Monday, November 18
Daily News Stuff 18 November 2024
So That Happened Edition
So That Happened Edition
Top Story
- The Twitch Adpocalypse is here, with streamers reporting their income has suddenly declined by as much as 95% as the house of cards burns down, falls over, and sinks into the swamp.
I don't have a link to a good story covering this yet, because the written articles are useless and the video coverage is obnoxious. Twitch was offering absurdly favourable pay scales to its preferred coterie of lunatics, and the advertisers got fed up with the crap their ads were shown against and left.
Jeff Bezos has a bad habit of buying companies and leaving them to be destroyed by lunatics.
- So, yeah, that link yesterday in the item about Bluesky was totally wrong. Being me, it pointed instead to a Twitter post about Lego mech suits for Hololive fan mascot plushies. The only thing that could have made it more of a click magnet would be if the mechs were playing classic D&D.
Tech News
- Norwegian startup Factiverse plans to fight disinformation with AI. (Tech Crunch)
Few observations here:
First, anyone who uses the term "disinformation" in this way is a fascist. No exceptions.
Second, they say they are not using LLMs, which is good because LLMs are utterly useless for this. But they do not say what they are using.
Third, good luck to fascists in a country run by communists. (Financial News)
If your company sees modest success and its valuation grows, you will be hit with a effective tax rate many times your income.
- Microsoft has released a patch for Exchange fixes multiple vulnerabilities and also stops it working entirely. (The Register)
Microsoft has since unreleased the patch.
- Meanhile the WordPress plugin Really Simple Security had a really simple security flaw. (Bleeping Computer)
If you enabled two factor authentication - requiring both a password and security token - you ended up with zero factor authentication, allowing anybody to log in as the admin account from anywhere.
Oops.
- GPD has announced pricing for its latest laptop. (Tom's Hardware)
$1466 for the top model, which sounds like a lot for a device that will fit in a coat pocket. (GPD makes very small laptops.)
But for that you get a 12 core Ryzen 370, 64GB of RAM, and a 2TB SSD.
- Phishing emails are increasingly using SVG to deliver their toxic payloads. (Bleeping Computer)
SVG stands for scalable vector graphics. It's a simple, readable format for delivering images that are drawn with lines rather than pixels.
It's also a security nightmare. The standard guideline is that you should treat unknown SVG files with the same caution as unfamiliar executables, i.e. with a hazmat suit and 24" blacksmith tongs.
Disclaimer: Pebbles form up! For the Childlike Empress!
Posted by: Pixy Misa at
05:54 PM
| Comments (4)
| Add Comment
| Trackbacks (Suck)
Post contains 461 words, total size 4 kb.
1
What, does SVG include executable code in it's format or something? My Dad, who dated back to the vacuum tube era of computing believed that data and code should be kept strictly separate. Then along came the next generation and their self-modifying code who said "But look at what we can do with treating data as code!" and then the black hats said "oooh, look what we can do when they treat data as code!"
Posted by: Mauser at Wednesday, November 20 2024 12:24 PM (nk1Z+)
2
JavaScript and a supremely lax security model.
Posted by: Pixy Misa at Wednesday, November 20 2024 05:27 PM (PiXy!)
3
What's this "security model" of which you speak?
Posted by: Rick C at Wednesday, November 20 2024 11:47 PM (V5kLd)
4
Whenever someone talks about security models, I wonder if they also have security dancers on staff.
Once upon a time, I couldn't wait for SVG to be integrated in browsers, because of the obvious quality and size advantages of vector graphics (and my ability to generate them with the same scripts I used for Postscript and PDF). Manipulating the graphic from external Javascript wasn't something I was particularly interested in doing, but it had lots of potential, and some cool things were created.
Then they made the same mistake Adobe did with PDF and allowed embedded Javascript, and it became as bad as Flash.
-j
Once upon a time, I couldn't wait for SVG to be integrated in browsers, because of the obvious quality and size advantages of vector graphics (and my ability to generate them with the same scripts I used for Postscript and PDF). Manipulating the graphic from external Javascript wasn't something I was particularly interested in doing, but it had lots of potential, and some cool things were created.
Then they made the same mistake Adobe did with PDF and allowed embedded Javascript, and it became as bad as Flash.
-j
Posted by: J Greely at Thursday, November 21 2024 03:16 PM (oJgNG)
53kb generated in CPU 0.0139, elapsed 0.1097 seconds.
58 queries taking 0.1005 seconds, 351 records returned.
Powered by Minx 1.1.6c-pink.
58 queries taking 0.1005 seconds, 351 records returned.
Powered by Minx 1.1.6c-pink.
