Why We’re Opening Betting Sponsorships

Because holy fuck that’s a lot of money.

How We’re Doing It Responsibly

We’'re not. We’re just trying to cash in and pretend we’re not going to take advantage of people with poor impulse control.

I have it on good authority that you currently have a project idea which you can use to pick one (or more) of those paths and start learning. ;-)

For example user management in studio3T

Not sure how I missed this on my first read of your post. But, this looks like a fancy front end to making MongoDB calls. That makes life easier, MongoDB has a well documented API and a driver for C#. As an aside, if you want to get really good at PowerShell, getting a basic working knowledge of C# and .Net in general is really helpful. For the lazy (and I always like lazy), there’s even a pre-built MongoDB module on the PowerShell Galley called Mdbc. There is also the Project’s GitHub Page which has a lot of useful info.

Granted, this path likely means learning enough about MongoDB to create/delete/modify users. But you came here expecting a load of homework, right? Also, this is a good excuse to spin up a docker container running MongoDB and go hog wild breaking the fuck out of it (just call it “research” if management asks). And who doesn’t love breaking stuff?

I’d also note that you may be able to get some help along the way by capturing the network traffic to the server caused by the Studio3T GUI. WireShark can capture the traffic to/from the DB server and you can read that to reverse engineer some of the calls you care about. Just, make sure you talk to your security folks before you download/install WireShark. If they are worth their salt, they’ll understand an engineer installing/running wireshark, it just makes their day easier if they know the alert is coming first. Assuming the GUI isn’t complete shit, it may encrypt traffic. This can be dealt with by using the SSLKEYLOGFILE environmental variable. In most cases, this results in the TLS keys being saved to a file and that can be imported into WireShark.

Good luck, and have fun!

How you gonna teach English without being able to teach nouns words which describe people, places or things?

FTFY, you dirty n-word user you.

Theoretically, browsers could even stop from the JS engine from being started for the site in the first place.

The NoScript extension is basically this. Most of the client side stuff is off by default and you can enable it per-domain. It breaks a whole lot of websites, but often in ways where the main content of a website is still readable. Over time, you can build up a list of “allow by default” domains and most of the web you care about works. Though, you may have to spend a moment or two sorting out permissions when you visit a new site.

There are a few options:

1. Use AutoIT or some similar automation framework. Generally, this is pretty easy and gets the job done. Your security folks may hate you (AutoIT binary hashes are basically all assumed to be malware IoCs at this point),
2. Depending on how the GUI works, you may be able to reverse engineer the calls made by the application and just make those calls yourself. For a Web UI, you can use something like BurpeSuite or even just the FireFox developer tools to catch the web calls and then modify/replay those as desired. For a console application, it could be trickier, as you may need to either load the software’s libraries (DLLs) or figure out database calls. It all depends on how the user data is stored and updated.
3. Using P/Invoke you can load several functions from the Win32 API, specifically FindWindowEx and EnumChildWindows to locate the GUI application and any specific form items you want to manipulate (e.g. TextBoxes to fill, Buttons to click). You can then modify properties or send clicks. You’ll probably hate yourself at the end of this project, but you’ll learn a lot.

That actually sounds like a reasonable response. Driving assist means that a human is supposed to be attentive to take control. If the system detects a situation where it’s unable to make a good decision, dumping that decision on the human in control seems like the closest they have to a “fail safe” option. Of course, there should probably also be an understanding that people are stupid and will almost certainly have stopped paying attention a long time ago. So, maybe a “human take the wheel” followed by a “slam the brakes” if no input is detected in 2-3 seconds. While an emergency stop isn’t always the right choice, it probably beats leaving a several ton metal object hurtling along uncontrolled in nearly every circumstance.

do any of you hate how self-hosting services like photo- or document-management systems, or even a simple rss tool, forces you to sort your stuff out, and put your decades old files in order?!

What is this “sort” thing you speak of? I don’t sort anything, I have NextCloud syncing my entire photos, videos and documents folders and they are just as messy as ever. Granted, I do go through my photos and videos once a year and dump them in a folder named for the year they were taken. Occasionally, I’ll go hog wild and try to sort some of a year’s photos/videos into folders named after events. Though, that hasn’t happened in a number of years. I setup NextCloud so I could have everything synced to my own server and just forget, not have to deal with labeling my data.

As for bookmarks. I already keep those in folders; but, I don’t sync those. I use my desktop far more than I use my phone for web browsing. And the types of things I use my phone for (mostly recipes), I just keep bookmarked there.

