Technically, it’s not been my municipality that’s charged me, but those around me and where I work. I don’t vote there. My town didn’t exist when the people I’m researching were making records. And at the state level, it comes up every few years but dies in committee. Last time was in 2020, when it died due to the pandemic changes everyone’s focus. I’ll ping my local congresscritter and see if it can be revived–the person advocating for change recently retired, sadly.
Today, we have an exciting update: Duncan and Paul, alongside many other talented members at Hopoo Games, will now be working on game development directly at @valvesoftware
Well, we can also look at their other games for this. For example, in Dota 2, everyone has a behavior score, based on reports and such. This is used for matchmaking on top of skill, and lower behavior scores result in certain restrictions (like can’t speak, can’t ping as much, can’t play ranked, can’t pause).
Well, at the moment my network is actually flat :)
This is an experiment I’m doing because I wanted to have all the management stuff on a different subnet (eg. adguard dns is on the “regular” subnet everyone uses, but its web interface is on the special subnet only select devices can talk to).
Of course (like with most stuff in my homelab), it’s not like I really have a super-compelling security reason to that, it’s mostly that I wondered “what if?” :D
Oh. the ping option you are referring to is -I (upper case) and takes either an interface name or an ip. I did try giving a .10/24 IP to the PC and the results were consistent with scenario 1 (pings where source and destination are on the same subnet work, pings acrrss subnets don’t), so I didn’t mention that in the OP
I’m writing a program that wraps around dd to try and warn you if you are doing anything stupid. I have thus been giving the man page a good read. While doing this, I noticed that dd supported all the way up to Quettabytes, a unit orders of magnitude larger than all the data on the entire internet....
I don’t know how you’ve twisted your brain in a fashion that makes apples look like pencils.
You and the media are misquoting him as saying he is going to flee the country, possibly to avoid criminal prosecution.
He is literally saying it would be safer to have a meeting in another country due to decreased criminal activity and the threat of a Harris presidency.
There’s a valid conversation to have around his statement. We could be discussing the crime rates in the US compared to Venezuela and the rest of the world. We could be looking at Harris’ record as a prosecutor and her political agenda to this point. We could easily be debunking what he’s saying to pile on more evidence that he’s a liar. Instead, the public wants to go on and on about something he actually never said or even hinted at.
Moreover, what my concern here is, the public’s ability to read comprehensively is deteriorating at a rapid pace. People are disinterested in taking the time to read an article and obtain true facts in preference of engaging with others over their feelings.
Having genuine dialog with others is more about listening than it is interrupting them and spewing your ideas. Everyone’s reading a headline and reacting without taking the time to listen to the story, digest its meaning, consider other factors and context, then responding in a meaningful, relevant manner.
I’m personally observing a world that’s becoming less interested in having real relationships. People are struggling to interact with others in real life. Ragebait is just one value in a larger more complex experience that’s changing our relationships and our reality.
There’s a lot of noise in our lives today. Most of it serves as a distraction. It’s the constant churning of the “news” and the endless instant streaming of “content” and the pings and buzzing of our devices. If it hasn’t already, this noise is becoming an addiction. Without noise, we’d be faced with calmness and focused attention.
Trump is noise. It’s noise crated by him and his brand and the media organizations and influencers pining for your attention and engagement. This story is a fabrication. The story about him slurring during the interview is a misleading observation. It’s a money maker for content creators because we need noise. Musk saying there was a DDOS attack is a lie and a distraction. It’s the noises he’s injecting into the zeitgeist to pull our attention away from something else.
We all need to be better at reading comprehension and listening. Take a moment to understand what it is you’re commenting on before you just become more noise and a cookie jar for advertisers.
This is an unpopular opinion, and I get why – people crave a scapegoat. CrowdStrike undeniably pushed a faulty update demanding a low-level fix (booting into recovery). However, this incident lays bare the fragility of corporate IT, particularly for companies entrusted with vast amounts of sensitive personal information....
Getting production servers back online with a low level fix is pretty straightforward if you have your backup system taking regular snapshots of pet VMs. Just roll back a few hours. Properly managed cattle, just redeploy the OS and reconnect to data. Physical servers of either type you can either restore a backup (potentially with the IPMI integration so it happens automatically), but you might end up taking hours to restore all data, limited by the bandwidth of your giant spinning rust NAS that is cost cut to only sustain a few parallel recoveries. Or you could spend a few hours with your server techs IPMI booting into safe mode, or write a script that sends reboot commands to the IPMI until the host OS pings back.
