In other news today...
-
@HardwareGeek said in In other news today...:
Common nails aren't particularly sharp, either.
About as sharp as the reporter?
-
@Zecc No, they're more than sharp enough to cut through melted butter.
-
-
@DogsB the longest year ever.
-
I remember a time when we just assmed they were lying about everything.
-
when his lips are moving
-
-
@hungrier said in In other news today...:
when his lips are moving
I'd have gone with the more advanced version —
when he has a pulse
— except I'm not sure how that applies to the Suckerberg.
-
@dkf Turns out this AI business is not so easy-peasy after all
-
@dkf said in In other news today...:
I'd have gone with the more advanced version — when he has a pulse — except I'm not sure how that applies to the Suckerberg.
I'm not sure why we're trying to unnecessarily narrow things town. Let's just go back to @DogsB's version with
true
.
-
I see more regional offices in our future.
-
@DogsB said in In other news today...:
I remember a time when we just assmed they were lying about everything.
I am pretty sure that such a rule would completely break capitalism.
-
I think we should start a pool on when all this data shows up in an unsecure s3 bucket.
-
-
Not quite as funny as those hikers joining their own search party, but up there:
It was somebody else who reported this hiker as missing. Better to heed this advice though:
“The subject ignored repeated phone calls from us because they didn’t recognize the number,” rescuers said on Facebook. “If you’re overdue according to your itinerary, and you start getting repeated calls from an unknown number, please answer the phone; it may be a SAR team trying to confirm you’re safe!”
-
@DogsB said in In other news today...:
I think we should start a pool on when all this data shows up in an unsecure s3 bucket.
Is it too late for me to get "yesterday"?
-
@DogsB said in In other news today...:
I think we should start a pool on when all this data shows up in an unsecure s3 bucket.
When the data shows up there or when the fact that it's there actually gets reported?
-
@antiquarian said in In other news today...:
@DogsB said in In other news today...:
I think we should start a pool on when all this data shows up in an unsecure s3 bucket.
When the data shows up there or when the fact that it's there actually gets reported?
A bit of a moot point now. I suspect @izzion has won both.
-
@DogsB said in In other news today...:
I think we should start a pool on when all this data shows up in an unsecure s3 bucket.
They've hosted the CIA's cloud for some time now. I believe they're also working with the NSA.
-
@boomzilla said in In other news today...:
@DogsB said in In other news today...:
I think we should start a pool on when all this data shows up in an unsecure s3 bucket.
They've hosted the CIA's cloud for some time now. I believe they're also working with the NSA.
Of course they do. Question is: do they know that?
-
@Kamil-Podlesak said in In other news today...:
@boomzilla said in In other news today...:
@DogsB said in In other news today...:
I think we should start a pool on when all this data shows up in an unsecure s3 bucket.
They've hosted the CIA's cloud for some time now. I believe they're also working with the NSA.
Of course they do. Question is: do they know that?
It is to LOL. But, more seriously, I'm sure they aren't failing to cash the checks.
-
@JBert said in In other news today...:
It was somebody else who reported this hiker as missing. Better to heed this advice though:
“The subject ignored repeated phone calls from us because they didn’t recognize the number,” rescuers said on Facebook. “If you’re overdue according to your itinerary, and you start getting repeated calls from an unknown number, please answer the phone; it may be a SAR team trying to confirm you’re safe!”
Maybe the search & rescue teams could somehow use 911 (or local equivalent) as the calling number. Though it would probably look quite scary to be called by 911. Though scaring you into answering is probably the point here.
( rather than because it's unlikely to be a good idea, if anything because it would only apply for calls going through the 911 system, i.e. not just e.g. the local volunteer team trying to reach you before actually calling in 911 and the big guns!)
-
@remi If friends or family reported the hiker missing, they probably did so by calling 911. Who else would they call? If I were in that position, I almost certainly wouldn't know the number of the local SAR team to call them directly. So I would call 911, expecting them to relay the info to the relevant responders, whether that be sheriff, forest rangers, an independent SAR team, or whatever.
