I don’t think that’s the case, because otherwise how did they leak this key that the backend uses, that presumably stayed in the backend, by reverse-engineering the rabbit android application?
I think the devices all just have hardcoded keys to the APIs themselves.
Oooh I had an Intel Atom Vaio Netbook as my first ever computer I actually owned, given to me as a gift by parents for school. I asked for a gaming laptop, so I was real bamboozled by it.
Somehow though I managed to grief my friends’ Minecraft server with /set 0 and enderdragon spawn spam while talking to them on Skype, but it was painful, opening a web page took literal minutes sometimes and my internet wasn’t the fastest back then but it wasn’t too bad either like 5-10mbps easily. But it wasn’t the worst.
That honor goes to an MSI gaming laptop. It was actually really powerful, quad core, 16GB RAM, 8GB VRAM, MSATA SSD and a 1TB HDD that is still alive and in a JBOD setup with mergerfs in my server today serving me shows to watch thru Jellyfin.
In 2014 it was nothing to scoff at, the 880m ran GTA V on almost the highest settings at 1080p and it had tons of storage.
But as a computer it was just fucking terrible, the screen is the dimmest, most TN LCD blue filter shit you’ve ever seen, it was all I had so I watched things on it, and it just always made me depressed that I was watching beautiful films and shows and playing games through this awful blue filter that had no warmth, everything looked like some movie dementia flashback.
USB port melted itself and made some random parts of the case have an electric surprise for you sometimes, keys popped off if you breathed on em but not like you would want those keycaps to stay on because they were disgusting, speakers sucked in dust and vibrated it inside, making all audio feel like earrape at any volume, headphones jack flew out, touchpad was off to the side because of the dumbass numpad, ethernet port fried entire cables, DVD drive wouldn’t read disks, dumbass UEFI firmware locked down to shit, took forever to disable secureboot and the setting would get lost randomly.
About 3 years later, the AC port fried itself and would work like a pair of dodgy earbuds and I had to sit there rotating it like I was finding a radio signal in class, battery was long gone by then so it would shut off at random, which made android app dev I was doing at the time on it somehow even worse of an experience.
Still have many fond memories of my times with it but man did I not miss it at the time.
I replaced it with a 2010 ThinkPad X201 I got for 50 bucks and loved it, I proudly used and abused it and showed it to everyone like it was my first dress with pockets until I eventually blacked out on xanax and procedurally took the entire thing apart and flashed ??? onto the firmware chip and couldn’t put it back together ever again.
Thanks for the explainer, but that’s not what I meant.
For example: If I, an ISP in Beijing went to BEIJING CERTIFICATE AUTHORITY Co., Ltd. which is on the list, and had my cert issued by them for foobar.com that listed them as the root trust, wouldn’t that work? Because the service operating there currently is illegal and I need to take it down, i don’t see how or why they could refuse. If they can’t do this for ISPs, then certainly law enforcement should be able to force them to comply, I would assume.
If I then went to abuse that cert and spread malware on my fake cloned site, then what are the affected users going to do, call the cops and tell them the illegal seedbox is down?
This is the only way I can see governments being able to display blocked website notices, takedown notices and other MITM insertions demonstrably happening in all sorts of countries without triggering a “back to safety” warning in most browsers.
This has to be possible, because otherwise the observable results don’t make any sense.
I’m not necessarily saying they did the attack this way instead of just simply spreading malicious torrents which is far easier, but I don’t see why they wouldn’t be able to do this.
A cassette on one of those small kid stereos, later it was my mom reading me stuff. I don’t know if I could listen to music falling asleep but nowadays I have YT videos on and lots of white noise to drown out the crackhead neighbours upstairs.
I will never understand how neurotypicals have sleep schedules like do you just…go to sleep the same time every day? Like literally to the second, or is there some give to that? And if you don’t you feel bad?
or has access to a trusted CA’s key, as per above.
I don’t see why they wouldn’t, or couldn’t do this if they wanted to if they were also willing to straight up resort to spreading malware, which idk about SK but that’s illegal anywhere in the west under very broad laws.
EDIT: They could also do a redirect to a different URL with a valid cert I guess, though I’m sure browsers block that too. Well I’m out of ideas then, I feel bad for cybercriminals these days.
EDIT2: Wait a sec, how does government censorship work then? Like e.g. https://ttrpg.network/post/7634428 How is the government able to MITM this person? The website is HTTPS and they’re using a VPN, but presumably locked to the DNS of the ISP. How are they able to block websites at all in this case with anything other than a termination of a connection (i.e. displaying a banner)?
Even without a VPN by your logic if the ISP can’t present a foobar.com cert then they couldn’t block it via just DNS. How do FBI takedown notices work? Shouldn’t all of these throw up SSL errors and “back to safety” prompts?