All that stuff can be added to your DR plan, and many companies now are probably planning for such an event. It’s like how the US CDC posted a plan about preparing for the zombie apocalypse to help people think about it, this was a fire drill for a widespread ransomware attack. And we as a world weren’t ready. There’s options, but they often require humans to be helping it along when it’s so widespread.
The stinger of this event is how many workstations were affected in parallel. First, there do not exist good tools to be able to cover a remote access solution at the firmware level capable of executing power controls over the internet. You have options in an office building for workstations onsite, there are a handful of systems that can do this over existing networks, but more are highly hardware vendor dependent.
But do you really want to leave PXE enabled on a workstation that will be brought home and rebooted outside of your physical/electronic perimeter? The last few years have showed us that WFH isn’t going away, and those endpoints that exist to roam the world need to be configured in a way that does not leave them easily vulnerable to a low level OS replacement the other 99.99% of the time you aren’t getting crypto’d or receive a bad kernel update.
Even if you place trust in your users and don’t use a firmware password, do you want an untrained user to be walked blindly over the phone to open the firmware settings, plug into their router’s Ethernet port, and add https://winfix.companyname.com as a custom network boot option without accidentally deleting the windows bootloader? Plus, any system that does that type of check automatically at startup makes itself potentially vulnerable to a network-based attack by a threat actor on a low security network (such as the network of an untrusted employee or a device that falls into the wrong hands). I’m not saying such a system is impossible - but it’s a super huge target for a threat actor to go after and it needs to be ironclad.
Given all of that, a lot of companies may instead opt that their workstations are cattle, and would simply be re-imaged if they were crypto’d. If all of your data is on the SMB server/OneDrive/Google/Nextcloud/Dropbox/SaaS whatever, and your users are following the rules, you can fix the problem by swapping a user’s laptop - just like the data problem from paragraph one. You just have a team scale issue that your IT team doesn’t have enough members to handle every user having issues at once.
The reality is there are still going to be applications and use cases that may be critical that don’t support that methodology (as we collectively as IT slowly try to deprecate their use), and that is going to throw a Windows-sized monkey wrench into your DR plan. Do you force your uses to use a VDI solution? Those are pretty dang powerful, but as a Parsec user that has operated their computer from several hundred miles away, you can feel when a responsive application isn’t responding quite fast enough. That VDI system could be recovered via paragraph 1 and just use Chromebooks (or equivalent) that can self-reimage if needed as the thin clients. But would you rather have annoyed users with a slightly less performant system 99.99% of the time or plan for a widespread issue affecting all system the other 0.01%? You’re probably already spending your energy upgrading from legacy apps to make your workstations more like cattle.
All in trying to get at here with this long winded counterpoint - this isn’t an easy problem to solve. I’d love to see the day that IT shops are valued enough to get the budget they need informed by the local experts, and I won’t deny that “C-suite went to x and came back with a bad idea” exists. In the meantime, I think we’re all going to instead be working on ensuring our update policies have better controls on them.
As a closing thought - if you audited a vendor that has a product that could get a system back online into low level recovery after this, would you make a budget request for that product? Or does that create the next CrowdStruckOut event? Do you dual-OS your laptops? How far do you go down the rabbit hole of preparing for the low probability? This is what you have to think about - you have to solve enough problems to get your job done, and not everyone is in an industry regulated to have every problem required to be solved. So you solve what you can by order of probability.
Temu—the Chinese shopping app that has rapidly grown so popular in the US that even Amazon is reportedly trying to copy it—is “dangerous malware” that’s secretly monetizing a broad swath of unauthorized user data, Arkansas Attorney General Tim Griffin alleged in a lawsuit filed Tuesday....
There is some irony to be had, in discussing this stuff on a page that starts by asking me to login, then to be good and disable my ad blocker, only to proceed with keeping half the text of the article as images so you can’t copy+paste it… and even all the comments!
Using that as a baseline… the CPU type, memory usage, disk space, etc. are some extra data points freely available to all apps.
