It's likely referring to the Realforce keyboards, notice the title says "HHKB _and_ Realforce", then "Mechanical Programming _and_ Gaming Keyboards", respectively.
Are there any recommended open source projects for handling the management of a Minecraft server? So maybe some kind of control panel, automated backups, etc.?
I specifically mean some kind of all-in-one solution rather than a hodgepodge of tools and bash scripts.
Something that gets one close to the Minecraft Java Realms experience + mods, which one can just provision on their EC2 instance or wherever they may run the Minecraft server.
Pterodactyl is a commonly used one as the other comments say, but just to give some background, Pterodactyl itself, rather than being a minecraft server hosting software, is actually a generic server hosting software that can be used pretty effectively with a lot of games or even webservers. The base configuration of a pterodactyl managed instance is an egg, which is basically a docker image wrapped in a bunch of configurations[1]. This means you can run any docker container in pterodactyl and manage it all through a fairly slick web panel[2] which allows you to easily tweak things like memory allocation, send commands directly to the console, and share access with other accounts. There's lots of eggs already configured for minecraft and other games like Rust (not the programming language), so a lot of the complexity of setting up a docker container is abstracted away and for a non-advanced user its a pretty nice balance between the ease of use for a realm and the extensibility of a full server.
I've seen employment contracts that just include a general catch-all for any kind of surveillance, even if they "don't do it right now". This in California.
I take your point though that you're saying some laws require explicitly enumerating them (from how I understood your comment).
Does anyone know if on company-provided macOS/macbook, can these kinds of tracking programs turn the microphone or webcam on without it being indicated in the system?
Obviously, it is a device that's not yours and the company can do all kinds of things such as installing rootkits and other things to do whatever, but putting that aside, short of that level of commitment, is anyone familiar with these kinds of programs and whether or not they indicate in some way (e.g. macOS-level indicators that some app is using the microphone/webcam).
I'm just curious if I have my work laptop in clamshell mode and it goes to sleep, to what extent is it not a 24/7 active bug? Maybe I should be shutting it down every single moment that I don't want to risk being spied on?
Is "sleeping" the macbook and closing it shut, enough? Is it low-level enough of a block, or can apps circumvent even that?
I'm specifically putting aside Pegasus-level circumventions here, since then all bets are off. I'm just thinking about 'off-the-shelf' level apps that companies can license and use.
MDM software only allows to do so much. We use it my company. We can remotely wipe a Mac or reboot it but that pretty much it. I’m not aware of any 3rd party software that can turn on the camera (remember the green light) or capture the screen without the user knowing it’s happening. Checkout Jamf it’s a pretty standard 3rd party tool, whatever they say they can do is what’s possible from a corporate “non-hostile” perspective.
Unless Apple specifically prevents it - and maybe they do - it's not hard to do. I remember an old story of a school district in the US that gave the high school kids laptops, though I don't recall the brand, and used the camera to watch and take remote photos 24/7 without notifying anyone or getting permission; I think it might have taken photos automatically on a schedule too, but I'm not sure. I think the excuse was to prevent illicit use of the laptop.
IT pros, stop and think for a moment about the risks. How long did that take you? Apparently the school administration and IT personnel completely overlooked them.
They were watching and photographing underage kids in their bedrooms, not that spying on anyone anywhere is ok. They thought they caught one with drugs (it was candy) in their bedroom and showed the images to the parents. The parents sued the school district and it was in national news (maybe on HN). Somehow I never saw child pornography charges, even though I don't know that they could have prevented it - just turn on the camera at the wrong time.
I blame the IT personnel too, especially the CIO / IT director who failed to point out the risk and stop it, and even the low-level people should have stopped when they first saw the inside of a teenager's bedroom.
>Michael and Holly Robbins of Penn Valley, Pa., said they first found out about the alleged spying last November after their son Blake was accused by a Harriton High School official of "improper behavior in his home" and shown a photograph taken by his laptop.
Unless they use MDM to push a profile that authorizes a specific application/developer to access system resources without prompting the user. This is a common practice for deploying security applications - e.g. crowdstrike requires full-disc access and there’s a policy thats deployable via MDM to enable it automatically during the next beacon from a host.
...which is pointless, because in the last two major MacOS releases (well, now three) an Apple Silicon system will not only remain connected to any bluetooth audio devices and wifi (even if "wake for network access" is set to "never"), it will actively seek connections with bluetooth audio devices that are turned on or come into range.
Not only is this a huge potential privacy issue, it's extremely annoying, because on many bluetooth headphones, it makes it impossible to, say, connect your phone to the headphones.
The issue with remaining on wifi is also extremely annoying if you're connected to a hotspot device. I discovered well into a vacation that my macbook was remaining connected to a hotspot and using up data - despite both "low data mode" (which has a penchant for magically turning itself off) and "wake for network access" set to never.
There was an option to disable allowing a bluetooth device to "wake" the system, which stops the mac from keeping bluetooth connections active during sleep, but that was removed in Catalina.
There's no excuse for removal of such an option, nor is there any excuse for not setting some logic such that only keyboards and mice retain active bluetooth connections.