911 does call people. If you call 911 and the responders need more information from you, the dispatcher will call you back — or try to; people don't always answer. I don't know if caller ID shows 911 for the outgoing call, though.
-
@remi said in In other news today...:
Though it would probably look quite scary to be called by 911. Though scaring you into answering is probably the point here.
If I got a call from 999 (the equivalent of 911 here) I'd assume it was a scam with a spoofed number and ignore it unless I'd called them first.
-
@HardwareGeek said in In other news today...:
@remi If friends or family reported the hiker missing, they probably did so by calling 911. Who else would they call? If I were in that position, I almost certainly wouldn't know the number of the local SAR team to call them directly. So I would call 911, expecting them to relay the info to the relevant responders, whether that be sheriff, forest rangers, an independent SAR team, or whatever.
911 does call people. If you call 911 and the responders need more information from you, the dispatcher will call you back — or try to; people don't always answer. I don't know if caller ID shows 911 for the outgoing call, though.
In the case of 112 in NL, they also advertise that they always know the real number of origin. Even if it's set to hidden. And if your line does not have a number on which it can accept incoming calls, you cannot call 112 on it at all. Not sure on spoofing origin numbers though.
-
@PleegWat said in In other news today...:
And if your line does not have a number on which it can accept incoming calls, you cannot call 112 on it at all.
I think that would be illegal in the US. Any phone (unless the battery is dead, it's in a Faraday cage, a zillion miles from any cell tower, etc.) can always call 911, regardless of payment status, cell tower is the wrong carrier, etc.
-
@HardwareGeek I've only actually heard of that requirement in the context of cheap VOIP accounts, and that many years ago. I doubt it ever applied to physical devices.
-
@PleegWat said in In other news today...:
@HardwareGeek I've only actually heard of that requirement in the context of cheap VOIP accounts, and that many years ago. I doubt it ever applied to physical devices.
Yeah, it's real.
-
PAX is a Chinese company which is one of the largest POS solution provider in Hong Kong, UK, EU and US. The company has been raid by FBI after received report from payment processors regarding unusual network packet originated from these terminals.
Their POS terminal is found to have trojan embedded which can be used to participate in DDOS attack and collect information. If you ever paid your meal with your credit card in one of these terminal, you had better keep a close look at your monthly statement because there's no way to know if your card information has been sold to some hacker community.
-
@HardwareGeek said in In other news today...:
Who else would they call?
Depends. Was there something strange in their neighborhood?
-
@Zecc I'm not sure Bill Murray would be much help in finding a lost hiker.
-
@DogsB said in In other news today...:
I hear about Amazon strikes so often I had to read the headline five times to realize it's used as a verb here.
-
@HardwareGeek said in In other news today...:
@remi If friends or family reported the hiker missing, they probably did so by calling 911. Who else would they call? If I were in that position, I almost certainly wouldn't know the number of the local SAR team to call them directly. So I would call 911, expecting them to relay the info to the relevant responders, whether that be sheriff, forest rangers, an independent SAR team, or whatever.
I guess it depends on how the alarm is raised. If I was indeed sitting at home and reporting a missing person, I'd call 911. But if I was e.g. walking back to a meeting point and not seeing someone I was expecting, I might go in person to the ranger's hut (or whatever other local presence there might be). Or, one time my brother broke his leg while skiing and some of us skied down to the nearest ski lift and told the attendant there, and I have no idea who they later called (probably no one through phone as this was before mobile phones were widespread and I've always seen ski lift attendants use radios, and also IIRC at the bottom of that lift there was a rescue station so they just went from there).
More to the point, once 911 has received a call, and transferred it (either the call or the relevant information) to whatever local service might handle the report, that local service would be the ones calling the missing person (or trying to). So we're back to the original issue that the call would not be from 911, even if the initial trigger was through 911.
911 does call people. If you call 911 and the responders need more information from you, the dispatcher will call you back — or try to; people don't always answer. I don't know if caller ID shows 911 for the outgoing call, though.
