Good news everybody, companies can now place adverts in your Start Menu that lead to executable code. https://www.theverge.com/2024/4/24/24138949/microsoft-windows-11-start-menu-ads-recommendations-setting-disable
This profile might be incomplete.
Open on cyberplace.social Kevin Beaumont
Wall 21 posts
Kevin Beaumont
Good news everybody, companies can now place adverts in your Start Menu that lead to executable code. https://www.theverge.com/2024/4/24/24138949/microsoft-windows-11-start-menu-ads-recommendations-setting-disable
Show previous comments
Binary Large Octopus
@GossiTheDog @wdormann Several linux distros have already investigated how they're impacted by this (thanks @mgorny and @VoidLinux). Any takes on this from @almalinux and @alpinelinux?
alys
@GossiTheDog Debian Sid's and testing's liblzma has the backdoor, although it looks like it was reverted already. I don't think any official releases of Debian or Ubuntu had the compromised packaging. https://metadata.ftp-master.debian.org/changelogs//main/x/xz-utils/xz-utils_5.6.1+really5.4.5-1_changelog
Kevin Beaumont
Tabletop scenario: you lay off lots of IT staff to pivot to AI and automation with a goal to cost cut, and then your remaining IT staff, who don’t understand what they are doing due to lack of institutional knowledge, deploy an automation that breaks a critical business process and plunges the business into chaos.
Show previous comments
fiercest lasagna on the seven seas!
@GossiTheDog @hacks4pancakes the "onion is no longer satire it's prediction" but for "tabletops I don't want to be real but are going to become real"
PointlessSpike
@GossiTheDog Taking shortcuts and conning people is capitalism 101. With technology that doesn't really work, or doors start falling off airplanes mid-flight. This is what happens when all you have is a degree in business with no knowledge of what your business actually does.
Show previous comments
Kevin Karhan
@GossiTheDog Also adding "Taiwanese" as Language or "Taiwan" as favorite cuisine / tourism destination may also work... ^^
Kevin Beaumont
Queer.af mastodon instance has been shut down by the Taliban (not a joke, they seized the domain name).
Show previous comments
propapanda :verified:
Welcome to Taliban IT services. If you're part of a minority, press 1. Otherwise press 0. A customer representative will be available shortly.
Matthew Skelton
@GossiTheDog "who owns or controls the registry for the TLD" seems a fairly important consideration for domain names, tbf
Jeena
@GossiTheDog i mean it's a cool tld but come on, once the Taliban took over the country the writing was on the wall.
Kevin Beaumont
2025 spoiler: middle managers at large corporations sucking up the water supply of Finland to use Copilot AI to generate PowerPoint pressos about their fake green initiatives.
Show previous comments
midka
@GossiTheDog we ain't got that much water :blob_smile_sweat: It's super odd that I never see in the news how much natural resources and electricity all AI stuff actually use. Most people I've talked to have no idea.
patrislav
@GossiTheDog and the UN climate conference will be hosted by an oil corporation ...oh wait that was already 2023
Show previous comments
GrumpSec Spottycat
@GossiTheDog I assume they did the ACME bit from somewhere else or the MITM box and then just MITMed the rest of the ACME flow that should’ve gone to the actual VM?
Kevin Beaumont
Back in the 90s, when I was 11, I had a conversation on Usenet with this dude called Todd Howard, who said he wanted to make a space RPG. I am 41. Today, it arrived.
Show previous comments
Tony Hoyle
@GossiTheDog I don't think there has been a game this hyped ever. Even cyberpunk seemed less (and that literally had fanboys saying 'this will change gaming forever' until it was released and they actually saw it..).
Kevin Beaumont
Random bit of Microsoft telemetry dropped in this WSJ piece, good to know they’re tracking key presses.
Show previous comments
Josh Carlson
@GossiTheDog What is the benefit of knowing when people are typing a lot?
Chase :unverified: :verified: :loading:
@GossiTheDog i wonder how they are using this data internally other than for marketing.
Kevin Beaumont
Mastodon has hit 2 million active users today. 🎉
Hayley Question-Mark
@GossiTheDog Up 72% seems a lot...
Kevin Beaumont
I’ve found a way of tracking the number of Threads users. It is explosive. https://www.threads.net/t/CuWxvwXNZzV
Kevin Beaumont
#Mastoadmin, there’s a pretty serious security vulnerability due to be announced this week. Make sure you apply patches when released on Thursday. If you’ve never patched, get the process down beforehand.
Kevin Beaumont
Mastodon has a few structural weakness when it comes to security vulnerabilities: - if you can get RCE, you can suspend every federated instance. That forces remote unfollow of all users. Restoring your server from backup doesn’t fix that. - there’s no auto update feature and/or one click upgrade for admins - admins have bolted on patches galore - eg search patches, UI changes etc - which makes upgrading more complex
Kevin Beaumont
Can’t wait for Twitter to get fixed on Monday and for all the journalists to return to write how Mastodon is doomed.