A developer can distribute an app with multiple versions, some targeting more modern and capable devices, some older and more limited. It’s a feature, not a bug!
*Other apps you have installed (I’ve even seen some I’ve deleted show up in their analytics payload - maybe using as cached value?)
This is overreaching for an app that has nothing to do with managing other apps. Still, you may want some app with those capabilities… so let’s call it “sus”.
*Everything network-related (ip, local ip, router mac, your mac, wifi access point name)
Your IP is… well, you’re using it to connect, they will see it, duh.
The rest is overreaching and comes into PI violation terrain, but can be used for geo location… the OS does it, that’s the data it uses to fine-tune the GPS’s location.
*Whether or not you’re rooted/jailbroken
Typical feature for banking ad DRM protected apps. Nothing to see here.
*Some variants of the app had GPS ping- ing enabled at the time, roughly once every 30 seconds - this is enabled by de- fault if you ever location-tag a post IIRC
Best answered by a comment [1] (SEE BELOW).
TL;DR: more DRM stuff.
*They set up a local proxy server on your device for “transcoding media”, but that can be abused very easily as it has zero authentication
This is somewhat sus, but a local proxy by itself, doesn’t mean any sort of risk, or that it could be exploited.
For example, Tor can be accessed using a local proxy (although VPN mode is safer).
The scariest part of all of this is that much of the logging they’re doing is remotely configurable,
Not exactly. It’s how feature flags, and remote testing/debugging works too.
and unless you reverse every single one of their native libraries (have fun reading all of that assembly, assuming you can get past their customized fork of OLLVM!!!) and manually inspect every single obfuscated function.
This is worse (why do they use a custom OLLVM fork?), and obfuscation usually means they have something to hide. It’s the opposite of security for the user.
They have several different protections ir. place to prevent you from reversing or debugging the app as well. App behavior changes slightly if they know you’re trying to figure out what they’re doing.
Not good, but unfortunately allowed. That behavior is shared by both DRM protected software, and malware.
There’s also a few snippets of code on the Android version that allows for the downloading of a remote zip file, unzipping it, and executing said binary. There is zero reason a mobile app would need this functionality legitimately.
False.
There are two legitimate reasons: plugins, and DLCs.
It can be used for shady stuff, but is also a “feature, not a bug”.
On top of all of the above, they weren’t even using HTTPS for the longest time. They leaked users’ email addresses in their HTTP REST API, as well as their secondary emails used for password resets. Don’t forget about users’ real names and birthdays, too. It was alllll publicly viewable a few months ago if you MITM’d the application.
Well, that’s just stupid, there is zero reason to send data unencrypted.
They encrypt all of the analytics requests with an algorithm that changes with every update (at the very least the keys change) just so you can’t see what they’re doing.
Ehm… this is the correct behavior. See previous point.
They also made it so you cannot use the app at all if you block com- munication to their analytics host off at the DNS-level.
Sus… but see the introductory part of this comment. Should boredpanda also be banned?
TikTok put a lot of effort into preventing people like me from figuring out how their app works. There’s a ton of obfuscation involved at all levels of the application, from your standard Android variable renaming grossness to them (bytedance) forking and customizing ollvm for their native stuff. They hide functions, prevent debuggers from attaching, and employ quite a few sneaky tricks to make things difficult. Honestly, it’s more complicated and annoying than most games I’ve targeted,”
This is bad, and a reason to use FLOSS apps… but since it’s been an accepted behavior for Privative Software, along with DRM… don’t blame the player, blame the game.
No, seriously, blame the DMCA and friends. There is no way to at the same time “enforce DRM, keep a copy of all keys at a trusted third party, and keep users secure”… so the current situation is “you get none of those”.
[1]
sr71Girthbird 39 points 1 day ago
Not OP but I work at a company providing video infrastructure, and one of our products is an analytics suite. It provides all the data he men- tioned and ton more. Turner, Discovery, New York Times, Hulu, and everyone’s favorite company, MindGeek all use our Analytics, among hundreds of other large customers. Specifically where this guy says, “Some variants of the app had GPS pinging enabled at the time, roughly once every 30 seconds” that’s called a heartbeat. The app or video player within the app has to have a heart- beat so that the player can detect if a viewer is still watching video etc. Our analytics + video player services send a regular heartbeat every 8 seconds. It definitely pulls in your exact location.
