There is the legal concept of Mens Rea which has to do with the mental state of the person committing the act. And I think that applies in this case. Archeology has generally been about learning and providing knowledge of previous cultures. While the methods, mindset and actions of 18th and early 19th century treasure hunters left a lot to be desired, some of them did make some reasonable attempt at documenting their finds and preserving the context to provide that knowledge. Modern archeologists go to painstaking lengths to properly document finds and preserve as much knowledge as possible from finds. Grave robbers do none of this. Their motivations generally revolve around personal gain and they will destroy any context and knowledge in their attempt to make money.

Consider your own reading on the Valley of the Kings. Where did all of the information we have on the Pharaohs in those tombs come from? It’s from the work of the archeologists documenting everything found in those tombs. While there is certainly an argument for leaving things in the same state they were found in, that also means that the artifacts will continue to deteriorate and any further knowledge which might be gleaned from them will be lost. Sending artifacts to a museum isn’t all about putting them in cases for people to gawk at. It also means that actions are taken to preserve those artifacts and maintain them for observation and study in the future. Sometimes this does cause damage. Again, 18th and early 19th century preservation was often just as, if not more damaging than leaving those artifacts in-sutu. But again, the intention was to preserve, not enrich.

So, that’s how I would draw the line, based on the reason and methods used for the removal of grave goods. Is it done with the intention for the furtherance of knoweldge of previous cultures? Or, is it just done to enrich someone? And is the work being done using the current understanding and methods to best capture and preserve that knowledge for future generations?

While I would never support it, the main way to improve online discussion is by removing anonymity. Allow me to go back a couple decades and point to John Gabriel’s Greater Internet Fuckwad Theory. People with a reasonable expectation of anonymity turn into complete assholes. The common solution to this is by linking accounts to a real identity in some way, such that online actions have negative consequences to the person taking them. Google famously tried this by forcing people to use their real name on accounts. And it was a privacy nightmare. Ultimately though, it’s the only functional solution. If anti-social actions do not have negative social consequences, then there is no disincentive for people to not take those actions and people can just keep spinning up new accounts and taking those same anti-social actions. This can also be automated, resulting in the bot farms which troll and brigade online forums. On the privacy nightmare side of the coin, it means it’s much easier to target people for legitimate, though unpopular, opinions. There are some “in the middle” options, which can make the cost to creating accounts somewhat higher and slower; but, which don’t expose peoples’ real identities in quite the same way. But, every system has it’s pros and cons. And the linking of identities to accounts

Voting systems and the like will always be a kludge, which is easy to work around. Any attempt to predicate the voting on trusting users to “do the right thing” is doomed to fail. People suck, they will do what they want and ignore the rules when they feel they are justified in doing so. Or, some people will do it just to be dicks. At the same time, it also promotes herding and bubbles. If everyone in a community chooses to downvote puppies and upvote cats, eventually the puppy people will be drown out and forced to go off and found their own community which does the opposite. And those communities, both now stuck in a bias reinforcing echo chamber, will continue to drift further apart and possibly radicalize against each other. This isn’t even limited to online discussions. People often choose their meat-space friends based on similar beliefs, which leads to people living in bubbles which may not be representative to a wider world.

Despite the limitations of the kludge, I do think voting systems are the best we’re going to get. I’d agree with @grue that the Slashdot system had a lot of merit. Allowing the community to both vote on articles/comments and then later have those votes voted on by a random selection of users, seems like a reasonable way to try to enforce some of the “good faith” voting you’re looking for. Though, even that will likely get gamed and lead to herding. It’s also a lot more cumbersome and relies on the user community taking on a greater role in maintaining the community. But, as I have implied, I don’t think there is a “good” solution, only a lot of “less bad” ones.

Like many of the differences, I suspect that one came out of the attempts as English Spelling Reform, which took greater hold in the US. Ultimately, the process hasn’t succeeded, but it has excised some of inconsistencies from the English. Though, it has also led to some confusion, as in the tire/tyre case.

Ya, absolutely. My point was that, we shouldn’t assume that vendors are doing things right all the time. So, it’s important to have those layered defense, because vendors do stupid stuff like this.