The dumbification of MacOS marches on, as some anonymous mid-tier executive at Apple continues his or her mission to turn MacOS into iOS. We also lost wifi network priority a couple releases ago as well - a move that is so unfathomably stupid it defies belief. You used to be able to set a hotspot as high priority and then, say, a cafe's free (and far less secure) wifi network as a lower priority, and when you wanted to do something on the hotspot, you could just turn it on, and your mac would prefer that network. Now it's a roll of the dice at best.
Companies doing this have to be extremely careful. California is a two-party consent state. If an employer is found recording a personal conversation in the employee's home, they could find themselves in court with an unsympathetic jury.
Almost every state is one or two party consent. That means you have to be a party to the conversation at the very least. I don't know any state that allows passive recording of conversations in private.
Many employers during the pandemic engaged in all sorts of electronic monitoring on employees with seemingly no legal repercussions. The corporate law firms of America lawyers have almost certainly devoted much time to dreaming up extensive legal arguments and language to slip into employee contracts, agreements, and 'handbooks'
When you're fired for saying something derogatory about your employer that is picked up by your company-issued computer sitting in your home office, do you have the resources to fight them in court, especially given your employer's law firm almost certainly has a cozy relationship with the judiciary in your area?
> Many employers during the pandemic engaged in all sorts of electronic monitoring on employees with seemingly no legal repercussions.
But there's a key difference. If employers want to track what time you're on the company laptop or if it's connecting from an IP address in the location you claim to be working from, that's legal. Monitoring nominally mic-off personal conversations isn't.
If you don't have root, and sometimes even if you do, then you cannot be entirely sure. That's why hardware shutters and physical disconnects are a thing.
If you have root you still cannot turn on the camera without the physical light turning on, and I believe you’d need at least a kernel exploit to disable the screen indicator for the microphone.
From a very cursory skim, I get the feeling that this would only work on public repositories where pull requests are allowed, correct?
Not to minimize the issue, as that type of situation is likely the norm on GitHub.
Another way of phrasing what I mean: private repositories are unlikely to be affected by this correct? Since the spoofer would have no way to propose the threatening pull request, only the real dependabot would have permission to do that in that case.
Well, it works to every repository the user who is doing the spoofing has access to, private or public. If the user has access to your private repository via the GitHub ACL, they'll be able to create a PR to it with their spoofed profile.
But yes, if you have a private repository only you and dependabot has access to, no user would be able to perform this spoof against your repository.
This is probably the intended behavior of github, but correctly maintaining that invariant is exactly the sort of functionality middle management and project managers tend to deprioritize.
“How could they get the repo uuid without access, and even if they had it, the worst they could do is create an issue or PR that they can’t even read.”
Choice excerpt from Section 10a:
"The Federal Government shall exercise eminent domain over any and all recovered technologies of unknown origin and biological evidence of non-human intelligence that may be controlled by private persons or entities in the interests of the public good"
This is from Chuck Schumer, someone that hasn't been adjacent to this topic until now, out of nowhere.
- The late Harry Reid (Senator D-NV) was a huge proponent of pushing for more information on this topic, initiating the Advanced Aerospace Threat Identification Program (AATIP) which was the precursor to a lot of these developments. See https://en.wikipedia.org/wiki/Harry_Reid#UFOs
- Jared Moskowitz (Representative D-FL) was one of the three representatives pushing for this hearing
The U.S. should always have a program to study UAPs.
UAP is simply unidentified aerial phenomena. It’s in the US’s interests to study such phenomena in its airspace.
For example those Chinese balloons, until they were recognized as balloons, also were UAPs.
Supporting the study of UAPs, including potential alien UAPs, is a far cry from claiming the U.S. govt has found wreckage of alien technology and is driving a worldwide conspiracy along with many other govts to keep this information hidden from people.
The alien and ancient civilization stuff comes mostly from the gop. Rubio isn’t worried about ET - but bullshit like this is appealing to the nutjobs attracted to qanon, etc who vote.
UAPs aren’t little green men. A drone with AI controls fits the quotes description.
- The (democrat) senate majority leader mentioned "non human intelligence"
- Rubio _is_ worried about "ET", per multiple interviews where this is presented as a likely explanation for the observed behavior
- No, an "AI Controlled drone" does not "fit the quotes description", not in the slightest. You are either grossly misinformed about the claims, the capabilities of modern aircraft (black or otherwise), or intentionally misleading others.
If I were a congressional leader, I’d be more than a little concerned about swarms of unidentified drones flying around ships in US territorial waters.
The implication of aliens is a “Lucy with the football” play — a certain number of people always take the bait, and others laugh. It was done in the 50s, again in the 80s when Tomahawk missiles and stealth aircraft were tested, etc. Now the prospect of aliens is covering for some threat.
First time I see someone plainly refer to 'Holland' and it's not in The Netherlands but actually a city in Michigan.
Checked on a map and it's actually near a place called Zeeland, which is also in The Netherlands. Wow "Noordeloos" also sounds Dutch. I guess they just have many Dutch-named towns over there.
