Some newer TVs are starting to have hard-coded DNS servers, which means they’ll bypass most PiHole configurations.

You could try configure your router to redirect all DNS traffic (UDP port 53) to your PiHole server, but that won’t work of they’re using DoH (DNS over HTTPS) which is becoming more and more common.

There’s sometimes cases people don’t think of ahead of time. For example if you log stack traces, they may contain details about the arguments passed to functions.

Oh sorry, I completely forgot to mention that. I’m using an Nvidia Shield for all my streaming.

Another approach is to connect the TV to the internet but block all LG/Samsung/whatever stuff, for example by using a firewall on your router.

I’m still amazed that immobilizers aren’t a legal requirement in the USA, and that Kia would remove them from US models just to save a small amount of money.

Don’t let your TV connect to the internet. I have mine on my wifi so I can control them using Home Assistant, but they’re on an isolated VLAN with no internet access.

Edit: Of course, this only works if you use an external box for streaming, like an Nvidia Shield, Apple TV, Google Chromecast TV or whatever they call it now, etc.

I mentioned this in another comment too: Nobody seems to reads the actual posts, just the headlines. They were accidentally stored in logs:

As part of a security review in 2019, we found that a subset of FB users’ passwords were temporarily logged in a readable format within our internal data systems,

which is something I’ve seen at other companies too. For example, if you have error logging that logs the entire HTTP request when an error happens, but forget to filter out sensitive fields.

Also, nobody reads the actual posts, just the headlines. They were accidentally stored in logs:

As part of a security review in 2019, we found that a subset of FB users’ passwords were temporarily logged in a readable format within our internal data systems,

which is something I’ve seen at other companies too. For example, if you have error logging that logs the entire HTTP request when an error happens, but forget to filter out sensitive fields.

Elongated Muskrat

It’s amusing. Meta’s AI team is more open than "Open"AI ever was - they publish so many research papers for free, and the latest versions of Llama are very capable models that you can run on your own hardware (if it’s powerful enough) for free as long as you don’t use it in an app with more than 700 million monthly users.

Ohhh I didn’t consider that. Good point!

I suspect that this will be a thing eventually… It’s a reasonably easy way to defeat apps/systems like Comskip that detect and remove ads from videos. Comskip is what Plex, Jellyfin, etc. use to detect ads in DVR recordings.

Those ad removal systems usually find ads by looking for changes in the video. For example, sometimes there’s black frames before and after the ads, sometimes there’s a TV station logo that goes away during ads (especially on channels like CNN), sometimes there’s a change in volume, etc. If they make the ads look similar enough to actual content, it becomes very difficult to automatically remove them. Online platforms like YouTube are trying to achieve the same thing - Make ads “look like” non-ads to make them harder to block.

One of the four major banks in Australia used to (or maybe still does?) limit passwords to 6 characters. No more, no less. Exactly 6. They’re case insensitive, too.

One of the other banks used to silently truncate passwords (to 12 characters if I remember correctly). They removed the truncation one day, and there were so many issues because people who had passwords longer than 12 characters couldn’t log in unless they knew to only enter the first 12 characters of it. It was a mess. Their phone support had a recorded message saying to only enter the first 12 characters if you have trouble logging in.

We use keys + Yubikey 2FA (the long alphanumeric strings when you touch the Yubikey) at work, alhough they want to move all 2FA to Yubikey FIDO2/WebAuthn in the future since regular numeric/text 2FA codes are vulnerable to phishing. All our internal webapps already require FIDO2, as does our email (Microsoft 365).

I’m surprised they’d expire the SSH keys rather than just requiring the password for the key to be rotated. I guess it’s not too bad if the key itself is automatically rotated.

It would be more secure to have SSH keys that are stored on Yubikeys, though. Get the Yubikeys that check fingerprints (Yubikey Bio) if you’re extra paranoid.

The obesity rate in Australia (and New Zealand) isn’t very far behind the USA…

A lot of countries have disabled their 2G networks (and 3G in some cases). I think 4G and 5G have a more secure signaling protocol than SS7?

Because anything AI-related gets more clicks.

No, at least not in the USA. They’re still protected under Section 230, which makes them immune from liability of third-party content on their platform.

now serving up the ads directly to me

What do you think they were doing before? 🤔

If ads are injected server-side like the article is taking about, your downloads in Newpipe and Kodi are going to have the ads in them.

The article makes it sound like a new concept, but it’s a very old approach for adding ads to video streams. I mean, it’s essentially how regular TV works.