Skip to content

We Should Immediately Nationalize SpaceX and Starlink

Technology
440 189 0
  • Ispace of Japan’s Moon Lander Resilience Has Crashed

    Technology technology
    2
    1
    37 Stimmen
    2 Beiträge
    0 Aufrufe
    M
    $ ls space?
  • Is there anybody over here who can tell me more about smart meters ?

    Technology technology
    18
    3 Stimmen
    18 Beiträge
    3 Aufrufe
    jordanlund@lemmy.worldJ
    I should say too, that was almost 12:30 last night so you couldn't really see what solar was doing. Here it is at 9:45 this morning: [image: 4f578a85-5ef2-4975-a501-7deafa8c5c09.jpeg]
  • 377 Stimmen
    58 Beiträge
    2 Aufrufe
    avidamoeba@lemmy.caA
    Does anyone know if there's additional sandboxing of local ports happening for apps running in Private Space? E: Checked myself. Can access servers in Private Space from non-Private Space browsers and vice versa. So Facebook installed in Private Space is no bueno. Even if the time to transfer data is limited since Private Space is running for short periods of time, it's likely enough to pass a token while browsing some sites.
  • 11 Stimmen
    1 Beiträge
    1 Aufrufe
    Niemand hat geantwortet
  • 1 Stimmen
    8 Beiträge
    3 Aufrufe
    L
    I think the principle could be applied to scan outside of the machine. It is making requests to 127.0.0.1:{port} - effectively using your computer as a "server" in a sort of reverse-SSRF attack. There's no reason it can't make requests to 10.10.10.1:{port} as well. Of course you'd need to guess the netmask of the network address range first, but this isn't that hard. In fact, if you consider that at least as far as the desktop site goes, most people will be browsing the web behind a standard consumer router left on defaults where it will be the first device in the DHCP range (e.g. 192.168.0.1 or 10.10.10.1), which tends to have a web UI on the LAN interface (port 8080, 80 or 443), then you'd only realistically need to scan a few addresses to determine the network address range. If you want to keep noise even lower, using just 192.168.0.1:80 and 192.168.1.1:80 I'd wager would cover 99% of consumer routers. From there you could assume that it's a /24 netmask and scan IPs to your heart's content. You could do top 10 most common ports type scans and go in-depth on anything you get a result on. I haven't tested this, but I don't see why it wouldn't work, when I was testing 13ft.io - a self-hosted 12ft.io paywall remover, an SSRF flaw like this absolutely let you perform any network request to any LAN address in range.
  • 326 Stimmen
    20 Beiträge
    3 Aufrufe
    roofuskit@lemmy.worldR
    It's extremely traceable. There is a literal public ledger if every single transaction.
  • Instacart CEO Fidji Simo is joining OpenAI as CEO of Applications

    Technology technology
    2
    1
    20 Stimmen
    2 Beiträge
    3 Aufrufe
    paraphrand@lemmy.worldP
    overseeing product development for Facebook Video So she’s the one who oversaw the misleading Facebook Video numbers that destroyed a whole swath of websites?
  • 14 Stimmen
    2 Beiträge
    2 Aufrufe
    D
    "Extra Verification steps" I know how large social media companies operate. This is all about increasing the value of Reddit users to advertisers. The goal is to have a more accurate user database to sell them. Zuckerberg literally brags to corporations about how good their data is on users: https://www.facebook.com/business/ads/performance-marketing Here, Zuckerberg tells corporations that Instagram can easily manipulate users into purchasing shit: https://www.facebook.com/business/instagram/instagram-reels Always be wary of anything available for free. There are some quality exceptions (CBC, VLC, The Guardian, Linux, PBS, Wikipedia, Lemmy, ProPublica) but, by and large, "free" means they don't care about you. You are just a commodity that they sell. Facebook, Google, X, Reddit, Instagram... Their goal is keep people hooked to their smartphone by giving them regular small dopamine hits (likes, upvotes) followed by a small breaks with outrageous content/emotional content. Keep them hooked, gather their data, and sell them ads. The people who know that best are former top executives : https://www.theguardian.com/technology/2017/oct/05/smartphone-addiction-silicon-valley-dystopia https://www.nytimes.com/2019/03/01/business/addictive-technology.html https://www.today.com/parents/teens/facebook-whistleblower-frances-haugen-rcna15256