CyberSeeker

@CyberSeeker@discuss.tchncs.de

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨What is your best isekai anime?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Re:Zero, Konosuba, Overworld, and That Time I Got Reincarnated as a Slime are some of the best, alongside SAO which started the modern version of the genre.
⁨Comment⁩ on ⁨Thousands of Linux systems infected by stealthy malware since 2021⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Shouldn’t be this hard to find out the attack vector.

Buried deep, deep in their writeup:

RocketMQ servers
- CVE-2021-4043 (Polkit)
- CVE-2023-33246
I’m sure if you’re running other insecure, public facing web servers with bad configs, the actor could exploit that too, but they didn’t provide any evidence of this happening in the wild (no threat group TTPs for initial access), so pure FUD to try to sell their security product.

Unfortunately, Ars mostly just restated verbatim what was provided by the security vendor Aqua Nautilus.
⁨Comment⁩ on ⁨Net neutrality is back as FCC votes to regulate internet providers⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
So if ISPs are once again common carriers, how can they enforce the TikTok ban? 🤔
⁨Comment⁩ on ⁨Why I ditched Gmail for Proton Mail⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
I believe this is already the case; domain reputation is weighted pretty heavily by Gmail and others, so it will take some months before you’ve established enough rep. Following SPF/DMARC/DKIM is crucial, followed with time your domain has been registered and typical outbound volume from your domain.
⁨Comment⁩ on ⁨Why I ditched Gmail for Proton Mail⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
That’s the benefit of a custom domain, I suppose; you can always change he provider without changing your email.
⁨Comment⁩ on ⁨Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:

What’s worrying about this report is that it’s coming from Google itself.

Google just bought Mandiant, one of the leading cybersecurity and threat intelligence firms. Therefore, Google is one of the leading cybersecurity and threat intelligence firms.

arstechnica.com/…/google-makes-second-largest-acq…

It’s now expected that Google would release this kind of report, seeing as they sell this as an enterprise service.

Mandiant has previously released this type of report regularly; for instance, they were the firm that disclosed the SolarWinds hack.
⁨Comment⁩ on ⁨Tesla is reportedly laying off ‘more than 10 percent’ of its workforce⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
Agreed, the echo chamber is real on Reddit/Lemmy. Easy to hate on Elon, but people are acting as if the old men leading most other Fortune 100 companies think any differently than he does. You can find the rare exception, but you’ll have a hard time living in modern society without your money filtering up to a bigot somewhere.

Elon just lacks the filter to keep himself from saying it.
⁨Comment⁩ on ⁨Best resources to learn more about networking⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
Don’t bother with the cert if it’s not your job, but at least look into CCNA Routing and Switching. There are tons of courses available, both in person and online, as well as numerous YouTube videos on the subject.

See if your local library or community college has an adult education center that provides a course. At some point, you will need to learn subnetting, which is just math, but practice makes perfect, and your life is easier if you have it committed to memory.

Proper written work is still one of the most effective ways to do this.
⁨Comment⁩ on ⁨Fairbuds are Fairphone’s proof that we really could make better tiny gadgets⁩ ⁨⁨8⁩ ⁨months⁩ ago⁩:
Why do you think they all opposed right to repair?

And specifically, right to open repair? They’ll happily send you a $600 TPM-locked biometric sensor, because they would control the market and ROI, but won’t let you buy a $90 alternative from someone else.
⁨Comment⁩ on ⁨Grok-1 chatbot code released – open source or open Pandora's box?⁩ ⁨⁨9⁩ ⁨months⁩ ago⁩:
Who cares if the code is open source, or pre-training weights are released? Virtually every Masters in CS student in 2024 is building this from scratch. The differentiator is the training dataset, or at worst, the weights after fine tuning the model.
⁨Comment⁩ on ⁨What's the deal with Docker?⁩ ⁨⁨9⁩ ⁨months⁩ ago⁩:
Sorry if I’m about 10 years behind Linux development, but how does Docker compare with the latest FlatPak trend in application distribution? How you have described it sounds somewhat similar, outside of also getting segmented access to data and networks.
⁨Comment⁩ on ⁨You guys should check out the reddit clone I've been working on⁩ ⁨⁨9⁩ ⁨months⁩ ago⁩:

Reddit is not a “big corporation”.