The first issue with running a coin miner is using company resources for your own profit. Your own system, using your own electricity, go for it. Running it on a company owned laptop, while at a company building, burning electricity the company is paying for. Ya, that starts to get uncomfortably close to fraud or theft. There is also that whole, “running unauthorized software on a company system, doing who knows what else in the background.” There is a very real possibility that the coin miner has unknown vulnerabilities which could allow remote code execution; or, just outright be malicious and contain a remote access trojan. Maybe he was smart enough to audit all the code it was using and be very sure that’s not the case. More likely, he just grabbed a random implementation of XMRIG, put his wallet in the config file and ran it. Either way, he also made a point of refusing to remove it, so we escalated up to management. With the recent ransomware outbreak having been in the multi-million dollar (possibly low tens of millions) damage range, refusing to remove unauthorized software went over about as well as a lead balloon. There may have been other factors at play; but, the unauthorized software and being a dick about removing it was what got him out the door.

If you spin it up, fucking own it. When you’re done with it, shut it down. I have long lost count of the number of times I’ve reached out to a team to ask about the coin miner they are running on some random EC2 instance only to find out that some jackass spun it up for a test, gave it a public IP, set the VPC to allow any inbound traffic, installed all kinds of random crap and then never updated it. Nor did it get shutdown when the test ended. So, a year and a half later, when the software was woefully out of date, someone hacked it and spun up a coin miner. Oh, and the jackass who set it up didn’t bother to enable logging or security monitoring. But, they sure as hell needed the ability to spin stuff up on their own. Because working with IT to get it done right would be too hard for their fragile little ego.

You joke, but I’ve actually been responsible for a coder getting shown the door for running a coin miner on his work laptop.

In his defense, cyber security at that company was crap for a long time. After a ransomware outbreak, they started paying attention and brought some folks like myself in to start digging out. This guy missed the easy out of, “hey that’s not mine!” The logs we had were spotty enough that we would have just nuked the laptop and moved on. But no, he had to fight us and insist that he should be allowed to run a coin miner on his work laptop. Management was not amused.

Same. I had gotten the paid version because the dev deserved something for such a great app. RIF died and I did a hard cutover to Lemmy. Deleted my Reddit account and probably caused some confusion for the cordcutters subreddit. I had a post which was part of the sidebar for about a decade.

Ya, sadly there is still a lot of useful content in the technical subreddits. So I find myself ending up there via search engines on a fairly regular basis. But, I specifically use the Redirector plugin for Firefox to auto-magically force the use of old Reddit. If I hit the site on my work computer, I’m quickly reminded about why I quit the site.

ICE was formed in 2002, following the attacks which destroyed the World Trade Center. Like basically everything the US did in the wake of that attack (e.g. Patriot Act) this has been an absolute disaster and should be rolled back.

I work for a fairly large company, and we’re hearing about “AI” constantly. CoPilot is available and its use encouraged. Also, in the cybersecurity space, AI is fucking everywhere. Vendors won’t shut up about their “AI Enabled” products. And the new hotness is “Agentic AI”, which is basically automation, but we’re going to let AI hallucinations fire off the automated process which could bring production systems down.
Good times are surely coming. /s

It looks like archive.org is capturing some of lemm.ee. So, it’s possible that most of the images are there and could be referenced.

He got tired of shoveling corporate shit and decided to put those skills to use for himself, shoveling chicken shit.

An Operating System is a tool. Would you be annoyed because you had to use a hex key on a bolt with a hex socket, when what you really like using is a robertson drive? If the work you are doing is dependent on a particular OS choice, then use that OS and get over yourself.

That said, if this is for work and you want to avoid the crapware in Windows 11, talk with your IT team. By default, Recall is removed on commercially managed devices. I’m not 100% sure, and can’t be arsed to look it up at the moment, but this likely refers to devices managed via Intune. Assuming your IT team isn’t stuck in the 90’s, they are probably doing this already. Telemetry can also be mostly disabled via Group Policy, and many IT organizations will already be doing this. Or, as you have arrived at, use a Mac and disable the telemetry.

On the other side of that coin, if you expect privacy on a work owned device, I have bad news for you. More and more organizations are using Endpoint Detection and Response (EDR) products on all endpoint devices. Yes, this includes Mac and Linux devices. So, your organization is watching you browse porn on your work device. If you are doing something and you don’t want someone watching over your shoulder, don’t use a work device. Keep your work device for work and your personal device for everything else.

But, we’ll know where the aircraft is. It’s a built in, instant location flare. No more aircraft disappearing and not being found.

It’s rather amazing that this one guy keeps churning out fixes for FromSoft’s complete inability to understand multiplayer.

That said, I do plan to try the vanilla setup first (finishing up Shadow of the Erdtree before we change over). I just worry about my wife and I dropping into a session and having some rando who either wants to faff about; or, we run into the type of toxic behavior which seems to inundate online games. We had pretty good luck with Vermintide 2, back in the day. But, with way too many years of playing WoW, we’ve also run into a lot of assholes. And we just don’t have the patience for that sort of thing anymore.

Well, the world should have moved on to IPv6 a long time ago.