The narrator in the article acts as a third person observer and identifies "Claude" as the active hacker. So assuming the (unidentified) company that sells/manages the product wants to prosecute a CFAA violation, who do they go after? Was Claude the one responsible for all of the hacking?
What do you mean? IANAL, but Claude doesn't just "wake up" (whatever that means) and decide to reverse engineering/hack stuff, so if this is a CFAA violation the person who prompted Claude is indeed responsible. At best, one could argue that the company producing Claude is partially responsible because it didn't prevent people from using it to reverse engineer stuff, but there's no way Claude is "responsible for all of the hacking", regardless of how many times the blog posts says "Claude did X".
100% agree. I still have Ars Technica and Slashdot in my RSS feed list, but both are paused. Every now and then (maybe once a month) I'll take a peek, but it's rare that I'll find anything really worthwhile. About 10% of the content is slanted to push their desired narratives, so objectivity is gone.
I still had Slashdot in my RSS feed, purely out of inertia. I don’t even interact with it much other than occasionally marking it as read. This was the push I needed to unsubscribe from it.
I had a few Ring doorbells from 2019-2024. I ditched them both because I saw the quality of the video degrade slowly over that time, probably in an effort to reduce cloud storage costs. The reliability of the motion detection also decreased over the same period.
The final straw was when somebody ripped one of the Ring Elite (wired) doorbells off the outside wall. (This was during a Teamsters labor action against Amazon, but I cannot prove any relationship.) There was never a motion alert, and no footage of the culprit was recorded. The final frame had something in it that may have been a person, but it was impossible to be sure.
Having one of my Rings stolen was actually a blessing. I had the police come and take a report, and submitted a claim to Ring. They sent a free replacement, which I promptly listed on eBay, along with the other used one.
So after paying $5/month times two doorbells for five years, I went looking for something better. I settled on Reolink. Everything about them is better. The video quality is far superior, the motion detection is outstanding (and very customizable). Also, the Reolink doorbells cost less than a third of what the Ring Elites cost.
They offer optional cloud storage for about the same price as Ring, but you can also opt for free local storage (using a microSD card in the doorbell). I've got both doorbells set up with 256GB microSD cards, and have them both streaming RTSP to my NAS/NVR, which is something the Ring will never be able to do.
Also, Reolink has made no announcements about partnering with law enforcement, or anyone else. I suppose they might grant access to their cloud, but I doubt they would directly access the microSD cards, and certainly would be unable to access my NVR. I prefer to have some control over my own data, and the Reolink doorbells give me that, while being better and cheaper at what they do.
The one feature the Rings had which was not easily replaceable was smart home integration with motion detection, but I was able to implement that using edgebridge, my NAS/NVR, and some webhooks. My workaround is actually superior to what Ring offered because it's all local, and will continue to function even during an Internet outage.
For about 15 years beginning in 2003 I had some VPSs with CrystalTech/NewTek. I noticed right away that they had blocked all port 23 traffic in/out of their edge.
I asked them about it and they said it was a security measure. Apparently they used telnet for managing their routers.
It turned out that they did not have very good security anyway.
The cell network routinely does TDoA triangulation in order to help choose which tower should serve the client mobile device. Accuracy is about 20m, and may be better at 5G frequencies. 911 gets the location from the mobile network provider, but the network provider could provide it to anyone, and they do.
Tons of "free" and crapware apps are also recording location, and sending it to data brokers.
Using LTE Timing Advance feature, especially on 5G, accuracy can be much higher.
https://5g-tools.com/5g-nr-timing-advance-ta-distance-calcul... shows an example of the parameters necessary. I don't think you can get your smartphone to dump those stats for you, but the granularity of the individual distance measurement is in the tens of centimeters.
Of course this strongly depends on cell infrastructure being placed precisely, continuously updating correction factors, and a bunch of antennae being around the target to get measurements for, but in most cities that isn't much of a challenge if the operator is working together with whoever wants to spy on citizens.
I purchased a copy of OSF Motif for Linux (x86) sometime in the early 1990's (before it was free). I had used it before on SunOS and I liked it.
One of the most annoying things about it was that it did not address the endianness of the arguments to the library functions. So it worked fine on big endian platforms, but not so fine on little endian ones (such as Intel).
It would still work okay if you byte swapped the arguments in and out of the library functions, but it just seemed silly to need to do that, and it made it more difficult to write portable code.
Years ago, I used to get marketing spam emails from Bank of America. In their email, they did not offer a way to opt out from those types of email, so I invalidated the unique email address that I had created just for them. A few months later, I got a snail mail letter like the one Dan got, telling me that emails were being rejected and that I needed to correct my email address. I went through the same sort of nonsensical dialog with them, and they simply would not let me opt out from their marketing emails, so I left it disabled for a few years. Eventually they offered "email preferences", so I re-enabled it.
My wife continues to get spam snail mail from Citi, and they offer no way to opt out. If it was my account, I would switch banks.
Back to the main topic: I think it's pretty stupid of the HSBC IT folks to assume that an email was not read because the tracking pixels were never accessed. Lots of email clients these days do not load images by default.
reply