This thumbnail is so full of shit I won't be clicking.
I gave WinXP its very own public IPv4 address for an entire month and literally nothing happened. Squeaky clean at the end.
Conversation
Notices
-
Embed this notice
GNU/r000t (r000t@ligma.pro)'s status on Tuesday, 14-May-2024 17:28:57 JST 
GNU/r000t
- Pleroma-tan likes this.
-
Embed this notice
(mint@ryona.agency)'s status on Tuesday, 14-May-2024 17:28:54 JST 
@p @r000t Sounds like a good argument for IPv6 :troll3d::troll2014::darktroll: -
Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Tuesday, 14-May-2024 17:28:55 JST 
pistolero
@r000t Ah, he's written "2024". He might be full of shit: the "10 minutes" figure was from a paper a security researcher put out some time around (I *think*) SP2 about how bad unpatched XP was. I would be really surprised if it was still 10 minutes.
I can say that if I put a machine on a new IPv4, one that has been completely dark for at least two years, the ssh brute-force attempts start in just a few minutes. (I had set up an experimental honeypot to see if I could cut down on ssh brute-force attacks by just dropping all traffic from any machine that tried to connect to port 22 on the previously unused address, with no DNS assigned to it except upstream's reverse DNS. It didn't even make a dent, there are too many boxes doing that nowadays.) likes this. -
Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Tuesday, 14-May-2024 17:28:56 JST
pistolero
@r000t I don't see a thumbnail, but I imagine that people don't try to scan for XP-related stuff any more. -
Embed this notice
GNU/r000t (r000t@ligma.pro)'s status on Tuesday, 14-May-2024 17:28:56 JST
GNU/r000t
-
Embed this notice
(mint@ryona.agency)'s status on Tuesday, 14-May-2024 17:31:00 JST
@p @r000t There's one attempt on Win2k in 2022, but I can't call it authentic since the guy publicly announced his experiment with an IP in post.
https://www.youtube.com/watch?v=zao2CUAP3dU
Still an entertaining watch. -
Embed this notice
GNU/r000t (r000t@ligma.pro)'s status on Wednesday, 15-May-2024 01:17:02 JST
GNU/r000t
@teratology
Am I the only person who just isn't bothered by ssh brute force?Your properly-configured sshd should be accepting only key auth. Let randos try all the passwords they want. There is not one. Everything else is gravy. No root login, fail2ban, different port, port knocking... defense in depth is nice and good practice, but the only attack vectors not covered by "it's key auth only" can only be solved by only allowing ssh from internal address space.
@pPleroma-tan likes this. -
Embed this notice
cipote :bishrexual: (teratology@the.asbestos.cafe)'s status on Wednesday, 15-May-2024 01:17:03 JST 
cipote :bishrexual:
@p @r000t yeah so what can you rlly do aside from Ip tables ? Pleroma-tan repeated this. -
Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Wednesday, 15-May-2024 01:50:59 JST
pistolero
@amerika @ongo @r000t Wouldn't know; the last Windows I actually ran on purpose was 98. By the time XP was out, Windows had shat itself on my machine and I decided to reclaim the disk space it was occupying for Linux. ✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Wednesday, 15-May-2024 01:51:00 JST
pistolero
@amerika @ongo @r000t OSX 10.0 looks downright sober compared to XP.
2001_Mac_OS_X_10.0.4_(Cheetah).png
windows_xp_screenshot1.jpgHaelwenn /элвэн/ :triskell: likes this. -
Embed this notice
≠ (amerika@annihilation.social)'s status on Wednesday, 15-May-2024 01:51:00 JST 
≠
@p @ongo @r000t
Compare it to what came before. The Windows clowns just took it to excess and reeled it back in later, as they always do. Claim big territory, then keep what you can. -
Embed this notice
≠ (amerika@annihilation.social)'s status on Wednesday, 15-May-2024 01:51:01 JST
≠
@p @ongo @r000t
Ah... I'd blame the Macintosh for that one. -
Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Wednesday, 15-May-2024 01:51:02 JST
pistolero
@ongo @amerika @r000t It was the beginning of Fischer-Price computing. It was disgusting. The first thing anyone did was find the setting that stopped the colors. -
Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Wednesday, 15-May-2024 01:51:04 JST
pistolero
@amerika @r000t
> Now let's try it with
The context is that r000t tried this and it did not work.
> Lots of people still quietly using XP.
They get what they deserve. Even Server 2k3 runs Civ2, so there is literally no reason to ever use XP. -
Embed this notice
Ongo Gablogian (ongo@gh0st.live)'s status on Wednesday, 15-May-2024 01:51:04 JST 
Ongo Gablogian
@p @amerika @r000t BUT I LIKE THE COLORS -
Embed this notice
≠ (amerika@annihilation.social)'s status on Wednesday, 15-May-2024 01:51:05 JST
≠
@r000t @p
Now let's try it with even some basic security precautions taken...
