A fool and his not-really-money are soon parted
-
@lorne-kates Or maybe they're triggered by you saying
who were
e
ffectedwhen it should be
a
ffected? That might just be me (but I didn't downvote).
-
@lorne-kates said in A fool and his not-really-money are soon parted:
By the downvote, I assume one of you is an idiot who watches TV shows in a browser on a website over a laggy connection.
For that matter, I don't understand people who watch Netflix using a computer. Yuck.
-
@boomzilla said in A fool and his not-really-money are soon parted:
I don't understand people who watch Netflix using a computer.
What if it's plugged into a TV ?
-
@timebandit That's ok.
-
@boomzilla said in A fool and his not-really-money are soon parted:
@lorne-kates said in A fool and his not-really-money are soon parted:
By the downvote, I assume one of you is an idiot who watches TV shows in a browser on a website over a laggy connection.
For that matter, I don't understand people who watch Netflix using a computer. Yuck.
Where's the issue? The phone doesn't give me 4K and an external screen isn't portable.
-
@pie_flavor said in A fool and his not-really-money are soon parted:
The phone doesn't give me 4K and an external screen isn't portable.
Where's the issue? My couch isn't portable either.
-
@boomzilla said in A fool and his not-really-money are soon parted:
For that matter, I don't understand people who watch Netflix using a computer. Yuck.
Yeah, computers are a useless bother, its more convenient to stick an antenna in one's ear and enjoy the signal directly.
-
@adynathos said in A fool and his not-really-money are soon parted:
@boomzilla said in A fool and his not-really-money are soon parted:
For that matter, I don't understand people who watch Netflix using a computer. Yuck.
Yeah, computers are a useless bother, its more convenient to stick an antenna in one's ear and enjoy the signal directly.
Wireless internet? Eww.
-
@boomzilla said in A fool and his not-really-money are soon parted:
Wireless internet? Eww.
Pictured: Boomzilla enjoying Internet whilst outdoors, protecting his lawn.
-
@boomzilla said in A fool and his not-really-money are soon parted:
For that matter, I don't understand people who watch Netflix using a computer. Silverlight. Yuck.
FTFY.
-
-
-
@blakeyrat said in A fool and his not-really-money are soon parted:
Seriously, BEPIS?!
Poe or Noe is
-
@anotherusername said in A fool and his not-really-money are soon parted:
@boomzilla said in A fool and his not-really-money are soon parted:
For that matter, I don't understand people who watch Netflix using a computer. Silverlight. Yuck.
FTFY.
They've switched to HTML5, by the way.
-
@topspin said in A fool and his not-really-money are soon parted:
Seriously, BEPIS?!
It's a fake article, try Googling for it.
-
@blakeyrat said in A fool and his not-really-money are soon parted:
@topspin said in A fool and his not-really-money are soon parted:
Seriously, BEPIS?!
It's a fake article, try Googling for it.
I only know about it because some fucking braindead idiot moron retweeted it on Twitter.
-
-
-
@pie_flavor said in A fool and his not-really-money are soon parted:
It's astounding. The only thing missing is a pyramid in their logo.
-
If you want to load a crypto miner on 1,000+ websites you don't attack 1,000+ websites, you attack the 1 website that they all load content from. In this case it turned out that Text Help, an assistive technology provider, had been compromised and one of their hosted script files changed.
https://scotthelme.co.uk/protect-site-from-cyrptojacking-csp-sri/
Post also includes guidance to protect your site from such attacks, at least until you need to include a highly dynamic script.
Noteworthy because this hack targeted an assistive technology provider, whose scripts are mostly used on government sites (list of affected websites).
Bonus: smug NoScript users reading this story.
-
Which has more economic value? Heating homes? Or a Ponzi scheme?
Well, we're boned.
-
The funniest part about all these hacks and the $Millions stolen:
Eventually, there will be so much stolen currency, and so much lost faith in the currencies, that the entire Cryptoeconomy will crash. Every *Coin will be worth nothing.
- All that work that went into stealing them; for nothing. They're worthless. They just have a bunch of bits that no one will give real money, goods or services for.
- All the development & hosting manpower people put into creating those exchanges; for nothing. There's no value to exchange. They now have a website that does nothing, exchanges nothing, and might as well be a GeoCities Webring for all it's worth.
- All the time and effort and hardware people put into mining them; for nothing. They wasted hundreds of millions of dollars and hours to end up with absolutely nothing. They might as well have thrown their real money into a hole, then gone and sat in a different hole for several months.
