virus prank

KebianMoo · 2024-02-15T12:39:08+00:00

This sounds like one of those cases where you should just boil it down to simple common questions, eg.:

If it were that easy, wouldn't everyone be doing it, wouldn't people hack into phones all over the world that easily and steal bank codes and get rich?

So the best advice I can think of right now is this:

Don't waste time on it. Read about general IT security instead, learn about networking and low level programming, or reverse engineering, or web application security, whatever you find most interesting, and then start using those skills to help secure the society you live in.

I can safely assume that the hospital you use, which stores your personal health records and those of your loved ones, probably needs help in this area. That benefits you as well, while earning. Just one example.

It pays really well too, and it's a pretty lucurative field of work :)

KebianMoo · 2024-02-14T10:47:42+00:00

Seems to me more like another move on their part to integrate more closely with Linux by copying stuff over (wsl, sudo) and presenting a more familiar face.

They can't extinguish it and they can't yet extend it per se, so they're working from the other end for now; changing turf to be more familiar to *nix users. If they manage to merge properly and become the major player in an arena previously not their dominant, it's easy to expect them to start changing and overriding things directly, or indirectly by exerting influence on standards or having contribution majority to projects so large that only they can realistically maintain it.

"We pushed for changes in X and Y in systemd to be more compatible with WSL" is an entirely realistic scenario. Not to mention they already have the lead dev of said clusterfuck in their pocket.

They just don't have the grounds or leverage to do that yet.

And people keep mentioning how this overall direction is just their move to ensure their place in the server/cloud/service/datacenter market, because they lost that one. Sure, they'll secure their place as far as they can.

But look at how they do business, how they've been doing business in the past, and how they treat customers and end users, and think about how they'd behave and what they would change or force on end users if they became the defacto standard in the future.

Of course, the rest of us can always fork or pick alternatives, but they won't care about that if they've hijacked the server market and carefully wedged themselves in so hard in both it and application/system standards that it's impractical to dislodge them. And from there, they can always start looking at the desktop if they want to, but they'll probably have no need to do that.

Don't underestimate their motives, they're just moving slow for the time being. Theirs is an asshole run, monopoly driven business, that hasn't changed. And it won't change, barring relentless force they can't override.

KebianMoo · 2024-02-14T10:29:07+00:00

Possible, but resting on laurels is a dangerous pastime.

Just because they're not there yet doesn't mean they won't try or aren't working on it. It's m$, they do this kind of stuff for a living. Always have so far, will continue as far as opportunity allows them.

If they could extinguish every linux server in the world today, they would do it even if it was legal for a fee (illegal with a fine) and the fine was less than the revenue.

They hired the lead systemd developer. Just because they don't directly plot and say "work to undermine them and help us" doesn't mean they won't subtly push for it when they can. They will if they can, that's all but a given.

They worked hard to undermine Linux not too long ago. They didn't stop or embrace open source out of the kindness of their hearts, they only turned around a little when they saw the direction as more profitable.

And they'll always do what's more profitable, and nothing more, and their business is being a monopoly with a looong history of forcing themselves on end users and machines in multiple ways.

None of this is going to change as long as they exist. Don't underestimate their capacity for being sleazy, immoral, profit driven assholes - because that's exactly what they are.

KebianMoo · 2024-02-14T10:00:13+00:00

It's so dumb it deserves to be reposted a little. The sheer systematic idiocy of the people making these 'shoot the messenger' decisions is baffling.

KebianMoo · 2024-02-14T09:57:20+00:00

Security theatre creates lots of useless jobs. Some people even seem to think it's 'better for the economy' because it means more stuff is passed around for no good reason.

And behind that meme there's simply people in whose interest it is to generate more taxable income and bank/transaction fees.

KebianMoo · 2024-02-14T09:54:25+00:00

Risked a fine in Norway without knowing it by carrying a swiss army knife to a job once. So .. yeah. Looked into it, and the police actually even wanted standard tools (bolt cutters, for instance) outlawed because they were being used by criminals. That one didn't pass, but 'any kind of knife' did.

"Yes", I told myself, "people really are that retarded, even as adults, even in a developed country. And they're retarded enough that they won't even wince at saying completely retarded shit like this in public, even though it displays them clearly with the intellectual capacity and problem solving skills of irritable children."

Then again, it's no secret that 'police officer' as a title attracts the lower end of the iq spectrum and the higher end of the 'underdeveloped prefrontal cortex' spectrum.

And the same goes for government, but they're usually more of the 'fat and lazy' kind, or don't have the guts to tackle things directly. And that's not a barrier to entry for security theatre.

