Hypothetically, if you burned out so hard that you quit your job with no backup plan and your options were either look for a new job immediately knowing you're not over the burnout yet, or move somewhere cheap but miserable and take as long as you need, what would you pick?
Infrastructure used to maintain and distribute the Linux operating system kernel was infected for two years, starting in 2009, by sophisticated malware that managed to get a hold of one of the developers’ most closely guarded resources: the /etc/shadow files that stored encrypted password data for more than 550 system users, researchers said Tuesday.
The unknown attackers behind the compromise infected at least four servers inside kernel.org, the Internet domain underpinning the sprawling Linux development and distribution network, the researchers from security firm ESET said. After obtaining the cryptographic hashes for 551 user accounts on the network, the attackers were able to convert half into plaintext passwords, likely through password-cracking techniques and the use of an advanced credential-stealing feature built into the malware. From there, the attackers used the servers to send spam and carry out other nefarious activities. The four servers were likely infected and disinfected at different times, with the last two being remediated at some point in 2011.
An infection of kernel.org came to light in 2011, when kernel maintainers revealed that 448 accounts had been compromised after attackers had somehow managed to gain unfettered, or “root,” system access to servers connected to the domain. Maintainers reneged on a promise to provide an autopsy of the hack, a decision that has limited the public’s understanding of the incident.
In 2014, ESET researchers said the 2011 attack likely infected kernel.org servers with a second piece of malware they called Ebury. The malware, the firm said, came in the form of a malicious code library that, when installed, created a backdoor in OpenSSH that provided the attackers with a remote root shell on infected hosts with no valid password required. In a little less than 22 months, starting in August 2011, Ebury spread to 25,000 servers. Besides the four belonging to the Linux Kernel Organization, the infection also touched one or more servers inside hosting facilities and an unnamed domain registrar and web hosting provider.
A 47-page report summarizing Ebury's 15-year history said that the infection hitting the kernel.org network began in 2009, two years earlier than the domain was previously thought to have been compromised. The report said that since 2009, the OpenSSH-dwelling malware has infected more than 400,000 servers, all running Linux except for about 400 FreeBSD servers, a dozen OpenBSD and SunOS servers, and at least one Mac.
@dangillmor JFC What absolute horseshit - we don't want to be Pravda??? Nobody was asking them for bias towards Biden - call him out if you can! We're asking them to hand Trump's ass to him for all the shit he does. It's not about Biden! It's about their reporting on Trump. If you are on the morning newsdesk and you rank your zillionth 'Biden is old' story more newsworthy than the daily torrent of shit from that asshole you are showing supplicant bias for Trump.
@rbreich Why do we pretend that employees pay tax anyway? It never hits your bank account. I don't think the rate is the problem. It is that most big companies -and not just people like Donald Trump- get to dodge it for decades and don't pay a fraction. If you had a reasonable flat non-deductible rate on gross it would be fairer. Also vary by category e.g. tax fossil fuels out of existence instead of checks notes subsidizing them wtf.
@malwaretech I would contend that in-person protesting is more risk prone than remote, putting yourself in immediate risk of unlawful arrest thereby curtailing your protest productivity, with remote you can cover more issues, have better protest-life balance, reduced carbon emissions and a smaller environmental footprint, remote protests can be much more impactful on say major stakeholders financial interests though a higher skill level obviously required than chaining oneself to a hydrant.
@nixCraft yes isn't it weird that the opensource champion napster generation of copypasta code monkey legends are now complaining about machines stealing their work.
@tivasyk It's not suggesting anarchy. It is a very valid imho commentary on how a two party system is little better than a single party system, just changing the guard. I think a multi-party system is preferrable personally or a best of all benevolent dictatorship by me. I get that OP might not understand their own meme. I found it amusing.
@lain Seriously though, 60% of Americans are a couple of missed paychecks (or minor illness) away from ruin. Their lives are flashing before them. It's an absolute disgrace for #1 country in the world. They work much harder, for much longer hours and frankly deserve better.
@dangillmor Multiple targets at the airport, nuclear facility were hit 20 minutes ago in Isfahan. Raid siren, and some sort of primitive air defense/flak. Same in Baghdad and Syria.
Bxh6 - Lei Tingjie offered to sacrifice her dark-squared bishop against Anna Muzychuk in Round 11 of the Women's Candidates! Would you have taken it? 🤔
I'm always impressed the IRS makes you verify your identity before paying, as if there are rogue actors looking to pay other people's dues in the dead of night.