This is a good example of why a zero trust network architecture is important. This attack would require the attacker to be able to SSH to the management interface of the device. Done right, that interface will be on a VLAN which has very limited access (e.g. specific IPs or a jumphost). While that isn’t an impossible hurdle for an attacker to overcome, it’s significantly harder than just popping any box on the network. People make mistakes all the time, and someone on your network is going to fall for a phishing attack or malicious redirect or any number of things. Having that extra layer, before they pop the firewall, gives defenders that much more time to notice, find and evict the attacker.

Also, Whiskey, Tango, Foxtrot Cisco?

This article brought to you by the manufacturers of the interceptor missiles.
If we were actually in a hot war or expecting one very soon, yes we would want to ramp production like the US did during WWII. Right now, the excessive costs of wartime production should not be considered. It’s always best to remember Eisenhower’s words:

Every gun that is made, every warship launched, every rocket fired signifies, in the final sense, a theft from those who hunger and are not fed, those who are cold and are not clothed. This world in arms is not spending money alone. It is spending the sweat of its laborers, the genius of its scientists, the hopes of its children. The cost of one modern heavy bomber is this: a modern brick school in more than 30 cities. It is two electric power plants, each serving a town of 60,000 population. It is two fine, fully equipped hospitals. It is some fifty miles of concrete pavement. We pay for a single fighter with a half-million bushels of wheat. We pay for a single destroyer with new homes that could have housed more than 8,000 people. . . . This is not a way of life at all, in any true sense. Under the cloud of threatening war, it is humanity hanging from a cross of iron.

Even worse that acquisition links back to the Embracer Group. Hopefully KC:D 2 makes it out the door before Embracer full fucks up Warhorse.

You have to get out away from cities. We get them in our yard every summer and our kids run about catching them.

Seen this one in my work environment. Confusing as heck the first time. It looks like explorer.exe in the context of the local user starts PowerShell.exe with a command line involving an Invoke-WebRequest piping the download into an Invoke-Expression (usually the shorter iex alias). No .lnk or .js file involved. Just explorer, PowerShell, infected.

WeChat’s software has security issues? Color me shocked. Shocked, I tell you.
Well, not that shocked.

Also:

WeChat’s custom encryption protocol

Don’t do that

I’ll throw Grand Cayman on the list. Specifically, I’d recommend visiting Stingray City. Just a really neat experience to feed/pet stingrays while wading around on a sandbar.

It’s a mobile game, with Tencent involved. Was there ever any question it was going to be a soulless cash-grab?

You claim to dislike it, yet you gave it greater reach by posting it on Lemmy. Good job! Or maybe your actual job, assuming you are being paid to shill for whatever rag this came from.

The Company believes the unauthorized actor exfiltrated certain encrypted internal ADT data associated with employee user accounts during the intrusion. Based on its investigation to date, the Company does not believe customers’ personal information has been exfiltrated, or that customers’ security systems have been compromised. ADT’s containment measures have resulted in some disruptions to the Company’s information systems, and the Company’s investigation is at an early stage and ongoing.

This reads a lot like a domain controller got popped. Considering that this is the second breach in a short time, and the previous one got access to customer data, I wouldn’t be surprised to find out that it’s either the same attacker or this breach was an access broker who sold credentials to the previous attacker.

That’s just my guess, and I doubt we will ever get a sufficiently detailed write-up to know. But, it seems like a likely way for the attacks to go down.

Aren’t they inherently less secure than a TOTP code?

They can be, depending on the types of threats you expect to face. If physical theft is an expected threat, then a hardware token runs the risk of being stolen and abused. For example, your attackers might just buy off cops to rob you and take your stuff. Having the physical device locked with a PIN/Passcode can mitigate this threat somewhat. But, that just becomes another password the attackers need to figure out.

On the other side of the coin, TOTP applications have started offering Cloud Backup options for accounts. What this demonstrates is that it’s possible to move those accounts between devices remotely. A hacked device means those codes may be exfiltrated to an attackers device and you will be none the wiser. Good security hygiene and device hardening can help mitigate these issues. But, it also means you need to a lot of trust in a lot of third parties. Also, you need to be unimportant enough for an attacker to not burn a 0-day on.

Ultimately, security is all about trade-offs. If you worry about physical security and don’t expect to face a threat which might compromise your phone, then a TOTP app might be a better option. If you are more worried about a hacked device being used to leak credentials, then a physical token may be a better choice. Each way you go has some ability to mitigate the risks. PIN for a physical token and device hardening for TOTP. But, neither is a silver bullet.

