Need to let loose a primal scream without collecting footnotes first? Have a sneer percolating in your system but not enough time/energy to make a whole post about it? Go forth and be mid: Welcome to the Stubsack, your first port of call for learning fresh Awful youāll near-instantly regret.
Any awful.systems sub may be subsneered in this subthread, techtakes or no.
If your sneer seems higher quality than you thought, feel free to cutānāpaste it into its own post ā thereās no quota for posting and the bar really isnāt that high.
The post Xitter web has spawned soo many āesotericā right wing freaks, but thereās no appropriate sneer-space for them. Iām talking redscare-ish, reality challenged āculture criticsā who write about everything but understand nothing. Iām talking about reply-guys who make the same 6 tweets about the same 3 subjects. Theyāre inescapable at this point, yet I donāt see them mocked (as much as they should be)
Like, there was one dude a while back who insisted that women couldnāt be surgeons because they didnāt believe in the moon or in stars? I think each and every one of these guys is uniquely fucked up and if I canāt escape them, I would love to sneer at them.
(Credit and/or blame to David Gerard for starting thisā¦)
I got a spam message with a phishing linkā¦ Via Github? Seriously? Are we really doing this?
Not a completely unusual commentā¦ From the URL it was very obvious that this was a phishing link though. Curiosity got the better of me. The site shows you a ācloudflareā captcha. OK, letās click the checkbox. The usual loading animation starts, then this is shown:
Yeah ok, rightā¦
Iām actually a bit impressed with this, these captchas are so common, I didnāt even really think about checking the box. But of course, that interaction means the browser will allow the site to add something to your clipboard.
But likeā¦ Why distribute it via Github? I cannot think of a worse audience to try and con into āpaste something random into your windows consoleā. Am I just being naive here? Is this something common I somehow never experienced before?
Yeah that copy paste commands that give control over your pc shit is pretty nasty. Also over a year old at least. So it isnt specifically an attack at vibe coders. Not sure what the initial targets were but these usually try to target people not that knowledgeable in computer matters so lol that this now includes vibe coders.
Ah, I had been wondering if this is new, or I had just never noticed it. So itās the latter, good to know.
Itās kind of genius as wellā¦ A single comment will get the attention of potentially dozens of people, sent to a valid email address without having to guess/buy lists, and thereās an air of ātrustā around the (completely legit) mail you then get from github, containing the link.
I donāt know how new it is, but it first dropped on my radar about a year ago due to listening to the Risky Business cybersecurity podcast, not to be confused with the recent (and baffingly named (*)) podcast called āRisky Business with Nate Silver and Maria Konnikovaā (**) by dweeb Nate Silver. So I donāt know how long it was going on the wild, and im talking about the windows button + r attack method and not the github comments, no idea how long they used comments as a vector. And yes that part is also good, like the addition of trust of github + quite an effective attack is clever. Shouldnāt work on Real Nerds however.
*: The name means that at least one of they didnāt [know|care|google] about the decades old cybersecurity podcast before naming their podcast that is true. Any of those is odd.
**: addition to above, the tagline of the podcast is āa weekly podcast about making better decisionsā Look inwards Nate, look inwards.
Getting in early on targeting the vibe coder demographic.
Oh god
Althoughā¦ Do you think VideCodersTM read github issues?
Github only catches strays, itās much more widely deployed
Yeah, that this happens elsewhere I have no doubt, I just never noticed on GH before.