LastPass has revealed that a senior devops engineer had their home computer hacked via an exploit in Plex that allowed the hacker to install a keylogger. The hacker was "able to capture the employee's master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer's LastPass corporate vault". Inside the "corporate vault" are "decryption keys needed to access the AWS S3 LastPass production backups, other cloud-based storage resources, and some related critical database backups". First of all, ouch. LastPass is cooked IMHO, get your shit off there and use something else. But also, Plex had a vulnerability that let this happen? And didn't tell users? A few people on /r/Plex are concerned.
Victorians with solar panels will be disappointed to learn that the Essential Services Commission has once again decreased the minimum solar feed-in-tariff (aka FIT) rates for 2023-2024 financial year. Right now the minimum rate is 5.2c/kWh, but that will be going down to 4.9c. It sucks, but there's just so much electricity in the grid during the day that the power is semi-worthless. On that topic, the Melbourne suburb of Tarneit just turned on the state's second "Neighbourhood Battery". The 120kW/360kWh unit cost $1.3m (govt funded $800,000) and means instead of way more expensive upgrades to the grid to handle power exports in the afternoon, the excess energy is shoved into this battery and sent back to the grid when needed. Unfortunately there isn't a cool dashboard for it like the Fitzroy battery.
Windows 11 got a big update overnight. The main feature is the new AI-powered Bing directly accessible via the taskbar. You still need to sign up and go on a waitlist to use it, but if you're already in the preview for the new Bing you'll be able to use it in the taskbar now. The other big feature is Phone Link for iOS. They've taken the same Bluetooth stack used by car infotainment systems to send and receive messages and deployed it in an app on Windows to send and receive iMessages (and SMS). It's not full iMessage, with all the features you get on an iOS device, but at least you can view and send them. Also in the update is Windows Studio Effects (AI touchups for video/audio calls), screen recording in the Snipping Tool, tabs in Notepad (!!), "AI-powered recommended content within your Start menu" and dozens of other little things.
The Wall Street Journal has a video explaining how someone can steal your iPhone and reset your Apple ID password, leading to money and identity theft. Apparently crims are roaming bars, watching people enter PINs on their iPhones, taking note of the PIN, then swiping the iPhone when the victim's guard is down. Soon as they have the iPhone, they enter the PIN and reset the password of the attached Apple ID - which shockingly doesn't require you to know the previous password! Once the password is reset, the device is signed out of Find My. With the new password, they've got access to other passwords in Keychain, your iCloud email and often, people use the same PIN for banking apps. SMS or app based based 2FA isn't a problem as well, they have your phone. It's a fine line between making things easy for people and making things secure.
CHOICES (ctrl + alt + delete), 2011, Jud Whimhurst, is a sculpture about the choices we all make. In the self navigated and controlled experience of the virtual (computerised) world we are able to make many split second decisions with ease, but bringing the familiar hand cursor and 'Quit' button from the virtual world and placing them before us in the real (3D) world, the environment that surround it seem to appear as if just another 'screen saver' - confronting, taunting and reminding us there are still more choices to be made. (Me! I took this photo in 2019)
📻 Swing (In A Dream) - Squid
😎 The Sizzle is curated by Anthony "decryption" Agius and emailed every weekday afternoon.
💬 Checked out the paid subscriber only forum? It's a tidy little place to discuss tech with like minded Aussies.
👋 Forums not your thing? The Sizzle has a Slack group you can procrastinate in and chat with other nerds bored at work.
💳 Paid subscriber looking to manage your billing info, change email address or cancel your subscription? Visit the customer portal.
🎁 Make someone's day and buy them a 12 month gift subscription to The Sizzle.
📚 Browse The Sizzle Archive. A few issues are missing and it's not searchable, but it's better than nothing.
🫂 Friends of The Sizzle is a small group of businesses or organisations operated by Sizzle subscribers. Support your fellow Sizzler!
💔 Tired of my bullshit? Unsubscribe and I'll never speak to you again.
The Sizzle is created on Wathaurong land and acknowledges the traditional owners of country throughout Australia, recognising their continuing connection to land, water and community. I pay my respect to them and their cultures and to elders both past and present.