This would hardly be a surprise. The NSA TAO was responsible for EternalBlue. And they have straight up stated that they hold on to some zero-day vulnerabilities for use. Hacking a “Microsoft Exchange Mail to attack and control the mail server of a major Chinese military enterprise” to collect SIGINT is rather exactly why the NSA exists. They should be assumed to be a state sponsored APT like any other.

WoTC did release the Guildmaster’s Guide to Ravnica a few years back. It was supposed to be one of the planes from the MTG universe. Not sure if it would fit your ideas, but it could provide a jumping off point.

Sounds like we should expect another price hike soon.
That said, Apple TV+ does have some good shows, and they haven’t yet built Netflix’s or Amazon’s track record for killing off shows, yet. I’ve reached a point where I don’t really want to start a new show, before knowing how many seasons it got before being canceled. Too many shows I like have faced the axe, mid story, for me to want to get invested in another show which will go one or two seasons then just die. But, I’m still willing to give Apple the benefit of the doubt in this regard.

Movie theater audio systems continued to go big blue baby boinking bonkers. Remember when the THX logo wasn’t survivable by children under 7?

Yes

So, the solution to completely fucked up sound is to use a device to mangle that sound back into something which isn’t complete shit?
And yes, I understand it’s about the director wanting the loud sounds to be loud. But, when your art direction means that a major (if not majority) of your audience is going to have to “fix” your artistic direction, your artistic direction is the problem.

p.s.: don’t mean to jump down your throat, this is just one of those things that grinds my gears. Along with the “let’s make everything too dark to possibly see” art direction which has become popular.

I think it’s less about the tech picked and more about developers with no sense of security and a poor understanding of networking. I’ve seen far too many web applications where the developer needed some sort of database behind it (MySQL, PostGres, MSSQL) and so they stood up either a container or entire VM with a public IP and whatever the networking layer set to allow any IP to hit the database port. The excuse is almost always something like, “we needed the web front end to be able to reach the database, so we gave the database server/container a public IP and allowed access”. Which is wonderful, right up until half of the IP addresses in Russia start trying to brute force the database.

Ya, Secure Boot is really only useful for corporate devices or very specific people who might actually be targeted by state level attackers. For most of us, it’s not worth the hassle.

For me, it’s a kinda simple rubrick:

• First and foremost, is the money actually available - I was a pretty bad financial fuck-up in my 20’s. I learned a lot about money and credit, but the cost of that education was a lot higher than I would have liked. So, being sure the money is actually there and won’t cause me trouble down the line is always the first thing. Credit is OK for some major (generally secured) purposes, but frivolities should be cash in hand.
• Second, do your homework - If you plan to make a major purchase, spend some time researching the thing, its costs and everything else about it before hand. We live in an amazing time of information availability, go online and learn the upsides and downsides to the thing. Also, try to get a feel for the cost of the thing. You should go in knowing what you want, the features you’re looking to get on said thing and have a rough idea of how much the thing will cost.
• Third, “Wind the clock” - this means that you should step away from any major purchase and take some time to consider it. If the sales critter insists that they won’t be able to make the same deal tomorrow, don’t walk, run. Time pressure is the most basic sales tactic. If the deal isn’t going to look good to me when I reevaluate it tomorrow, I sure as fuck don’t want to take it today. It’s not that I won’t make a purchase the same day, but I also go in willing to drive down the street and start negotiations over again with the next sales critter.
• Finally, it’s just money - If you have the money and have the right deal for the right thing, quit your belly-aching and commit. Ya, you probably just fucked up and you’ll learn that as you go. But, the experience will probably be valuable to you. Maybe it won’t quite reach the value of the money it cost you, but you’re unlikely to actually know that until after you’ve spent it. Money sitting in the bank won’t buy you happiness. Money spent on experiences might. So, go spend some money. Have those experiences and realize that you can always make more money, you cannot make more time.

There used to be readable how-tos and tutorials for things, and now all that’s left is 45 minute YT videos littered with influencer garbage.

This is so much of what I hate about the internet today. Many, many things which should be a single page wall of text is now some 20 minute video which just shows the person doing something, with terrible music in the background and fuck-all for deep explanations. I do understand how hard it is to write those deep explanations, my own blog has gone over a year without an update. But fuck, if you’re the type of person who can be constantly working and posting, this seems like something that should be reasonable to do. Of course, monetizing the written word is harder. I know some writers are getting there on substack,. but that seems like a platform where you need to have an audience first and then you can monetize it. There isn’t really any discoverability in substack. If people don’t know you’re there, they won’t find you.

Dashes, of all kinds need to fucking die, die, die.
While not completely fair, my burning hatred of dashes comes for word processing applications automatically replacing hyphens and especially double hyphens in code with dashes. And this never gets caught until said code needs to be copy-pasted back into a functional application, and it fails. Sometimes in weird and horrible ways. So, while it’s the auto-replace which causes the problem, the existence of dashes is proximate enough that they all need to be burned out of existence for all time.

If the murky depths of my memories of school is correct, the location of the period is dictated by whether or not it is part of the quote. So, if the quote should have a period at the end, it goes inside the quotation marks. If the quote does not include the period (e.g. you are quoting part of a sentence), but you are at the end of a sentence in your own prose, you put the period on the outside of the quotation marks.

While “broom the floor” isn’t common, “sweep the floor” is. Of course, why we use the tool name as a verb in the case of “mop” or “vacuum”, but not in the case of “broom”, is another case of English being English. But, you shouldn’t expect consistency out of English. It’s not really a language, it’s several languages dressed up in a trench-coat pretending to be one.

