sh.itjust.works

30,187 readers
1,210 users here now

Useful Links

Donations
Ko-Fi
Liberapay

Rules:

Règles :

Fediseer
Fediseer
Matrix

Other UI options (more to come)

Monitoring Services
lemmy-meter.info

founded 2 years ago
ADMINS
1
 
 
2
 
 
3
28
ich⌨️iel (files.catbox.moe)
submitted 39 minutes ago by [email protected] to c/[email protected]
4
 
 

Laut einer t-online-Umfrage wollen kaum Deutsche noch Teslas kaufen. Doch plötzlich explodieren die Teilnehmerzahlen. t-online stoppt die Umfrage.

100.000 Menschen nahmen in der vergangenen Woche an einer nicht repräsentativen t-online-Umfrage teil – innerhalb von wenigen Tagen. Die Frage lautete: "Würden Sie noch einen Tesla kaufen?" Das Ergebnis war am 11. März eindeutig: Rund 94 Prozent der Teilnehmer sagten: "Auf gar keinen Fall." "Ja, kein Problem" wählten dagegen nur rund drei Prozent der Teilnehmer.

Nur eine Woche später sieht das Ergebnis anders aus – und die Teilnehmerzahl ist explodiert. 467.500 Menschen hatten bis Dienstagabend abgestimmt (Stand: 18. März 2025, 21.00 Uhr). Plötzlich wollen rund 70 Prozent der Umfrage-Teilnehmer einen Tesla kaufen – der Anteil, der "Auf gar keinen Fall" angibt, ist auf 29,2 Prozent gefallen.

Woher diese Stimmen – und der plötzliche Meinungsumschwung – kommen, war zunächst unklar. Die Anzahl der Artikel-Aufrufe in den vergangenen Tagen und die Anzahl der Umfrage-Teilnehmer passt jedenfalls auf den ersten Blick nicht zusammen. Eine erste, hausinterne Recherche zeigt nun, dass 253.000 der abgegebenen Stimmen von nur zwei IP-Adressen in den USA stammen. Dies deutet darauf hin, dass die Umfrage manipuliert worden sein könnte.

[...]

5
16
Say the line (spaffel.social)
submitted 27 minutes ago by [email protected] to c/[email protected]
 
 
6
31
Happy Balloons (spaffel.social)
submitted 53 minutes ago by [email protected] to c/[email protected]
 
 
7
36
rule (lemmy.blahaj.zone)
submitted 1 hour ago by [email protected] to c/[email protected]
 
 
8
 
 

cross-posted from: https://lemmy.world/post/27031457

CrowdSec "Community"

CrowdSec "Community" offering only gets worse and worse!

First, they had raised a paywall around querying details on IP addresses that triggered Alerts. Only 30 queries per week for the "Community".

Now, they have extended that paywall to cover the whole Alerts feature! Only 500 alerts per month for the "Community"!

Enshitification meets cybersecurity!

9
 
 

I am implementing my zero-tolerance policy on my social media. If I come across an unhelpful or hurtful comment, I report it to the moderators and block the user. I prioritize maintaining a safe environment for myself. Being vulnerable does not imply that I am open to being mistreated or taken advantage of.

10
 
 

cross-posted from: https://lemmy.today/post/25826615

For those not familiar, there are numerous messages containing images being repeatedly spammed to many Threadiverse users talking about a Polish girl named "Nicole". This has been ongoing for some time now.

Lemmy permits external inline image references to be embedded in messages. This means that if a unique image URL or set of image URLs are sent to each user, it's possible to log the IP addresses that fetch these images; by analyzing the log, one can determine the IP address that a user has.

In some earlier discussion, someone had claimed that local lemmy instances cache these on their local pict-rs instance and rewrite messages to reference the local image.

It does appear that there is a closed issue on the lemmy issue tracker referencing such a deanonymization attack:

https://github.com/LemmyNet/lemmy/issues/1036

I had not looked into these earlier, but it looks like such rewriting and caching intending to avoid this attack is not occurring, at least on my home instance. I hadn't looked until the most-recent message, but the image embedded here is indeed remote:

https://lemmy.doesnotexist.club/pictrs/image/323899d9-79dd-4670-8cf9-f6d008c37e79.png

I haven't stored and looked through a list of these, but as I recall, the user sending them is bouncing around different instances. They certainly are not using the same hostname for their lemmy instance as the pict-rs instance; this message was sent from nicole92 on lemmy.latinlok.com, though the image is hosted on lemmy.doesnotexist.club. I don't know whether they are moving around where the pict-rs instance is located from message to message. If not, it might be possible to block the pict-rs instance in your browser. That will only be a temporary fix, since I see no reason that they couldn't also be moving the hostname on the pict-rs instance.

