Trump has a point. The pool was vandalized. By Trump and his cronies. And they stole $14 million in the process. And also left the pool full of blue trash which will likely cost millions to remove.
@lemmy.world
Trump has a point. The pool was vandalized. By Trump and his cronies. And they stole $14 million in the process. And also left the pool full of blue trash which will likely cost millions to remove.
Not surprising. Web search from the Start Menu was always a bad idea.
Hell, I've had to deal with users getting their systems compromised because of this idiocy. User typed 'ms teams' in the start menu, clicked on the first link and ended up at an attacker's page which mimicked the official Teams download page. User clicked "Download", received the trojaned .msi file and ran it.
Sure, there's some blame to go around in that case (and we finally got some default configuration changes out of it), but the fact that Microslop's greed led to a malvertising link showing up in a user's Start Menu is indicative of everything wrong with Windows 11.
All of the above.
Is it that ISPs are being paid by tech-bros to assign them these IPs?
Bullet Proof Hosting is a thing. Some ISPs basically advertise to criminals about their ability to evade take down orders and unwillingness to work with law enforcement. So, some infrastructure ends up on these devices. However, the IP ranges from these services often get discovered and are added to public reputation and block lists.
Along side this, cloud providers are pretty bad about policing their networks. On my own home server, I have blocked much of the Digital Ocean IP space, as it's home to a lot of scanners, bots and other malicious traffic.
Is it that residential devices have been hacked /contain malware that does this?
This happens, a lot. The Mirai Botnet thrived on compromised home routers. People are pretty bad at updating their devices and many SOHO routers ship with some pretty bad vulnerabilities. It's only a matter of time until someone finds an unpatched or misconfigured router and adds it to a botnet. People also get phished or install trojans all the time, adding to botnets. Darknet Diaries just had a fantastic episode on the Bayrob malware, part of which was turning infected machines into a custom botnet.
Is it trivial for companies to assign themselves residential IPs?
Some ISPs just look the other way when they get reports of malicious activity on their network. Also, attackers can force a DHCP refresh and just get a new IP when the old one seems blocked. Getting one in the first place is often as simple as signing up for service and/or compromising someone's home PC and using it as a relay.
Paid volunteers are doing this for AI companies?
This probably happens. Afterall, we've already seen a company selling an AI product which was just workers in India.
Obviously this is a problem because one can rotate / cycle through residential IPs and if I aggressively block each offender in my logs permanently, then the next person assigned this IP who may be a legitimate user will be unable to access my site.
Look into Fail2Ban. This program monitors your logs and will ban IPs automatically based on criteria you set. This can include specific HTTP requests in your web logs. The ban can be permanent or can be time limited. For example, I have a container running in a cloud provider which I use to proxy requests through my ISP's CGNAT setup. There is an NGinx reverse proxy running there and I have fail2ban watching the access log. If certain request strings are seen, the sending IP gets dumped in a permanent jail. I also have it scanning the sshd logs and banning IPs which fail to login 3 times within a short period.
It's far from a silver bullet, but it's something which should be running on any web facing system. Attackers will always be rattling the door knobs. There is no reason to let them keep rattling away.
The real bitch is the $100k a month subscription fees and required internet connection. If he loses signal, his kidney shuts down.
Edge is just Chrome with a Microslop skin. They went from crushing Netscape so hard it got open sourced (mostly via monopoly shenanigans) to copying Google's homework. And their attempts at mobile anything has been failure (Windows CE) after failure (Windows Phone) after failure (Windows for ARM).
If it weren't for Office and companies' undying love of Active Directory and Exchange, Microslop would be a memory and little more.
I have trouble feeling sympathy for any company which didn't greet the Broadcom buyout of VMWare with a firm plan to migrate. Expecting anything other than "abusive conduct" out of Broadcom is like expecting to jump in the ocean and not get wet.
Ya. It's not really a new idea:
Thanks for sharing.
But, please stop using the curl command piped into a terminal pattern. Malicious actors have been abusing the fuck out of this pattern ever since the idiots at Anthropic decided that would be the official install pattern for Claude. I've been cleaning up infections based on people just blindly running shit like that constantly over the last couple months.
Folks, never run a random script from the internet, without being sure what you are actually about to run. If using AUR packages is considered risky. Random scripts being piped into a terminal ranks right up there with sticking your dick in a blender.
Then they transfered a file to /tmp/exp which was linux kernel CVE-2026-43500, nicknamed ‘Dirty Frag’, an RxRPC local privilege escalation. I had not patched these internal servers that nobody should have access to against this.
Lessons Learned #1:
Install your patches.
"But I have a firewall!"
That is not a sufficient control.
Install.
Your.
Fucking.
Patches!