And, if your threat model includes someone willing and able to engage in rubber hose cryptanalysis, then you’re probably fucked anyway.

I’ve heard that in the US, the 5th amendment protects you from being forced to divulge a password, but they can physically place your finger on the finger print scanner.

Ya, it’s a weird space that you cannot be legally forced to divulge a password, except in cases where the content of the drive is a “foregone conclusion” (as defined by the US Supreme Court). But, they can absolutely collect biometric markers (including forcing a fingerprint scan).

I’m glad to see them trying and I really do want to see competition in the digital game storefront space. However, I have zero trust in EA to not try and fuck me as a customer at some point. So ya, no matter how good of a fee structure they offer devs, they will continue to lack the one thing devs actually care about: customers.

Also, as a Linux gamer, it’s really tough to consider a store front which doesn’t offer a Linux client. Sure, I might be able to get their app running in Wine. But, at that point, maybe I should just go support the company which is supporting me.

What Im observing though is more and more indies filling the void with smaller and cheaper games due to easy access to digital distribution. Not exactly a new take as its been hapening for over 15 years now. Interestingly, Epic seems to not take the same stance as Steam does in this space. Where steam gives pretty much any shovelware the same chances, Epic wants to be super picky about these low budget titles. Where is Epic’s Balatro?

This reminds me a lot of the days of the original PlayStation (PS). Nintendo was the large, dominant company. But, they were also really, really picky with the games they let on their platform (still are). Along comes Sony with a better physical format and a willingness to let just about anything on their system. And there were a lot of terrible titles on the PS; but, there were also some real gems from smaller devs and lots more choice for people to find what they wanted to play. That openness and plethora of options drew people to the system. Sure, Nintendo is still around and still a juggernaut, but they gave up a lot of market space to Sony.

Sweeney and many of the big studios seem dead set on trying to replicate lightning. They keep churning out Fortnight clones, live service games and lootbox infested grind fests. None of this is because they want to make a game for players, it’s all a bald-faced money grab. And it comes across so clearly in their games. Yes, big budget games cost a lot of money and I don’t begrudge studios trying to make money. I’m more than happy to throw money at devs who make a great game (I just pledged ~$250 at the Valheim Board Game project, based mostly on the fact that I fucking love Valheim). I’ve also bought into way too many Early Access games, because they looked like they had the bones of good games. But, the big budget games seem to get lost trying to pump every last dollar out of your wallet and just quickly become a turn off.

I remember one particular instance in Dragon Age, where an NPC had a “Quest Available” marker floating above his head. When you talked to him, you quickly discovered that you could buy his quest and the game was happy to kick you over to the EA store so that you could buy his quest right there. Fuck that noise. I’m not against DLC, but that sort of “in your face” advertising pisses me right off. Hell, I’m one of those weirdos who likes the Far Cry series. I put tons of hours into Far Cry 5 (seriously, the wing suit was just good fun). Far Cry 6 was ok and I did finish it, though the micro-transaction spam grated on me hard. After that experience, I’m not sure I want a Far Cry 7.

And I think that points to the elephant in the room. Big publishers, like EA are so focused on making profits, they have lost sight of making a good game. Give me a solid, complete experience. Give me good controls, enough story to hold the action together and just a general sense of fun. Once that is in place, then maybe throw hats for sale on top of that. But, when lootboxes and micro-transactions are core to the gameplay and the game is balanced to force you in the direction of buying that crap, fuck your game. If the core gameplay is designed to suck so much that I want to buy cheats to bypass that core gameplay, I’ll save myself a bunch of money and just skip the game entirely. There are way too many options available out there, which don’t suck, for me to waste my time and money shoveling your shit.

According to T-Mobile’s 2023 Annual Report they had $8.3 Billion in Net Income in 2023. A $31.5 Million dollar settlement isn’t even a rounding error. Unless and until these fines start actually cutting into profits, in a significant way, businesses aren’t going to care about cybersecurity.

We really need to take a page from the EU’s GDPR and start assessing these fines as a percentage of global annual revenue. Quit dicking around and make the fines high enough that companies make the secure choice, rather than the cheap choice, because the ROI for the cheap choice includes a high risk of “fuck you” level fines.

Necessity is the mother of invention. Laziness is the father.

I suspect every security baseline is going to include guidance for removing recall. There’s just no reason for this sort of malware on a system.