Daily Archives: November 13, 2021

Something Awful Founder Richard Lowtax Kyanka Has Reportedly Died

Posted on by

A GoFundMe is collecting money to put toward the wellbeing of the three daughters Kyanka left behind. Here is the corresponding thread on Something Awful. Original story continues below.

Longtime Something Awful forum administrator Fragmaster posted that site founder Richard “Lowtax” Kyanka has died. “I guess I should preface this by saying this isn’t a joke especially since I’m posting for like the first time in 10 years or something, but I got the bad news today directly from Rich’s family,” wrote Fragmaster. “Lowtax has passed away.”

“I didn’t ask for details,” Fragmaster continued. “I don’t know details. I don’t know what the current opinion of Rich here is. Not here to answer questions, I’m sharing the news. I really hate to share this news. But there you go.”

Considering all the shit that Something Awful has gotten up to over the years, some have wondered if this were a hoax. “Is this for real?” wondered one forum member. Some expressed shock at the news, while others offered their condolences to his children.

Kyanka’s second wife, who posts on SA under the name LadyAmbien, has confirmed her husband’s death, in a very angry post about his treatment of her and their children.

Below is the SA admin’s eulogy for the site’s founder, which was originally posted in a thread titled “itt a tribute to our late founder, farewell, deer richard.”

In 1999, Kyanka created Something Awful, and today, it’s hard to understate the site’s influence. It also spawned endless, classic memes, such as, “All your base are belong to us,” and was even the launching pad for what became 4chan. Our colleagues at Gizmodo listed it at number 89 in the 100 websites that shaped the internet today, writing the following:

While Something Awful had its moments as a host for various bits of comedy, rants, and reviews, SA’s community is its real legacy. From its forums, Something Awful members gave birth to the legend of Slenderman, an entire new genre of videos in Let’s Plays, and thanks to offshoots like the Goonswarm, SA was indirectly responsible for some of the most massive (and costly) space battles ever witnessed in video game history. It was also, uh, actually awful.

“The Something Awful forums spawned a great many things in its multiple decades of existence,” said Fragmaster in his YouTube eulogy. “Some things horrible and unfortunate, many things just unintelligible and a huge waste of time. But ultimately, Rich created a community where interesting things happened and people connected.”

In October 2020, Kyanka sold the site, writing on Facebook, “I just signed away the rights to Something Awful, goodbye, good riddance.”

[…]

Source: Something Awful Founder Richard Kyanka Has Reportedly Died

Latest Windows 11 overrides attempts to avoid using Edge – browser wars again!

Posted on by

Back in 2017, Daniel Aleksandersen created a free helper application called EdgeDeflector to counter behavioral changes Microsoft made in the way Windows handles mouse clicks on certain web links.

Typically, https:// links get handled by whatever default browser is set for the system in question. But there are ways to register a custom protocol handler, for operating systems and web browsers, that defines the scheme to access a given resource (URI).

Microsoft did just that when it created the microsoft-edge: URI scheme. By prefixing certain links as microsoft-edge:https://example.com instead of https://example.com, the company can tell Windows to use Edge to render example.com instead of the system’s default browser.

Microsoft is not doing this for all web links – it hasn’t completely rejected browser choice. It applies the microsoft-edge:// protocol to Windows 10 services like News and Interest, Widgets in Windows 11, various help links in the Settings app, search links from the Start menu, Cortana links, and links sent from paired Android devices. Clicking on these links will normally open in Edge regardless of the default browser setting.

When the microsoft-edge:// protocol is used, EdgeDeflector intercepts the protocol mapping to force affected links to open in the user’s default browser like regular https:// links. That allows users to override Microsoft and steer links to their chosen browsers.

This approach has proven to be a popular one: Brave and Firefox recently implemented their own microsoft-edge:// URI scheme interception code to counter Microsoft’s efforts to force microsoft-edge:// links into its Edge browser.

But since Windows 11 build 22494, released last week, EdgeDeflector no longer works.

This is on top of Microsoft making it tedious to change the default browser on Windows 11 from Edge: in the system settings, you have to navigate to Apps, then Default apps, find your preferred installed browser, and then assign all the link and file types you need to that browser, clicking through the extra dialog boxes Windows throws at you. Your preferred browser may be able to offer a shortcut through this process when you install it or tell it to make it your default.

[…]

Source: Latest Windows 11 overrides attempts to avoid using Edge • The Register

2K’s GTA Trilogy Pulled For PC, And Rockstar Launcher Is Broken

Posted on by

Something has gone very, very wrong since yesterday’s launch of GTA Trilogy on PC. As of last night, all mention of a PC version has been removed from Rockstar’s own site, and the Rockstar Games Launcher app has gone completely offline. Anyone who bought the remastered collection before it vanished is currently unable to play.

