• 2 Posts
  • 308 Comments
Joined 8 months ago
cake
Cake day: October 30th, 2023

help-circle



  • That’s how it always starts though.

    People use any device or service they want. It’s a mix of crooks, tinkerers, journalists, etc.

    A company or government makes some moral panic and pushes some privacy or civil rights erosion in the name of “security”. The actual security benefit may or may not exist.

    Then other companies do the same to keep up.

    Then there’s only a handful of companies not doing the thing, so anyone who doesn’t want their privacy or civil rights eroded uses that, including crooks.

    Then politicians and the other companies point to the holdouts as “PROOF!” their changes were good, because look how many crooks use that stuff! (The number of crooks hasn’t changed, they’ve just been concentrated to a single location.) The moral panic deepens.

    The non-criminal population that cares about their privacy or civil rights speak out, but get accused of secretly being criminals, or some other crap that can be used to dismiss their concerns. “If you have nothing to hide, why are you so upset?” and all that.

    Now laws get passed to force all companies to do the same thing, to stop the criminals! But let’s not worry about anyone else. The tinkerers, journalists, privacy-advocates, etc. They don’t matter.

    The law gets passed, and now all toasters are legally required to record your breakfast conversations, for a silly example.








  • You didn’t have to deal with random re-balancing changing your gameplay, spying and tracking embedded in everything, hackers ruining the game or targeting you, invasive DRM (consoles), being forced to update your system for an hour before you can play, being forced to sign up for bullshit accounts in order to play the game you just bought, games that have required updates the day they come out, your games disappearing forever because the publisher changed their mind and removed it from the store, game content being removed to sell as DLC instead, being pressured to link social media accounts, bigger companies buying the game and forcing you to use their services to play it, companies monitoring and recording player interactions, companies going under making it impossible to play the game you already bought…

    Holy shit. I never realized how bad modern gaming has gotten.




  • I wish mine did that. I said one thing about Trump not having as much money as he claims, and my mom got all insulted. She said that maybe we shouldn’t talk about politics, etc, and I agreed to be nice. I don’t like to talk politics at all, even with like-minded people. But she’ll blame a company getting hacked and losing my personal info on democrats, and tell me that she can’t wait until all democrats die off.

    But now she just spouts of any shit that comes to her mind without a care, while I’m keeping to our dealt and shutting up. I doubt she even remembers our promise, because the moment it wasn’t convenient for her, she dropped it.




  • I handed in my notice a short while later and everyone was, to my surprise, surprised. I really didn’t understand why the shock…until I learned in due course that most people don’t follow through.

    When I was a young adult, I used to work as a lab tech in a plasma center. That involved taking liter bottles of plasma, checking the computer system, filling out paperwork, drawing fluid and taking blood vials to run in a centrifuge, and frequently having to redo paperwork because the barely-trained phlebotomists kept sending them to me covered in drops of blood. Of course, this not only took longer, but meant I had to sanitize the entire area, change PPE, and get shit from the rest of the team for not just taking their biohazard-contaminated paperwork regardless. The room held 50 to 100 donors at a time, and the lab team was just two people.

    My immediate boss would routinely just fucking disappear or taking random lunches, even during rushes, leaving me to handle everything on my own. She’d get pissy over small things, and spent time chatting with management in the offices, just hanging out, while I did all the work.

    One day, she did something like this and left. I muttered to myself that I was going to quit. I finished the sample I was working on and went into the -40 degree biohazard freezer to store the sample.

    Cut to a minute later, I came out of the freezer to see someone from management in the lab, saying “I heard you’re quitting?”

    …what?

    She said “Fine then. Go ahead and go.” (or something like that.)

    I was stunned, but realized that my shitty manager must have heard me on her way out, and fucking told on me. I hadn’t planned on following through, and was mostly just upset at being used, but now?

    “Fuck it.” I thought. “I said I’ll do it, so I’ll do it.”

    I’m not a good speaker, but I basically stumbled over some short apology like that I would have finished the work day first, but would leave now if she wanted to. Her reply was to get all exasperated, as if she hadn’t expected me to do anything but crumple at being confronted, and she told me “Well, have a nice life then!” as I walked out the door. Never saw her or my shitty manager again. Years later, I did hear my shitty manager had gotten fired or something, for being shit at hear job.