Sadly, a reluctance to install patches isn't unique to Windows administration. I worked at a site with a well functioning Satellite infrastructure and support contracts with Red Hat. And we (InfoSec) were still chasing down admins to get their shit patched. Thankfully, we had NAC and authorization to disconnect systems that feel out of compliance. Most departments got with the program pretty quick when they ignored the "please patch all critical vulnerabilities in three days' email and ended up with a "you are out of compliance and have been disconnected" email.
And Docker had made the whole Linux situation even worse. So many devs love to spin up containers, basically disable any sort of firewall, don't bother with IP filtering. Oh and let's just use passwords for ssh. Also, who needs logs? It's a container, right. So, let's disable all logging and not forward those anywhere. Then they promptly forget about the container until we run a vuln scan and find it's got half a dozen RCE vulns and have to run them down and ask why the fuck it's still running.
Linux is a much better base to build on. But bad security hygiene is still rife and still really bad for security.
Yo ho, yo ho,a
[The rest of this comment has been removed per a DMCA take down request. Piracy makes The Mouse mad.]
As real as any valuation. Which is to say, what investors are willing to pay for a piece of a company may not always have the most firm association with the reality of a company's current state. And, the market can stay irrational much longer than you expect.
Wow. Learn something new everyday.
Thanks for sharing.
I don't have the capability to verify at the moment. But I suspect that a case I worked recently was related. A YouTube video was pointing people at a supposed plugin to make Claude free forever. The plugin was actually a Remote Access Trojan (RAT) and credential stealer. The initial loader was hosted on GitHub. The profile was fairly new and only had a couple updates, mostly adding the Trojan and README files.
Good. Tying aid to cuts in IRS funding was absolutely asinine. Failing to fund Ukraine, which is actually fighting for it's continued existence as a political entity is also asinine.
Yes, Hamas is a horrible organization; but, the Israeli Government isn't facing an existential threat and has not been an innocent actor in the situation in Gaza. Aid and support should come with strings attached to ensure the protection of civilians and property rights of the people being displaced.
If we could harness the energy of Regan spinning in his grave, we'd have a limitless supply of energy.
Imagine telling any conservative, during the Cold War era, that we could completely fuck Russia's military power and readiness, for years to come, by sending weapons to a relatively small country. They would be rushing to arm anyone and everyone they could, unintended consequences be damned. And yet, here we are with the GOP blocking exactly that sort of activity. And even better, there is a very real possibility that we aren't arming future terrorists this time around. Maybe that's the GOP's problem, Russia losing in Ukraine won't create an excuse in 20 years to kill more brown people.
Ford Motor Co.'s second-quarter profit more than tripled to $1.92 billion versus a year ago (source)
Revenue rose 12% to $44.95 billion
Kinda hard to drum up sympathy for the company when it's raking in almost $2 billion in profit per quarter. Yes, Ford is burning about $1billon per quarter on EVs right now. That's not something the workers should be financing. That's money the company is investing to be viable in the future. That sucks for the shareholders; but, they are the ones who will reap any benefits of that investment and they should be the ones eating the cost.
If something requires an "app" and a connection to "the cloud" for basic functionality, don't buy it. This sort of abandonment by the manufacturer will always happen. Maybe it will last longer. Maybe it will be next week. But once the company has your money, the last thing they want to do is to spend any of that money providing you with support.
Seems like MS is trying to run afoul of anti-trust laws, again.
I think it's pretty telling that so many of the people they talk to and a lot of the focus of the article isn't really about older gamers, it's about their money.
The opportunity is substantial. The 40+ segment in the US is on track to grow from $19 billion in 2022 to $43 billion by 2030, a 132% expansion at a moment when the rest of the industry is shrinking. These are players with the most disposable income, the longest gaming literacy, and the highest brand loyalty.
I'm in that "40+ segment" and I suspect part of the "problem" these companies face is that older gamers have seen the enshitification of so many of the brands we love. Our tolerance for bullshit is basically gone at this point. Micro transactions, season passes, fucking ads in games, all of that bullshit is a quick way to not get our money.
I also suspect "brand loyalty" is basically gone for the same reason. As a kid, I looked for the Electronic Arts logo. If I saw this logo on a game package, I knew I was looking at a good game. I haven't bought an EA game in years. I don't expect to buy an EA game any time soon and I basically ignore everything they do. Sure, if a trailer for Starflight 3 dropped, I'd sit up and take notice. I'd also expect it to be an enshitified mess wearing the skin of a beloved series to sucker me in, before pouncing on my wallet.
So ya, maybe just make good games and older gamers will inevitably buy them. I mean, Larian can pretty much say, "hi we're making..." and I'll have my wallet out and be pulling bills before they get any further. And maybe that's your "brand loyalty". Game companies who make good games and aren't private equity firms wearing the dead skin suits of brands we used to love.
thanks for using Leebra!
go to feed...