Then wouldn’t it be just one API key to the rabbit backend instead? The researchers are suggesting it’s several keys though. Or are you suggesting every device has the same key to Elvenlabs that it sends over to the rabbit backend which passes that through to the request? That’s also very silly if they did that.
What I don’t understand is why the TTS key could even delete voices or read past responses from other devices, ideally each device should have its own properly scoped API key that only lets it access the immediately necessary functionality and no more.
I think it’s much simpler than that.
Webhard is Web Hard Drives - SK torrenting scene is very different from the west, to simplify from how I understand it (English info seems scarce) basically everyone uses seedboxes or “web hard drives” in SK to download stuff.
While I can’t seem to find out anything about what “The Grid system” is, if the whole thing is an online portal or software.
If ISP routers are anything like the west that means they control the DNS servers and the ones on router cannot be changed, and likely it blocks 1.1.1.1 and 8.8.8.8 and so on, as Virgin Media does (along with blocking secure DNS) in the UK for example, which definitely opens up a massive attack vector for an ISP to spin up its own website with a verified cert and malware and have the DNS resolve to that when users try to access it to either download the software needed to access this Grid System or if it’s a web portal - the portal itself.
I don’t think this included any attacks on the BitTorrent protocol at all, because as others said, it’s pretty secure, but another possibility is simply malicious torrents being distributed, which rights holders definitely done before (read decoying part in https://arstechnica.com/tech-policy/2007/03/mediadefender/)
That’s a lot of work. Thanks though.
Which vuln was this?
Even by your analogy, yes I’d rather have a wooden cart compared to carrying things in my hands.
That said your analogy doesn’t apply to tech. “It just doesn’t okay” isn’t a very satisfying answer from a logic standpoint, but as the other user pointed out almost all corporate software is built upon, or massively, and I mean massively relies upon the efforts of Open Source software.
I can’t really think of any other industry like this or an analogy for this, but that is how it works. Example: GNU/Linux is FOSS, and is the go-to for server software for businesses, and it’s starting to creep into end user products too, from Dell laptops to Raspberry Pi to the Steam Deck (if you’re familiar with that - Proton is also open source).
No, BAD.
RIAA is evil. AI is good for us plebs while it’s still legal for us to own and operate our own local open source LLMs away from the corpos, in the same way the internet is a net good because it’s free and open and gives us power to practice communism (information sharing, hacking (classic meaning) and open source).
All regulation will be aimed squarely at destroying that, concentrating power in the hands of the few away from just any old proletariat tom dick and harry.
Corpos will pay any fees and fines as a cost of doing business and acquire all licenses and reach private agreements with publishers out of reach for the common man or small business, all the while passing the cost of all this onto the consumer eventually just to invest in tech that will make the line go up for a few more quarters.
IP law does not benefit you and you will never truly benefit from it.
Don’t simp for corpos.
P.S.: Imagine the next LLM, 10-20 years from now is truly groundbreaking and useful, it’s a new tool, and without that tool, you’re no longer competitive for work, and all of said tool is owned by 1-2 multinational predatory conglomerates jacking up prices, because you have no choice but to pay up to live. It’s cyberpunk, just boring and without the implants, price-gouging a necessity just as they do now with housing or insulin.
We need to preserve the power to do this freely, fairly, without profit and without licensing works.
Is there a way to do reverse tunnels, or something like it, so not opening any ports at all on the network, without cloudflare?
Closest to that XP I got was generating VPN keys and distributing them to close friends, running DDNS (no-ip) on my Pi with a pivpn server and then accessing JellyFin that way.
Zucc got an upgrade?
I was personally utterly bamboozled, near homeless, broke without a buck to my name but death had to take a raincheck cuz out steps a man, tall man, distinguished - very handsome - he steps outta his whip and he hands me an ice cream and says “That’s alright, Jack”, we grabbed some grub and I was hobnobbing with heem about what I was really jonesing for, I ain’t no whiz but Mr.Bidan really hooked me up with opportunity and it ain’t no lemon either 😂 Now I’m a slay yuppie, poppin lit crammin for my a-game! Thank you Mr.Bidan
If you hear about a job being in demand, then it’s too late to get into it, those news will always only be good for those who are already in the field, by the time you make it through 5 years of uni, you will be competing against hordes of people who did the same in a demand bubble that’s bursting or deflating.
Right now cybersecurity seems to be having a soft boom, if you’re in it you’re good, take it easy and maybe do a cert and diversify skillset, if you’re not, don’t bother.
Same with data science/ML which I would assume is going to have a large boom soon (or already had? Last I remember anyone talking about it was Cloud™️ Big Data™️ days, far pre-LLM/GenAI craze ATM.)
Do you maybe mean snap?
The intro to Space Oddity is Fmaj7 (easiest best chord) to Em (very easy chord) and with some C and Am. Tab here: https://www.songsterr.com/a/wsa/david-bowie-space-oddity-tab-s365
Strumming pattern is tricky, but it’s my favourite thing to casually strum if I’m sad.