Everyone else is at or going to BSDCan and I'm trying work on making SSH behave on Linux :(
Tomorrow I go on the train, but, not until tomorrow.
Hypolite Petovan likes this.
UniHertz sold me two backup charging assemblies and a backup speaker assembly for my Titan. All in cost me $30.
This is exactly what I want from a phone company. Sell me fixes!
Rev. Odessa Cathode Ray likes this.
i love the part where the *one day* i need dry weather is the one wet day of the entire week. 🙃
local friends, if you could help spread the word fast and often that bookfest has been moved from saturday to sunday this weekend, i would much appreciate it. same place and time, different day.
#WaterlooRegion #WaterlooPublicSquare #UptownWaterloo #Waterloo #KWAwesome #WatReg #ExploreWR #Kitchener #KitchenerWaterloo @WaterlooEvents
kwwritersalliance.com/bookfest…
Bookfest 2024
PLEASE NOTE THAT DUE TO WEATHER, BOOKFEST HAS BEEN MOVED TO SUNDAY MAY 26TH May 25th, 2pm-8pm, Waterloo Public Square Family Story Hour 2pm-3:30pm Author signings with Fanfare Books2pm-4pm: Emily D…GRAND RIVER WRITERS & KW WRITERS ALLIANCE
reshared this
Bob Jonkman, Mark Connolly 🍻 🚴🏼♀️ (he, him, his) and silverwizard reshared this.
like this
Hypolite Petovan, compostablespork and FoolishOwl like this.
I know they don't let grownups in without kids
This is why I have a deep cover 3 and 5 year old
like this
FoolishOwl and Hypolite Petovan like this.
Yup. Freezing is a known failure mode for air conditioners.
Hopefully it just means it's dirty or the fan has broken in it. Without enough airflow the evaporator coil will get too cold and freeze.
If the fan is ok and it's not dirty then it could have a more serious problem
@Bee O'Problem yeah, we had a massive spike of plants grow around it and left it for a day, and so I'm hoping that that's all it is.
If it's not that it apparently could be a coolant leak
@RootWyrm 🇺🇦:progress: Yeah
The worry I have is a leak which can be hard on the condenser if run with one and has the same symptom
silverwizard likes this.
like this
Hypolite Petovan, jhx, silverwizard and Mark Eichin like this.
I am building a kernel on a Macbook Air from 2012
I bought this thing on the weekend (literally Sunday)
It was running OS X Lion
Any #FreeBSD wifi people have some time? I'm using an ancient bwn card and this threahd (last post) is making me think there's a reversion to something because it's the only mention I can find using 14.0 forums.ghostbsd.org/viewtopic.…
I've already built a kernel accepting the GPL so I'm not super afraid of getting my hands dirty
(I can provide better info in a bit, but the linked forum thread is my exact steps, which, once it was crashing the same way, lead me to that thread)
DeFrisselle ☑️ likes this.
reshared this
feld and The Doctor reshared this.
Ok - so it looks like 2012 MacBook Airs hard crash when you put network on their Broadcom chip....
It's fine - but damn that sucks
I've got it working with OpenBSD and a wifi dongle
Hey so,
This windows recall thing?
Enables domestic abuse.
gnu/m43 likes this.
reshared this
silverwizard, grayrattus, FoolishOwl, Ɉøħnnɏ NȺđȺ 🏴, Lesley Carhart, DJ Sundog - from the toot-lab, Charlie Stross, Michael Dexter, M. The Crystalline Entity, peter hessler @openbsd, Alex P. 👹, Ian Coldwater 👻🌿, Jcrabapple 💙, clacke: exhausted pixie dream boy 🇸🇪🇭🇰💙💛 and Jima reshared this.
Like, flat-out.
This 'feature' means that someone in an abusive relationship now has a canonized part of the OS monitoring their activities that can be then invoked and studied by the abuser.
clacke: exhausted pixie dream boy 🇸🇪🇭🇰💙💛 likes this.
reshared this
DJ Sundog - from the toot-lab, peter hessler @openbsd, mcc, Cassandra Granade 🏳️⚧️, Alex P. 👹, Fi, infosec-aspected 🏳️⚧️ and Lesley Carhart reshared this.
