Maybe those folks buying Mac Minis to host at home weren't so silly after all. The exposed ones are almost all hosted on VPSs which, by design, have publicly-routable IP addresses.
But anyway I think connecting to a Clawdbot instance requires pairing unless you're coming from localhost: https://docs.molt.bot/start/pairing
If you want iMessage you still need an always-on Mac, whether that's the main moltbot gateway, or the MacOS app running in 'node mode' to allow a moltbot gateway to use it to send/receive iMessages.
I noticed when I was reading Federico Viticci's post about it that he was using telegram, which has much better support for "markdown"-y rendering, which looks a lot nicer than iMessage. And then I thought to myself, why would iMessage actually matter? The only other use-case would be interacting with texts, but almost anyone can tell when someone is using an LLM to text - I feel like our texting styles are so personal, and what is there even to gain from using an LLM just with text messages? So is it even worth it to run on a Mac?
I think you need to register on a real Mac (2 of 3 of my MBPs use OCLP), but then can use an emulated one if you add it to your Apple account. Either way, I don't recommend to use a protocol behind such a moat. Probably better to use Signal or Threema.
I expect someone will eventually get around to reverse engineering the various M series specific instructions for qemu. Does imessage make use of hardware attestation to register with the remote endpoint?
Our SFF HP came out at 150€ with flash storage and 16GB of RAM. I see used M1s for 200-250€ where we live. The only drawback of the M1 is you’d be stuck buying a NAS/DAS for the storage part, whereas the HP has 3 internal SATA ports. Neither option is silly, they have different pros/cons. Managing Linux quirks has gotten frustrating, for example.
Like I said before [0] infosec professionals are going to have a great time collecting so much money from vibe coders and crypto bros deploying software they openly admit that they have no idea what it does.
If you are very clever there is a chance that someone connected Moltbot with a crypto wallet and, well...
A opportunity awaits for someone to find a >$1M treasure and cut a deal with the victim.
I had a similar experience where a competitor released an academic paper rife with mistakes and misunderstandings of how my software worked. Instead of reaching out and trying to understand how their system was different than mine they used their incorrect data to draw their conclusions. I became rather disillusioned with academic papers as a result of how they were able to get away with publishing verifiably wrong data.
Maybe it depends on the type of business/ customers that you have because I've had the opposite experience. For us as a security SaaS, B2B enterprise is incredibly stable and predictable. B2C has a lot more variability and payment issues compared to large orgs with dedicated procurement departments, vendor processes etc.
The old PIPS ALPR devices aren't online anymore but they had horrible security as well. Just sending a newline to their UDP port would cause them to send you all images as they were being collected in real-time - no authentication needed. And the images had the license plate information encoded in the JPG metadata. I did a talk about it at some point (https://imgur.com/HHcpJOr) and worked with EFF to take them offline
The result is very strange. It's saying that South Korea has the most number of websites with the header and yet I don't see ANY search result in Korean. No writeup or whatsoever. Wonder what those websites would be.
Flying by the seat of my pants, this page of information has details which we can guess at - 27,799 are South Korea, 27,690 are Korea Telecom (so close that I'll say it's a 1-to-1 match). Wikipedia tells me as of 2015, KT ran more than 140,000 Wifi hotspots.[1]
Further down the info, we see 28,587 (almost the same number as above) HTTP titles are "Gargoyle Router Management Utility" - which is an opensource variant of the OpenWRT world which patches the code to include the Clacks header.[2]
I'm going to conclude that there's a direct correlation in this data (it all being one and the same endpoint/device pattern) and that 30,000 KT Wifi hotspots across South Korea have their management UI open on the public interface and not locked to the internal network or a VPN, etc. running this Gargoyle patch.
https://www.shodan.io/search/report?query=product%3Atelnetd+...