

Sounds like a self-correcting problem.


Sounds like a self-correcting problem.


Another investment area to consider is other Tax Advantaged savings accounts (e.g. IRA).
I do not really want a credit card, but I need to start using one because my credit score dropped to 550 after not making a payment for a while.
While they are a Faustian deal, you do want one. Much of our society is built around credit scores and the credit reporting companies. It sucks, but you have to deal with it. Find a credit card which doesn’t charge an annual fee, and which provides some sort of kick back you can make use of. Use this for everything, and pay it off completely every month. Use the points/miles/etc when possible.
There are two primary reasons for this. First off, it gets that credit score up. You want a high credit score as it’s often used for things like background checks. It’s annoying, but you’re not going to win the fight against it. Second, using a credit card comes with some protection for you money. If your card number gets compromised (and it will eventually, if you’re using it) credit card companies have some legal requirements to refund you for the fraud. When paying for things with debit cards and ACH transactions, those protections aren’t as strong and you may end up out some money.
The one thing I can’t emphasize enough is, pay the damned thing off every month! It’s easy for these to get out of hand. And with your current credit score, the interest rate is going to be in the range “fuck your wallet”. Letting any charges roll over is just pissing away money.
Lastly, once you have your credit accounts created freeze your credit. Don’t let them trick you into “monitoring” or other bullshit half-measure, do the freeze.


I wouldn’t expect it to replace people. It will make workers more productive. However, because it is already pretty well spread through most companies, those productivity gains will only lead to competitive advantages for companies with highly skilled workers.
Think of it like a chainsaw for lumberjacks. A lumberjack with a chainsaw is going to be far more productive than one with just a hand axe. But since every company equips their lumberjacks with chainsaws, they aren’t really at an advantage, chainsaws are now just a cost of entry for a company. Also, lumberjacks are required to know how to use a chainsaw. But they are ok.
For knowledge workers, AI is our new chainsaw. We’re going to learn to use it. And it’s going to be part of our jobs going forward. From my own experience, it has it’s uses and is pretty good at certain tasks. It can also be endlessly frustrating at tasks where it’s not well suited or the training isn’t up to snuff. We just have to learn and adjust to a world where the tool exists and is used everywhere. The genie isn’t going back in the bottle.


All of the above.
Is it that ISPs are being paid by tech-bros to assign them these IPs?
Bullet Proof Hosting is a thing. Some ISPs basically advertise to criminals about their ability to evade take down orders and unwillingness to work with law enforcement. So, some infrastructure ends up on these devices. However, the IP ranges from these services often get discovered and are added to public reputation and block lists.
Along side this, cloud providers are pretty bad about policing their networks. On my own home server, I have blocked much of the Digital Ocean IP space, as it’s home to a lot of scanners, bots and other malicious traffic.
Is it that residential devices have been hacked /contain malware that does this?
This happens, a lot. The Mirai Botnet thrived on compromised home routers. People are pretty bad at updating their devices and many SOHO routers ship with some pretty bad vulnerabilities. It’s only a matter of time until someone finds an unpatched or misconfigured router and adds it to a botnet. People also get phished or install trojans all the time, adding to botnets. Darknet Diaries just had a fantastic episode on the Bayrob malware, part of which was turning infected machines into a custom botnet.
Is it trivial for companies to assign themselves residential IPs?
Some ISPs just look the other way when they get reports of malicious activity on their network. Also, attackers can force a DHCP refresh and just get a new IP when the old one seems blocked. Getting one in the first place is often as simple as signing up for service and/or compromising someone’s home PC and using it as a relay.
Paid volunteers are doing this for AI companies?
This probably happens. Afterall, we’ve already seen a company selling an AI product which was just workers in India.
Obviously this is a problem because one can rotate / cycle through residential IPs and if I aggressively block each offender in my logs permanently, then the next person assigned this IP who may be a legitimate user will be unable to access my site.
Look into Fail2Ban. This program monitors your logs and will ban IPs automatically based on criteria you set. This can include specific HTTP requests in your web logs. The ban can be permanent or can be time limited. For example, I have a container running in a cloud provider which I use to proxy requests through my ISP’s CGNAT setup. There is an NGinx reverse proxy running there and I have fail2ban watching the access log. If certain request strings are seen, the sending IP gets dumped in a permanent jail. I also have it scanning the sshd logs and banning IPs which fail to login 3 times within a short period.
It’s far from a silver bullet, but it’s something which should be running on any web facing system. Attackers will always be rattling the door knobs. There is no reason to let them keep rattling away.


Ya. It’s not really a new idea:


The real bitch is the $100k a month subscription fees and required internet connection. If he loses signal, his kidney shuts down.


Sadly, a reluctance to install patches isn’t unique to Windows administration. I worked at a site with a well functioning Satellite infrastructure and support contracts with Red Hat. And we (InfoSec) were still chasing down admins to get their shit patched. Thankfully, we had NAC and authorization to disconnect systems that feel out of compliance. Most departments got with the program pretty quick when they ignored the "please patch all critical vulnerabilities in three days’ email and ended up with a “you are out of compliance and have been disconnected” email.
And Docker had made the whole Linux situation even worse. So many devs love to spin up containers, basically disable any sort of firewall, don’t bother with IP filtering. Oh and let’s just use passwords for ssh. Also, who needs logs? It’s a container, right. So, let’s disable all logging and not forward those anywhere. Then they promptly forget about the container until we run a vuln scan and find it’s got half a dozen RCE vulns and have to run them down and ask why the fuck it’s still running.
Linux is a much better base to build on. But bad security hygiene is still rife and still really bad for security.