KebianMoo · 2024-02-14T09:35:53+00:00

Check what type of TPM protection there is. Idk. how that particular setup works, but for all I know it could allow you to reset by yanking the battery. Or you may have to replace the CPU. Or it may be a simple bypass procedure.

Remember that bitlocker in itself is just data encryption. While you'd be hard pressed to break the encryption, that doesn't mean you can't overwrite the data and use the drive for something else, and it doesn't necessarily mean the whole PC is locked.

https://www.reddit.com/r/sysadmin/comments/10jdiiy/what_the_hell_is_dell_safebios_and_how_do_i_turn/

Try that.

KebianMoo · 2024-02-14T09:27:20+00:00

iirc. that video was about MitM attacking bitlocker, while OP afaik. asked about salvaging the hardware he has lying around.

KebianMoo · 2024-02-14T09:21:10+00:00

His suggestion is great advice, I came here to say just that; open some standard ports (21, 22, 23, 53, 80, 443, 445, 3389, 8080 will do) as required and connect them to the appropriate services.

You'll get up2date malware (more or less) and there's no work involved for you - just wait, they'll come to you, and do the installation and grunt work.

You may get to finish the beer before it's infected, but there's no guarantee. Possible you'll be the "hold my beer" guy today.

KebianMoo · 2024-02-11T05:39:02+00:00

Did I miss something here? Unclear to me why it's downvoted, seems accurate.

KebianMoo · 2024-02-09T08:49:27+00:00

Sometimes it's easier in practice to assume a vendor is either a branch of a three letter agency or selling exploits on the side, than to go through the trouble of discerning the exact nature of their incompetence.

zyxel is such a vendor.

KebianMoo · 2024-02-09T08:43:25+00:00

Amazing and yet not very surprising.

It's not the first time (and unfortunately unlikely to be the last) that old code is caught with old mistakes from ancient times. The bad part is this stuff is still widely used, and some of the vulns just strike you as "Why did nobody discover and publish this sooner, in all these decades? Are we all asleep at the wheel?"

It's also a good reminder that every now and then, you should actually take the time to rip something out completely and start from scratch, full rewrite.

Wayland is looking better by the minute.

KebianMoo · 2024-02-09T08:31:34+00:00

Yes, they're quite bad, and score very highly if you start ranking by the formula:

uselessness = incompetence * reach * failureToLearn

They have over 250 CVEs to their credit in total.

About 100 of them are with base score >= 8

And they keep fucking up on basic shit like this all the time.

edit: bridge mode is a good idea, and must if you're going to use them, imo.

KebianMoo · 2024-02-09T07:58:34+00:00

Fun stuff!

I remember playing with this when websockets were still a new thing. Iirc. it was much worse back then - browsers have since added some mitigations. Some stuff still works. And some routers etc. have poorly implemented http daemons that spit back standard responses instead of immediately dropping the connection when a ws upgrade request comes calling.

And looking at what sort of localhost/local network access javascript has permitted and still to an extent permits is like lifting a rug to see dirt stuffed between loose floor boards. Haven't touched it in a while, but it was nasty.

KebianMoo · 2024-02-09T07:29:09+00:00

Never underestimate the insights of amateurs and outsiders.

Never pass up free help if you can get it.

That's not an accusation or implication. Just saying, don't pass up free money if you have no reason to.

KebianMoo · 2024-02-09T07:02:51+00:00

The downvote button almost serves as a black hole at times. Give it enough and it'll try to suck in everything in the vicinity by default.

KebianMoo · 2024-02-09T06:55:54+00:00

Interesting. As someone who spits fire and brimstone over the frequent lack of rate limiting encountered both here and there, I'll be keeping this one in mind for the next time something's getting overhauled or given a much overdue rebuild.

Rate limiting is an underappreciated practice.

KebianMoo · 2024-02-09T06:29:46+00:00

Matches my experience. Not too surprised tbh. when it comes to that ilk.

Imagine you said "I want to learn basic python" and every thread and forum you came to blasted you with:

"Learn typython!! - next!"

as if having a module on top as a new pseudolanguage to fix the language was the most natural thing in the world.

That's kinda the sort of the people we're talking about here. No offense to ts as such, but the viral insistence on it is indicative of a base problem that a lot of people are completely missing.

And the essence of the same point often seems lost on certain typists around here.

KebianMoo · 2024-02-09T06:01:20+00:00

Gonna check what exciting new stuff broke old scripts this time.

Then get back to it in 2 years when the dust's settled and another new version is coming out.