Show previous comments
Helgi Crookehorne
@GossiTheDog I can't see anything fixed, still 'try again' stuff, and besides that a bunch of Blue got flagged as bots by a bot, and they can't contact support and they whine in API development forum
Kevin Beaumont
Microsoft, one of the world’s most profitable companies - a story in two parts.
Show previous comments
remote procedure chris
@GossiTheDog "it's the engineer making $250k, that's where all our money's going" -a guy who's making $55m
jfml ✨ Jonas Laugs
@GossiTheDog Just like in every other company including the German publich railway!
Kevin Beaumont
lol, Parler has shut down. Calls itself "uncancelable" while being cancelled. https://parler.com/
Show previous comments
John Francis
@GossiTheDog it sounds like...they were better at selling time on their cloud resources to other people instead of running their own product on it?
Third spruce tree on the left
@GossiTheDog Is it just me or can I not find ANYTHING about starboard.co formerly olympicmedia.com or their respective business entities? Like they have a few business index entries (Olympic does) but they're listed as a few dozen employees, a few hundred $k to a few million in revenue. Doesn't seem like a "huge conglomerate" to me. Seems more like someone bought a legit but unknown, lowkey existing corporation to fold a social media company *into*.
Kevin Beaumont
Did you know Tesla has cameras both on the outside of vehicles and the inside, and everything is uploaded to Tesla? Anyhoo they’ve been exporting the videos, making memes of customers and then posting them on chat rooms. https://www.reuters.com/technology/tesla-workers-shared-sensitive-images-recorded-by-customer-cars-2023-04-06/
Show previous comments
CB Uí Foghlú
@GossiTheDog have you seen this @Tupp_ed ? Surely it's a GDPR breach if they're doing it within the EU?
Kevin Beaumont
Meta critiquing remote working while trying to sell $1300 VR headsets to have remote meetings, with a stupid strategy directly from their CEO which basically lit all their profits on fire is... chefs kiss
Show previous comments
Spike :donor:
@GossiTheDog Zuck is just doing his best at emulating his business mentor, Jean-Baptiste Emanuel Zorg
Kevin Beaumont
lol, a way to bypass the Microsoft account requirement in Windows 11 - type username no@thankyou.com, any password, and it bumps you to local account creation.
Show previous comments
sbug
@GossiTheDog I click “sign-in options”, then connect to a local Active Directory.
🇩🇪 くら Woomy (:smug_kura:)
@GossiTheDog@cyberplace.social Good! Now I can finally install Linux without a..... Waaaaaait.... You tricked me!
Kevin Beaumont
The world has become consumed by the idea that growth at all cost is good. It’s normalised now. Businesses should simultaneously make record profits and lay people off to make more profits, human populations should grow grow grow, growth mindset, deregulate for growth, consume all resources for growth. It’s all about this quarters results. Another way of looking at is uncontrolled growth is cancerous. It consumes the host, until the host dies.
Show previous comments
LibertyForward1
@GossiTheDog Excellent analogy. Perhaps we should start replacing "capitalism" in our vocabulary with "cancerism".
Patrick Stewart
@GossiTheDog Do you remember Agent Smith's monologue in the firist Matrix about humans being a virus? He said we just consume and then move on to consume again. I remember seeing that for the first time and being like...MINDBLOWN.
Andreas Keller
@GossiTheDog Attitudes, theories and know-how leading to faster growth become dominant in the course of history. Groups growing fastest will destroy or assimilate others. Their attitudes then become the basis for the next round. The growth ideology is part of this. It is a self-amplifying process. When this ideology started, world economy was smaller by about factor 600. Initially, the limits of resources could be ignored. It seemed to work. Now, we are hitting the limits.
Kevin Beaumont
Boring Mastodon security thing - make sure you enable MFA, that all your instance administrators and mods have MFA and that they’re on the latest version (4.0.2). Why? If you or an admin/mod deletes your account, it’s instant and gone. Even if the entire instance was restored from backup (unlikely 🤣) your account would still be hosed as every other instance would flag it deleted. For transparency #cyberplace admin is MFA’d with hardware token.
Kevin Beaumont
There's definitely some fun Mastodon security issues which will appear at some point, e.g. if anybody gets admin at an instance you can bulk select every user and delete them - even if you restore the instance from backup, every other instance has wiped them = no followers etc. The first admin account on every instance has no MFA by default. |
@GossiTheDog *sigh* So now I need to put Linux on the one computer I had set up for casual use. More work for me, yay 😞
@GossiTheDog The absurdity of this manufactured society never stop to amusing me. Thankfully we have great minds and open source.
@GossiTheDog Oh no!