To everyone responding to this waterbearer for genocide, he’s got like seven or eight different accounts that FOUR ping in the modlog with a page of mod reports each. This fascist yankee pos literally has more modlog hits than TheAnonymouseJoker; all either bearing water for western terrorism or going for low-hanging insults on the people who try and push back. Don’t inconvenience the electrons; don’t feed the trolls.
We’ve got free local artisan coffee, organic fruit, mineral water, and beer. We turn the kitchen table into a ping pong table with a net after lunch for however long people want to use it and people do. At 17:00 everyone’s got a beer on their desk and by 18:00 the doors are locked and the lights are out. One Thursday a month the table is used for beer pong after work and we play card games like Exploding Kittens. Idk I like it here.
Not everywhere sucks. I’ve never worked an hour over my full-time requirements (ever), I get unlimited sick leave and no one shames me for missing a week as long as I call in properly. 31 Vacation days and company parties are nice too, plus paid travel time and nice hotel rooms. Also I’ve never made more money in my life and we’re all getting extra bonuses to cover the unexpected inflation.
Oh and I can work from home four days a week if I want to. Gotta come in that one day, but it’s a fifteen minute walk from my house so that’s just fine for me. I come in on Tuesdays because that’s when the company orders lunch for everyone (just one day a week but still cool).
You are a fucking moron if you put yourself at legal or financial risk for your employer. And that is what you are doing when you are using pirated software or other license misuse in a professional environment. Because you know what happens when Mathworks says “What the fuck? Why are we getting pings from the student version of Matlab at Innertrode?”? Your boss says “Oh shit. It must be Johnson. He went against our express instructions and this is a fireable offense”
And then you are fired and your boss doesn’t give a shit. Except you are also now the talk around the water cooler because you are a thief and you risked everyone else’s jobs in the process. Which tends to bode poorly when your former co-workers are on or near hiring committees at future jobs.
And if it was egregious enough that Mathworks is pissed? Guess what? Your company that you are willing to ride or die for is going to throw you to the wolves and do everything they can to get those fines on you because YOU were violating corporate policy.
If you can’t do your job without putting yourself at legal or financial risk then you won’t have a job for long. So rather than increase your risk until you get fired, start quiet quitting and interviewing elsewhere before the rest of the company gets sacked.
I feel like we need to talk about Lemmy’s massive tankie censorship problem. A lot of popular lemmy communities are hosted on lemmy.ml. It’s been well known for a while that the admins/mods of that instance have, let’s say, rather extremist and onesided political views. In short, they’re what’s colloquially referred to...
My first idea would be to have users report posts and ping a random sample of like 20 active and currently online users of the community and have them decide (democratically). That way prevents brigading and groups collectively mobbing or harassing other users. It’d be somewhat similar to a jury in court. And we obviously can’t ask everyone because that takes too much time, and sometimes content needs to be moderated asap.
Volunteering maybe. Church is crazy, you want me to join a whole ass religion just to meet a woman and then what, pretend to be christian for the rest of my life?! I’d sooner go back to the drink! Sports I’m not really into, and everyone keeps saying “don’t just do it to meet women” but like, that’s exactly what I’d be doing. Idk maybe like ping pong or something but idt we have a local ping pong league near me, I’ll look. Choirs are very churchy are they not? That’d be the same as either sports or church in either case, depending.
Yes, “where are the people” is essentially my question. Some insist “literally everywhere, just do the thing and let em complain, fuck em” which seems to be the leading suggestion. Another dude said his area has singles hikes and shit so I’m gonna check that out too if my area does.
Albion Online the MMO from Sandbox Interactive has now formally opened the gates for Europe and MENA (Middle East and North Africa) with their brand new server.
This will give players in those regions “substantially improved ping” the developers say, along with a fresh start for everyone playing on them.
Albion Online is a sandbox MMORPG featuring full-loot combat, a fully player-driven economy, and a classless “you are what you wear” skill system.
The game is fully cross-platform, playable across Linux, macOS, Windows, iOS and Android with a single account.
Timings of game and server events (territory battles, Crystal League, Faction Warfare, maintenance, etc.)
Albion Online has Native Linux support and is rated Steam Deck Playable.
