Shouldn’t be this hard to find out the attack vector.

Buried deep, deep in their writeup:

RocketMQ servers

• CVE-2021-4043 (Polkit)
• CVE-2023-33246

I’m sure if you’re running other insecure, public facing web servers with bad configs, the actor could exploit that too, but they didn’t provide any evidence of this happening in the wild (no threat group TTPs for initial access), so pure FUD to try to sell their security product.

Unfortunately, Ars mostly just restated verbatim what was provided by the security vendor Aqua Nautilus.

So the article repeats, several times, “waymo relies on remote operators”. I don’t think the author knows what “self-driving” means.

Digital signature as a means of non repudiation is exactly the way this should be done. Any official docs or releases should be signed and easily verifiable by any public official.

Any competitor worth their salt will match and exceed that as a signing bonus.

Why are you running a VPN? If you are simply shielding your internet activity from your ISP, Google won’t give a shit where you sign in from.

If you are browsing to shield your identity, you want to be fully disassociated with any non-secure browsing habits. If this is your use case, even if you are using discrete internet accounts, tracking cookies are common enough that, you would still be identifiable from your browser fingerprint. It all depends on what your risk factors are, and how much you want to spend to mitigate them.

I wouldn’t immediately jump to that conclusion. There are plenty of legitimate business opportunities that do not imply “taking money to promote products”. In-line advertising and properly disclosed free samples are standard operating procedure for the tech industry, but they are completely above board, and by themselves do not imply bias.

Nearly every content creator’s YouTube channel About page or website will have a similar line, somewhere.

Take that Geiger counter close to most old concrete sometime. Now think of what these old buildings are made of.

The biggest mistake users will make is thinking their data is safe JUST because they have a NAS or a RAID. It’s common parlance in Systems Administration that RAID is NOT backup.

To wit— not truly understanding RAID and how it relates to capacity, parity, and especially the time required to rebuild in failed disk situation. It is a crucial mistake to use RAID 5 with greater than 2TB disks, and even that is pushing it, but RAID 5 is at least in the zeitgeist.

There are also some outside concerns such as Drive batch dates and knowing to pre-purchase spare disks well in advance that may hamper recovery.

You are absolutely correct— major blog hosting, image hosting, and video hosting sites are all “free” for the content creator, but YouTube by far has the largest audience and highest monetization rates of any of them.

This is just creators buying in with their wallets; it makes sense to go where the money is, even if the format sucks for the idealized content consumer.