- All that energy used to mine cryptocurrencies; for nothing. They just wasted untold amounts of electricity (and the fossil fuels / coal that created that electricity) for absolutely no reason, use or benefit to anyone...
...
wait that last one isn't funny it's really sad.
-
@lorne-kates At least some people got some drugs
-
@lorne-kates Truly, javascript is the greatest programming language, and npm is the paragon of all good software.
-
@lorne-kates said in A fool and his not-really-money are soon parted:
GeoCities Webring
Now there's something I hadn't heard of in many a year. And I could well have gone a good many more. Thanks for the (shudder) memories.
-
@lorne-kates Hopefully that happens sooner rather than later so I can afford a decent graphics card again.
-
@magus said in A fool and his not-really-money are soon parted:
@lorne-kates Truly, javascript is the greatest programming language, and npm is the paragon of all good software.
Speaking of Javascript and CryptoCurrencies:
In the past 24 hours, Security researcher Scott Helme discovered that a third party accessibility plugin called ‘Browsealoud’ had their servers compromised. The plugin relies on a website including Javascript in their content in order to work. This compromise resulted in over 4,000 websites serving up cryptomining malware.
The malware uses site visitor CPUs to mine for Monero cryptocurrency. The sites that use Browsealoud included the UK Information Commissioner’s office, UK National Health Service websites, an Australian provincial government website and many more.
Texthelp is the company that makes the Browsealoud plugin. They are reporting that their product was infected for four hours, affecting sites that use the Browsealoud plugin before it was take offline. The product remains offline while they investigate.
-
Crytocurrencies are good because they are SECURE and VERIFIED and TRACEABLE!
wait...
´https://www.reddit.com/r/CryptoCurrency/comments/7wonkf/comment/du215tr´
Rundown:
- Some dude has spent months selling this shitocurrency under market value
- because he's laundering stolen currency
- and even though "the blockchain let's you trace transactions", no one bothered to or was able to trace down his laundering path till now
- he stole all this currency because... and you'll love this... checks to prevent duplicate withdrawals or withdrawing more than your balance, were coded in JavaScript, and ONLY ran client-side. No server-side checks.
- there also was another "bug" (the developer's description), presumably also related to client-side checking, that let you withdraw funds FROM ANOTHER USER'S ACCOUNT! It would cause that user's account to go into negatives, and the only way to fix it was for the developer to MANUALLY CHANGE THE BALANCE DIRECTLY IN THE DATABASE!
I've only skimmed the top posts in that reddit thread, but goddamn if this isn't an avalanche of dangerously incompetent stupid.
-
@lorne-kates said in A fool and his not-really-money are soon parted:
checks to prevent duplicate withdrawals or withdrawing more than your balance, were coded in JavaScript, and ONLY ran client-side. No server-side checks.
There are not enough emoji in the entire interwebz for this fail. The "developer" of this program should have every body part that could possibly be used for any sort of interaction with a computer removed with a dirty, rusty, dull knife.
-
@lorne-kates said in A fool and his not-really-money are soon parted:
MANUALLY CHANGE THE BALANCE DIRECTLY IN THE DATABASE!
But... but... Blockchain isn't equatable to a centralized database, I was told! That was the whole point, I was told! You couldn't arbitrarily change information, I was told!
-
@tsaukpaetra said in A fool and his not-really-money are soon parted:
@lorne-kates said in A fool and his not-really-money are soon parted:
MANUALLY CHANGE THE BALANCE DIRECTLY IN THE DATABASE!
But... but... Blockchain isn't equatable to a centralized database, I was told! That was the whole point, I was told! You couldn't arbitrarily change information, I was told!
It's not a combination between a pyramid scam and a Ponzi scheme, I was told!
-
@tsaukpaetra said in A fool and his not-really-money are soon parted:
@lorne-kates said in A fool and his not-really-money are soon parted:
MANUALLY CHANGE THE BALANCE DIRECTLY IN THE DATABASE!
But... but... Blockchain isn't equatable to a centralized database, I was told! That was the whole point, I was told! You couldn't arbitrarily change information, I was told!
Kidding aside, this was about "Nano" tokens aka XRB (don't ask why they felt they needed a rebrand) traded on an exchange called BitGrail. The coins weren't stolen from a cryptocoin wallet by disturbing the network, instead it was stolen by cooking the books of the exchange and then moving out coins from the exchange deposits to private wallets.
-
@benjamin-hall said in A fool and his not-really-money are soon parted:
@lorne-kates Or maybe they're triggered by you saying
who were
e
ffectedwhen it should be
a
ffected? That might just be me (but I didn't downvote).(but I actually agree with you)
-
A month ago there was a post on Reddit about this company pointing out that there were a lot of red flags.
