Stubsack: weekly thread for sneers not worth an entire post, week ending Sunday 14 July 2024
Stubsack: weekly thread for sneers not worth an entire post, week ending Sunday 14 July 2024
Need to let loose a primal scream without collecting footnotes first? Have a sneer percolating in your system but not enough time/energy to make a whole post about it? Go forth and be mid: Welcome to the Stubsack, your first port of call for learning fresh Awful you’ll near-instantly regret.
Any awful.systems sub may be subsneered in this subthread, techtakes or no.
If your sneer seems higher quality than you thought, feel free to cut’n’paste it into its own post — there’s no quota for posting and the bar really isn’t that high.
The post Xitter web has spawned soo many “esoteric” right wing freaks, but there’s no appropriate sneer-space for them. I’m talking redscare-ish, reality challenged “culture critics” who write about everything but understand nothing. I’m talking about reply-guys who make the same 6 tweets about the same 3 subjects. They’re inescapable at this point, yet I don’t see them mocked (as much as they should be)
Like, there was one dude a while back who insisted that women couldn’t be surgeons because they didn’t believe in the moon or in stars? I think each and every one of these guys is uniquely fucked up and if I can’t escape them, I would love to sneer at them.
You're viewing a single thread.
So remember when Google Domains got sold off to Squarespace because it wasn't profitable enough and Google has the attention span of a squirrel?
Well that meant bye bye MFA for anyone who didn't check their email diligently enough, allegedly leading to a number of cryptocurrency domains getting hacked.
The cryptocurrency aspect is mostly just funny, but Google and Squarespace should know better than to effectively disable MFA out from under people. Tech companies put profit over people all the time. And then everyone blames the people for not being hyper-vigilant about computer security.
Edit: The tweet linked in that bleepingcomputer article is funny if this was indeed the issue: https://twitter.com/pendle_fi/status/1811683909509558562
Some "defi" company realized this could be a problem 22 hours before they were hacked. Even had time to write a tool to mitigate the impact of getting hacked. Got hacked anyway. Did they uhh... IDK change their password? Make sure MFA was set up? They don't say.
"Any messages beyond this tweet from anyone claiming to be from Pendle is a scam"
33 replies from scammers. Holy shit.
I know cryptocurrency people have a weirdly high tolerance for getting scammed and blaming the victim, but the twitter spam is constant now. You'd think they'd get tired of it at some point and switch to a platform that lets them moderate better.
presumes that people know there's better possible
soapbox.gif: you see a dynamic of this sort with a lot of people who have largely only ever interacted with "the internet" through vendor-mediated apps and shit. you can often pick up on it by people that speak in frames of "this app" - the app is their gateway to that engagement, and they have never known substantially otherwise. and it's a day-vs-night type difference in experiences in so many cases! there are some sites that I outright refuse to even open on mobile simply because the anti-nagblocker/etc capabilities that I have on RealComputer with RealOS (i.e.: not some artificially hobbled shit run by a monopolist fuckwad company) just completely block the annoying shit, whereas it is almost impossible to have that experience on mobile
and for so many people, the latter type (of experience/internet) is all they ever know
hey if the cost of operations is a tweet (or an openai chatgpt api call) and the possible reward is a couple dozen suckers at $200-equiv, Von Neumann ends up with a hangover
Can't wait to find out that the Perseid meteor shower, which has inspired humanity for centuries, is actually just Von Neumann probes from a long-dead civilization that spam their equivalent of tea.xyz pull requests on any planet that has advanced to hosting source forges.
"toughened up our defenses" like adding DNS monitoring. so they just ... didn't have that before? for a user-facing public web service? cool.
(and yeah lol at how little detail the rest of this covers)
code is lol
all these libertarian pyramid schemes sit at convenient crosssection of high reward and low probability of being caught, which makes me believe that no good people were harmed in this incident
More details: https://krebsonsecurity.com/2024/07/researchers-weak-security-defaults-enabled-squarespace-domains-hijacks/
It sounds like Squarespace just let people take over domains without actually logging in wtf?
What’s more, Monahan said, Squarespace did not require email verification for new accounts created with a password.
“The domains being migrated from Google to Squarespace are known,” Monahan said. “It’s either public or easily discernible info which email addresses have admin of a domain. And if that email never sets up their account on Squarespace — say because the billing admin left the company five years ago or folks just ignored the email — anyone who enters that email@domain in the squarespace form now has full access to control to the domain.”