It has been at least 18 hours since the sudden disappearance of the PC’s GTA Trilogy, and Kotaku can confirm that the Launcher is not working. Which means all Rockstar PC games, including Red Dead Redemption 2 and GTA Online, are currently impossible to play.

For whatever reasons, Rockstar chose to remove all versions of GTAs III, Vice City, and San Andreas from alternative PC stores—including Steam—ahead of this launch, meaning its bespoke software is now the only way to buy and play the games. Or indeed, the only way to not play it.

[…]

Source: 2K’s GTA Trilogy Pulled For PC, And Rockstar Launcher Is Broken

What a clusterfuck – first they piss off their fans by attacking them with DMCA suits, then they release crap and then it all breaks.

GTA Trilogy Remaster Not Worth The Lost Mods And Classic Games

Posted on by

After months of rumors, speculation, leaks, and teasers, Rockstar finally released the remastered Grand Theft Auto: The Trilogy – Definitive Edition collection yesterday. It landed with a thud as players encountered and documented countless visual bugs, gameplay glitches, and odd changes to models and textures. Even viewed in a vacuum, this state of affairs is disappointing, especially considering the $60 price tag attached to the collection. But looking at the bigger picture, it gets even worse. These busted remasters seemingly led to the removal of a ton of classic GTA mods, and the original versions of GTA III, Vice City, and San Andreas. With that context added, it becomes a much more frustrating situation, and one which likely doesn’t have a happy ending.

Before Rockstar officially announced the GTA remasters, fans speculated about them for months due to random leakers and insiders on various forums hinting about their possible existence. Around this same time in the summer of 2021, Rockstar and Take-Two Interactive began targeting and removing mods that were related to the classic PS2 games, including popular mods like Vice Cry, which ported Vice City to the GTA V engine. The companies also sued the devs behind a project aiming to release the reverse-engineered source code for Vice City and GTA III, which would have allowed folks to more easily port and tweak these older games.

And because fans had already been speculating that GTA remasters were in the works, and all of these mods were related to those games—often improving them or making them easier to play—many connected the dots and concluded that Take-Two Interactive was clearing the runway ahead of its own official remakes. However, Take-Two and Rockstar have yet to confirm why any of the mods or fan projects were sent DMCA takedowns or lawsuits.

[…]

Source: GTA Trilogy Remaster Not Worth The Lost Mods And Classic Games

ChaosDB Explained: Azure’s Cosmos DB Vulnerability Walkthrough – how to pwn all MS Azure’s hosted databases for all customers – also shows value of responsible disclosure

Posted on by

This is the full story of the Azure ChaosDB Vulnerability that was discovered and disclosed by the Wiz Research Team, where we were able to gain complete unrestricted access to the databases of several thousand Microsoft Azure customers. In August 2021, we disclosed to Microsoft a new vulnerability in Cosmos DB that ultimately allowed us to retrieve numerous internal keys that can be used to manage the service, following this high-level workflow:

1. Set up a Jupyter Notebook container on your Azure Cosmos DB
2. Run any C# code to obtain root privileges
3. Remove firewall rules set locally on the container in order to gain unrestricted network access
4. Query WireServer to obtain information about installed extensions, certificates and their corresponding private keys
5. Connect to the local Service Fabric, list all running applications, and obtain the Primary Key to other customers’ databases
6. Access Service Fabric instances of multiple regions over the internet

In this post we walk you through every step of the way, to the point where we even gained administrative access to some of the magic that powers Azure.

[…]

Conclusion

We managed to gain unauthorized access to customers’ Azure Cosmos DB instances by taking advantage of a chain of misconfigurations in the Jupyter Notebook Container feature of Cosmos DB. We were able to prove access to thousands of companies’ Cosmos DB Instances (database, notebook environment, notebook storage) with full admin control via multiple authentication tokens and API keys. Among the affected customers are many Fortune 500 companies. We also managed to gain access to the underlying infrastructure that runs Cosmos DB and we were able to prove that this access can be maintained outside of the vulnerable application—over the internet. Overall, we think that this is as close as it gets to a “Service Takeover”.

Disclosure Timeline

August 09 2021 – Wiz Research Team first exploited the bug and gained unauthorized access to Cosmos DB accounts.
August 11 2021 – Wiz Research Team confirmed intersection with Wiz customers.
August 12 2021 – Wiz Research Team sent the advisory to Microsoft.
August 14 2021 – Wiz Research Team observed that the vulnerable feature has been disabled.
August 16 2021 – Microsoft Security Response Center (MSRC) confirmed the reported behavior (MSRC Case 66805).
August 16 2021 – Wiz Research Team observed that some obtained credentials have been revoked.
August 17 2021 – MSRC awarded $40,000 bounty for the report.
August 23 2021 – MSRC confirmed that several thousand customers were affected.
August 23 2021 – MSRC and Wiz Research Team discussed public disclosure strategy.
August 25 2021 – Public disclosure.

