How so? I think he's got a point. VC Pumps things with cash, forces them to work well on the surface, and eventually it becomes a thing that isn't so great. Uber pays shit to the drivers and takes a large chunk for themselves. Airbnb is contributing to the housing crisis. What's the problem going to be with AI products 10 or 15 years from now? I think that's a valid question if you look at the history of these types of ventures.
Had no idea Google had a VPN. I don’t know why anyone would use it. As if their other data gathering methods weren’t enough. Imagine funneling all of your internet traffic through them.
For the same reason Apple operates Private Relay. Google also cares a tonne about state censorship blocking access to its web services.
A refresher: Google runs world's largest public DNS resolver, builds a browser used by 3b+, and an OS by 2b+. If they need to harvest data, they most certainly don't need a VPN (and may be that's why they killed it).
Apple doesn’t operate Private Relay, and in fact that’s kind of the point: nodes are operated by three separate entities (Cloudflare, Fastly and Akamai IIRC). And the protocol is designed such that no entity can link your identity to your traffic. It’s actually quite cool and worth reading more about if you aren’t familiar with it.
I don’t think that’s the answer. I don’t know about Google One but iCloud Private Relay doesn’t work in China straight up. You get a message saying it’s not allowed in the territory.
There's reports of Aurora's in Puerto Rico. Last time they were seen this far south was 103 years ago.
This is a new excerpt from the news station "Primera Hora"
> "Por Primera Hora. 11 de mayo de 2024 • 7:53am. Las aurora borales que decoraron el cielo anoche se lograron ver en Puerto Rico, fenómeno que no se veía en la Isla desde hace 103 años"
English Translation:
>"For First Hour. May 11, 2024 • 7:53am. The northern lights that decorated the sky last night were seen in Puerto Rico, a phenomenon that had not been seen on the Island for 103 years"
This is peak capitalism. The middle class is almost no existent. Big companies are making products that regular people can't afford. It's kinda like the time workers at the old Ford plants couldn't afford the cars that they were making. Eventually they started paying their employees enough to do so. I just looked up the price of a base model Jeep Wrangler, it's 31K, probably closer to 38K out the door(financed of course). That's a lot of money. I wonder if the average factory worker can TRULY afford the base model version of the vehicle they help assemble.
I got dengue and typhoid fever at the same time. They call it a co-infection. I was pissing blood at one point but they said it was due to dehydration and having a kidney stone I wasn't aware of until they had me get an ultrasound. Anyway, these types of viruses are unavoidable. Everyone gets sick from time to time. Incase anyone is curious, I got them both from a restaurant I went to. I kept getting bit by mosquitos that night and the water they served didn't taste right. I only took a few sips of the water but that's all you need to catch typhoid. I google mapped the restaurant and found a few open drainage ditches next to the restaurant. The mosquitos must have been growing in there.
Someone much more tech savvy than me should try to use Charles Proxy on an iOS device and see how often your phone is communicating with Apple servers. It’s pretty wild.
It is wild but not entirely for the reasons someone might think.
I think everyone knows that a good part of the Apple app ecosystem relies on syncing data. I don't think anyone is surprised that a daemon is syncing your photos between your devices/cloud. Add podcasts, ePubs, etc. and you're going to have a busy network on your device. It's a reason in fact I use the cloud, sign in with my Apple ID. I can lose my machine but not my documents.
Maybe the thing that is more along the lines of what you're suggesting though is the network traffic that is seemingly less useful to the user (but useful to Apple). Various frameworks have appeared on the OS that allow apps to share analytics (pretty sure though these are the analytics that you are asked if you want to opt out of on an install/setup).
But because it has become so easy to do (in part because there is a framework to handle it, but also just the ubiquity of the presence of a network) lots of, I think, dumb data is collected to no doubt satisfy management/design as to whether some feature of an app is being used or is not being discovered.
The ubiquity as I say has made it too darn tempting for all parties (Apple and 3rd) to become lazy about how their apps are being used and to become too data hungry themselves.
I had someone recently ask me how I get feedback from my blog posts since there is no comment section, no analytics .... they wondered why I bother blogging at all.
> Someone much more tech savvy than me should try to use Charles Proxy on an iOS device and see how often your phone is communicating with Apple servers. It’s pretty wild.
You can also see this just by running an iOS simulator with Xcode on a Mac that has Little Snitch installed. The amount of phoning home by iOS (and macOS, for that matter) is shocking.