@parismarx Someone who does not understand or value film or probably any art. OpenAI Sora tool does show what can be achieved in terms of on-the-fly scene generation, so that games can become hyper-realistic blurring cut-scenes and play. But not soon. He can manage a few seconds. I always think that if you have to pump it maybe it isn't that hot. Anything truly "game-changing" will sell itself.
@NickEast@sciencefiction@writers@writingcommunity@writing Lucian of Samosata wrote about a lunar voyage. A satirist, his sarcastically named 'True Story' ridiculed the equally fantastical, (Greek) religious myths and fables of the time. I think this rationalism is what distinguishes it from say, Gilgamesh. Various others wrote about travelling to the Moon - after Shakespeare, 'The Man in The Moon' by Bishop Godwin. Kepler's 'Dreams'! Sadly I am too ignorant of Asian sources.
I’ve said it before and I’ll say it again, most of y’all don’t know what it’s like to be a fediverse developer of a popular project and have to deal with all the negative feedback and personal attacks
Let’s be nicer to the devs of the fediverse who have been doing this mostly unpaid for the greater good, all I ask is for basic respect!
Anfora, Prismo, Firefish and dozens of other projects have been abandoned by their devs, and I’d bet the fediverse mentality towards devs is part of the reason
@dansup Dev abuse is why key packages end up with ill-intentioned maintainers. #xz Spoilt little brat problem has dogged open-source since forever; entitlement of some people is absolutely staggering. 'negative feedback' being any complaining without a supplementary ticket/issue. Generally I have been lucky (your user demographic really makes a difference apparently) - "non-technical" people being much more respectful and appreciative.
4 years ago this week, Covid panic buying hit stores near me. I remember getting home from a work trip and heading out with my wife and kids to get groceries for the weekend and didn’t realize that this was going on.
@malwaretech@jerry Most people these days will be unfamiliar but there used to be an early business market segmentation/snooty term over a century ago, referred to a part of the Midwest as the 'Corncob and Catalog' belt, which defined two distinct class based demographics, namely those poor people who used corn husks and those lower middle-class who used pages from the Sears-Roebuck catalog, a proto-Amazon mail order company at that time. Not a vampire btw
@jerry Incredibly powerful SOU speech. He came out throwing punches and didn't stop. SCOTUS got it in the neck too deservedly. I saw a lot of maggots uncomfortable squirming. And no lies. It's all perfectly true. They had nothing on him and he had everything on them. Hard to say he is senile when he is talking without cards. I challenge anyone to give it a go - it is rock hard at any age.
@taylorlorenz I think a big part of conspiracy theories is giving bunk the same importance as facts. The both-sides thing really does play into hands of disinformation campaigns and conspiracy theorists ability to flood the zone with shit. People who would previously been regarded as cranks being elevated to the same status as scientists and other subject matter experts by a media that does not know or care what their job is.
"It is not the first time we have seen irresponsible rhetoric from Vladimir Putin. It is no way for the leader of a nuclear armed state to speak," State Dept. spokesman Matthew Miller tells reporter hours after the Russian president warned Western countries they risk provoking a nuclear war if they send troops to Ukraine.
@w7voa They say this every week. Medvedev goes on TV after his bender and says they are going to nuke Ukraine and Poland and take over Dublin. We should reach out to Beijing to give them the heads up on a pre-emptive strike. Seems too risky to wait with this kind of rhetoric - could happen any minute lol.
They state that customers "contractually consent" to such use, but good luck finding it in their Terms of Service. There also doesn't appear to be a way to withdraw consent, but I may have missed that.
@gvwilson Docusign is very often used for employment contracts. How do those people have a meaningful choice? They won't. We use Adobe but I am wondering now whether they do the same.
@jerry Not at all in fact my grandfather was a 'Gentleman Barrister', took the bar as an entirely cerebral exercise and eventually became a QC. If you have a good memory, sharp wit, analytical mind, charisma, natural gravitas and are a complete scoundrel you will go far.
@jerry aww. Jerry Bell KC has such a nice ring to it. And look! You already have the wig. Shame to waste it. I could even put you in touch with a partner in a firm that specialises in IP and information security.
Right about now is when I really miss Twitter. I’ve had a shit couple of days and it’s be nice to escape into Twitter where I had an amazing community and amazing friends that would just let me vent endlessly if that’s what I needed.
@shellsharks@sycophantic Often longed for a non-java alternative to burp and zap. So this sounds great but why does it need a login to run a local instance? 🤔 So that's the deal breaker. I wouldn't use burp's own collaborator. Actually portswigger now ask for an email (not sure how long that has been the case as I don't use CE). My decade long side project to rewrite them all in python is not dead, NOT DEAD I TELL YOU.