Ain't no amount of -group policy- bullshit gonna fix this,
because Microsoft -doesn't allow- the granularity of administration required to defuse this for non-corporate users.
reshared this
peter hessler @openbsd and Fi, infosec-aspected 🏳️⚧️ reshared this.
"Use Linux" is not an appropriate response.
People do not always have the agency to choose their operational environment and you cannot fix structural unsafety with individual choice.
This is not a jape nor a joke, and I am not willing to countenance this as an argument.
Do not perpetuate abusive situations by blaming a victim for the environment they are in.
clacke: exhausted pixie dream boy 🇸🇪🇭🇰💙💛 likes this.
reshared this
Tindra, bluestarultor, TProphet, abadidea, The 500 Hats of LambdaCalculus, Ruben Schade 🇦🇺🇸🇬, Site Reliability Enby🏳️⚧️🏁🔦📈🐺👗😷 and Fi, infosec-aspected 🏳️⚧️ reshared this.
How -do- you fix this?
You do not put the capability to automate screen-scraping into the OS as a canonized feature.
Yes, this does not stop screen scraping from being possible - it's been around for years.
Disallowing it from the canonical image -of- the OS, however, means that there is an increased barrier in the way of implementing this: an abuser will need to learn how to implement this, and will need to rely on third-party software not integrated into the OS as expected functionality.
This in turn means that abuse victims are able to rely on tools already in-use to remove third-party software from the computer in order to have more assurance of private operation.
Yes, no single measure is capable of ensuring safety.
This is why it's a security -system- and not a security -item-; systemic effects require an understanding of the entire context in order to evaluate the safety or unsafety of the system.
clacke: exhausted pixie dream boy 🇸🇪🇭🇰💙💛 likes this.
Fi, infosec-aspected 🏳️⚧️ reshared this.
that's the thing that really terrifies me. not that it will eventually become impossible to disable, but the fact that it being baked in to the OS means an attacker or abuser can just re-enable it. probably with a single PS command.
it's making a keylogger and half the functionality of a RAT with full history into a LOLbin. and it won't be flagged or disabled by any security tools.
the productivity measurement tools MS has already been marketing for years were bad enough, how long until recall becomes a part of the legal hold workflow? how long until your boss watches every single thing you do because let's be honest, plenty of shitty bosses are just petty cops deep down. what about the creepy sysadmin with a crush on someone, who then harvests their email password with recall? how much damage could someone do with those credentials?
the possibility for abuse is so intensely, wildly outsized with any actual utility that anyone can imagine, you would have to be completely out of touch with even basic human decency to think this is a good idea.
clacke: exhausted pixie dream boy 🇸🇪🇭🇰💙💛 likes this.
alcinnz reshared this.
@dko
Speaking in my aspect as an anti-malware researcher, using onboard components to enable malicious behavior is already a standard pattern in malware development - ransomware does this, for example, using built-in encryption capabilities.
If the capability exists as a canonized part of the system, it is available as a means of causing malicious behavior for anyone on the system, and detecting it -as- malicious becomes difficult if not impossible.
Fi, infosec-aspected 🏳️⚧️ reshared this.
@dko I want to cry thinking of how to respond to a client, "You see, this was silently turned on months ago by a threat actor and we didn't detect that because it was via a method no one had seen yet."
ad nauseam because new ways to enable it and silently/bypass controls and detections will be CONSTANT
Perhaps we're all panicking a little too hard? I know I'm an optimist, but maybe I shouldn't be for this. It raises the hairs on my neck proverbially. I can just sense danger so-to-speak, I guess.
This is why I'm using the compliance argument for the biz-side folks. It's one which will be more effective - "this makes you noncompliant, which means you lose all your customers who require compliance" aligns with biz incentives.
