Hacker Newsnew | past | comments | ask | show | jobs | submit | oogali's commentslogin

The US has been doing this for a long time (1997), on a targeted basis.

https://en.wikipedia.org/wiki/Carnivore_(software)


It’s doable as it’s what I use to experiment.

Ollama + CodeGPT IntelliJ plugin. It allows you to point at a local instance.


I also use Ollama for coding. I have a 32G M2 Mac, and the models I can run are very useful for coding and debugging, as well as data munging, etc. That said, sometimes I also use Claude Sonnet 3.5 and o1. (BTW, I just published an Ollama book yesterday, so I am a little biassed towards local models.)


Thanks for the book!


NYP-BOS

May 7, 7:50pm-12:15am

$20

    [X] Weeks in advance
    [ ] Middle of the night


Hmm, maybe it's middle age catching up with me, but a train pulling in South St at quarter after midnight feels like the middle of the night to me.


Why would I commute from NYC to Boston at 8pm on a Tuesday? The fact that this is one of the few counters you could find only proves my point.


Ride is already too long to use as a commute


The flip side is companies that are not active participants in the open source community (but know they use open source), are pinging all their engineering managers and asking "are we exposed to this!? how do you know!?".

So while it's useless noise to you, it's likely triggered by being on the receiving end of communications like "Hey, my boss is asking if $PROJECT is vulnerable because of a terrible article he read in $MAINSTREAM_MEDIA_PROPERTY?" times however many bosses are harassing their reports.

"I don't want to craft an email reply to every single person, just put up the no-op blog post and be done with it."


I felt it in Central NJ, and my wife in NYC felt it as well.

The submitted reports show it stretched from Fairfield County, Connecticut to New Castle County, Delaware.

https://earthquake.usgs.gov/earthquakes/eventpage/at00sbh3yv...


I've generally seen this with Unix installers from commercial software vendors.

You get a giant .sh file that displays a license, asks you to accept, then upon acceptance, cats itself, pipes through head/tail, into cpio to extract the actual assets.


Furthermore, the attacker covered their tracks on the initial payload with an innocuous paragraph in the README. ("Nothing to see here!")

    bad-3-corrupt_lzma2.xz has three Streams in it. The first and third
    streams are valid xz Streams. The middle Stream has a correct Stream
    Header, Block Header, Index and Stream Footer. Only the LZMA2 data
    is corrupt. This file should decompress if --single-stream is used.
The strings of `####Hello####` and `####World####` are there so that if you actually follow the instructions in the README, you get a seemingly valid result.

    $ cat tests/files/bad-3-corrupt_lzma2.xz | xz -d --single-stream
    ####Hello####
They're shell comments so it won't interfere with payload execution.

And lastly, they act as a marker that can be used by a later regex to locate the file _without_ referencing it by name directly nor using the actual Hello and World strings.

    $ gl_am_configmake=`grep -aErls "#{4}[[:alnum:]]{5}#{4}$" $srcdir/ 2>/dev/null`
    $ echo $gl_am_configmake
    ./tests/files/bad-3-corrupt_lzma2.xz


The AT&T you see today is a completely different company. For all intents and purposes, it is SBC (Southwestern Bell Communications).

In 1996, Bell Labs, Western Electric, and AT&T Technologies were spun out to create Lucent.

Lucent merged with Alcatel to form Alcatel-Lucent in 2006.

Alcatel-Lucent was purchased by Nokia in 2016.

AT&T Wireless was purchased by Cingular in 2004 (joint venture between BellSouth and SBC).

The original AT&T was purchased by SBC in 2005.

The new AT&T (SBC) bought BellSouth in 2006.


A friend once explained this concept to me as “strong opinions, weakly held”.


Change Healthcare is a transaction clearinghouse, or effectively an API, translation, and routing gateway.

Think of it as a private SWIFT vendor.

They were acquired by UHC, which is why you see the Optum name. But this is not specific to UHC/Optum patients.

Providers (hospitals, doctors, software vendors) interface with CH’s REST+JSON APIs and in turn CH emits EDI records to the insurance company backends (and translate the responses from EDI to JSON/XML/etc).

This affects general healthcare EDI messages (claims, benefits eligibility verification, ACH notices, etc).

The people impacted do not have direct EDI implementations with the insurance companies. If they did, they could side step this.

Or even a different clearinghouse.

Edit: clarified some ambiguous terms


> The people impacted do not have direct EDI implementations with the insurance companies. If they did, they could side step this.

Thank you. I was trying to figure out how this company seemingly handles most of this stuff in the US.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: