The initial access seems to include an Apache CVE from 2019 and a WordPress plugin CVE from 2017. Honestly, UCSD should write a “thank you” letter to Androxgh0st for highlighting their poor patch management, and only using it for C2 in the process. Rather than as a beachhead into the network for a full-blown ransomware attack.
If your patch management is this bad, you shouldn’t be allowed to put stuff on the internet.
First question which popped into my mind was, “Will they force Defender out as well?”
Or, is Microsoft about to abuse it’s position to stifle competition? Again.
do anticheat count as antivirus?
No. But, from the article:
Microsoft has been speaking with game developers about how to reduce the amount of kernel usage
The CrowdStrike fiasco was finally enough for Microsoft to look at forcing drivers out of the kernel. This is absolutely a good thing and will hopefully lead to a more stable Windows.
Theoretically, browsers could even stop from the JS engine from being started for the site in the first place.
The NoScript extension is basically this. Most of the client side stuff is off by default and you can enable it per-domain. It breaks a whole lot of websites, but often in ways where the main content of a website is still readable. Over time, you can build up a list of “allow by default” domains and most of the web you care about works. Though, you may have to spend a moment or two sorting out permissions when you visit a new site.
While I don’t doubt that Iranian backed groups are more likely to target US based assets, I’ve been reading these reports for the last couple days and the “guidance” coming out of the US Government (USG) has been incredibly lackluster. CISA is basically saying, “use MFA and don’t use default passwords.” No shit, should I also plug in the power cord? It’d be great if some sector of the USG would publish something useful. Like a rundown of TTPs or even IoCs. The USG no doubt has a ton of SIGINT on these groups, and I understand that they can’t share all of it; but, fuck me could you at least put something more useful out than “use MFA”?
That actually sounds like a reasonable response. Driving assist means that a human is supposed to be attentive to take control. If the system detects a situation where it’s unable to make a good decision, dumping that decision on the human in control seems like the closest they have to a “fail safe” option. Of course, there should probably also be an understanding that people are stupid and will almost certainly have stopped paying attention a long time ago. So, maybe a “human take the wheel” followed by a “slam the brakes” if no input is detected in 2-3 seconds. While an emergency stop isn’t always the right choice, it probably beats leaving a several ton metal object hurtling along uncontrolled in nearly every circumstance.
War is Peace. Freedom is slavery.
And now for your Five Minute Hate.
I’m willing to withhold judgement. But, Chosen’s website reads like bog standard vulture capital trying to pretend they are not going to ride in and enshitify anything they touch. With lots of broad claims about being “community driven” and AI art. Maybe this will work out; but, I wouldn’t be putting money on it.
That said, I don’t blame Dark0ne for wanting to step back. He’s be running this wonderful site for the community for a long time and deserves the opportunity to go do other things. I wish him the best of luck and I hope that NexusMods survives this transition.
I work for a fairly large company, and we’re hearing about “AI” constantly. CoPilot is available and its use encouraged. Also, in the cybersecurity space, AI is fucking everywhere. Vendors won’t shut up about their “AI Enabled” products. And the new hotness is “Agentic AI”, which is basically automation, but we’re going to let AI hallucinations fire off the automated process which could bring production systems down.
Good times are surely coming. /s
As other folks have already covered, most modern websites use TLS (formerly SSL) which will encrypt any thing going to/from those sites. Someone could redirect a page to a server they own and try to get you to enter your credentials into their site for harvesting, though you’d probably notice due to errors related to the security certificate. There is a risk here, but it’s not all that bad. Just pay attention to any security errors and maybe don’t go to high value sites (e.g. banking websites). There are some highly technical attacks (e.g. TLS downgrade) which could pose a risk. But, it’s not all that likely, and you’re probably fine. For the most part, you can ignore the “zomg! you need a VPN” ads clogging up YouTube. Yes, they have a use case. No, that’s probably not you.
The other consideration is the security of your system itself. If you are running and old and vulnerable OS, it’s possible that an attacker could use the greater exposure to attack your system. For example, if you are running a Windows 7 system, there’s a real chance that you don’t have the EternalBlue patch applied or some other remote exploit vulnerability can be used to compromise your system. Even with a newer OS, if you haven’t been installing updates, you could have some holes which would allow an attacker in. Though, for most situations, there’s not going to be an attacker just waiting to pounce on your system. So, you probably don’t need to be worried. But, it’s also a good reminder to keep your system up to date, if you’re going to be using WiFi regularly. Some folks just get bored and start poking at anything around them. Make sure the doors are locked when those folks rattle the handle. It can also be useful to have a host based firewall running, even just setting the network to “Public” in Windows will do a lot to mitigate this risk.
Security is always going to come down to a trade off between risk and convenience. Public WiFi can be very useful, but it does carry some risk. In most situations, you can mitigate that risk by keeping your system up to date, having a host based firewall running (even if its just Windows setting the network to “Public”), watching URLs/Links carefully and watching for certificate errors in your browser.
On the Privacy side, assume someone can track the domains you are visiting (though likely not the full URL). If you use normal DNS, the network owner can look at DNS logs and know all the sites you visited. Even if you use a different DNS server, the network owner could be sniffing the packets on the wire (DNS is not encrypted). Additionally, WiFi is logically a bus topology; so, anyone on the same network could be sniffing packets and also get all your DNS traffic. This is a good use case for DNS over HTTPS (DoH). With DoH, you can stick to a DNS provider of your choice and get TLS encryption to keep things private. Anyone sniffing packets would know that you are using DoH and would likely know what provider you are using, but not see the contents of the DNS queries.
Of course, even with DNS traffic encrypted, most web servers still rely on Server Name Identification (SNI) to determine the host you are connecting to. The end result of this is that the domain you are visiting is sent, unencrypted over the wire and could be sniffed. There are solutions for this (e.g. eSNI), but they are not widely adopted yet. So, assume that anyone sniffing packets can get a list of the domains you are visiting. If this poses a serious risk to your safety (e.g. you are a journalist working in a repressive regime), this is a use case for a VPN. Though, using a VPN may be obvious to anyone monitoring and they could apply Rubber Hose Cryptanalysis to the problem.
The tl;dr of this all is, you’re probably fine. The fact is, it’s more likely that no one gives a shit about you and all the other folks on that public WiFi are too busy looking at cat pictures to try and hack you. A few simple security hygiene things will cover the 99% situation, and the other 1% isn’t worth worrying about.
But, we’ll know where the aircraft is. It’s a built in, instant location flare. No more aircraft disappearing and not being found.
It’s rather amazing that this one guy keeps churning out fixes for FromSoft’s complete inability to understand multiplayer.
That said, I do plan to try the vanilla setup first (finishing up Shadow of the Erdtree before we change over). I just worry about my wife and I dropping into a session and having some rando who either wants to faff about; or, we run into the type of toxic behavior which seems to inundate online games. We had pretty good luck with Vermintide 2, back in the day. But, with way too many years of playing WoW, we’ve also run into a lot of assholes. And we just don’t have the patience for that sort of thing anymore.
Well, the world should have moved on to IPv6 a long time ago.
Imagine the flight envelope as a graph. Going further to the right means going faster. Going further up means going higher. The goal of test flights is to push against the upper-right hand corner of that envelope. Unfortunately, that’s also where your postage gets stamped.
Um yay, I guess. I’m always for more options. And maybe there is a market out there for the “game from the cloud” idea. Personally though, I’d rather just play a game on the Steam Deck directly. Or, if that’s somehow not an option, stream the game from my own PC to my TV via SteamLink. In no world do I want to pay for a subscription to play games on a device where I can just play that game locally.
While an interesting idea, this sounds like an organization designed to separate some doofus investment manager with a lot of capital before inevitably folding because companies won’t give a damn. Sure, if we were to pass laws allowing us to hunt down anyone responsible for using blue LEDs on devices which did not specifically need blue light, and burn their eyes out with a hot poker. Then, such a certification might make sense. But, so long as there are no repercussions for companies making horrible design decisions, why would any company pay for a certification like this.