The original article contains 259 words, the summary contains 116 words. Saved 55%. I’m a bot and I’m open source!
Disclaimer: Obviously this is for educational purposes only. I would personally never use my internet connection for anything illegal at all. I simply tested the below setup then deleted everything out of pure interest to understand how things worked and do not use any IPTV service. I love paying Netflix and other streaming...
After self hosting several services for a few users, with SSO, backups, hardware issues etc, I really appreciate how good the IT was in my old company. Everything was connected, smooth, slick and you could tell it was secure. I had very few issues and when I did, they were quickly solved. Doing this all at scale for thousands of...
I am a former IT Desktop drone…er…support worker… I used to swap towers for my local municipality back when Windows XP was being replaced with 7. I saw passwords on post-its attached to the monitor, mouse pad, and even under the keyboard or keyboard drawer (I had to get under desks to do the swap). Our policy was to remove those whenever we saw them and trash them in a different can across the building or a different one. They have a standard 90 day password cycle and most people couldn’t handle that. I would answer the phone often to 'unlock" their account after 3 attempts. My all time favorite when I would help an end user with software was when I would encounter someone’s “God Mode” icon for some of the registry hacks that used to float around. Everyone had Admin privileges (ironically), so it wasn’t really needed anyway.
Their primary server admins and IT folks in the main office were Top notch though. Never any downtime and the main security guy was very strong in making sure everything was adhered to. We, as desktop support didn’t have the master password to decrypt a laptop which was GPG protected and had to bring it to him if we had a user which locked themselves out. With great consternation, only a few machines would be allowed to XP and those were VLAN’d and isolated from the outside world.
The rest of the server admins handled everything with ease seemingly. The fun part was when they had a third party come in and do a security audit. No problems on the server side, but it wasn’t a success. They did the 'ol drop a flash drive randomly in different locations test. Knowing human nature, they knew someone would pick it up, plug it in and be baited with an excel file which looked like it had financials. Unbeknownst to the user, it sent a ping to their reporting server and the drive ID. Which was later reported back. They also did physical security penetration tests - walk in behind you type of thing. I remember seeing a group of guys non company ID badges try to follow me into the main IT office. I stopped them and asked who they were and what they wanted (this was a Govt building), and the look of confusion mixed with satisfaction from them that I stopped them was priceless. I let the head IT guy know who was at the door and left it up to them to unlock it for them.
I now work in a help desk position for a software company and miss those days of desktop support. But, I know for a fact that I.T. Guys an Gals don’t get enough recognition. They are the understated backbone of a company’s well-being especially when holidays and weekends are prime time for systems to fail and they are practically on call no matter what.
Hej everyone. My traefik setup has been up and running for a few months now. I love it, a bit scary to switch at first, but I encourage you to look at, if you haven’t. Middelwares are amazing: I mostly use it for CrowdSec and authentication. Theres two things I could use some feedback, though....
I’m not entirely sure what your getting at here, but git can be run as democratically as a crypto currency where the canonical version of the project is the one with the longest chain.
Which means elections. Which means a dude/committee in charge of a server. See the problem?
I’ll believe it when I see a real implementation. I think the problem is anonymity, I don’t see how we can set a system up such that the results are auditable but also impossible for anyone to tie a specific vote to a specific person.
This is a very very interesting topic that I’ve spent a rlly long time thinking about. I wish I had more energy to go in depth for this. The gist is this:
There will be a tradeoff between anonymity and “vote buying”.
You can have absolute anonymity by implementing a monero like blockchain. Each registered voter address gets one token. The thing that you can cast a vote for is also an address. The voter sends this token to an unknown address (that theoretically belongs to the voter themselves). Then, the voter votes from this address. This way, absolute anonymity is maintained as noone knows who sent the token to the address in the middle. BUT. I could buy votes like this too. I could bribe a voter to send their token to the middle address, which I control.
To prevent voter buying, you can have an open blockchain where all transactions are visible to everyone. However, you get pseudo anonymity here. Every registered voter address gets one token like above. No one except for the election commission knows which address belongs to whom. So while the election commission cannot manipulate votes, it can leak who voted for whom.
Now that being said, normal elections aren’t as theoretically anonymous as well. For ballots, your name is on the envelope. A compromised election commission could leak this info as well. For EVMs, one line of code could leak who you are. The person granting you entry can note down your information. The EVM can ping this person as to which vote was cast while you were in there.