Source: ChaosDB Explained: Azure’s Cosmos DB Vulnerability Walkthrough | Wiz Blog

The blog post is well worth reading

King of Ad Fraud Zhukov to reign in a US prison for years

Posted on by

Aleksandr Zhukov, a Russian national and the self-proclaimed “king of fraud,” this week received a 10-year prison sentence for carrying out a $7m digital ad fraud scheme.

Zhukov was convicted in May of multiple counts of fraud and money laundering. He was arrested in Bulgaria in 2018 and extradited to America the following year.

“Sitting at his computer keyboard in Bulgaria and Russia, Zhukov boldly devised and carried out an elaborate multi-million-dollar fraud against the digital advertising industry, and victimized thousands of companies across the United States,” said Breon Peace, US Attorney for the Eastern District of New York, in a statement.

Starting around 2014, according to court documents, Zhukov and co-conspirators launched a fraudulent ad business called Media Methane that took payment from ad networks to present ads online to internet users.

“Rather than place these advertisements on real publishers’ webpages as promised, however, Zhukov and others rented thousands of computer servers located at commercial data centers in the United States and elsewhere, and used those data center computer servers to simulate humans viewing ads on fabricated webpages,” the US government’s indictment [PDF] says.

Zhukov and his associates – seven individuals who are being prosecuted separately – are said to have rented more than 2,000 servers in data centers in Dallas, Texas, and in Amsterdam, the Netherlands. Media Methane allegedly offered ad space on fabricated web pages to ad buyers who would bid for the space. But the company showed those ads to an audience of bots.

The bots – computer programs – are said to have been designed to interact with the fake web pages so as to simulate realistic mouse movements and webpage interactions like viewing videos on social media sites. They were trained to bypass CAPTCHA puzzles, to accept cookies, and to fake being signed-in to social media services. Their code, the indictment claims, managed to avoid the fraud detection software used by several US cybersecurity firms.

To make the fraud more believable, Zhukov is said to have leased more than 765,000 IP addresses from IP address leasing companies, which he then assigned to data-center servers and entered into a global registry of IP addresses. By falsely registering IP addresses in the names of companies like Comcast and Time Warner Cable, Zhukov made it appear that the addresses belonged to residential US internet subscribers of those services. Some 6,000 domains are said to have been spoofed in this manner.

The companies victimized by this scheme, said to have netted more than $7m, include The New York Times, The New York Post, Comcast, Nestle Purina, the Texas Scottish Rite Hospital for Children, and Time Warner Cable.

According to the government, Zhukov hired various developers to help him carry out his fraud scheme and he referred to himself as the “king of fraud.” The Feds claim he personally took in more than $4.8m through the ad fraud scheme, though Zhukov’s attorneys are currently trying to convince the judge that only about $1m should be subject to forfeiture.

Criminal ad fraud prosecutions have been relatively rare. Among the more notable cases are a 2011 click fraud case against six Estonian nationals and one Russian national, another from 2017, and a medical ad fraud case from 2019.

Source: King of Ad Fraud to reign in a US prison for years • The Register

Space Launch Start-Up Spinlaunch Just Used A Giant Centrifuge To Fling A Projectile Into The Upper Atmosphere

Posted on by

A U.S. space launch start-up has, for the first time, demonstrated a kinetic-based system that’s intended one day to put small spacecraft into orbit. The SpinLaunch concept, which feels ripped right from the classic age of science fiction, is based around a vacuum-sealed centrifuge that spins an unpowered projectile at several times the speed of sound before releasing it, hurling it into the upper atmosphere, and ultimately into orbit. In this way, the company, based in Long Beach, Calif., hopes to challenge traditional rockets for putting payloads into space.

The first test flight of a prototype — a so-called suborbital accelerator — took place at Spaceport America in New Mexico on October 22, but the company only announced the milestone yesterday.

The system uses a vacuum chamber within which a rotating arm brings a projectile up to very high speed without any drag penalty, before hurling it into the atmosphere “in less than a millisecond,” according to the company, as a port opens for a fraction of a second to release the projectile. A counterbalance spins in the opposite direction to prevent the system from becoming unbalanced. The vacuum seal stays in place until the projectile breaks through a membrane at the top of the launch tube.

SpinLaunch

The moment the suborbital projectile used in the initial test is propelled out of the suborbital accelerator.

While the concept is fairly simple, the challenge of making it work reliably and repeatedly is a significant one.

