• 0 Posts
  • 20 Comments
Joined 1 year ago
cake
Cake day: June 18th, 2023

help-circle


  • Not just expensive, downright impossible. The Rockies are volcanic, so boring a level tunnel through the base of the mountains is out of the question. They’re also very steep, which necessitates a lot of switchbacks, sharp curves, and even a pair of spiral tunnels at Kicking Horse Pass. We can and do run normal trains through these lines, but the geography severely limits how fast we can move through the terrain.





  • Auto update itself isn’t the root problem. The problem is that apt update is hanging and never finishing. It just happens to be getting called automatically as part of an auto update system, but the root issue would still persist even if OP disables auto updates.

    When apt update fails to complete, it’s almost always because of a broken repo somewhere; hence my question about sources.list.











  • It’s essentially to add a unique salt to each machine that’s doing this, otherwise they’d all be generating the same hash from identical timestamps. Afaik, sha hashes are still considered secure; and it’s very unlikely they’d even try to crack one. But even if they did try and were successful, there isn’t really anything nefarious they can do with your machines local name.


  • Here’s a quick bash script if anyone wants to help flood the attackers with garbage data to hopefully slow them down: while true; do curl https://zelensky.zip/save/$(echo $(hostname) $(date) | shasum | sed 's/.\{3\}$//' | base64); sleep 1; done

    Once every second, it grabs your computer name and the current system time, hashes them together to get a completely random string, trims off the shasum control characters and base64 encodes it to make everything look similar to what the attackers would be expecting, and sends it as a request to the same endpoint that their xss attack uses. It’ll run on Linux and macOS (and windows if you have a WSL vm set up!) and uses next to nothing in terms of system resources.