Hence, in my opinion, the second option of the open blockchain is the best one provided that the election commission is under strict regulation (which it generally is in any case).
One car accident, endless spam calls (lemmy.world)
Risk of Rain developers join Valve, announced in a twitter post. (x.com)
Today, we have an exciting update: Duncan and Paul, alongside many other talented members at Hopoo Games, will now be working on game development directly at @valvesoftware
[SOLVED] Weird (to me) networking issue - can you help?
I have two subnets and am experiencing some pretty weird (to me) behaviour - could you help me understand what’s going on?...
What is the largest file transfer you have ever done?
I’m writing a program that wraps around dd to try and warn you if you are doing anything stupid. I have thus been giving the man page a good read. While doing this, I noticed that dd supported all the way up to Quettabytes, a unit orders of magnitude larger than all the data on the entire internet....
Donald Trump says he will flee to Venezuela if he loses election [Newsweek] (www.newsweek.com)
Headline slightly sensationalised compared to article content. But he did say he’d go to Venezuela if he loses.
CrowdStrike Isn't the Real Problem
This is an unpopular opinion, and I get why – people crave a scapegoat. CrowdStrike undeniably pushed a faulty update demanding a low-level fix (booting into recovery). However, this incident lays bare the fragility of corporate IT, particularly for companies entrusted with vast amounts of sensitive personal information....
Shopping app Temu is “dangerous malware,” spying on your texts, U.S. lawsuit claims (arstechnica.com)
Temu—the Chinese shopping app that has rapidly grown so popular in the US that even Amazon is reportedly trying to copy it—is “dangerous malware” that’s secretly monetizing a broad swath of unauthorized user data, Arkansas Attorney General Tim Griffin alleged in a lawsuit filed Tuesday....
Biden administration moving towards allowing American military contractors to deploy to Ukraine (www.cnn.com)
Start ups when that VC funding kicks in
Photoshop Terms of Service grants Adobe access to user projects for ‘content moderation’ and other purposes (nichegamer.com)
Lemmy.ml tankie censorship problem
I feel like we need to talk about Lemmy’s massive tankie censorship problem. A lot of popular lemmy communities are hosted on lemmy.ml. It’s been well known for a while that the admins/mods of that instance have, let’s say, rather extremist and onesided political views. In short, they’re what’s colloquially referred to...
U.S. workers are less satisfied with nearly every aspect of their jobs than they were a year ago, survey finds (www.cnbc.com)
Later, losers (lemmy.world)
We were in a discussion about preffered standard salt (Sea Salt) when.. (lemmy.ca)
I was once a streamer, I understand how low they can go…
Anon has nerdy hobbies (sh.itjust.works)
Albion Online now officially launched in Europe and MENA regions (www.gamingonlinux.com)
Meta spent $4.3 billion on its VR division in three months, and made *checks figures* $440 million in return (www.pcgamer.com)
On "World" vs. "Worldnews":
Hey all! Friendly neighborhood mod here!...
I figured out how to make IPTV as easy as using Netflix so you dont have to (lemmy.myserv.one)
Disclaimer: Obviously this is for educational purposes only. I would personally never use my internet connection for anything illegal at all. I simply tested the below setup then deleted everything out of pure interest to understand how things worked and do not use any IPTV service. I love paying Netflix and other streaming...
Appreciation / shock at workplace IT systems
After self hosting several services for a few users, with SSO, backups, hardware issues etc, I really appreciate how good the IT was in my old company. Everything was connected, smooth, slick and you could tell it was secure. I had very few issues and when I did, they were quickly solved. Doing this all at scale for thousands of...
Traefik Docker Lables: Common Practice
Hej everyone. My traefik setup has been up and running for a few months now. I love it, a bit scary to switch at first, but I encourage you to look at, if you haven’t. Middelwares are amazing: I mostly use it for CrowdSec and authentication. Theres two things I could use some feedback, though....
Please Stop (jlai.lu)
Replacement Proxmox (media/VPN torrent server) hardware suggestions
Hey everyone!...
Why AI is every businesses' focus right now
Source: tumblr.com/…/at-the-analysis-end-of-things-in-the…...