If these guys are actually treating a user agent string as an authentication mechanism I'm honestly surprised that being on the public internet hasn't already eaten them alive purely because of the supply of malicious opportunists; and I'll be even more surprised if it continues to work out for them now that they've drawn a fair amount of attention to it.

Really this is far more probable than a dozen people went crazy in the same way at the same time which seems to be a plurality of comments.

If there's an American great ape they live in Washington state, not Ohio, based on report frequency.

Star Wars nerds? Yes, so many in Ohio.

His best buddy specialized in making exploding pagers.

Good luck out there.

In my younger and more foolish days I had a Pontiac and I opted out with wire cutters to the Surveillance module's power cables.

At the time I was actually more concerned with remote unlock hijacking than tracking but still I didn't trust GM.

All together now: WE TOLD YOU SO.

If I had to guess 20 years later doing that would disable the ECU.

If the 'AI' guys are anything to go by; probably get increasingly elaborate with their attempts to bypass whatever rate limiting is put in place. It's honestly sort of wild seeing the hottest, most heavily capitalized, elements of 'tech' wrap around so rapidly and with so little concern toward the sort of traffic patterns you normally associate with criminals as soon as it's in their interests. At one time I would have been surprised.

There is an intermediate situation that that case arguably illustrated:

Using violence against harder targets is more of an organizational problem; and solving that problem potentially skews your candidate pool; but what's very curious(particularly for a society whose overall violence numbers are very much on the high side by developed world standards) is how safe it apparently is to be widely notorious and a fairly soft target. Thompson was just walking down the sidewalk alone at a predictable time and location. Zero precautions. Something like the Sacklers were a household name for over a decade, with strong cases for culpability in at least low 6 figures worth of deaths sprinkled across a variety of walks of life; even the ones you suspect might be risky like deer hunters with dead kids and members of criminal organizations where internecine homicide is routine, and what came of it? Nothing. Not even any 'foiled at a late stage'/'shot and missed' level stuff.

That's the genuinely puzzling bit to me: not that there's nobody going after people who take the sort of precautions that would probably require one of the old-school 80s red army faction types to deal with; but that it's apparently really safe to be widely loathed and not do much about it in a country where 20k firearms homicides a year isn't considers terribly exceptional. If the people who can actually afford guard labor were having to make the onerous lifestyle commitments to living like someone's out to get them it would be relatively unsurprising that being able to afford competent professionals puts you ahead of angry amateurs much of the time. What is surprising is how often there's apparently no downside to not even bothering. We even have to import the lurid stories of 'crypto kidnapping' by purely financial opportunists from overseas to obtain them in any quantity.

It's essentially impossible to make a good argument for some uncached CI lunacy that has you outperforming the overtly malicious as a source of traffic; but if there's one thing that reliably upsets people it's getting called on convenient behavior that they can't readily justify; so I'm genuinely curious what the ratio of sensible adjustment to unhinged freakout by bro whose subsidy is not in fact a law of nature they'll see.

Obviously trump doesn't care; if anything the grifts that you can totally phone in are probably even funnier than the ones where you have to try; but I'm puzzled by why this sort of thing doesn't bother some of his enthusiasts more. Not the nihilistic edgelords and ethnic nationalists so much; but if you are actually enthusiastic about 'greatness' shouldn't it worry you that Dear Leader, who you trust to deliver national renewal, apparently can't puke up the sort of zero-effort ODM rebadge job that any garbage tier prepaid carrier does anywhere from multiple times a year to at least annually, depending on market conditions?

Obviously the phone itself is basically irrelevant; but it seems like the sort of project that would cause anyone not wholly immune to feel some degree of at least secondhand embarrassment about.

Yeah, this sounds like some kind of jaded Transhumanist humiliation ritual.

If true as written, those 'monks' are without honor or reverence.

If this puts companies like Celebrite out of business, then I'll happily accept, that I have to update my servers 16 times a year until 2028. At least the linux branches of these companies can go, I don't care much about the others.

Are there any tools to watch my lsmod, walk /lib/modules, and configure modprobe.d to deny loading anything I'm not using?

All of these exploits are in distro modules I'd never use.

Local access, unless you haven't patched apache this week, then it's remote access.

> What are normal people supposed to do?

It looks like a omen to take up farming.

Maybe I should pull some of my 4TB nvme sticks and buy my kid a used car...

It's not md5 collisions that are the problem here, it's poor passwords.

Which is something that we can't actually fix, and maybe have tried for the past 22 years.

As mentioned above, memory-hard algos are better than hashes now.

I did some math the other day on running local AI models and the net result is most homes can't afford to run the current median models.

They don't just need 80GB of VRAM, they need newer architectures - to be supported by CUDA, to be supported by pytorch, etc.

These problems may well be solvable with more clever use of hardware, MoE, acceptable quantization, etc., but today you're in for several grand and something north of 100W idle to use what is effectively a $20/mo plan.

A small enterprise can afford local, so that's good. We paid more than that for one SGI machine back in the day.

The point of the exercise was to plot the position on the curve. We're at something like 2006 YouTube where nobody could afford the drives or bandwidth that YouTube/Google was giving away for free (aka with VC money). Eventually hard drives got cheaper, people got gigabit at home, FlashServer was replaced with h.264/HTML5, phones could stabilize video locally, etc.

So it looks like these AI companies need to stay alive for about seven more years giving away product at a loss, or at least highly oversubscribed, to turn a profit. Hence the low token allowance, the banning of OpenClaw, etc.

On the other hand, I read the blog of a security researcher yesterday who found an exploit with (IIRC) Claude, tried to refine the PoC, but got dinged on "out of tokens" before he could finalize it. So he just deleted the work and moved on.

It sounds like they're trying to not lose money at such a velocity and are trying to find a sweet spot where people don't just declare it too underpowered to use.

A global energy depression may well take out the supermajority of the companies that believe they can burn investment money for seven more years. There is circular financing money, then there is real return on capital money. One is to fool the markets, the other is grounded in current physics.