Another mitigation would be to route one's client software or browser through a VPN.

I don't know if there are admins working on addressing the issue; I'd assume so, but I wanted to at least mention that there might be privacy implications to other users.

In any event, regardless of whether the "Nicole" spammer is aiming to deanonymize users, as things stand, it does appear that someone could do so.

My own take is that the best fix here on the lemmy-and-other-Threadiverse-software-side would be to disable inline images in messages. Someone who wants to reference an image can always link to an external image in a messages, and permit a user to click through. But if remote inline image references can be used, there's no great way to prevent a user's IP address from being exposed.

If anyone has other suggestions to mitigate this (maybe a Greasemonkey snippet to require a click to load inline images as a patch for the lemmy Web UI?), I'm all ears.

11
12
13
 
 

cross-posted from: https://lemmy.sdf.org/post/31274457

Archive

An exploitation avenue found by Trend Micro in Windows has been used in an eight-year-long spying campaign, but there's no sign of a fix from Microsoft, which apparently considers this a low priority.

The attack method is low-tech but effective, relying on malicious .LNK shortcut files rigged with commands to download malware. While appearing to point to legitimate files or executables, these shortcuts quietly include extra instructions to fetch or unpack and attempt to run malicious payloads.

Ordinarily, the shortcut's target and command-line arguments would be clearly visible in Windows, making suspicious commands easy to spot. But Trend's Zero Day Initiative said it observed North Korea-backed crews padding out the command-line arguments with megabytes of whitespace, burying the actual commands deep out of sight in the user interface.

Trend reported this to Microsoft in September last year and estimates that it has been used since 2017. It said it had found nearly 1,000 tampered .LNK files in circulation but estimates the actual number of attacks could have been higher.

"This is one of many bugs that the attackers are using, but this is one that is not patched and that's why we reported it as a zero day," Dustin Childs, head of threat awareness at the Zero Day Initiative, [said].

"We told Microsoft but they consider it a UI issue, not a security issue. So it doesn't meet their bar for servicing as a security update, but it might be fixed in a later OS version, or something along those lines."

[...]

14
 
 
  • Global VR headset shipments fell 12% YoY in 2024, marking their third consecutive year of declines due to the continued weak consumer demand.
  • Meta continued to dominate the global VR market in 2024, capturing 77% of the shipments.
  • In Q4 2024, the availability of the Meta Quest 3S boosted Meta’s market share to 84%.
  • Shipments of Apple’s Vision Pro declined in Q4 after the initial hype. However, its enterprise sales saw an uptick.
  • The global AR smart glasses market faced challenges in 2024, but we expect that the integration of AR and AI, along with new market entrants, will drive over 30% YoY growth in shipments through 2026.
15
7
BSOD (by Rinotuna) (files.catbox.moe)
submitted 36 minutes ago by [email protected] to c/[email protected]
 
 

Artist: Rinotuna | pixiv | twitter | artstation | linktree | patreon | danbooru

Full quality: .jpg 1 MB (2616 × 3270)

16
 
 
17
18
 
 

yesterday I joked:

ALT textScreenshot of two Matrix messages (from the OP). The first message reads: "@Nicole, if you're advertising your crypto wallet, atleast use Monero (XMR)". The second message reads: "Professionals should have standards smh"

and today this happened:

ALT textScreenshot of a system Matrix message stating that the room topic has changed. Most notably, the new topic includes an XMR address, which was previously absent.

19
 
 
20
21
4
Open source maintenance fee (opensourcemaintenancefee.org)
submitted 19 minutes ago by [email protected] to c/[email protected]
 
 

I saw this some time ago and wasn't really sure how to feel about it. On one hand it's good to make corporations compensate maintainers, but I also don't want to be forced to ask for a fee because my project uses another project that uses this.

22
23
 
 

Für 149$ gibt's ab Juli ein Remake der Pebble 2. Für 225$ gibt's ab Dezember ein Modell mit Heart Rate Sensor, Farbdisplay, Metallrahmen und Touchscreen.

Beide Modelle kommen mit ca. 30 Tagen Akkukaufzeit, 10000+ Watchfaces, Microphone und Speaker und sind software- wie hardwareseitig komplett FOSS.

Direktlink zum Store mit FAQ: https://store.repebble.com/

24
 
 

Fast fashion brands flood the market with cheap, trendy clothing at an unsustainable rate, creating enormous environmental and social harm. Despite their attempts at greenwashing (especially those involving the use of sustainability labels covering environmental or social aspects), their business model is fundamentally incompatible with true sustainability.

25
view more: next ›