Say what? Their attempts to obtain a 6.5 billion dollar valuation says otherwise.

cnbc.com/…/reddit-seeking-a-valuation-of-up-to-6p…
⁨Comment⁩ on ⁨You guys should check out the reddit clone I've been working on⁩ ⁨⁨9⁩ ⁨months⁩ ago⁩:
Linked List Array Node Key Value Pair Attribute
⁨Comment⁩ on ⁨The White House wants to 'cryptographically verify' videos of Joe Biden so viewers don't mistake them for AI deepfakes⁩ ⁨⁨10⁩ ⁨months⁩ ago⁩:
Good catch, and appreciate the additional info!
⁨Comment⁩ on ⁨The White House wants to 'cryptographically verify' videos of Joe Biden so viewers don't mistake them for AI deepfakes⁩ ⁨⁨10⁩ ⁨months⁩ ago⁩:
Bingo. If at the limit, the purpose of an AI is to be indistinguishable from human generated content, then watermarking and AI detection algorithms will be absolutely useless.

The ONLY means to do this is to have creators verify their human-generated (or vetted) content at the time of publication (providing positive proof), as opposed to attempting to retroactively trying to determine if content was generated by a human (proving a negative).
⁨Comment⁩ on ⁨The White House wants to 'cryptographically verify' videos of Joe Biden so viewers don't mistake them for AI deepfakes⁩ ⁨⁨10⁩ ⁨months⁩ ago⁩:

There are other videos that will hash to the same value

This concept is known as ‘collision’ in cryptography. While technically true for weaker key sizes, there are entire fields of mathematics dedicated to probably ensuring collisions are cosmically unlikely. MD5 and SHA-1 have a small enough key space for collisions to be intentionally generated in a reasonable timeframe, which is why they have been deprecated for several years.

To my knowledge, SHA-2 with sufficiently large key size (2048) is still okay within the scope of modern computing, but beyond that, you’ll want to use Dilithium or Kyber CRYSTALS for quantum resistance.
⁨Comment⁩ on ⁨The White House wants to 'cryptographically verify' videos of Joe Biden so viewers don't mistake them for AI deepfakes⁩ ⁨⁨10⁩ ⁨months⁩ ago⁩:
Digital signature as a means of non repudiation is exactly the way this should be done. Any official docs or releases should be signed and easily verifiable by any public official.
⁨Comment⁩ on ⁨BitLocker encryption broken in less than 43 seconds with sub-$10 Raspberry Pi Pico — key can be sniffed when using an external TPM⁩ ⁨⁨10⁩ ⁨months⁩ ago⁩:
When using an external TPM. Which next to no one does.
⁨Comment⁩ on ⁨The library of Anonymous' hacked/leaked datasets is in danger of being closed⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:
They’ve been around since 2018, and with only two weeks notice, now are saying they need $150k?! Who the fuck is their CFO, and how did their burn rate get so out of control? Shouldn’t they have started the campaign months ago if this was an expected problem?

This just fucking reeks of embezzlement; grossly mismanaging the funds charitable individuals had entrusted them with.
⁨Comment⁩ on ⁨Linux devices are under attack by a never-before-seen worm⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:
Linux devices are under attack by a commonly seen, easily preventable attack
⁨Comment⁩ on ⁨3 senior OpenAI researchers resign in the wake of Sam Altman's shock dismissal as CEO, report says⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
Any competitor worth their salt will match and exceed that as a signing bonus.
⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
I wouldn’t immediately jump to that conclusion. There are plenty of legitimate business opportunities that do not imply “taking money to promote products”. Even properly disclosed free samples are standard operating procedure for the tech industry, but they are completely above board, and by themselves do not imply bias.
⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
The biggest mistake users will make is thinking their data is safe JUST because they have a NAS or a RAID. It’s common parlance in Systems Administration that RAID is NOT backup.

To wit— not truly understanding RAID and how it relates to capacity, parity, and especially the time required to rebuild in failed disk situation. It is a crucial mistake to use RAID 5 with eg greater than 2TB disks, and even that is pushing it, but RAID 5 is at least in the zeitgeist.

There are also some outside concerns such as Drive batch dates and knowing to pre-purchase spare disks well in advance that may hamper recovery.
⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
You are absolutely correct— major blog hosting, image hosting, and video hosting sites are all “free” for the content creator, but YouTube by far has the largest audience and highest monetization rates of any of them.

This is just creators buying in with their wallets; it makes sense to go where the money is, even if the format sucks for the idealized content consumer.