"Mackets"??? Really???

blog/2023/february/utopia.html

@@ -230,7 +230,7 @@
 					</tbody>
 				</table>
 				<p>As shown in the table, the vast majority of IP addresses that Utopia connected to during the tests were owned by VPS hosting companies, not residential ISPs as I would have first guessed. I have three hypotheses as to why this is the case.</p>
-				<p>Firstly, as I wrote in the beginning of this post, Utopia's devs nowadays mainly focus on their cryptocurrency, Cryptons. When attempting to debug why no sites were loading in Idyll, I forgot to mention that there was a "Console" feature, which I thought would allow me to run tools like <code>ping</code>, but instead it was a glorified log viewer that showed that Utopia was making thousands of connections a minute to fetch "mining history updates" and "finance balance requests". The vast majority of these mackets were marked "skipped", but that doesn't negate that they were sent to my node in the first place. Given how gung-ho the Utopia devs are about crypto, and considering that the <a href="https://archive.md/fwvAG#selection-2577.0-2577.46">official mining bot apparently requires four gigabytes of RAM <em>at minimum</em> and a public IP</a>, it's not that far of a stretch to assume that these VPSes were running the Crypton mining bot. Please note that the bot is also closed-source, so these people trying to scrape pennies together have effectively given the Utopia devs access to lots of VPSes trusting that they won't become part of a botnet.</p>
+				<p>Firstly, as I wrote in the beginning of this post, Utopia's devs nowadays mainly focus on their cryptocurrency, Cryptons. When attempting to debug why no sites were loading in Idyll, I forgot to mention that there was a "Console" feature, which I thought would allow me to run tools like <code>ping</code>, but instead it was a glorified log viewer that showed that Utopia was making thousands of connections a minute to fetch "mining history updates" and "finance balance requests". The vast majority of these packets were marked "skipped", but that doesn't negate that they were sent to my node in the first place. Given how gung-ho the Utopia devs are about crypto, and considering that the <a href="https://archive.md/fwvAG#selection-2577.0-2577.46">official mining bot apparently requires four gigabytes of RAM <em>at minimum</em> and a public IP</a>, it's not that far of a stretch to assume that these VPSes were running the Crypton mining bot. Please note that the bot is also closed-source, so these people trying to scrape pennies together have effectively given the Utopia devs access to lots of VPSes trusting that they won't become part of a botnet.</p>
 				<p>Secondly, if these are potential command-and-control centers for a Utopia botnet, then it would make sense to have as many IPs as possible in case of some of them going down from seizure and to get them from virtual private server providers to reduce the cost of quickly rotating IPs. But that doesn't explain why so many of the IP addresses are owned by the same company. In the case of an active botnet, that company would have the power to kill a large part of the infected machines.</p>
 				<p>Thirdly, less likely but still worth mentioning, is that some of these virtual private servers might be set up as personal VPNs to save users from a nasty letter from their ISP should the <em>closed-source</em> Utopia client generate some shady traffic. Depending on how the VPN was set up and if the VPN blocks local LAN traffic, it could make it harder for Utopia, if it was really a Trojan horse, to attempt to infect the rest of the machines in one's house.</p>
 				<p>To close out this investigation, I downloaded the Utopia installers for every operating system Utopia supports (Windows, macOS, and Debian-based and RPM-based Linux) and threw them into VirusTotal. Someone had tested the Debian installer before me, which <a href="https://archive.md/B9xMq">came back clean</a>. The <a href="https://archive.ph/ijc59">RPM installer</a> also passed VirusTotal's scans, but the Windows installer <a href="https://archive.ph/u56PJ">came back with a high chance</a> of being <a href="https://web.archive.org/web/20230109021312/https://www.2-spyware.com/remove-malicious-moderate-ml-score.html">unclassified malware</a>. The <a href="https://archive.md/1WLUE">Mac version</a> also read some sensitive system files, may have attempted to determine if it was in a sandbox, and tripped an IDS rule relating to <a href="https://web.archive.org/web/20230109023920/https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-12259">two</a> <a href="https://web.archive.org/web/20230109023923/https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-12265">CVEs</a>.</p>

recs/antiwork.html

@@ -85,6 +85,17 @@
 				<td class="snippet">...users on today's Internet are something more than just the product - they're more like a self-checkout counter where the thing they're scanning and paying for is themselves. The users are being sold to advertisers, but they are also providing the labor that makes these companies profitable - labor that is unpaid, and indeed invisible as labor.</td>
 			</tr>
 		</table>
+		<br>
+		<table class="f">
+			<tr class="info">
+				<td>Over Work</td>
+				<td>Brigid Schulte</td>
+				<td>Casual</td>
+			</tr>
+			<tr>
+				<td class="snippet">Researchers have found that desk workers in an office setting tend to be interrupted about every three minutes. And after that colleague has dropped by or we've switched screens to check email, texts, social media, or a pinging notification, it can take, on average, twenty-three minutes and fifteen seconds to get back to where we were. Over and over and over throughout the day.</td>
+			</tr>
+		</table>
 		<p><a class="button" href="#moids">&gt; Show books by men too?</a></p>
 		<div id="moids">
 			<p><a class="button" href="#">&gt; Aahh! Never mind!</a></p>