And now . . . .
-
-
@medinoc Forum feature request: text replace both "affect" and "effect" with "<a, e>ffect".
Could also be used for your/you're and there/their/they're.
-
@coderpatsy æffect
-
If you needed another reason to tell Salon to fuck off
-
like most media sites, ad blockers cut deeply into our revenue and create a more one-sided relationship between reader and publisher.
Crazy suggestion here, but what if you stopped making ads so egregious that users need to block them? Heck, why not go the full mile and get certified by Acceptable Ads, and get unblocked from most adblock users by default?
-
@timebandit said in A fool and his not-really-money are soon parted:
@tsaukpaetra at least, they ask for permission.
If only all the other ones did the sameIf I were just slightly less honest I would invent a business use case for our clients to install high end graphics cards in their servers and have them all mine for me.
-
@boomzilla said in A fool and his not-really-money are soon parted:
For that matter, I don't understand people who watch Netflix using a computer. Yuck.
What if said person is in their office and watching Netflix instead of working?
-
@lorne-kates said in A fool and his not-really-money are soon parted:
checks to prevent duplicate withdrawals or withdrawing more than your balance, were coded in JavaScript, and ONLY ran client-side. No server-side checks.
Remember in the 90's when you could "hack" some sites by just dicking around with the URL and put "admin" or "authenticated" and such in the URL in a specific spot and gain access?
This is basically that. Everything old is new again. Those who do not learn history are condemned to repeat it.
-
@hungrier said in A fool and his not-really-money are soon parted:
If you needed another reason to tell Salon to fuck off
The rise in this sort of thing almost makes me want to figure out how Javascript crypto miner scripts work well enough to write a userscript that can either detect them using heuristics and block them, or just simply break Javascript in such a way that they won't work.
-
@pie_flavor
Because that would involve paying the Danegeld to AdBlock.
-
@anotherusername You're not the only one with that idea. I think the most well-known extension (or at least the one I saw in some comment thread) is NoCoin.
e: That said, I haven't installed it yet
-
@hungrier Evil idea: a plugin that claims to block drive by mining but actually mines for itself
-
@pie_flavor said in A fool and his not-really-money are soon parted:
like most media sites, ad blockers cut deeply into our revenue and create a more one-sided relationship between reader and publisher.
Crazy suggestion here, but what if you stopped making ads so egregious that users need to block them?
For some reason, nobody ever seems to consider that option. That's why I block everything.
Heck, why not go the full mile and get certified by Acceptable Ads, and get unblocked from most adblock users by default?
Does being "certified" by Acceptable Ads mean that they don't display any ads coming from third party servers that they don't control? If the answer to that question is "no" then Acceptable Ads is fraudulent because compromised ad servers are one of the methods for malware distribution. That's why I block everything.
-
LoopX Startup Pulls ICO Exit Scam and Disappears with $4.5 Million
There is a lot of news about ICOs taking many million $. I wonder which variant is true:
-
A lot of people collectively took a million $ and bought BTC with it, then transferred the BTC to the ICO owner.
I find this unlikely, because that is equivalent to doing a kickstarter, and those rarely gain millions of $. It would need to attract lots of attention to get this kind of money. -
Some people had many BTC for a long time (mined or bought when they were cheap). Now that BTC exchange rate is high, the BTC is "worth" millions of $. Those people give the BTC to the ICO. The millions of $ were never involved in the process.
-
-
@el_heffe said in A fool and his not-really-money are soon parted:
@pie_flavor said in A fool and his not-really-money are soon parted:
like most media sites, ad blockers cut deeply into our revenue and create a more one-sided relationship between reader and publisher.
Crazy suggestion here, but what if you stopped making ads so egregious that users need to block them?
For some reason, nobody ever seems to consider that option. That's why I block everything.
Heck, why not go the full mile and get certified by Acceptable Ads, and get unblocked from most adblock users by default?
Does being "certified" by Acceptable Ads mean that they don't display any ads coming from third party servers that they don't control? If the answer to that question is "no" then Acceptable Ads is fraudulent because compromised ad servers are one of the methods for malware distribution. That's why I block everything.
The answer is 'yes if they come from approved third party servers'. Otherwise they have to be first-party.
After further looking into it, I think Better Ads is a much larger coalition and has a better potential for bigger change. Still, though.
-
A client was hit by ransomware this morning. The ransomware also had a BitCoin miner payload in it. So not only did it start encrypting all of their files, it also started mining BitCoin for the miscreant who sent this bit of code out in to the world.