Since there’s zero information about what kind of company you’re working at, the following is extremely generalized.

• integrating with monitoring systems, analytics DBs, ticket systems, whatever is used by management, allowing them to ask questions in natural language
• process automation using agentic workflows, e.g. pre-analysis of incoming email queue summarizing / sentiment analysis before the customer support sees it
• provide access to models and model APIs for development workflows and integration into git / ci, allowing to use llm in local development and e.g. setting up something like automated code reviews (not a replacement for human review, only as an addition)
• set up coaching, responsible use, hallucinations, etc.

Whatever you do, take security and data security especially into consideration first, not after:

• consider whether your used provider reuses your data for learning
• consider whether it’s relevant where it’s located (GDPR customers?)
• always set spending limits
• consider your local and your customers data protection laws and regulations that apply to your company (especially in health and financing)

People definitely choose which projects to use / buy depending on political leanings or affiliations by the creators / companies behind it, because a “political leaning” is nothing more than a stance on politics, just as there is a stance on FOSS, AI, Conduct, Project direction, yadda yadda.

See Ukraine flags or calls for Palestine support, as an example of recent-ish political stances in software.

It’s just that those stances always work both ways. You will have people choosing omarchy, because “finally an OS without the woke agenda!!!”, you will have people not touching it because fuck nazis, and in IT there’s always the third group of “I don’t know or care who the author is or what he does, the project is good, so I’m using it.”

The tech giant says the system only analyzes hand-movement points from a short video, does not record audio, and deletes the footage after verification.

It’s just a short video guys, there’s even no audio! And they pinky promise to delete it.

What a fucking shitshow that is. Like, honestly, I’m fine with regular captchas, even if they are the shitty ones. The newer (?) captchas that force you to do solve 5 bullshit “place this there” captchas are already reason enough for me to just leave the site. But if you force me to record a video of me throwing gang signs at the camera, probably several times again, because the movement was not correctly identified, I’m sure as fuck to never visit anything related to you ever again.

I also love the irony that Google fights people bots, while they are scraping the whole internet and investing into AI automation massively.

I fully agree with you: it’s NOT easy. And you must understand what you do. It’s not just deploy a container and run happy.

This is literally what you’ve called misinformation.

Again, not everyone is self-hosting only for learning and experimentation only. Making a deliberate call that mailing infra might be too hard might be too hard, have too big of a knowledge gap, or is simply not worth the effort is something I’d call more serious than hardlining on “self host everything or stay on gmail”, especially in the case of mailing, where it’s pretty much impossible to self-host on your own hardware / network.

Full instructions do not reduce any effort or resources involved or complexity of the problem. And the problem is that you’re suddenly moving from “I’m hosting a few services” to being balls deep in networking, dns, and a deceivingly easy protocol which blows up in complexity due to being federated and absolutely dominated by big providers at the same time, and all of the extensions for security.

Except for learning, self-hosting serves a purpose. You might want privacy, you might not want to be dependent on corpo infra or external services at all, you might want to host something that offers something more or better than a SaaS solution - but first of all, it needs to work. For mail, you gain none of those. Self-hosting on your own hardware (or rather network) is pretty much impossible, so you’re reliant on a hosting provider at least. There is basically zero difference in functionality between mailing servers or providers. Sure, you’ll run into problems when copy pasting instructions, but those problems will break the service. Fucking up your DNS or networking will break your whole server. At the same time, while failing silently it will costs a magnitude of effort more than most other usually self-hosted services.

Because it works for you, doesn’t mean it’s easy. If you have the experience, and done it at least once successfully, it’s “easy”. Compared to the average self-hosted configure and run a docker image and reverse proxy it’s objectively harder to run.

The issue is not running the individual components or servers, but that there’s infrastructure and to some extent crypto involved, which is just outside of the comfort zone for many. You tried to host it like any other thing on your homelab? Nope. Has your VPS been involved in spam? Enjoy the blacklist you’ll never find out about and the debugging why it doesn’t work. No experience in managing your DNS? Have fun getting DMARC/DKIM/SPF to work.

Theres just way more stuff that needs to be done, and a lot of it will fail silently.

Use at your own risk.

What an amazing conclusion, and the best part is, no matter what you’ve been waffling about before - it’s always right. Can we stop calling random things AI slop and telling to be careful bEcAuSe iTs Ai sLoP, and back to being cautious until something has been reviewed properly? Being careful with random stuff from GitHub you install and run in your private network?

Your whole comment may have been AI slop as well. “From a quick glance at the repo”, you should be careful! Thanks, Sherlock.

My interpretation was OP isn’t necessarily the target here, but a victim of some Windows hack spreading around their shared network. It’s possible the whole network was “worth” such attention.

Yeah, it might be that another system in the network was the initially compromised system, but I’m questioning whether Windows malware would be able to spread over wine to a unix machine to actually cause damage there. But that’s an attack vector I literally have zero idea about, just kinda seems suspicious.

And yeah, everything in OPs story is absolutely plausible, but it’s more of a gut feeling given the provided information that it just feels off. I might be fully in the wrong here, and they’re the unluckiest random person to ever have touched a unix machine, I don’t know. Definitely curious how this will develop though.

Something about this post is weird as fuck and some part of this story is missing for sure.

First of all, routine scans with ClamAV. Why are you routinely scanning your system, and what’s your expectation here? In most cases system compromise happens by executing something malicious or by exploiting something on your system, For the former, an active background scanner would help, but not a routine scan, and it’s easier to just not execute suspicious stuff. For the latter, your routine scanning is worthless.

Then the compromise over a WINE DLL seems something between borderline impossible on one hand, and like a very targeted and handcrafted attack on the other hand. Sure, wine is not a sandbox, but seeing this as the point of entry for a full blown persistent RAT is weirding me out massively.

Lastly, “them” setting up seemingly good persistence on your system, yet not hiding any indicators of compromise, and then nuking everything when they are seen. Why that effort? Either set yourself up for the long run and hide, or when detected just say “eh, whatever”. This also seems weird, since on one hand there’s indication for a professional, targeted attack, and other points sound more like rookie script kiddies.

Lastly, you. You seem like a pretty confident user while getting hit like that. It just feels off.

I’m not claiming you’re lying, and I couldn’t blame you for leaving information out because of opsec. But everything about this story feels off. I kinda assume that you’ve been actively targeted, and you should ask yourself why. What information or access do you have? How have you been pwned that “easily” and where did that DLL come from? How was it placed and executed?