I don’t think that’s the case, because otherwise how did they leak this key that the backend uses, that presumably stayed in the backend, by reverse-engineering the rabbit android application?
I think the devices all just have hardcoded keys to the APIs themselves.
Oooh I had an Intel Atom Vaio Netbook as my first ever computer I actually owned, given to me as a gift by parents for school. I asked for a gaming laptop, so I was real bamboozled by it.
Somehow though I managed to grief my friends’ Minecraft server with /set 0 and enderdragon spawn spam while talking to them on Skype, but it was painful, opening a web page took literal minutes sometimes and my internet wasn’t the fastest back then but it wasn’t too bad either like 5-10mbps easily. But it wasn’t the worst.
That honor goes to an MSI gaming laptop. It was actually really powerful, quad core, 16GB RAM, 8GB VRAM, MSATA SSD and a 1TB HDD that is still alive and in a JBOD setup with mergerfs in my server today serving me shows to watch thru Jellyfin.
In 2014 it was nothing to scoff at, the 880m ran GTA V on almost the highest settings at 1080p and it had tons of storage.
But as a computer it was just fucking terrible, the screen is the dimmest, most TN LCD blue filter shit you’ve ever seen, it was all I had so I watched things on it, and it just always made me depressed that I was watching beautiful films and shows and playing games through this awful blue filter that had no warmth, everything looked like some movie dementia flashback.
USB port melted itself and made some random parts of the case have an electric surprise for you sometimes, keys popped off if you breathed on em but not like you would want those keycaps to stay on because they were disgusting, speakers sucked in dust and vibrated it inside, making all audio feel like earrape at any volume, headphones jack flew out, touchpad was off to the side because of the dumbass numpad, ethernet port fried entire cables, DVD drive wouldn’t read disks, dumbass UEFI firmware locked down to shit, took forever to disable secureboot and the setting would get lost randomly.
About 3 years later, the AC port fried itself and would work like a pair of dodgy earbuds and I had to sit there rotating it like I was finding a radio signal in class, battery was long gone by then so it would shut off at random, which made android app dev I was doing at the time on it somehow even worse of an experience.
Still have many fond memories of my times with it but man did I not miss it at the time.
I replaced it with a 2010 ThinkPad X201 I got for 50 bucks and loved it, I proudly used and abused it and showed it to everyone like it was my first dress with pockets until I eventually blacked out on xanax and procedurally took the entire thing apart and flashed ??? onto the firmware chip and couldn’t put it back together ever again.
Thanks for the explainer, but that’s not what I meant.
For example: If I, an ISP in Beijing went to BEIJING CERTIFICATE AUTHORITY Co., Ltd. which is on the list, and had my cert issued by them for foobar.com that listed them as the root trust, wouldn’t that work? Because the service operating there currently is illegal and I need to take it down, i don’t see how or why they could refuse. If they can’t do this for ISPs, then certainly law enforcement should be able to force them to comply, I would assume.
If I then went to abuse that cert and spread malware on my fake cloned site, then what are the affected users going to do, call the cops and tell them the illegal seedbox is down?
This is the only way I can see governments being able to display blocked website notices, takedown notices and other MITM insertions demonstrably happening in all sorts of countries without triggering a “back to safety” warning in most browsers.
This has to be possible, because otherwise the observable results don’t make any sense.
I’m not necessarily saying they did the attack this way instead of just simply spreading malicious torrents which is far easier, but I don’t see why they wouldn’t be able to do this.
A cassette on one of those small kid stereos, later it was my mom reading me stuff. I don’t know if I could listen to music falling asleep but nowadays I have YT videos on and lots of white noise to drown out the crackhead neighbours upstairs.
I will never understand how neurotypicals have sleep schedules like do you just…go to sleep the same time every day? Like literally to the second, or is there some give to that? And if you don’t you feel bad?
or has access to a trusted CA’s key, as per above.
I don’t see why they wouldn’t, or couldn’t do this if they wanted to if they were also willing to straight up resort to spreading malware, which idk about SK but that’s illegal anywhere in the west under very broad laws.
EDIT: They could also do a redirect to a different URL with a valid cert I guess, though I’m sure browsers block that too. Well I’m out of ideas then, I feel bad for cybercriminals these days.