Lots of people still quietly using XP. -
Embed this notice
≠ (amerika@annihilation.social)'s status on Wednesday, 15-May-2024 02:48:53 JST
≠
@p @ongo @r000t
I liked Windows for desktop stuff, and of course certain software packages, so I have to not "on purpose" run it, but prefer the elegance of UNIX-derived systems. The VMS-influenced model of Windows is impressive but corporate lunacy has stacked it with tons of bullshit. -
Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Wednesday, 15-May-2024 02:48:53 JST
pistolero
@amerika @ongo @r000t I was actually running LiteStep most of the time; it never felt like a nice desktop system, just a thing that was there, arguing with me about what I could do to my computer and crashing. If I didn't have a winmodem, I probably would have ditched it sooner, but one day I upgraded my motherboard and Linux booted and Windows wouldn't, safe mode crashed. Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Wednesday, 15-May-2024 03:00:15 JST 
Haelwenn /элвэн/ :triskell:
@p @r000t @teratology Heh, for SMTP here I use ssh: sendmail = ssh server_machine sendmail in mutt/gitconfig/…
(btw for the complete idiots that tend to pester me everytime: No I do not use Sendmail, sendmail(1) is a de-facto standard command)Basically because I'd rather not deal with SASL client certificates, way too close to x509 in most servers (and I'd rather not vendor-lock myself), and then making clients use it sounds like yet another pain.
-
Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Wednesday, 15-May-2024 03:00:16 JST
pistolero
@r000t @teratology
> Am I the only person who just isn't bothered by ssh brute force? [...] Let randos try all the passwords they want.
I think you think that the reason it annoys me is that I am worried they'll get in. This is not the case. It is annoying to have the log files filled with mostly garbage, because I have to sift through the log files for useful information sometimes. So most of the machines where that matters, I drop traffic from hosts or subnets based on behavior.
> Your properly-configured sshd should be accepting only key auth.
Depends entirely on which failure modes you are comfortable with for which machines. It's also not possible to do things this way for a lot of services: SMTP, for example. -
Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Wednesday, 15-May-2024 03:00:19 JST
pistolero
@amerika @Suzu @ongo @r000t
iwasinthepool.jpe✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
≠ (amerika@annihilation.social)'s status on Wednesday, 15-May-2024 03:00:20 JST
≠
@Suzu @p @ongo @r000t
An early Habbo Hotel... oh wait that was Microsoft Bob. -
Embed this notice
Suzu (suzu@detroitriotcity.com)'s status on Wednesday, 15-May-2024 03:00:21 JST 
Suzu
@p @amerika @ongo @r000t we used to call it "Windows Xuxa Park", based on the theme park of a 90's kids entertainer. -
Embed this notice
0 (https://gh0st.live/users/0)'s status on Wednesday, 15-May-2024 03:40:09 JST 
0
@mint @p @r000t that's not funny. :niggahhh: likes this. -
Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Wednesday, 15-May-2024 07:47:04 JST
pistolero
@lanodan @r000t @teratology
> Heh, for SMTP here I use ssh: sendmail = ssh server_machine sendmail in mutt/gitconfig/…
:tyrellsmug:
(Does not work so great without keys or with weird mail clients, though. My mail server being on the LAN, though, I can whitelist its IP on the exim relay list.)
> for the complete idiots that tend to pester me everytime:
I didn't know that there are people that both (1) know that Sendmail is a mess and (2) don't know that the sendmail program became a de facto interface. I am disappointed by new things every day.
$ pkginfo -o $(which sendmail)
Package File
exim usr/sbin/sendmailHaelwenn /элвэн/ :triskell: likes this. -
Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Wednesday, 15-May-2024 10:22:34 JST
pistolero
@NonPlayableClown @0 @r000t @mint Oh, no, I like ehternet, ethernet's great. IPv6 is a botch. ✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
NonPlayableClown (nonplayableclown@postnstuffds.lol)'s status on Wednesday, 15-May-2024 10:22:35 JST
NonPlayableClown
If only we can all use token ring again 🤪 -
Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Wednesday, 15-May-2024 10:22:36 JST
pistolero
@0 @mint @r000t
# I HATE THE ANTICHRIST I HATE THE ANTICHRIST I HATE THE ANTICHRIST I HATE THE ANTICHRIST
# I HATE THE ANTICHRIST I HATE THE ANTICHRIST I HATE THE ANTICHRIST I HATE THE ANTICHRIST
# I HATE THE ANTICHRIST I HATE THE ANTICHRIST I HATE THE ANTICHRIST I HATE THE ANTICHRIST
# I HATE THE ANTICHRIST I HATE THE ANTICHRIST I HATE THE ANTICHRIST I HATE THE ANTICHRIST
# I HATE THE ANTICHRIST I HATE THE ANTICHRIST I HATE THE ANTICHRIST I HATE THE ANTICHRIST
awk '{di="\"echo net.ipv6.conf.all.disable_ipv6=1>>/etc/sysctl.conf;sysctl -p\"";print "ssh root@" $1, "sh -c", di, "||", "ssh", $1, "sudo sh -c", di}' ~/.ssh/known_hosts
All GNU social JP content and data are available under the 