What is even more shocking is running an Android simulator in the same context. Literally dozens of Little Snitch prompts before the OS even boots to the lock screen. Not defending Apple here, but when I was developing a mobile app in both Xcode and Android Studio I noticed a marked difference in the amounts of phoning home.
Little Snitch could use a 1-click on/off ruleset for blocking all Apple network connections (17.x.x.x) except for the published whitelist of Apple notification servers. That would block most of the real-time phoning home. The block could be disabled manually for security updates. If notifications aren't needed, block all of 17.
I saw this idea implemented in the book "Extreme privacy: macOS devices". The author also provides importable profiles that you can switch between, e.g. to enable/disable security updates. I haven't tried them yet, but I am now more motivated to do so.
You can actually see the domains being contacted in the app privacy report. I’m not sure if it includes the OS level connections, but it includes for all apps, including Apple apps.
Friend used to run his webservers on Amigas about two decades ago, back in a time where the time of hooking up an unpatched Windows system to a 100MBit connection would have it infected before you could start updating it. "Of course the webserver there is horribly insecure, as there haven't been new releases in years, but it's so obscure that none of the exploits work"
Did that time end? I'm pretty sure it's still a very bad idea to make a system with common serious vulnerabilities even briefly publicly reachable on ipv4.
If you install Windows XP from the release CD and attach it to the public internet, and let it sit, unless your ISP filters out the file sharing ports, I think it will get taken over fairly quickly. But windows vista and later don't make services available by default.
It's also very popular for ISPs to drop traffic on the windows file sharing ports, because it's almost all either malicious or at least unintentional.
Morning standup at a state-sponsored hacking organization…
Bob: A big round of applause to Fred and Jane for setting up that XZ back door! Boy that got us so much intel!
A round of polite clapping.
Bob: What’s your status, Igor?
Igor: Bah, my target is running web server on MS-DOS. I finally managed to hand craft 16 bit 8086 machine code exploit last night (mind you during Hacker News Hug of Death) and gain remote access to A: drive but it turns out secrets are actually hosted on Amiga 2000 on private LAN which I can ping but I don’t know 68k.
Bob: Fortunately we’re a state sponsored hacking organization so we have considerable resources. R.J., do you think you can help Igor?
R.J.: Sure! Igor, do you know if it has an OCS or ECS chipset? …
Nowadays there are armies of bots that will find an insecure internet-connected server within seconds. Security through obscurity isn't much of a thing anymore.
These bots you are talking about are not intelligent, they do not find "insecure" servers to break into. They simply brute-force and exploit known bugs on popular services.
There is no botnet targeting web services running on DOS, because no one is running web services on DOS.
Finding insecure servers, what human hackers would do, requires persistence, time and a working brain.
Bots, instead, throw shit at a wall and see what sticks. Move your SSH server with credentials root:root on port 1234 and notice how many bots get utterly defeated (only for sake of argument, because OpenSSH has a banner which makes it easy to identify wherever it's running)
These tend to try the top _n_ exploits on common ports. In fact, a little obscurity rids oneself from common attacks. I usually move my Wordpress admin access to a different port and URL and that really does stop scripts from trying exploits all day long. (Of course, I make sure everything else is set for security, too.)
Yeah. I eliminated a persistent bot attack on a webapp in minutes by simply adding a very easy question on user signup (like "what's 1+1?")
Security through obscurity is an overused concept: it doesn't work against determined humans, but on the greater internet, when your adversary are bots, it is extremely effective.
It even works on determined humans. It's defeatable but dissuades many humans and slows down the rest. It is a useful layer in security. It just can't be the only layer.
I worked at a large company. My manager told me there's a legal requirement to post jobs publicly even though the position was intended for internal hiring. I don't know how true this is. If it is true, this could explain some of the 'ghost jobs'.
I’ve heard of this before as well. I’ve actually looked at applying for some internal jobs and was told not to bother, because it was the posting for a certain person.
Had it happen for me once as well. A new team was being formed that I was part of. I was given a certain job post ID to apply for that was meant for me. Some people got upset, because they were told to apply for a level 2 position, when they saw a level 3 or 4 position was also out there that they wanted to go for… but the decisions had already been made.
Years after the fact, I was curious if a job opening created for me when a higher-up wanted to bring me in was posted for a bit. If so, other people probably didn't have much of a chance. Although I had some interviews, I don't think I ever even applied to the job through the online system.
That makes me wonder if another one of my promotions was posted. My interview was the manager walking up to me while I was standing off to the side in the lunchroom waiting for someone else, and he simply said, “if anyone asks, I interviewed you.” He then walked away and I had a promotion.