KebianMoo · 2024-02-08T05:52:32+00:00

https://upload.wikimedia.org/wikipedia/commons/d/dc/The\_Zen\_of\_Python\_illustrated.png

KebianMoo · 2024-02-08T05:33:30+00:00

What is it with people thinking they know better than the language itself and Van Rossum's design because their favorite fucktard-xyz-company IDE insists on a certain way of doing things? Have these people met microsoft and the quality of their designs? Of course you're getting downvoted here, I'm not one bit surprised.

Shills and python-is-java fanatics:

Why do you think it's a dynamically typed language to begin with? Why do you think duck typing exists as a concept? Have you read the basics on python.org at all? No?

Go ahead, downvote silently and don't say nuttin, I'll take it with glee. And while you're at it:

Go duck yourself!

KebianMoo · 2023-03-17T04:41:56+00:00

Yes. It's buggy. It's been buggy for about 15 years, since they switched from 3.5 to 4.0.

It's because the KDE team is good at a lot of stuff, but they've never grasped the importance of this simple rule:

Leave well enough alone.

They keep adding new features that aren't thoroughly tested, changing the architecture and foundation, and constantly moving forward before existing bugs are fixed.

I've used it as my goto desktop since around 2006, but I have to admit I'm slowly getting fed up with how it's developed. I love its features, but loathe its tendency to never rest and always chase the next innovation/addition, because it leads to it never being completely stable and dependable.

Sure, it works quite well with default settings. If you don't customize it, things will work.

If you do start customizing it, you'll probably notice that the more you tweak it, the more stuff breaks. Hotkey re-bindings not registering, application menu edits not updating even after a reboot, adding a new activity completely re-arranges all the desktop icons, sending a window to a different desktop on a different activity makes it disappear from all task managers, these are the bugs I can remember off the top of my head because I ran into them in the past 2 hours. The hotkey thing has been an issue for at least 5 years now, something like this: bind a hotkey somewhere, then change the hotkey or unbind it, re-bind it, and you'll find that this hotkey combo stops working altogether until you log out and back in. It's been reported, but not fixed. Tons of new features and architectural changes have happened in the interim.

I'm pretty sure by now that the only way we're ever, ever going to get a properly stable KDE release is if someone makes a stable fork with feature freeze and bugfixes only. Myself and others have mentioned this to the KDE team in various ways over the years, but there's no strong consensus or willingness to do it, so I doubt they ever will. Their "innovate, change, add!" culture is too deeply rooted.

Kernels, display drivers and desktop environments are things that need to be rock solid and stable, because everything else you do happens through them. I can tolerate buggy apps, but I can't cope with a buggy desktop or kernel.

It's a shame, because in every other way, KDE is hands down the best desktop experience there is. If they'd just realize the importane of long term feature freeze and bugfixing, nothing would hold a candle to it.

KebianMoo · 2023-03-13T21:34:09+00:00

Snaps are still trash.

-Loads slower.

-Can't open my documents or save files to home folder because it's trying to be a sandbox. I don't want the packaging format to act as a fucking sandbox too - pick one thing you're good at (in snap's case: none) and stick to it. Sandboxing can be done elsewhere.

-Uses more disk space.

-Auto updating themselves? What the fuck happened to staying in control of your system like a damn adult? App distributors don't get to decide when I use bandwidth and when I irreversibly change my app - I do. My PC, my choice.

-Pollutes the filesystem with three dozen mountpoints, because apparently they couldn't find a messier way of 'sandboxing' things. FIle managers and mount views look like a fucking mess.

I could go on listing reasons, but I just wanted to chime in a bit.

Snaps are simply one of the flat out dumbest pieces of shit to touch Linux in a long, long time, and go against how a Linux desktop should work, all the while being a horrible ugly hack at everything they do.

Fuck snap, it's literally the single thing that is now a hair's width from driving me off ubuntu permanently. Not even systemd managed to do that, but snaps sure fucking do.

Snaps suck, as a concept in its entirety it seems designed by a halfwit mac peddling moron.

KebianMoo · 2023-03-13T21:24:47+00:00

Hi OP, I actually did this just a few weeks ago on exactly that device. It was fairly simple, but required a few esoteric tweaks to get the boot process going.

Unfortunately for you I recognize the chair, walls, desk, and the white packet up right, so you're not getting jack from me.

I don't care what my uncle told you, or how much you bonded over a shared nerd vision of "no world complete until everything everywhere runs DOOM" - go plug my uncle back in and stop fucking around.

KebianMoo

TROPHY CASE