It appears that Ars Technica is not very technical, or up-to-date on tech. Today's "LimeWire" is just a basic centralized WeTransfer-like file transfer service, with a crypto NFT token attached. Real LimeWire, the P2P Gnutella client, has long been dead. Old versions can't connect anymore, probably due to bootstrap servers being offline.
But this entire article is based on Reddit, so that very much explains it.
No? The entire first part of the article is about the decision to kill/delay the episode, which has been widely reported on. The LimeWire-specific stuff only comes fairly far down
The entire important part of the article, i.e. the headline and why it is something that Ars would be reporting on.
Your objection is silly. They're not reporting on that thing that everybody knows about, they don't know anything special about, and is not part of their beat. Instead they're copying from reddit, badly.
edit: I've gone through the article, and I guess I'm dumb. They're using a Reddit thread as an excuse to recount a story that they have no part in and no expertise to report on. A fake Limewire story is supplying the linkbait of an excuse for a tech website to do a "Trump bad" story. Ars is fully owned by Condé Nast.
They didn't know it wasn't Limewire because they didn't give a shit about the Limewire part.
Yes, found the malware in json-mappings. /lib/const.js contains DEV_API_KEY, which is a base64 encoded URL to the actual malware, hosted on an external service. This variable gets used by /lib/caller.js to download and run it. The rest of the project is just copied from pinojs/pino.
Thanks a lot for investigating this further. I'll write a cleaner blog post to alert other potential victims. From the package downloads they're hacking around 200 people per week, just with `json-mappings`. I've definitely would have fallen myself if it wasn't for the few red flags they didn't even try to avoid.
Just quickly deobfuscated the payload as well (this is fun). It's a cross-platform infostealer that would've taken your browser cookies, saved passwords, clipboard, and different files including crypto wallets, documents and images.
Their C2 is 144.172.115[.]116 (RouterHosting LLC / Cloudzy in Utah, USA) on ports 8085-8087 over HTTP and WebSockets.
> I've definitely would have fallen myself if it wasn't for the few red flags they didn't even try to avoid.
Always use a VM for this kind of stuff, even if you're interviewing at Google. More advanced threat actors could also fake Github stars or NPM downloads, or even use a hijacked dependency that used to be legitimate.
This article is 5-10 years late. Flatpak already won this battle. All that is still lacking is for some apps (including Steam) to ship official Flatpak packages, and properly integrate with its permissions system.
Linux is already challenging Windows. It has consistently growing adoption with gamers, more so than ever before. There won't be a "year of the Linux desktop"; this shift happens over time, not suddenly at once.
I've found that these patterns are very specific to OpenAI models. My guess is that they're being introduced through some kind of post-training fine tuning process. It's not something inherent to language models, and other models are typically far more natural and variable in output structure.
"Going Dark" is perhaps the most honest and realistic branding yet, on multiple levels.
We're going into the darkness of authoritarianism, and as a result we'll have to go dark to communicate freely and privately. It's also a perfect description of Europe's fear-based decelerationist attitude towards technological innovation, and how we're fully dependent on outside countries for technology as a result.
reply