Jerry

Rule 1: Don't ever use an agentic browser (one that an AI can control).
Rule 2: But, if you do use an agentic browser, only run it inside a virtual machine.

AI hacking. Downloading images can allow your computer to become hijacked. Here's how.

https://www.scientificamerican.com/article/hacking-ai-agents-how-malicious-images-and-pixel-manipulation-threaten/

I have a #Pixel 10 Pro XL phone, which may be the first phone to give warnings when the phone connects to a rogue cellphone tower or IMSI catcher. The OS cannot block it; it can only tell you that someone read information, and it presents an alert. It says,

"Your data may be at risk. Device ID accessed. At 6:57 PM a nearby network recorded your device's unique ID (IMSI or IMEI) while using your T-Mobile SIM. This means that your location, activity, or identity has been logged."

I didn't ever get an alert before walking through the building, but this time, during a 30-minute walk through the building, I got about 8 alerts, ranging between 1 and 3 minutes apart.

Using this information from repeated connections, someone can follow my movements and location; they can identify it's me because the IMSI number is unique to my phone, so it can be an indication that someone was collecting all the cellphone information in the area, most likely law enforcement.

It can also mean that I was connecting to a rogue cell phone tower, not just an IMSI catcher, and it was an attempted Stingray attack, likely also law enforcement. If successful, they can try to see and hear what I'm doing on my phone, as my phone won't know that it's a fake cellphone tower.

Be aware that a rogue tower will try to negotiate your phone's connection down to a 2G connection, which is unencrypted, providing them with access to everything that you are doing and saying. Please go into your phone's settings and disable 2G!!

It's been believed for some time that this technology has been used by law enforcement secretly and consistently. This is creepy and unnerving.

Turning off the phone, by the way, doesn't stop an IMSI catcher. Your phone still responds. You need to keep the phone in a Faraday bag if you're really concerned.

It's a good thing that phones are now starting to inform people that they are being watched and that people will begin to see how much of an issue this is. You can assume that your local law enforcement knows where you are all the time.

Two weekends ago I upgraded my Ubuntu desktop from 22.04 to 24.04.3 and was left with an unusable system because I opted to keep my existing copy of the gdm-smartcard-pkcs11-exclusive configuration file because I don't use a smartcard.

But it's a new configuration file and is REQUIRED. By saying I didn't want it updated, the update program didn't create the new one. And since there wasn't an old one, the upgrade failed with "error: alternative path /etc/pam.d/gdm-smartcard-pkcs11-exclusive doesn’t exist" and "The upgrade has aborted. Your system could be in an unusable state." Oh, it certainly was.

It might as well have said, "Enter N if you want your system to become unusable."

The upgrade program should never have asked. If the file is required and it isn't there, it should have just created it. I think it's a bug in the update program.

gdm3, ubuntu-desktop, and ubuntu-desktop-minimal weren't installed. PAM was not set up. No way to log in.

I wrote a blog post about how I recovered from this in case anyone else is bitten by this same issue: https://jerry.hear-me.blog/ubuntu-22-04-to-24-04-upgrade-failure-missing-file/

Two weekends ago I upgraded my Ubuntu desktop from 22.04 to 24.04.3 and was left with an unusable system because I opted to keep my existing copy of the gdm-smartcard-pkcs11-exclusive configuration file because I don't use a smartcard.

But it's a new configuration file and is REQUIRED. By saying I didn't want it updated, the update program didn't create the new one. And since there wasn't an old one, the upgrade failed with "error: alternative path /etc/pam.d/gdm-smartcard-pkcs11-exclusive doesn’t exist" and "The upgrade has aborted. Your system could be in an unusable state." Oh, it certainly was.

It might as well have said, "Enter N if you want your system to become unusable."

The upgrade program should never have asked. If the file is required and it isn't there, it should have just created it. I think it's a bug in the update program.

gdm3, ubuntu-desktop, and ubuntu-desktop-minimal weren't installed. PAM was not set up. No way to log in.

I wrote a blog post about how I recovered from this in case anyone else is bitten by this same issue: https://jerry.hear-me.blog/ubuntu-22-04-to-24-04-upgrade-failure-missing-file/

'Chicago Sun-Times' Slammed After Letting AI Generate Summer Reading List—Full Of Fake Book Titles

Need some good news about the fight against Corporations violating your privacy? This is a great ruling! This gives States big teeth to go against companies who violate state laws that protect privacy.

The key issue was whether Shopify’s actions were “expressly aimed” at California. Shopify argued that it was “mere happenstance” that its conduct affected a consumer in California ..."

Ninth Circuit Court:
"Pre-internet, there would be no doubt that the California courts would have specific personal jurisdiction over a third party who physically entered a Californian’s home by deceptive means to take personal information from the Californian’s files for its own commercial gain. Here, though Shopify’s entry into the state of California is by electronic means ..."

"... not “mere happenstance” because, among other things, Shopify allegedly knew plaintiff's location either prior to or shortly after installing its initial tracking software on his device as well as those of other Californians.

https://www.eff.org/deeplinks/2025/05/ninth-circuit-hands-users-big-win-californians-can-sue-out-state-corporations

#EFF #Shopify

There are many #Friendica fans, and for good reason. Once you get past the learning curve from the difficult UI, you get to appreciate the extra benefits of built-in #Bluesky, #Lemmy/#Piefed/#MBIN, #Tumblr, and #RSS feed integration. It also has #Diasporia integration and some other protocol integrations. Of course, it's also a #Mastodon alternative.

Nobody ever mentions Friendica as being a #Threadiverse app, but it has Groups, which is built-in Threadiverse capability. If you follow a Community on Lemmy/Piefed/MBIN, for example, it gets categorized as a group and is placed into a separate section for the groups you are part of. Then you can read and post in the Group (Community/Magazine) just like you would on a Threadiverse application. You can also create public and private groups.

And there is no need to use a Bluesky bridge if the Friendica instance you are on has the integration turned on.

Here's an excellent 5-minute video showing Friendica created by @earthman@my-place.social for those interested in seeing how it works.

https://www.youtube.com/watch?v=QFGLRgnaeLc

Hey, Threadiverse! I'm looking for informed opinions on database choices.

I can stand up an Internet-facing application and have it use either MySQL or PostgreSQL. Which is the better choice, and why do you think so?

Thanks!

Dedicated to antisocial behavior of social media corporations, censorship, algorithmic bias, filter bubbles, privacy and psychological effects of mainstream social media.

Articles like:

• Instagram Begins Randomly Showing Users AI-Generated Images of Themselves
• Meta dumps fact-checkers
  -Facebook lifts restrictions on calling women ‘property’ and transgender people ‘freaks’

!antisocialmedia@piefed.social
https://feddit.online/c/antisocialmedia@piefed.social

The Digital Ocean outage on 28-Nov-2024 was caused by a mistaken clientHold put on DigitalOceanSpaces.com by Network Solutions, probably by one person, which continued for hours because a bevy of clueless VeriSign executives, notified in multiple escalations, didn't know who to contact to reverse this simple mistake that lead to a major corporation bleeding revenue and reputation.

Imagine if Network Solutions accidentally put a clientHold on your domain. You'd have to kiss your domain goodbye because a lot of VeriSign executives will not be helping you, even if they could.

"DigitalOcean is working with Network Solutions to understand what happened on their end that resulted in the clientHold being applied to our domain incorrectly. In addition, we are reviewing other domain registrars as possible new homes for our domains."

https://status.digitalocean.com/incidents/jm44h02t22ck