If you disable it you can prevent Microsoft from force updating your windows 10 install to windows 11. Obviously a play to get people to buy new hardware for 11 but a useful anti feature I suppose until you can stomach switching to Linux.
One of our c suite went to a conference and got wowed by a booth that used cloud AI services to generate crypto on a refrigerator so now we’re also a cloud company.
There are tons of machine learning algorithm libraries easily usable by any relatively amateur programmer. Aside from that all they would need is access to a sufficient quantity of geographically tagged photographs to train one with. You could probably scrape a decent corpus from google street view.
The obtainability of any given AI application is directly proportional to the availability of data sets that model the problem. The algorithms are all packed up into user friendly programs and apis that are mostly freely available.
I imagine if this attacker wasn’t in a rush to get the backdoor into the upcoming Debian and Fedora stable releases he would have been able to notice and correct the increased CPU usage tell and remain undetected.
I think ideas about prevention should be more concerned with the social engineering aspect of this attack. The code itself is certainly cleverly hidden, but any bad actor who gains the kind of access as Jia did could likely pull off something similar without duplicating their specific method or technique.
as long as you’re up to date on everything here: https://boehs.org/node/everything-i-know-about-the-xz-backdoor
the only additional thing i’ve seen noted is a possibilty that they were using Arch based on investigation of the tarball that they provided to distro maintainers
people do pay for discord though. that was the entire justification for Nitro and Server Boosts. they made $440 million in revenue in 2022. they aren’t publicly traded so there’s no way to compare that with expenses, but i’d be pretty surprised if they weren’t turning a significant profit.
I don’t foresee anyone with the kind of data needed to do more investigation releasing it to the public, so I doubt we’re going to be getting any satisfying answers to this. Microsoft may have an internal team combing through github logs, but if they find anything they’re unlikely to be sharing it with anyone but law enforcement agencies.
we know about the singapore VPN because they connected to IRC on libera chat with it. the only reason I can think people would believe they’re from hong kong is because of the pseudonym they used, but it’s not like that proves anything.
see link posted in another user’s reply: https://boehs.org/node/everything-i-know-about-the-xz-backdoor#irc
he was using a singapore VPN and had access to multiple sockpuppets. we know literally nothing else about them and anything you’ve heard to the contrary is baseless rumor.
leading theory is that it was a state-sponsored actor, but frankly even that much is speculation and which state is still way up in the air.
There’s a default invisible prompt that precedes every conversation that sets parameters like tone, style, and taboos. The AI was instructed to behave like this, at least somewhat.
It means they can’t make porn images of celebs or anime waifus, usually.
Wow the head of AI for MS doesn’t know what the word freeware means.