The flaw of not using HTTPS for the downloads is so basic it’s shocking they didn’t have internal tooling to raise this before it was shipped. I’m not familiar with AMD’s bug bounty policy but they should have at least paid $1337 to the researcher for raising this to them.

LLMs are just a tool, just like airplanes or hammers. An airplane is very expensive, but better at going really far distances than humans can on foot. A hammer is cheaper than a human, but by itself is useless unless operated properly. Despite the tone of the outputs, LLMs should not be authoritative and human judgement shouldn’t be replaced with them.

Just on the security side of coding, highly skilled security engineers at Mozilla were able to use Claude Mythos to identify and address many issues to make Firefox more secure. Some if these issues were introduced over 10 years ago, and a human could have identified and fixed them but human speed of reading and finding will always be a bottleneck. Having highly skilled humans offload the slow task to go through the codebase and raise issues, allowed them to find and understand the nuanced problem, and work on a fix. The key here is giving the people with the skills the ability be enhanced with LLMs, not replace them with one.

I think what the commenter is saying is if you have something running on a server on an external IP address for like a website that needs to be public, the additional risk of opening up more ports to slow down Internet scanners is not beneficial to you and not worth the risk.

If you’re deploying an raspberry pi and opening it up to the Internet, and don’t care if it crashes due to overload, thats a bit of effort and cost you incure to keep it running to be a nuisance.for Internet scanners. If you don’t have anything which needs to be publicly accessible to the Internet, the best thing you can do is not open any ports and expend no effort, so that the firewall/ NAT gateway operates in stealth mode which is does inflict some processing and time on the Internet scanner to run waiting for responses to timeout.

It’ll probably just be a nuisance for small operations and for larger botnets be a drop in the bucket or not even noticable.

Interesting bit from the court docs of how they traced it to him:

Based on cryptocurrency tracing analysis performed by FBI personnel, I have learned the following, among other things: on or about November 12, 2025, and November 13, 2025, in a total of approximately three transactions, Wallet-0xAf6 sent a total of approximately $149,980 of cryptocurrency to particular cryptocurrency swapping service (“Swapping Service- 1”).2,3 Based on documents from Swapping Service-1, I have learned that shortly after those three transactions, Swapping Service-1 sent approximately $149,980 of cryptocurrency to a particular cryptocurrency payment processor (“Payment Processor-1”). Based on documents from Payment Processor-1, I have learned that the November 12 and 13, 2025 transactions were received by account in the name of “Michele Spagnuolo,” and that an Italian Government identification card was used to open the account at Payment Processor-1. A copy of that identification card, which I have reviewed, appears to be a government identification card for MICHELE SPAGNUOLO, a/k/a “AlphaRaccoon,” the defendant.

Seems like whatever swapping service he used is what got him as he probably assumed that they wouldn’t comply with law enforcement or have detailed records.

Microsoft has been mum on any details about these matters, so it’s hard to tell if the situation is about an uncooperative researcher who doesn’t follow standard disclosure rules or a company being difficult about security reports. Regardless, the move to ban Eclipse’s GitHub account makes for poor optics, as it is being heavily criticized, and ultimately achieves nothing for security, since the code is out there anyway.

Classic Streisand effect. Just two years ago Satya Nadella publicly announced they’re prioritizing security above all else, but now have nothing to say about these exploits and are trying to silence the researcher? Viewing from the sidelines, it did seem a bit reckless how Eclipse was dropping these as zero days, but Microsoft’s actions speak louder than words and they probably didn’t pay for the bounties.

I’ve seen some Twitch streams where indie game devs will do this, especially during early access to promote the game and get feedback from the community. It seems like a neat idea but is probably grueling to “perform” while developing.

paw patrol is just so over stimulating with frequent cuts and it’s clearly designed to hook kids short attention spans / does not help develop longer attention spans. It’s a classic problem that kids don’t want to stop watching and have tantrums if you enforce screen time and turn it off. All of this to sell huge toys that kids think they want and will play with one time.

Also the stories are not really that great, and suck to watch as a parent. They always introduce an issue which is immediately resolved, triggering that instant gratification in your kids brain, without teaching them about conflict resolution or anything really useful. This isn’t even about the idea of Adventure Bay being a police state or promoting the privatization of communal services.

It’s an unfair comparison, but a show like Bluey has great storytelling and while not being purely educational, teaches kids how to emphasize with others and deal with conflict that isn’t easily solvable, even for adults. The music, illustrations, and stories are a work of art and a more valuable use of time than Paw Patrol.

This is a benign example, but I was talking with a fellow parent about our dislike of Paw Patrol and told them I had to remove that as an option in Netflix. They were shocked that was possible and I could see the gears turning in their head with that new info. Granted I’m not parenting a teenager yet, but it seems like most of the functionality in bigger platforms generally exists, people just don’t know it’s there and to set it.

Hokey religions and ancient weapons are no match for a good blaster at your side.

Not sure if this applies to you, but how does EMS work with time across timezones? Like if a patient is airlifted from one location to another and crosses timezones? Is that another source of error, or is generally things being an hour off by accident not an issue?

There have been a bunch: Throne of Blood is Samurai Macbeth. Warm Bodies is Zombie Romeo & Juliette

The Verge’s Podcast has a reoccurring segment now called “Brendan Carr is a Dummy” with all these stupid moves on his part.

They were pretty clear with the job for Office Space, they worked for a bank/financial institution and had to update the software for Y2K so the years could accommodate 4 digits. That’s why they were able to take push an exploit that allowed them to keep the rounded penny in a transition for their scheme, which may or may not have been inspired by Superman III.

Gotta pump the bubble somehow and show “universal AI usage”. Facebook did something similar like 10 years ago with inflating views for video content to get publishers to pivot to video on Facebook’s platform by juicing the numbers.

I don’t exactly remember the mechanics, but wasn’t there some heart or potion you could get to extend your hearts, but that consumable didn’t replenish? I remember using one early in the game and then realizing I should have saved it for one of the final dungeons. I don’t think I actually ever beat Zelda II and rage quit after realizing it was too difficult for 12 year old me.

We sent a SYN-ACK packet and YOU acknowledged it, confirming you are not spoofing YOUR IP address. Now WE share the same sequence number. Most sites do not tell you this is happening.

Doesn’t seem to be anything new here than what’s we already know:

• https://en.wikipedia.org/wiki/Device_fingerprint
• https://coveryourtracks.eff.org/

Just with a more ominous tone. Is it any wonder people are afraid of technology?

No One’s Ever Really Gone

I always thought the line was “ketchup on the table”