https://nvd.nist.gov/vuln/detail/cve-2024-6409 RCE as root without authentication via Open SSH. If they've got a connection, that's more than nothing and sometimes it's enough.
designatedhacker
joined 2 years ago
I went down a rabbit hole on this one. I think the age may be irrelevant, or only correlated with children. At least Kidman and Holmes left him over Scientology. They were trying to avoid having their kids indoctrinated. That worked for Holmes, backfired on Kidman. It might have worked for Holmes because it backfired on Kidman. https://www.mercurynews.com/2024/06/28/after-tom-cruise-once-denied-abandoning-suri-she-seems-to-get-the-last-word/
Still plain water for the toilet though right?
"way before the toilet paper shortage even starts." LMAO.
You gotta set up a dead man's switch (not literal give the evidence to a lawyer or do a deposition or whatever). Do that before you blow the whistle and announce that at the same time.
If you first have to write comprehensive unit/integration tests, then have a model spray code at them until it passes, that isn't useful. If you spend that much time writing perfect tests, you've already written probably twice the code of just the solution and reasonable tests.
Also you have an unmaintainable codebase that could be a hairball of different code snippets slapped together with dubious copyright.
Until they hit real AGI this is just fancy auto complete. With the hype they may dissuade a whole generation of software engineers picking a career today. If they don't actually make it to AGI it will take a long time to recover and humans who actually know how to fix AI slop will make bank.
Lottery numbers for the Mega Millions drawing that happened most recently. Leave them with a note that past me would realize was the real deal to go buy the ticket.
Many people that voted for Trump did so because Fox news said to, or Newsmax, or their family, or Joe Rogan, or Elon Musk, etc. The right has a vast disinformation network that hand waves or disputes all of those facts. It's all bullshit of course and anyone who digs into it at all would realize that. Nobody has managed to put a dent in that disinformation silo. People who were super into conspiracy theories ignored all of the actual shenanigans and chose to believe stupid shit that fit their bias.
At this point their entire identity is built around a pack of lies. The cognitive dissonance is layered on so thick they have a sound bite dead end for any question. If they chose to believe the truth it would mean that they're the worst kind of idiot and have actively been a puppet and a piece of shit for at least 8 years. They can't admit that kind of failure. The moral injury is too great.
So what would have to happen is some sort of scandal that exposed all of their media silos and revealed something unbearable by their dear leader. That would give them the escape hatch to admit being fooled, but fooled by a masterful conspiracy that nobody could have seen through. That sort of event is such a high bar I don't know what would do it.
A lot of his supporters won't survive him breaking both social security, Medicare, and most other federal institutions. They'll have a maga flag at the funeral too.
Maybe his inevitable demise will happen sooner than later. You'd think they planned for that, but they've been pants on head stupid at everything else and blundered into success for so long I doubt it.
The approach of LLMs without some sort of symbolic reasoning layer aren't actually able to hold a model of what their context is and their relationships. They predict the next token, but fall apart when you change the numbers in a problem or add some negation to the prompt.
Awesome for protein research, summarization, speech recognition, speech generation, deep fakes, spam creation, RAG document summary, brainstorming, content classification, etc. I don't even think we've found all the patterns they'd be great at predicting.
There are tons of great uses, but just throwing more data, memory, compute, and power at transformers is likely to hit a wall without new models. All the AGI hype is a bit overblown. That's not from me that's Noam Chomsky https://youtu.be/axuGfh4UR9Q?t=9271.
"Freedom of choice Is what you got Freedom from choice Is what you want" -Devo
view more: next ›
Are you talking a VPN running on the same box as the service? UDP VPN would help as another mentioned, but doesn't really add isolation.
If your vpn box is standalone, then getting root is bad but just step one. They have to own the VPN to be able to even do more recon then try SSH.
Defense in depth. They didn't immediately get server root and application access in one step. Now they have to connect to a patched, cert only, etc SSH server. Just looking for it could trip into some honeypot. They had to find the VPN host as well which wasn't the same as the box they were targeting. That would shut down 99% of the automated/script kiddie shit finding the main service then scanning that IP.
You can't argue that one step to own the system is more secure than two separate pieces of updated software on separate boxes.