Notices by Tim W RESISTS (tim@union.place), page 2

Omg if you type a number and hit the "CONST" button on this thing it has 128 scientific constants stored.

Definitely requires some memorization still though... The °F constant is just 5/9, so you have to subtract 32 yourself if you're going for °C.

I wonder what kind of battery this "two way power" vintage calculator (at least 25 years old) takes...

5 screws later: oh look, it's an LR44, I have a stash of those.

Good as new! Now if only it could copy/paste to my computer it could replace the calculator app...

@TechCrunch why does anyone care what he has to say?

#EndBillionaires

Okay, now I am ready for today's activities! #union #protest #tuftsuniversity #maskup

@tillshadeisgone I just want to say thank you for posting this; as a cis white male I've been wrestling with instance-level action for this, and your take is very helpful and appreciated.

Tufts full-time professors have been working without a contract since JUNE 2024!

Before then, their cost of living increased 21% and their salary only increased 13%!

The total cost of salaries for all faculty is only 3.5% of the university's annual budget! 🤯

This just keeps getting worse!! #Tufts #tuftsuniversity #MedfordMA #SomervilleMA #MApoli

@drscriptt yeah we started off as an OpenSRS reseller and then moved on to being an accredited registrar. Domain registration was generally a combination with our DNS for your own domain services.

@lisagetspolitik I know less about anything specialty today, bit I know (or at least used to know) a lot about the landscape of 20 years ago! 😀

Next time on #DynDNSHistory I'll talk about credit card processing - it was so much more complicated than just getting a Stripe account those days.

The hoops and shenanigans we had to go through as a small start-up doing online card processing in those early days were wild.

7/7

I don't remember if we ever turned any of them into actual customer domains for our free services - I don't THINK any of them happened to be good for that purpose.

Credit card fraud was a huge pain back then (not that it isn't now) - there wasn't nearly the range of intelligent analysis and risk assessment that's out there today. And as I recall we got chargebacks via fax (or had to respond via fax, maybe both). The bad old days...

6/?

This one led to some of the most interesting things about abuse - getting surprising new domain names! When someone bought a domain with a stolen credit card, there was usually no way for us to cancel the registration (eventually we could if we caught it fast enough, but by the time there was a chargeback it'd for sure be too late).

So, we figured - we paid for these, I guess they're ours now! I don't remember any specifics, but there was definitely some weird ones in there.

5/?

Once we started doing paid services, the credit card fraud really picked up - in some cases it just seemed like they were using us to check stolen cards before using them for something bigger, other times they were really trying to get services.

I never quite understood the logic of the second one - you have to know it's not gonna last for long when you're using someone else's card. But maybe people don't notice and report the fraud?

4/?

We eventually got plugged into the InfoSec community, though, and were able to build systems to detect this and both take action (blocking accounts, etc) and also collect information to help security researchers.

I take my users' security and privacy seriously, but if you're doing malfeasance, it all goes out the window - you're not a user anymore, you're an abuser. And don't worry, we put that in our ToS too.

3/?

The next one, which also started surprisingly early, was using #DynDNS hostnames for botnet command and control. That's what actually got me involved in the #infosec community (and where I met @jtk !)

DynDNS was good for C&C because they could move it around quickly, and have the bots follow. If the C&C got taken down, boom, switch to a new one. We were unintentionally helping them keep their control going.

2/?

Today's #DynDNSHistory brought to you by @jtk , who asks about early or interesting abuse-related issues.

There's lots here so this one will be a thread...

The first one that jumps to mind is credit card fraud. This isn't really surprising/interesting in the later days, but what surprised me was that people used stolen credit cards even when we were just taking donations.

Like, really? You're going to abuse some kids who are just trying to run a free service? Not cool.

1/?

@thomas I pay for this translation service for my users, I have no idea if we're getting our money's worth out of it, I know I personally don't...

@thomas I would also love a server or user-level setting for "automatically attempt to translate if the language doesn't match my preferred language" so I don't have to click the "translate" button a billion times.

@thomas yes, that can also be a problem, though the default of copying the interface language at least helps a bit.

To be fair to multi-lingual posters the UI is not fantastic. It'd be nice if it could interface with some kind of language detection API, though a) I'm not sure if such things exist and b) if they're not shitty for privacy.

I sure do wish Mastodon's language filtering actually worked...

@wordshaper my go-to is "yet"