EDIT2: Wait a sec, how does government censorship work then? Like e.g. https://ttrpg.network/post/7634428 How is the government able to MITM this person? The website is HTTPS and they’re using a VPN, but presumably locked to the DNS of the ISP. How are they able to block websites at all in this case with anything other than a termination of a connection (i.e. displaying a banner)?
Even without a VPN by your logic if the ISP can’t present a foobar.com cert then they couldn’t block it via just DNS. How do FBI takedown notices work? Shouldn’t all of these throw up SSL errors and “back to safety” prompts?
Then wouldn’t it be just one API key to the rabbit backend instead? The researchers are suggesting it’s several keys though. Or are you suggesting every device has the same key to Elvenlabs that it sends over to the rabbit backend which passes that through to the request? That’s also very silly if they did that.
What I don’t understand is why the TTS key could even delete voices or read past responses from other devices, ideally each device should have its own properly scoped API key that only lets it access the immediately necessary functionality and no more.
I think it’s much simpler than that.
Webhard is Web Hard Drives - SK torrenting scene is very different from the west, to simplify from how I understand it (English info seems scarce) basically everyone uses seedboxes or “web hard drives” in SK to download stuff.
While I can’t seem to find out anything about what “The Grid system” is, if the whole thing is an online portal or software.
If ISP routers are anything like the west that means they control the DNS servers and the ones on router cannot be changed, and likely it blocks 1.1.1.1 and 8.8.8.8 and so on, as Virgin Media does (along with blocking secure DNS) in the UK for example, which definitely opens up a massive attack vector for an ISP to spin up its own website with a verified cert and malware and have the DNS resolve to that when users try to access it to either download the software needed to access this Grid System or if it’s a web portal - the portal itself.
I don’t think this included any attacks on the BitTorrent protocol at all, because as others said, it’s pretty secure, but another possibility is simply malicious torrents being distributed, which rights holders definitely done before (read decoying part in https://arstechnica.com/tech-policy/2007/03/mediadefender/)
That’s a lot of work. Thanks though.
Which vuln was this?
Even by your analogy, yes I’d rather have a wooden cart compared to carrying things in my hands.
That said your analogy doesn’t apply to tech. “It just doesn’t okay” isn’t a very satisfying answer from a logic standpoint, but as the other user pointed out almost all corporate software is built upon, or massively, and I mean massively relies upon the efforts of Open Source software.
I can’t really think of any other industry like this or an analogy for this, but that is how it works. Example: GNU/Linux is FOSS, and is the go-to for server software for businesses, and it’s starting to creep into end user products too, from Dell laptops to Raspberry Pi to the Steam Deck (if you’re familiar with that - Proton is also open source).
No, BAD.
RIAA is evil. AI is good for us plebs while it’s still legal for us to own and operate our own local open source LLMs away from the corpos, in the same way the internet is a net good because it’s free and open and gives us power to practice communism (information sharing, hacking (classic meaning) and open source).
All regulation will be aimed squarely at destroying that, concentrating power in the hands of the few away from just any old proletariat tom dick and harry.
Corpos will pay any fees and fines as a cost of doing business and acquire all licenses and reach private agreements with publishers out of reach for the common man or small business, all the while passing the cost of all this onto the consumer eventually just to invest in tech that will make the line go up for a few more quarters.
IP law does not benefit you and you will never truly benefit from it.
Don’t simp for corpos.
P.S.: Imagine the next LLM, 10-20 years from now is truly groundbreaking and useful, it’s a new tool, and without that tool, you’re no longer competitive for work, and all of said tool is owned by 1-2 multinational predatory conglomerates jacking up prices, because you have no choice but to pay up to live. It’s cyberpunk, just boring and without the implants, price-gouging a necessity just as they do now with housing or insulin.
We need to preserve the power to do this freely, fairly, without profit and without licensing works.
Is there a way to do reverse tunnels, or something like it, so not opening any ports at all on the network, without cloudflare?
Closest to that XP I got was generating VPN keys and distributing them to close friends, running DDNS (no-ip) on my Pi with a pivpn server and then accessing JellyFin that way.
If you hear about a job being in demand, then it’s too late to get into it, those news will always only be good for those who are already in the field, by the time you make it through 5 years of uni, you will be competing against hordes of people who did the same in a demand bubble that’s bursting or deflating.