Yeah, but that's through "proper" 911, not other help services. Giving "anyone" access to the ability to use 911 as a calling number would likely cause more abuse than really help.
-
Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
-
@DogsB I'd like to consider anything running npm to be fully compromised.
-
@DogsB
in the Don't Upgrade thread: https://what.thedailywtf.com/post/1902948Can't be too bad to have an extra report of this security issue of course, but we've discussed it before.
-
@DogsB said in In other news today...:
That'd cause a lot of collateral damage. The ua-parser-js package is a dependency of karma, which is in turn a dependency of angular.
Fortunately karma references it with an exact version, so those who just use it through karma were not affected (this time).
-
@Bulb said in In other news today...:
Fortunately karma references it with an exact version, so those who just use it through karma were not affected (this time).
Yeah, I looked and we have a lower version than the one that was compromised.
-
@Bulb said in In other news today...:
That'd cause a lot of collateral damage
I mean, I don't want anybody to suffer or nothing, but...
-
@DogsB said in In other news today...:
Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
Our Data Protection Officer have sent email to all development team 2 days ago to demand all team leads to assess whether any of our products are using it, and push out emergency update if there are.
-
@cheong said in In other news today...:
push out emergency update if there are.
Do they also require that the emergency update fixes/removes the offending dependency, or can just push out a random emergency update?
-
@cvi said in In other news today...:
@cheong said in In other news today...:
push out emergency update if there are.
Do they also require that the emergency update fixes/removes the offending dependency, or can just push out a random emergency update?
Of course it's about the emergency update fixes. :)
Since our products are fully on cloud, we can just pushes message of when will the update be scheduled and then update them whenever we want after office hour.
Our feature branches need to be updated following the change, but fortunately most of them can be done neatly solely with auto-merge.
-
@cheong said in In other news today...:
Our Data Protection Officer
In relation to abovementioned incident I asked around who that should be in our company. I didn't find anybody.
-
@cheong said in In other news today...:
and push out emergency update if there are
The attack targets the developer machines. That does not seem to be the correct response.
The good version should be properly pinned in the
package.json
s, but they also need to check whether anybody did an update during the window of compromise and if yes, have that developer change all passwords and have their machine checked for miners and probably reinstalled.
-
Local reports said he pronounced the word ‘meow’ 55 times from the moment he entered the courtroom to the time he was removed.
Prosecutor Fernando Guzzo, rubbishing defence claims Pereg is mentally unfit to be tried, told the jury of six men in his opening address to the court on Tuesday: “I ask jury members not to let themselves be fooled and bark more loudly.”
-
@Bulb said in In other news today...:
@cheong said in In other news today...:
Our Data Protection Officer
In relation to abovementioned incident I asked around who that should be in our company. I didn't find anybody.
Congratulations on your new role.
-
@Zecc I wouldn't actually mind if I ended up being nominated for it (and given some power).
-
@Bulb No power. Just responsibility (and stomach ulcers and a minor heart condition).
-
@remi said in In other news today...:
But if I was e.g. walking back to a meeting point and not seeing someone I was expecting, I might go in person to the ranger's hut (or whatever other local presence there might be).
Maybe, but I probably wouldn't. I don't know where this particular hiker was lost, but in the western US, there might be one ranger station for a forest covering millions of acres (tens of thousands of square kilometers), and that station might be hours from your location. I might not even know where a ranger station is, since in many cases you can just look at a map, see there's a trail that crosses a road, drive there, park on the side of the road, and start hiking without needing any kind of permit or other contact with a Ranger. But I probably have a phone and can dial it instantly (assuming I have a signal in the middle of nowhere).
-
@HardwareGeek I thought my hypothetical scenario was clearly implying that I was close to such a ranger's station (in particular the part between parentheses). Clearly I underestimated the ability of local denizens to be annoying and/or ic for no good reason.
Anyway, it's irrelevant to my original point (have a phone call marked as originating from 911 when it isn't probably isn't a good idea), so whatever.