lemmyvore @ lemmyvore @feddit.nl

Posts

15

Comments

2,750

Joined

2 yr. ago

They typically use internal personnel and being parcimonious about it so you're right about that.

Well probably not just Nvidia but the next likely beneficiaries are in the same range (Microsoft etc.)

Ah it doesn't work on Android? A pity, that's where I need dark mode the most.

In that case I call bullshit. What I described can work (relaying banking apps on the victim's phone to authenticate to ATM), with cards it should not. If you read the comments on the site you'll see people are just as confused as to how this can work.

There's no credit card involved in this scenario.

1. The attacker uses phone A and touches the ATM NFC reader. This creates a NFC event on phone A that requests a token.
2. Phone A sensds the request data to the malware running on victim's Phone V.
3. The malware on phone V creates a fake NFC event that makes it look like the phone V was touched against the ATM. <-- this is the huge security issue IMO
4. The app on phone V that's currently associated with NFC contactless payments responds to the fake NFC event by issuing a token.
5. The malware on Phone V sends the token to phone A.
6. Phone A uses the token to "prove" to the ATM that the real customer is in front of it.
7. The ATM asks for the PIN and the attacker supplies the correct PIN (which they've previously obtained via social engineering).
8. Attacker can now withdraw cash from the ATM from the victim's account.

The most successful ML in-house projects I've seen took at least 3 times as long than initially projected to become usable, and the results were underwhelming.

You have to keep in mind that most of the corporate ML undertakings are fundamentally flawed because they don't use ML specialists. They use eager beavers who are enthusiastic about ML and entirely self-taught and will move on in 1 year and want to have "AI" on their resume when they leave.

Meanwhile, any software architect worth their salt will diplomatically avoid to give you any clear estimate for anything having to do with ML – because it's basically a black box full of hopes and dreams. They'll happily give you estimates and build infrastructure around the box but refuse to touch the actual thing with a ten foot pole.

TBF in most cases forced app obsolescence is on the developers. Some of them are super aggressive and will force you to update without really needing it. Like, come on, package tracking app, I really don't believe you're unable to show me the package pick-up barcode without updating. 🙄

But yeah, on iOS it's completely impossible to get older versions, once you've updated something that's it. And even on Android I've noticed that it's become impossible to downgrade some apps even if I have the old apk, the Google installer simply fails to install it if I've ever had a newer version installed.

There's been talk about exploring porting the engine to iOS at the beginning of 2023 but AFAIK the current state of things was that it's a significant undertaking and probably not worth it just for the EU market.

There's no Firefox engine for iOS and Mozilla says it doesn't make financial sense to port it.

In the olden days software used to be sold by individual major versions. You paid for version 9, you paid for version 10. Or you skipped versions you didn't need. You could use versions side by side. The newest installed would import its data from the older ones. etc.

App stores have made this very awkward or almost impossible. There's no concept of separating major versions. You'd have to buy and install completely different apps to be able to pay for them separately and to use them side by side, but if they're separate apps they can't import your data from each other. Not to mention that people seem to hate having "too many apps" for some reason.

Software subscriptions switch the "support per major version" to "support per time of use". It's obviously shittier but it's more realistic than a one-time price and expecting to use the app in all future versions in perpetuity. The one time price would have to be very large to be realistic.

If you go forward 12 months the AI bubble will have burst. If not sooner.

Most companies who bought into the hype are now (or will be soon) realizing it's nowhere near the ROI they hoped for, that the projects they've been financing are not working out, that forcing their people to use Copilot did not bring significant efficiency gains, and more and more are realizing they've been exchanging private and/or confidential data with Microsoft and boy there's a shitstorm gathering on that front.

When it happens it's a security flaw and it needs to get patched. It's not normal everyday thing.

This isn't about subscribing to NFC events, the malware is creating fake NFC events without the NFC sensor being involved in a physical interaction with a tag or reader.

For now, but the EU will force Apple to allow non-WebKit engines on iOS. At which point only Google will have enough money to spare porting an entire engine to a small market.

That's what I mean, it shouldn't be possible to relay anything. It should only trigger when there's a reader physically in proximity to the phone.

Please keep in mind this is happening on the victim's phone which is not rooted, the malware is a regular non-system app.

If it were happening on a rooted phone I could understand being able to subvert the NFC chain because at some point it has to pass from hardware to software and if you're privileged enough you can cut in there. But the malware app is not privileged.

You know, I hadn't realized this before. Thanks to Apple's decade-long policy, alternative browsers for iOS literally don't exist, they'll have to be ported. It will take years for that to happen, if anybody even bothers. Well, Google will.

And that's how Apple will have managed to shoot themselves in the foot and have iOS fall under Chrome domination too.

At this point if they were smart they would sponsor the ports of alternative browsers that are not Chrome, but I doubt they have it in them.

For those confused about how this could work with chip cards, the malware has two components, one installed on the victims phone and one on the attacker's. The attacker initiates the contactless authentication at an ATM or contactless payment and their phone communicates in real time with the victim's, which is tricked by the malware into reacting to that event and producing the one time token which is then relayed to the attacker and used.

They also previously social-engineered the card PIN from the victim, in case the contactless event requires it (definitely in case of ATM login).

The fact you can trick the NFC system on the phone into reacting to "phantom" payment events and intercept the resulting token sounds like a pretty big problem. The former should be entirely hardware controlled, and the latter should not allow the token to go anywhere else except to the hardware.

There's more to a movie adaptation than good casting, nice imagery, good music and loosely following the events.

There are huge plot holes, for example. To mention just one, how can a bunch of savages on a backwater planet win against the resources of the entire Empire? They might pull off a victory here and there, in carefully planned condition, on their own planet, but how can they win a war against a space-faring enemy with entire fleets at their disposal?

Even on home turf they're outgunned, the movie actually shows what happens if the Harkonnen were to use conventional weapons in earnest, they bomb the shit out of them because the Fremen have no shields. But its only done once then conveniently never again. There's a limit to how far hand-to-hand combat will go, especially in a high-tech future war. It's suited to guerilla warfare, assassinations, but not all-out war.

There are of course answers to all of the above but they're not in the movies.

The movie is basically "guy gets cast as Messiah by evil cabal machinations and is too big a baby to do anything about it". The end.

Leaving aside for a moment the sheer complexity of the themes and the plot and the universe in the book —that didn't make it through— the movie doesn't even stay faithful to itself. Every single person who's had any influence on Paul gets discarded just so he can fulfill his ultimate destiny of being a sad, wet blanket with a "welp, I guess we're doing that" attitude.

But seriously, how do you manage to make two movies and have nothing important from the rich Dune universe make it through? This could have just as easily been set in the Star Wars universe with only minor alterations and nobody among the general public would have batted an eye.

Part 2 is done in the same spirit as 1. The characters and plot don't get any better, if anything they become outright one-dimensional. Everything (facts, characters) are over-simplified caricatures of themselves — they like to take one thing that's technically true and run it down into the ground.

The two things that bothered me the most is how Paul is completely robbed of any agency, and becomes this listless puppet with a sad smile, and how the plot revolves around religious fanaticism with only token mentions about prescience. Hell, I don't remember if they even mentioned why spice is so important.

To be honest it's killed any interest in me about seeing more movies. I mean I'll watch them, I liked the image and music, but in a detached way like I'd watch an Avengers movie. I can imagine exactly how they're going to be, shallow as fuck. Which is going to be completely stupid and pointless because the amount of political and sociological intrigue increases exponentially as you advance in the series.