The aircraft landed safely and even taxied to a gate under it’s own power:
https://www.latimes.com/california/story/2025-07-20/delta-plane-lands-safely-at-lax-after-engine-fire-caught-on-video

Redmond’s previous system relied on digital escorts — American employees with proper security clearances — to monitor the foreign engineers working on the systems. However, it’s been noted that some of these U.S. citizens weren’t knowledgeable enough to determine if the person they were monitoring was doing regular work or putting in a backdoor.

This is a problem all over the FedGov. I’ve been on both sides of this situation. I’ve been a contractor escorted into spaces I was not cleared to be in. And, I’ve escorted contractors in cleared spaces. I can kinda see how the situation developed. When I was a contractor being escorted, the folks escorting me were great folks, but most knew fuck all about computers. I could have been up to some pretty shady stuff, and they likely would not have recognized it. Also, as physical escorts who were comfortable with me, they weren’t exactly monitoring the screens all that closely. Even when it was me escorting contractors, I wasn’t always completely knowledgeable about their work. Sure, I might know more about computers than some folks, but I don’t know everything about everything, and it’s possible that they could have slipped one past me.

All that said, when I was doing this stuff, I was subject to background checks on the regular. While they didn’t quite go to the level of stuffing a microscope up my arse, I wouldn’t have been surprised if they asked about it. So, how the fuck did Microsoft end up with Chinese nationals working on DoD systems? While I’m sure there’s some great IT folks over there who just do their jobs and wouldn’t get involved in spying/sabotage, this is just plain stupid. We’re putting systems for our military in the hands of folks under the direct influence of once of the US’s main adversaries.

Default credentials in network infrastructure? What year is it?

What mobile provider are you using? I know that T-Mobile IP addresses tend to get me a lot of captchas. And that’s related to their use of CGNAT, which means that the server sees many different identifying characteristics all coming from a single IP address. Also, geoip location of systems is really unreliable for T-Mobile IPs.

who was running the compromised infrastructure?

The DoD report doesn’t get into it. It repeatedly references “a US state’s Army National Guard network”. Which, is probably not the same network as the US Army’s network. It’s also likely to be an Unclassified network; so, it’s not quite as bad as it could be. But also not great.

the US military doesn’t do its own IT anymore. It’s all outsourced to Microsoft and other cloud providers to the tune of tens of billions of dollars.

While some of it is on Microsoft’s and other cloud providers, there is also a lot which isn’t. On top of that, much of the stuff “in the cloud” is all IaaS or PaaS. So, while MS, et al. run the hardware, the operating systems and software is often run by the IT departments for the various branches and programs. These IT departments will be some mix of US Civilian State or Federal employees and then a lot of IT contractors. Generally, the people doing the actual IT work are contractors working for companies like Boeing or Booz-Allen-Hamilton.

I’d like to know which sloppy cloud contractor is responsible.

If you want to find the people responsible, find the managers who have programs on the “state’s Army National Guard network” (as the report puts it) and figure out which one of them either authorized some sort of “shadow IT” project, or just threw a hissy-fit every time the IT folks tried to roll out patches. That’s often how these things go. The report mentions multiple CVEs which were exploited, and I’d place a pretty large bet that they were unpatched in the environment because some manager whined loud enough to get his assets exempted from patching. All too often these types of vulnerabilities hang out there far too long because some department wants high availability on their stuff, but aren’t willing to pay for high availability. So, they bitch and moan that they should be exempt from regular patching. And upper management isn’t willing to back IT and say, “no you aren’t special, you get patched like everyone else”.

Why do you believe life has meaning?

I personally don’t believe life has any meaning, other than the one you choose for your own life. It’s rather terrifying and freeing at the same time. If there is no meaning, and if there is nothing else, no higher power, then this is it. You get the time you get, running around as self aware stardust, and then it ends. Everything that is “you” flips off one day and there is nothing but oblivion as the stardust you were slow seeps away. But, that also means that you don’t have to live up to anyone else’s idea of what your life should be. You can make your own path, your own meaning, and fuck the people in funny hats who try to tell you otherwise. You are you and no one else gets to define what that is.

I was pondering why people fight so hard to beat diseases and live a few more years. What are they planning to do? Why exert effort just to be here longer when you don’t have a reason?

If this is all there is, if oblivion is on the other side of the door, I’ll scrabble for every day existing that I can get, thank you very much. Sure, I have my own beliefs and things I would willingly accept oblivion for. But, if those aren’t on the table, I’m gonna keep on existing as long as I can. It’s one of the few things I’m pretty good at.

This is basically me every night. Unless I go to bed at 3am, I usually toss and turn for an hour or more. So, I listen to audiobooks. Nothing heavy, usually just sci-fi or fantasy. Basically cotton-candy for the mind. Unless I have a good lecture going, the Great Courses stuff is soothing. But, that usually distracts me enough that I finally fall asleep. I use a single ear bud in my right ear and set a sleep timer so that the book shuts off after a reasonable time. That usually gets me close enough to sleeping that I can finally get the rest of the way.

The only downside to this plan, is when you get a really good book, with a good reader and you start getting towards the end of the book. The temptation to go just one more chapter is hard to resist.

Bitcoin is a ponzi scheme with a really long time horizon. In a way, any fiat currency kinda is as well. The difference is that a government backed fiat currency like the US Dollar is backed by the US Government saying “you will accept the USD, or else”. That backing keeps the game running. Bitcoin has nothing like that. The only reason it keeps going is because of speculation, money laundering and the purchase of black market goods.

So, as long as you can go buy drugs or move money across borders with Bitcoin, it will have value. As long as it has value, some folks will speculate on it. That can keep prices up, right up until it doesn’t. So, as is always the case for speculative assets, caveat emptor.