Then they transfered a file to /tmp/exp which was linux kernel CVE-2026-43500, nicknamed ‘Dirty Frag’, an RxRPC local privilege escalation. I had not patched these internal servers that nobody should have access to against this.
Lessons Learned #1:
Install your patches.
“But I have a firewall!”
That is not a sufficient control.
Install.
Your.
Fucking.
Patches!
Anything SharePoint.
So many companies end up using SharePoint for “knowledge management” not realizing they are dooming their knowledge to be lost in some byzantine hole of information where no one will ever be able to find or use it ever again. Worse, as more knowledge is yeeted into the pile, the search becomes better and better at presenting outdated, or irrelevant information. So, you will have new employees who find a process which is 5-10 years out of date, completely wrong, but it looks official and the links still work for some gods forsake reason. Of course, the right information is in SharePoint somewhere, but it’s probably locked behind a site with broken permissions, in a document library in a Word document which isn’t properly indexed and there’s 4 different versions of the same document with names like “New procedure_v3_DRAFT_bob’s edits.docx”, because no one understands how file versioning works.


The just stopped working was the client stopped syncing?
The client doesn’t seem to detect new photos as they are created/taken. If I manually upload an image from my photos folder, it syncs just fine. Files in other folders seem to sync just fine. But, photos and videos just never even try to sync.
NextCloud decided to stop allow private made certificates with its client in 2025 and its what made me switch.
This hasn’t been an issue for me. I pay for a domain and have a certificate issued by Let’s Encrypt. The only certificate errors I get are when I refresh the certificate every 6 months, and that’s just the client asking me if I want to trust the new certificate.
Syncthing
I had looked into this a while back, but it seemed to be more of a point to point solution and not a client-server system. I was aiming to have an authoritative server with everything and clients (both phone and desktop) able to pull the needed/request files. I also like the ability to share via a web link when needed. Am I wrong in that understanding?


I currently use NextCloud, but I have been looking to move away from it. My main use case is for syncing photos and videos to the cloud from my phone (Android) and this used to work flawlessly. But, some time in early 2025, it just stopped working. I can still manually upload files and sync still works for other folders (e.g. Documents) just fine. But, photos and videos just won’t sync automatically. Not sure if there are other options which would work better, but NextCloud on Android just seems to be broke.


You come from nothing, you’re going back to nothing. What have you lost?
Nothing!


AI is the shiny new tech and investors are more worried about missing out on “the next big thing” than they areabout pissing away a few billion dollars. For investors at that level, it’s all a game of numbers. If they invest a billion dollars in 20 different things, and 19 of those things fail, but one has a return of 100 billion dollars, that’s a win.
Sure, there is no guarantee that AI will pan out. But, that’s a very hard thing to determine ahead of time. Everyone thought e-commerce would pay off big in the 90’s/00’s. And it did, for a few companies (Google, Amazon). The rest got slaughtered and we got the dot-com bubble. Then folks expected Crypto currencies, EFTs and NFTs to pay off big. Mostly, that didn’t happen, though they do thrive in a few places. Again, investors just wanted to ride that profit wave.
In short, investments are all about making money. And at a sufficient scale, it’s not about picking winners or losers, it’s about picking everything and making sure the wins from the winners cover the losses from the losers.


We used to get Trickling Springs Creamery ice cream from a local farm store. And it was really good ice cream. But, they had some problems and shut down. I’m not sure what they did to make the ice cream so good, but I’ve not found anything since which compared.


Cookie dough ice cream, without chocolate chips. Maybe it was a limited time thing, but I remember having this at an ice cream shop similar to Baskin Robbins in my youth. It was just plain vanilla ice cream with cookie dough in it and neither part had chocolate chips.
I get that I’m likely one of very few people this would have sold to. But, I really do wish I could have this again.


On Feb. 1, 2025, Muneeb Akhter asked Sohaib Akhter for the plaintext password of an individual who submitted a complaint to the Equal Employment Opportunity Commission’s Public Portal, which was maintained by the Akhters’ employer. Sohaib Akhter conducted a database query on the EEOC database and then provided the password to Muneeb Akhter.
What type of shit password storage policies where they using, if this is even remotely accurate? Sure, these guys should face consequences for their actions. But if this is a US FedGov system, whatever management signed off on this system needs to be in the next jail cell over. Their security seems to be criminally negligent.


Don’t feed the trolls.
It’s a rule almost as old as the intranet. It doesn’t work, but there isn’t anything better.
So they need to review every website?
I’m going to assume you’re just trolling now. I refuse to believe that someone can be this stupid, without actually doing it intentionally. Well done, you got me for a few comments. But, I’m done feeding the troll.
Google processes over 5.9 trillion searches per year
That number has nothing to do with the problem. They don’t need to review every search, they need to review every advertising link they have been paid to place (not every link indexed). Presumably, they already have the infrastructure in place to track those links and verify that they comply with laws such as CSAM, copyright or other areas where they actually have some accountability in those areas. The number of paid advertisement links will be far smaller than that 5.9 trillion number.
Don’t worry so much about sports, as finding something you enjoy which gets you moving. The important thing is to try stuff and find something that works for you. Really, the best exercise you can do, is one you will actually do. It sounds like you have issues with team sports, so maybe try some stuff which doesn’t involve other people. Also, accept that you will likely suck as whatever you do, if you keep practicing, you might find you suck less over time.
I’m not a “sports person”. In fact, I suck as most sports I have tried. But, I discovered that I enjoy indoor sport climbing. I sucked amazingly bad at it when I first started. I mostly climb top rope and was struggling to finish a 5.9 climb. But, I kept at it and now I can finish most 5.10a climbs on my first attempt. I’m not some super climber by any means, but I have become kinda competent. I enjoy the challenge and have met some great people along the way. I also get excited when I walk into the gym and see a new set of routes. It’s like being handed a new set of puzzles to solve.