Right now cybersecurity seems to be having a soft boom, if you’re in it you’re good, take it easy and maybe do a cert and diversify skillset, if you’re not, don’t bother.
Same with data science/ML which I would assume is going to have a large boom soon (or already had? Last I remember anyone talking about it was Cloud™️ Big Data™️ days, far pre-LLM/GenAI craze ATM.)
Do you maybe mean snap?
Docks of New York and The Cabinet of Dr.Caligari are also really cool silent age movies
I’m proposing replacing minimum wage w/ something like UBI (my preference is a Negative Income Tax for more of a direct replacement). That way that $100 isn’t being added to peoples’ means, but instead it’s replacing wages
So it will just accomplish nothing, as people will work the same (more if we follow current trends) for $9.00 and hour instead of $12.00, but will have an extra $3.00 from taxes on the middle class (the rich will avoid taxes always).
This is certainly a proposal.
which can keep total inflation stable
Ah yeah, like right now where inflation is low and even decreasing, but things keep getting more expensive, jobs more and more scarce and actual value is ever smaller, while building true wealth through home ownership is ever more unreachable, while being poor is only more and more expensive and social mobility is at an all time low? Lol.
Measures of inflation are like COVID cases being low before we started testing more people.
That gives employees the freedom to say no to poor working conditions and inadequate pay without worrying about where their next meal is coming from.
That’s the thing - it won’t. Capitalists won’t like this, and competing with one another by offering better working conditions will only make them worse off - they will instead band together and price fix the market, or simply complete the ongoing switch to using gig economy “contractors” instead of employees.
Capitalism is a race to the bottom. This is ofc a hypothetical, IRL they would never allow any such laws with actual teeth to pass unless a dictatorship of the proletariat showed them to the guillotines.
Sure, and moving to socialism won’t change that, all it does is replace “the rich” with “the well-connected.”
This is an argument so old Marx debunked it himself. But I’ll say this: even if this is true, corruption is indeed possible in any system, but only in capitalism we worship it and call it “lobbying”.
People being rich isn’t a problem, especially since generational wealth is often gone after 3 generation
So just because it hasn’t been 3 generations yet, Musk isn’t a problem? Bezos? Zucc?
The important thing is that who “the rich” are changes periodically so we don’t get into a Russian oligarch situation.
The Russian oligarchs are actually new rich too, most of them got wealthy by picking the corpse of the Soviet Union, during western enforced shock therapy, while the poors were left to heroin and dying of AIDS. What a woopsie that turned out to be with fascist Russia now eh?
As long as that’s improving year-over-year, things are getting better. Whether some people have tens or hundreds of millions doesn’t really impact me day-to-day.
Things have declined since the 1980s in terms of buying power of the middle income young people of today across the board, and that’s before we get into the fact life itself got more expensive (e.g. now a starter crappy job needs an MSc, used to be they hired barely literate lead eaters, who are now bosses).
It’s slightly offset if you measure happiness by socially-funded scientific and technological progress (internet was a government project) but even that is now debatable, as capitalism has sunk its teeth into that also, and more and more social services of the 20th century are privatized into oblivion.
And that’s just the local, street-level stuff. What about the global evil of capitalism? Israel? Afghanistan? Iraq? Neo-colonialism of the global south, American corporations licking dictatorial boots the world over? the blockade of Cuba? Police racism and brutality? Sexism? Ableism?
The neoliberal imperialism of the United States through it’s client-state in Israel alone is enough to wonder, whether this system should be left as-is.
Now the USSR did a fair bit of shit too, and China does a lot even worse, all of it is deserving of critique, but US’s (and it’s western vassals’) issues are precisely as a result of its system. The US is very much an oligarchy, and is three corporations in a trenchcoat, and occasionally, when whistleblowers, whether corporate or military wind up dead, people look up, and it’s important that they blame the right people, because otherwise, they’ll blame each other, and fascism - the final form of neoliberal capitalism - wins.
The intro to Space Oddity is Fmaj7 (easiest best chord) to Em (very easy chord) and with some C and Am. Tab here: https://www.songsterr.com/a/wsa/david-bowie-space-oddity-tab-s365
Strumming pattern is tricky, but it’s my favourite thing to casually strum if I’m sad.