Unfortunately that doesn’t work.

This is getting fucking tiresome. Now we’re stopping humans who browse anonymously from reading content, what’s next, block all humans and only let LLM bots access your site?

What’s your point?

Or my favourite passive aggressive attempt by Admiral’s anti-ad-blocking “technology”:

“Continue without supporting”

This article doesn’t at all explain what actually happens. There’s a hand wavey description including PowerShell scripts and the clipboard, but it doesn’t indicate how the code gets executed.

The article talks about a complex and sophisticated attack, but I don’t see any evidence of that assertion.

Also, given that it’s talking about PowerShell, I’m going to guess that this affects Windows only.

Finally, there’s no source links, no CVE allocation, no indication what the URL looks like.

I’m going with deep scepticism about this report unless more information comes to hand.

With?

I run projects inside Docker on a VM away from important data. It allows me to test and restrict access to specific things of my choosing.

It works well for me.

Hands up if you have done this at least once in your life…

The SCSI solution requires making sure that you have the right terminator connector because of course there’s more than one standard … ask me how I know … I think the Wikipedia article on SCSI says it best:

As with everything SCSI, there are exceptions.

Source: https://en.m.wikipedia.org/wiki/SCSI_connector

Further down the article it talks about why it’s that colour.

What’s even more remarkable is that someone actually did that, in January 1998.

https://en.m.wikipedia.org/wiki/Bliss_(photograph)

Before you start consolidating, consider what might happen if the switch is in an unexpected state. For example, someone turned off the heater or pump and you were expecting it to be on.

In other words, you need to consider what a “safe state” is for each thing and how your code, when it fails, reverts to that state. This is an example of “failsafe”.

Note that I said “when it fails”. This is true for all software, even on mission critical systems.

Source: I write software for a living.

Removed by mod

These are job titles I’ve actually used:

• Brain for Hire
• Elephant header
• Janitor
• Troubleshooter

Over the past 25+ years I’ve worked for myself and whilst doing the exact same job, fixing complex ICT problems for my clients I’ve had to complete job title fields in countless corporate forms.

It’s fun to interact with colleagues who get the joke and hilarious when they don’t.

There’s a reason why there’s only privileged write access to /dev/sda.

If you run unknown software as root on any computer you get to experience first hand the impact of: “fuck around and find out”.

All fine and dandy … got any realistic alternatives?

I can absolutely guarantee that you are not the only person to have spent quality time getting to know the intimate backwaters of a codebase tracking down a bug that you introduced whilst tracking down a bug.

Source: I’ve been writing software for over 40 years.

From the article:

A Microsoft spokesperson confirmed the company has been aware of the issue since at least August 2023, but maintains that changing the behavior could break compatibility with existing applications.

• Changing your Microsoft or Azure password does not immediately revoke RDP access for old credentials.
• There are no clear alerts or warnings when old passwords are used for RDP logins.
• Microsoft’s security tools, including Defender and Azure, do not flag this behavior.

So … this article published today, 5 May 2025, says that the Microsoft policy will start on 5 May 2025.

Some questions:

1. When did Microsoft announce this and where?
2. Is this a reasonable rollout timeline that affects pretty much anyone on the planet who does email?
3. As a society we run most of our activities through Google and Microsoft. At what point does this get classified as a utility and get regulated.

Education.