Kittensgame
Kittensgame
Just FYI, you need very little skill to clone the WiFi access gateway of a hotel WiFi, and then blast their SSID from your router, to lure close guests into your honeypot. Once people are on your malicious gateway, the fun starts.
In a hotel with hundreds of hackers on alcohol, it’s not unlikely for people to fuck around.
There is also no requirement to be a “good guy” to attend the conference.
Explaining my job is trivial compared to the insanity I cook up in my spare time.
Oh, so you like gaming? No, I’m actually not playing the game. I’m building a mod for it. Erm, okay, so this is for other players then? No, I’m mostly building it for myself. Ah, so you haven’t put a lot of time into it yet? Roughly 12 years. What? So what does the mod do then? It plays the game for me, and publishes in-game metrics to a monitoring application, so that I can see the progress of the game in an abstract form while I’m on the couch, thinking about how to optimize the automation further.
Regular fun stuff.
Telegram is not just IM. Open the search and search for channels. Get creative, they have keyword filters. City name is always a good start. Check the channels with ❄️ and 🍄 emojis. This is where people are scammed for drugs. Maybe sometimes not scams.
A lot happens on Telegram, and it’s right behind that little search icon.
In boomer times, phone calls were expensive and were transferred over landlines. It had an impact on the quality of the conversation.
Today people call you with 1% battery while at the register of the supermarket and instantly launch into a monologue about how they know it’s not a good time to call, and they might even cut off any moment, and they know you’re usually busy at 10am on a work day, but they really need to know if they can call you “later” to discuss something really important. And before you can tell them anything, they cut off. At least it’s over!
10 minutes later they call you from their car and it takes them a couple of minutes to get the audio working so they can repeat everything they said earlier. It’s what you have to do if a call was cut off! Then they drive into a tunnel.
Dealing with this shit is a dark art fr
Their entire offering is such a joke. I’m forced to use Docker Desktop for work, as we’re on Windows. Every time that piece of shit gets updated, it’s more useless garbage. Endless security snake oil features. Their installer even messes with your WSL home directory. They literally fuck with your AWS and Azure credentials to make it more “convenient” for you to use their cloud integrations. When they implemented that, they just deleted my AWS profile from my home directory, because they felt it should instead be a symlink to my Windows home directory. These people are not to be trusted with elevated privileges on your system. They actively abuse the privilege.
The only reason they exist is that they are holding the majority of images hostage on their registry. Their customers are similarly being held hostage, because they started to use Docker on Windows desktops and are now locked in. Nobody gives a shit about any of their benefits. Free technology and hosting was their setup, now they let everyone bleed who got caught. Prices will rise until they find their sweet spot. Thanks for the tech. Now die already.
They use Windows
Not having to install dependencies is a benefit of containers and their images. That’s a pretty big thing to miss. Maybe give it a closer look.
Your choice of container runtime has zero impact on the rate-limits of Docker Hub. They probably had a container image proxy already and just switched because Docker is a security nightmare and needlessly heavy.
I gave podman compose a fresh try just the other day and was happy to see that it “just worked”.
I’m personally pissed about aardvark-dns, which provides DNS for podman. The version that is still in Debian Stable sets a TTL of 24h on A record responses. This caused my entire service network to be disrupted whenever a pod restarted. The default behavior for similar resolvers is to set a TTL of 0. It’s like people who maintain it take it as an opportunity to rewrite existing solutions in Rust and implement all the bugs they can. Sometimes feels like someone just thought it would be a fun summer break project to implement DNS or network security.
A single malfunctioning service that restarts in a loop can exhaust the limit near instantly. And now you can’t bring up any of your services, because you’re blocked.
I’ve been there plenty of times. If you have to rely on docker.io, you better pay up. Running your own NexusRM or Harbor to proxy it can drastically improve your situation though.
Docker is a pile of shit. Steer clear entirely of any of their offerings if possible.
Reddit is free. Other people paying for your free service is a very weak argument to bring up. If Lemmy dies today, nobody but hobbyists and amateurs will care. Just like with LE.
I’ve been there. Not every CA is equal. Those kind of CAs were shit. LE is convenient. There are more options though.
I actually agree. For the majority of sites and/or use cases, it probably is sufficient.
Explaining properly why LE is generally problematic, takes considerable depth of information, that I’m just not able to relay easily right now. But consider this:
LE is mostly a convenience. They save an operator $1 per month per certificate. For everyone with hosting costs beyond $1000, this is laughable savings. People who take TLS seriously often have more demands than “padlock in the browser UI”. If a free service decides they no longer want to use OCSP, that’s an annoying disruption that was entirely not worth the $1 https://www.abetterinternet.org/post/replacing-ocsp-with-crls/
LE has no SLA. You have no guarantee to be able to ever renew your certificate again. A risk not anyone should take.
Who is paying for LE? If you’re not paying, how can you rely on the service to exist tomorrow?
It’s not too long ago that people said “only some sites need HTTPS, HTTP is fine for most”. It never was, and people should not build anything relevant on “free” security today either.
People who have actually relevant use cases with the need for a reliable partner would never use LE. It’s a gimmick for hobbyists and people who suck at their job.
If you have never revoked a certificate, you don’t really know what you’re doing. If you have never run into rate-limiting issues with LE that block a rollout, you don’t know what you’re doing.
LE works until it doesn’t, and then it’s like every other free service on the internet: no guarantees If your setup relies on the goodwill of a single entity handing out shit for free, it’s not a robust setup. If you rely on that entity to keep an OCSP responder alive for free so all your consumers can verify the validity of your certificate, that’s not great. And people do this to save their company $1 a month for the real thing? Even running the shitty certbot in compute has a larger cost. People are so blindly in love with this “free” garbage. The fanboys will never die off
Just ask yourself, who is still posting on Facebook? Your friends? I hope not. The last time I hung out on that site, the groups seemed to be the only valuable section to participate in. But it’s ultimately just a circlejerk and you’re feeding content into a garbage platform stuffed with ads. Not a great way to spend time.
Marketing play to grab the money off of rich parents. There are still teachers, they are just proxied by “AI”. And there will also still be teachers monitoring. And there will still be teachers for certain topics.
So it’s teacherless, but with plenty of teachers.
the claims in some media that Telegram is some sort of anarchic paradise are absolutely untrue. We take down millions of harmful posts and channels every day,
Gotcha. Millions of harmful posts every day. That really does sound like a great place.
Should I really give up my empty metric of 70K followers and move my communication and journalistic research to another echo chamber and advertising platform run by another billionaire?
It really is a tough one.
Where are their numbers coming from? The central registry of carbon emissions for genAI data centers? They know shit. They’re probably shorting Nvidia and are crying over their losses. Fuck Morgan Stanley