[…]

The suborbital accelerator used in the first SpinLaunch test is a one-third scale version of the planned final hardware but is still 300 feet tall, Yaney explains.

The suborbital projectile used in the initial test was around 10 feet long and was accelerated to “many thousands of miles an hour,” using approximately 20 percent of the accelerator’s power capacity.

[…]

The company has future plans to add a rocket motor inside the projectile to provide for orbital flights. In that version, the rocket booster will ignite only after it separates from the projectile/launch vehicle, as you can see in this video. According to previous reports, the projectile will coast, unpowered, for around a minute, before the rocket ignites at an altitude of approximately 200,000 feet.

[…]

The idea behind SpinLaunch may indeed be “audacious and crazy,” but, if it can be fully matured, the technology would appear to offer major advantages over traditional space launch systems. Today, a rocket delivering a payload into orbit will consist primarily of fuel, by mass, reducing the size of the payload that can be carried. SpinLaunch, in contrast, envisages a much smaller rocket that carried a reduced fuel load, but a proportionally larger payload. The company currently forecasts its orbital vehicle delivering a payload of around 400 pounds into orbit.

[…]

Once the orbital vehicle is ready, SpinLaunch says it will have to move away from Spaceport America and seek a coastal space launch facility that will be able to support “dozens of launches per day,” according to Yaney. The rapid tempo of launches without the use of large complex rockets, will, in turn, bring down the costs of putting cargoes into orbit. The company claims that the velocity boost imparted by the accelerator drive results in a four-times reduction in the fuel required to reach orbit and a ten-times reduction in cost.

[…]

Source: Space Launch Start-Up Just Used A Giant Centrifuge To Fling A Projectile Into The Upper Atmosphere

Palm OS: Reincarnate – Pumpkin OS

Posted on by

[pmig96] loves PalmOS and has set about on the arduous task of reimplementing PalmOS from scratch, dubbing it Pumpkin OS. Pumpkin OS can run on x86 and ARM at native speed as it is not an emulator. System calls are trapped and intercepted by Pumpkin OS. Because it doesn’t emulate, Palm apps currently need to be recompiled for x86, though it’s hoped to support apps that use ARMlets soon. Since there are over 800 different system traps in PalmOS, he hasn’t implemented them all yet.

Generally speaking, his saving grace is that 80% of the apps only use 20% of the API. His starting point was a script that took the headers from the PalmOS SDK and converted them into functions with just a debug message letting him know that it isn’t implemented yet and a default return value. Additionally, [pmig96] is taking away some of the restrictions on the old PalmOS, such as being limited to only one running app at a time.

As if an x86 desktop version wasn’t enough, [pmig96] recompiled Pumpkin OS to a Raspberry Pi 4 with a ubiquitous 3.5″ 320×480 TFT SPI touch screen. Linux maps the TFT screen to a frame buffer (dev/fb0 or dev/fb1). He added a quick optimization to only draw areas that have changed so that the SPI writes could be kept small to keep the frame rate performance.

[pmig96] isn’t the only one trying to breathe some new life into PalmOS, and we hope to see more progress on PumpkinOS in the future.

Source: Palm OS: Reincarnate | Hackaday

Low-Cost DIY Computer Gesture Control With An I2C Sensor

Posted on by

Controlling your computer with a wave of the hand seems like something from science fiction, and for good reason. From Minority Report to Iron Man, we’ve seen plenty of famous actors controlling their high-tech computer systems by wildly gesticulating in the air. Meanwhile, we’re all stuck using keyboards and mice like a bunch of chumps.

But it doesn’t have to be that way. As [Norbert Zare] demonstrates in his latest project, you can actually achieve some fairly impressive gesture control on your computer using a $10 USD PAJ7620U2 sensor. Well not just the sensor, of course. You need some way to convert the output from the I2C-enabled sensor into something your computer will understand, which is where the microcontroller comes in.

Looking through the provided source code, you can see just how easy it is to talk to the PAJ7620U2. With nothing more exotic than a switch case statement, [Norbert] is able to pick up on the gesture flags coming from the sensor. From there, it’s just a matter of using the Arduino Keyboard library to fire off the appropriate keycodes. If you’re looking to recreate this we’d go with a microcontroller that supports native USB, but technically this could be done on pretty much any Arduino. In fact, in this case he’s actually using the ATtiny85-based Digispark.

This actually isn’t the first time we’ve seen somebody use a similar sensor to pull off low-cost gesture control, but so far, none of these projects have really taken off. It seems like it works well enough in the video after the break, but looks can be deceiving. Have any Hackaday readers actually tried to use one of these modules for their day-to-day futuristic computing?

 

Source: Low-Cost Computer Gesture Control With An I2C Sensor | Hackaday