No, if you open a terminal and run:
sudo dmesg
You should get a long output which is the kernel log. Assuming the crash happened recently, there may be something in the last few lines (bottom of the output) which could indicate why the process died (or was killed). Keep in mind that this is a running log; so, if it’s been a while since the crash, the entries for it may be higher up in the log. It’s often best (if you can) to trigger the problem then immediately go run the sudo dmesg command and look at the output. With luck, there will be useful logs. If not, you may need to look elsewhere.
On my system (Arch), if I have too much running, the kernel can kill processes based on resource starvation. It’s quite possible you’re running into a similar limitation. There should be a message in dmesg when this happens.
Not terribly surprising, Google would often direct me to StackOverflow threads as I was googling for an answer to a question. And as often as not, either the question was closed; or, instead of anyone providing an answer, the commenters would spiral off into questioning everything about the original question asker’s life choices. While I do get the whole XY Problem, this sort of thing seemed to be over-used on SO.
Granted, I don’t know if AI answers are any better. Sure, they can answer a lot of the simple questions, but I’ve not seen them be useful on hard, more obscure questions. Probably because those questions don’t have ready answers on SO.
Valheim.
Mistlands - Not because “whaaa, Mistalnds hard”, but because the whole area is built around verticality and the game engine most certainly is not. Combat is Valheim is generally pretty good, but after a reasonable amount of playtime, you will experience the frustration of swinging under/over enemies, because of minor variations in terrain height. Mistlands dials this problem up to 11, with the added bonus of enemies which specifically take advantage of this problem.
The Mistlands also turns exploration into a boring, grindy chore. The shorelines are a nightmare to sail around and even with the wisp, the mist is always too close to deal with said shorelines. So, you’re hoofing it through terrain which is designed to be difficult to navigate and move across. The feather cape helps, a bit. But, you’re still going to spend way too long faffing about, jumping up one side of a ridge and floating down the other, only to find that you’re in a gully with nothing useful and need to jump up the other side. Seeing dungeon entrances at any range is impossible. Enemies regularly pop out of nowhere and you’re forced into dealing with the combat verticality problems.
I’ll also throw a bit of shade at “Refined Eitr” as a resource, though I think the problem is less the resource and more the grind to get the parts for it. To start with, you need to make a Black Forge, to make that you need Black Cores, to get Black Cores, you need to spend hours in the mists hoping to stumble across one or more dungeons to get the cores. And inside the dungeons, expect lots of combat where the verticality problem is on prominent display. Now that you have the Black Table, you get to make the Eitr Refinery, which requires more Black Cores. Hope you enjoyed getting them the first time! Ok great, more cores obtained, time to go stumbling about again looking for Soft Tissue. With any luck, you’ve been mining (or at least marking) nodes along the way. Though, expect to spend more time lost in the Mists, you need a shit ton of Soft Tissue. Thankfully, this is a resource you can take through a portal, so that’s nice.
And finally, you get to raid Dverger towns for a required material to extract sap, a Sap Extractor. “What about trade? Vikings were well know traders”, you ask. Nope, fuck trade, all that gold you’ve been collecting, go spend it on some clothes which you will never actually use. You want a Sap Extractor, put on your killing pants and get raiding. Ok fine, we have our Sap Extractor covered in Dverger gore. And that gets us to the least horrible part of our Refined Eitr. Sap extraction is not terrible, find a spot with several roots in close proximity and just rotate a few extractors through them.
Right let’s get our Eitr Refinery built…and why the fuck is one of the input ports on the top? Ok whatever, I’ll build some stairs and…why the fuck is this thing tossing off damaging sparks? Yes, I know you can wrap it in iron bars, but seriously what the fuck? Why is this even a game mechanic? It’s really the perfect metaphor for all of the Mistlands. It’s needlessly annoying and doesn’t really provide anything positive for gameplay or fun. Just another pointless grind tossed in because, “players like hard things, right?”