the power radiating from this image is immense and overwhelming

I’m sorry I hurt your feelings, that was not my intention, but I can’t interpret your message any other way, as all I did was say “I don’t like this popular thing”.

Also, no, look at the wiki. The priority splitters came out after 1.0.

Oh, cool, they added that a few months ago; it only took them over 5 years to add it. I still don’t get why everybody likes it, it punishes you for building big and it has the slowest opening of all factory games I’ve ever played. I’d like to say I’d give it another try, but it runs like dog ass now, so I can’t play it anymore.

Is Satisfactory a franchise? I just don’t get it; it’s a worse Factorio. It’s poorly paced and it doesn’t have the tools you need to build big, like priority splitters.

Content ID is a major part of how copyright currently works.

It’s literally not a part of how Copyright currently works. It’s how Google automated copyright claims on their platforms.

None of my creative works are in Content ID. People are not being sued through Content ID. Content ID flags stuff and at worst removes it. It is up to the copyright holder to decide what they want to do.

No it doesn’t. It would work like Copyright currently works.

I don’t need my works to be in any database for them to be protected by copyright. I simply have to declare their license or have the license be assumed by not declaring it. That’s how it already works. You, the owner of the copyrighted works, has to sue the infringer. It’s not an automated process. Your ‘likeness’ doesn’t need to be in any database if you can prove they used your likeness. Content ID was an attempt by Google to automate the removal process on their platforms so they could wash their hands of the problem.

IT WAS HIM!!!

GET HIM

Is Google your government?

Do you also think all of your creative works are in a government database somewhere?

You need to clarify what exactly this button does.

it attempts to log in using a list of credentials.

Do you read what you post or do you just google “ssh vulnerability” and post the first result to waste my inbox space?

Software doesn’t get patched all the time,

SSH does, it is one of the codebases with the most eyeballs on it at any given time and patches to it get fast-tracked downstream.

advising hobbiests on how to configure and maintain their personal server, not the engineering meeting for a fortune 500

You don’t need to be a genius to enable keys, disable root and install fail2ban.

it remains best practice not to expose ssh to raw internet unless absolutely necessary

This is correct, but we are arguing about a case in which it is necessary to expose something and it’s better that it’s one of the most secure and battle-tested pieces of software in the world as opposed to some open source hobby *arr stack.

arguing against the industry standard … more experience and engineering time than you or I.

I work in this industry, ma’am.

Did you know that simply being connected to the internet puts you at risk? Your firewall could have a vulnerability! Your router’s admin panel could be misconfiguration and exposed to the internet! The only way to be safe is to unplug your cable and stop replying to me. Also rip out your bluetooth modules and any LEDs in every device you own because they have been demonstrated to be attack vectors. In fact just stop using anything more complicated than a MOSFET.

I think its safe to say that anything with a public facing login, which has also poked me, is compromised. 260 Shadowfoundation hits and 274 others, a handful of which were also legit scanners, that identified themselves and their purpose.
it’s probably very close to 50/50.

I try to contact someone responsible about it when I can. 😀

Mostly! Not all are infected. Half of the traffic are just other researchers scanning the internet for legitimate research purposes, and they identify themselves if they’re nice. When it comes from a shared web host or VPS, it’s probably an individual renting space in a shared datacenter for malicious purposes, and the websites you’d find here have nothing to do with the malicious traffic. You can report it to the owner of the IP, but usually it’s a waste of time. If an IP redirects you to a domain, it’s usually because that’s a single host and not a shared IP, and those are 100% compromised. A lot of it are IoT devices like webcams and TVs which, for whatever reason, are exposed to the internet and have been compromised and participate in a botnet.

The Lemmy instances that poke me are odd because they’re surely not compromised but it’s also not normal behavior. I suspect there’s a bug in pictrs or the way an instance can proxy URLs (I post image URLs from drkt.eu often), but this is completely baseless speculation on my part.

I usually make an effort to contact website owners and let them know they poked my honeypot. I don’t care that they did, but they should consider if they’ve been compromised because there’s really no legitimate reason to touch my IP address directly on those ports.

You did link a vulnerability! That is true. I didn’t claim SSH had a clean track record, I claimed it had a better track record than most other software. That vulnerability is hard to exploit, and generates a lot of noise if you were to try, which nobody has because it’s never been found in the wild.

People who sit on 0-days for critical software like SSH don’t go out and try to mass-exploit it because it will be found within the day and patched within the week once they start making noise. This is not a quiet exploit. If they’re smart, they sell it. If they’re ambitious, they build an elaborate multi-chain attack against a specific target. Only 0.14% of devices vulnerable to this exploit are EoL versions of OpenSSH, so once this was patched, it was no longer a useful attack vector.

It would also have been completely negated by fail2ban, which is prominently deployed on internet facing SSH, as it required thousands and thousands of connection attempts to trigger the condition. It could also have been mitigated by not running sshd as root, though I understand that most people don’t want to deal with that headache even though it is possible.

There are thousands of independent honeypots that sit quietly and sniff all the mass-attacks and they earn their daily bread by aggregating and reporting this data. If you run a mass exploit, you will be found within the day. Trust me, I burned an IP address by regularly scanning the whole IPv4 space. You are going to end up on blacklists real fuckin’ fast and whatever you were doing will be noticed and reported.

If you’re going to open something, SSH is a very safe choice. But yes, don’t open it if you don’t need it. We are discussing how to open a service to the internet safely, though, so we need it.

If you’re going to open something, SSH is far, far more battle-tested than much other software, even popular software. Pragmatically, If someone is sitting on a 0-day for SSH, do you genuinely think they’re gonna waste that on you and me? Either they’re gonna sell it to cash out as fast as possible, or they’ll sit on it while plotting an attack against someone who has real money. It is an unhealthy level of paranoia to suggest that SSH is not secure, or that it’s less secure than the hundreds of other solutions to this problem.

Here is my IP address, make me eat my words.
2a05:f6c7:8321::164 | 89.160.150.164

Most governments are asleep at the wheel, generally.

They can try all they like, man. They’re not gonna guess a username, key and password.

Screw everything else, this is the worst timeline…

In theory, but they could just make it free for everyone during rush hour. It is effectively punishing people who don’t have a car.

A junker in Denmark is gonna be more expensive than a cheap, new car. Cars are very expensive in Denmark.