User uses a credit card, either a legitimate one or a stolen one, to buy access to a site. They download all the content that their purchase gives them access to. Then they (or the card's legitimate owner) initiate a chargeback. They "lose access to" the site but they already have everything that's there for free, and they add it to their library of other stolen content.
Note that, under my reading of these rules, Baldur's Gate 3 would not be allowed on Kickstarter. Nor would Mass Effect, since it has "sex acts or implied sex acts" (depending on what they mean by "implied").
Adult industry is digital content that can be "purchased" and then scraped before the chargeback goes through. Now the user has all the content that the site/model/whoever offers and didn't pay anything for it; they can then share it around, resell it, whatever.
It helps that a lot of people have no respect for the people producing the content; they'll happily consume it, but they refuse to acknowledge any work that goes into it or that people should be compensated for what they've created.
You don't even really need that; you just need to wait until the user runs `sudo` and then you also run `sudo` after they authenticate. Now you're root, boom. It doesn't get you the password, but once you're root you can backdoor to your heart's content and then you probably don't need it.
Alternately, run `sudo --non-interactive --validate` over and over until it succeeds. For some reason, using noninteractive doesn't log to the auth log/journald the way trying and failing to actually run a command would.
Edit: the loop only works assuming you can run this sudo command in the background in the user's shell so that you can pick up the same sudo session when they auth, which is honestly unlikely. Easier to wrap sudo in a command that just also runs sudo and then immediately runs something else.
I mean, this is basically why you press Ctrl-Alt-Del to log in on Windows NT and Win2k - because it's a keystroke that malware couldn't trap, so they can't put up a fake login screen because the OS will override it anyway.
FWIW, the base images they're talking about do not contain an entire OS. In fact, they're lacking a colossal amount of the most basic stuff that qualifies as 'an entire OS'. In many cases, your base images are 'a program to install more stuff if you need it', a shell, and coreutils.
Google promised their Nexus phones would get new versions of Android for X years then, after selling a bunch of them, just changed their mind.
I'm having a hard time googling it since every result that comes up is about Google cancelling Nexus phones entirely way back when, but I remember a lot of Nexus users were kind of PO'ed about it.
Correction: if the manufacturer chooses to provide updates, and they don't have to, they must continue to make those updates available for five years after end of sales.
In other words, manufacturers aren't required to publish updates at all, but if they do provide updates they have to make them available to users for five years after they stop sales. This only stops the case where a manufacturer ships a device and publishes updates for the device, but then takes those updates offline after they stop selling the device (but before 5 years is up).
A laptop built entirely around AI, which is definitely a stable business that will be around in its current form indefinitely and whose cost definitely won't go up once Google needs to start making a profit on it.
reply