They’re called direct messages, not private messages. They’re not tricking anyone into thinking anything lmao

    Zoot , avatar

    No, but the entire point of renaming Private Messages to Direct Messages was exclusively so people would have the mindset you do.

    odelik ,

    Umm… People have been using the phrase “Direct message (DM) me” since forever in the game and online comms world. Private message wasn’t a concept until after DMs were later encrypted. And we always knew, that if we didn’t control the servers, even encrypted, those messages were subject the server operators.

    Your logic is giving me the impression that you’re younger and didn’t go through these experiences.

    Zoot , avatar

    Actually I am not younger, DM’s had always been Private Messages to me up until Facebook/MySpace and more people began flocking to the internet.

    JackbyDev ,

    No, the term PM has been around before DM was the norm. Forums generally used the term PM. Ironically, not remembering PMs being the term prior to DM is making me think you’re younger for not remembering it.

    odelik ,

    You’re right. Had to dig into my memory for this one and fact check myself.

    IRC, BBS, and most forums (of the era) used PM or SP. MUCKs and a few other tools used Whisper. ICQ introduced “IM me”. Part of me remebers using the term “DM” for IRC messages, but I used IRC fairly regularly well into the 2010s.

    However, the forum I spent a ton of my younger years on used “Direct Messages” which has likely polluted my memory. Since it was a technology related forum, that was probabaly a customization from the operator to distance everyone from the idea of “private” since everything was clear-text and unencrypted back then. That or I’m confusing “IM me” from the ICQ/AIM/MSN days.

    Point being, nobody thought “PM” meant secure and not visible to the server operators back then. It just meant that only you, the recipient, server operators, and 1337 h4xx0rz could see your messages.

    What a trip down edited memory lane that was. Thanks for fact checking me.

    JackbyDev ,

    I have never been under the impression PMs were unreadable by the people operating the service I send them on.

    Zoot , avatar

    Neither have I. Generally if I want the impression of it being private, it will need to be encrypted and a whole skew of other criteria comes in. Still doesn’t change the fact that growing up they were referred to as “PM’s” for the first half of my life.

    Hotzilla ,

    Huge RAM usage, wierd crashes, causes random lag in games, constant enshittification on-going. No thanks.

    ILikeBoobies ,

    That’s not malware, that’s just a bad product

    Hotzilla ,

    hyperbole, ever heard about it?

    ILikeBoobies ,

    Can you use it in a sentence?

    Hotzilla ,

    “Discord is bad product, hyperbolically said, it works like a malware.”

    ILikeBoobies ,

    I am sorry but I was not paying attention, could you repeat that?

    lemmylem ,

    Isn’t TeamSpeak proprietary though?

    Hotzilla ,

    Yes, but free

    lemmylem ,

    If you can’t audit the source code of the program, how do you know if TeamSpeak isn’t malware?

    Hotzilla ,

    Not everything has to be foss, it is in company’s best interest to not make it as malware. In last 20 years that I have had TS installed on my server and client, have I had it act like malware. Discord in the other hand has instantly caused issues. Not saying that TS3 doesn’t have had bugs, ofc it has had.

    lemmylem ,

    So you’re just trusting them to not do anything bad?

    Hotzilla ,

    I know that discord is doing bad shit, so yes.

    How often you read the source codes of your tool?

    lemmylem , (edited )

    I may not read the source code of every tool I use, but even if the average user doesn’t read the source code, having it available for inspection by others in the community increases security, trust, and overall software quality. All a user really has to do is look at the license of the software they use, typically a GPL or similar license, and consider how reputable it is. Not only that, but if you’re on Linux already, you can just get most of the software from your distro’s repositories.

    Hotzilla ,

    So no closed source commerical product should ever exist? Discord is one too, I am just selecting one that I can control.

    lemmylem ,

    No, you should have the freedom to use it if you want. All I’m saying is that you can’t really call TeamSpeak a better alternative, when they’re both just as bad (they’re both proprietary). If you’re looking for a better alternative, consider using Mumble, it’s FOSS.

    Hotzilla ,

    Other is selfhosting and other is service. I pick selfhosted.

    lemmylem , (edited )

    Self-hosting doesn’t really fix anything, the developers can still control the program and read all your chats/calls.

    ILikeBoobies ,

    If you can trust them not to do anything bad then they can trust you with the source

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • lifeLocal
  • goranko
  • All magazines