redjard

This issue here is very different to the xz backdoor.
The xz backdoor was well obfuscated, planned out, and inserted by another actor.

This here is easy to notice, can reasonably be explained as a mistake, and can only benefit the og main devs of lemmy.

A “huh this is odd, also change yalls admin passwords” is appropriate here. Even if we got further indication it was malicious, it would still be far less crazy than the xz backdoor.

Scale? There have been a lot of tesla cars driving for years. Last I heard, electric cars in general, and also teslas specifically, are a lot less likely to burn.

Without some usable numbers the counts above seem worthless to me.

thx.

• Belarus (2015; gas, nuclear)
• Belgium (2016; green, gas, nuclear)
• Austria (2020; green, bit of gas)
• Sweden (2020; green, nuclear)
• Portugal (2021; green, gas)
• UK (2024; green, gas)
• Slovakia (2024; nuclear, green, gas)
• Ireland (2025; green gas)

Most of the nations seem to use renewables and use gas to balance the load spikes. Few have the storage to get by without a source of balancing, nuclear is a common supplement but shouldn’t be capable of balancing since it’s so slow.

Some use so much gas it’s probably not just for balancing, namely the uk.

Sweden is probably using hydro to balance, they don’t seem to have any storage but also don’t use gas.

I would discard Slovakia. They still have installed coal capacity, and import significantly from poland which is mainly on coal.

would be interesting to see the respective major power sources

100k left

Can’t you just replace the entire game folder?
Running a verify and repeating the action would even show how many files were changed.

Insert payed-paid bot here telling you payed is for boats and paid for transactions.

Yes, that’s an organ, but you’re thinking of a portable binder of preprinted tables designed for personal management.

Na, that’s olfactory, oregon is a large pipe instrument commonly constructed in christian temples.

It’s probably purposeful obscurity, a marketing move for gold and jewelry.
Other alloys are described as ratios of elements.

At least I am starting to see carat fall out of use as a unit of weight, maybe from diamond manufacturing slowly making diamonds more of a commodity product.

It’ll probably take until we stop obsessing over gold before we can get rid of karat.

It’s 18 karat, not 24, so 75% gold and 25% probably silver.
That makes it a significantly harder alloy than pure gold.

biggest attack since Kyiv’s daring drone assault

Didn’t that literally just happen?
This has »“We haven’t seen each other since last year” in the first week of January« vibes.

Yeah.
The maintenance of these conatellations is pricy, so perhaps if such an international program does prove itself trustworthy you’d see other national alternatives get retired.

I mean it’s not like the US would do it anyway as things stand, more likely for such a program to get started independently and to end up outcompeting starlink down the line.

You want a truly multinational organization responsible for it, nothing that can be controlled by a single nation, even one as (ex)influential as the us.
Something based on the UN perhaps.

Combine that with making internet access a human right, to stop denying connectivity outright.

Ideally then you could’t enforce meaningful censorship, but more realistically you would route regions to their respective governments servers so they could censor as before on their territory.
That would not guarantee free access to the internet to everyone, but should be an acceptable compromise to basically all nations.

After that, other doubting nations could still pull their own constellation, nothing is stopping that.

I would love if the internet program was uncensored, but that probably needs personal circumvention same as now, if such a program wants any degree of success.

Starlink should not just be nationalized but internationalized.
It is internet for everyone on earth, not everyone in the USA.

Every larger nation deploying their own constellation would be a pointless waste of resources, and every smaller nation having to find reliable partner-nations to tap into for that internet access would inevitably lead to people ending up without access due to political games.

Low orbit satellite constellations are the perfect candidate for sharing, they would literally sit unused over most of their orbits otherwise.

It breaks apps that properly format tho

That has limits. Not sure what it comes down to exactly, but under the most ideal conditions I have pulled off yet, I’d estimate it improves sight by 3-4.
-8 with the fov of a pinhole is still blind.

Can’t you always attempt uploads until they bypass arbitrary filters and then report-snipe on that?
How would a content-based filter prevent this if the malicious actor simply needs to upload correspondingly more images?

I think the sad reality is that the only escape here is scale. Once you have been hit by this attack and been cleared by the 3rd parties, you’d have precedent for when this happens again and should hopefully be placed in a special bin for better treatment.
Scale means you will be fire-tested, and are more likely to receive sane treatment instead of the ai-support special.

Was about to say this.

I saw a small-time project using hashed phone numbers and emails a while ago, where assume stupidity instead of malice was a viable explanation.

In this case however, Plex is large enough and has to care about securiry enough that they either
did this on purpose to make it sound better, as a marketing move,
did not show this to their security experts,
or chose to ignore concerns by those experts and likely others (turning it into the first option basically)

There is no option where someone did not either knowingly do or provoke this.

It isn’t usually. If it was, the server-side function wouldn’t need a constant runtime at different-length inputs since the inputs would not have differing lengths.

The problem with client-side hashing is that it is very slow (client-side code is javascript (for the forseeable future unless compatibility is sacrificed)), unpredictable (many different browsers with differing feature-sets and bugs), and timing-based attacks could also be performed in the client by say a compromised browser-addon.

For transit a lot of packaging steps will round off transfer-sizes anyhow, you typically generate constant physical activity up to around 1kB. Ethernet MTU sits at ~1500 bytes for example, so a packet of 200 bytes with a 64 char password or a packet of 1400 bytes with a 1024 char password containing some emoji will time exactly identically in your local network.