    I think I made the right choice.

    (Edited for typos, so many typos…)


  • So, I got malware that seemed to create an hidden proxy or VPN or something when I was online, without me having to install anything. I was on Fedora using Firefox in private mode with Ublock Origin and some script blocker. Ghostery, or Privacy Badger, or something. Fedora has it’s firewall enabled and blocking inbound connections, and SELinux was running. It would occasionally report small things like VLC or Clam AV wanting access to something.

    It took me a little bit to realize something was wrong.

    I realized it after Google started demanding repeated captcha attempts for everything, I started seeing unsuccessful attempts to sign into my Microsoft account from around the world, and some websites started blocking my IP for abuse. A few times, the blocking page (usually Cloudflare) showed that my public IP was over 240.0.0.0, in the unassigned block. My modem logs showed my machine making outbound connections to these random or impossible IPs at times that roughly lined up with my connection issues.

    But if I simply hit refresh on those pages when they blocked me, the websites suddenly returned my correct residential IP address and started working again. I was slow to catch on. Hell, I hadn’t even used my Microsoft account for years, and I assumed Fedora with SELinux would alert me if anything strange was going on. It didn’t. My machine started acting weird, but I couldn’t place my finger on exactly how. I tried tools like Clam AV, or any number of intrusion detection solutions to assuage my growing paranoia. Problem is that they require some knowledge and you have to set them up before things go wrong.

    Besides a terminal tool to unhide running processes, which inconsistently returned zero to dozens of unknown short-lived programs with increasingly high PIDs, nothing was detected. I later ran that unhide tool on a live USB of Fedora, and it did the same thing, so I assumed it was a false positive.

    Ultimately, it was my fault, I know. I just went on a shady website to watch a TV show. Stupid, but not uncommon. My android phone also started acting strangely around the same time. I assume because I visited the same site to finish some season in bed using Firefox mobile. It’s been replaced entirely now.

    But the point is that SELinux didn’t stop anything, I didn’t have to explicitly download or install anything to my machine, and it was some kind of drive-by infection that somehow added my machine to a kind of botnet, I think. Hard to tell just from the various logs I gathered from my machine and modem.

    I don’t know what it was doing, but when I finally put all the pieces together, I completely wiped the drive in that machine, including a long dd operation on the drives with /dev/random. Still not sure what I’m going to do with it.

    I’m also not sure if the infection was limited to Firefox itself, or if my entire machine was compromised. I may never know for sure.

    While I was being stupid, I wasn’t being completely reckless and just running untrusted code from strange places. I watched TV in Firefox’s embedded video player. All it took was going to a website that I found by other people recommending it on social media. I should have known better, but I’m human.

    If I can’t even visit a webpage without getting invisible botnet malware that escapes professionally configured tools like SELinux on Fedora, then how are complete newbies, or kids, or grandparents, or “know just enough to be dangerous nerds” (like me) supposed to be safe?

    I agree that the user is the single biggest point of failure in security, and should be mindful. But when you’re not installing random Github packages, or turning off your firewall, or enabling SSH, and your machine can still get so easily pwned, what then?

    That’s the value of anti-virus software. Yeah, it’s not perfect, but neither is your list of rules to follow. There is no single perfect approach, and people are lazy, impulsive, and sometimes drunkenly want to watch Breaking Bad. I don’t know what the solution is, but outright denying everyday antivirus seems… unwise, I guess?

    Even if if takes a month for the vendor to be able to detect it, that’s still protection for anyone who comes after. It doesn’t have to be perfect to make a positive difference.

    And, no: For anyone curious, I’m not going into more detail about the website.



  • If a company does something bad, you can sue to fix it.

    Suing sets legal precedent and forces all companies to abide by the ruling, more or less.

    But now if a company tricks you out of your right to sue by putting arbitration clauses in everything, then you can’t sue. You can only have a (hopefully) impartial third part tell the company to stop doing something specifically to you. The company is still free to keep doing the thing to everyone else, and their arbitration doesn’t affect any other companies also doing bad things.

    There are other issues too.