@NosirrahSec @dko that's what I did RE Slack's AI thing and am doing to lobby against this.
Starting by pointing out recall is an OS feature that implicitly violates data retention policies at the absolute best.
Also, the insurance argument: "This won't be covered by your employer's insurance company, so anyone using it will be held personally liable."
This is being used in Florida right now. The reason that cash-only customers are preferred is that the banks can't get mortgage insurance for the coming flood-zones.
@NosirrahSec @dko Configure your EDR to detect if it's enabled?
Agreed you should need to have to do that though...
@dko This.
> the productivity measurement tools MS has already been marketing for years were bad enough, how long until recall becomes a part of the legal hold workflow? how long until your boss watches every single thing you do because let's be honest, plenty of shitty bosses are just petty cops deep down. what about the creepy sysadmin with a crush on someone, who then harvests their email password with recall? how much damage could someone do with those credentials?
I was under the impression they were already doing that. Never do anything on a work computer that you don't want the rest of the company to know about! (Unless you are the entire IT department, in which case go crazy I guess.)
@argv_minus_one @MsNostromo @dko
The thread context as initiated was discussing domestic abuse
@lightweight True. On the other hand, in far too many cases it's "you should switch to Linux and you're a loser for not doing that", regardless of the actual situation someone is in and whether switching operating systems is even a viable alternative.
"Let me know how I can help you switch to software that respects your privacy" completely changes the framing. Maybe the answer is along the lines of "I need a safe space and a computer $abuser has zero access to". You can work with that.
@mkj
Its looking more and more like I'll be holding a monthly Linux migration-fest at the local pub.
I've gotten two requests for help doing it today.
They can buy me Sunday beer and I'll move data around and reinstall old lappies with new Alma.
@johntimaeus @lightweight I've seen AT LEAST two people right here on the Fediverse who have *specifically* cited Windows Recall as reason why they are actually going to migrate away from Windows and asking for help or input with that. That may not be entirely representative because people on the Fediverse are probably slightly more technically inclined than average, and of course I only observe a tiny fraction of Fediverse activity, but even so.
I do not blame. But I know Linux since university in the mid 2000's. I started using it myself occasionally a few years ago on dual boot, someone helped me getting a better dual boot combination two months ago and now, I feel ready to go 100% Linux soon.
There are several distributions that are transparent and very Windows-users friendly.
I am also ready to advise to use Linux and help switching !
The structural unsafety is indeed terrible, and absolutely needs to be called out.
On the other hand, I think relatively few people even have awareness that there *might* be a choice that they can make. Maybe they ask, and the answer is still no. Maybe, just maybe, the awareness leads to being able to make a constructive choice.
Pointing out possible alternatives is still useful.
No.
Knowledge that alternatives theoretically exist is not helpful when a victim does not have the agency to apply that change.
Systemic unsafety -cannot- be addressed by individual choice, because individual choice can be coerced or prevented.
Unsafe infrastructure is not fit for purpose.
I had several people pop up saying "use linux instead" and decided to textually indicate why that was not acceptable.
It's like when I voice my concerns (and that's a nice way of putting it) about the direction my state of residence is taking, and somebody says "well....move."
I'm like cool. Is there a job with the same rate of pay, city government benefits, and willing to hire a 57 year old with very arthritic knees magically waiting for me? WELL?!
Yeah. Been chewing on how to communicate "personal choice cannot fix structural unsafety" effectively.
For many people, being advised to use Linux is about as helpful as being advised to live in a yurt.
It's not that they can't see the advantages of living in a yurt. They may even find the yurt-dwelling lifestyle intriguing. But they can't see how they would ever be able to rearrange their life such that a yurt is an option.
clacke: exhausted pixie dream boy 🇸🇪🇭🇰💙💛 likes this.
So, please read upthread for context: this is about domestic violence situations, where the persons in question may not be able to change the OS of a computer.
clacke: exhausted pixie dream boy 🇸🇪🇭🇰💙💛 likes this.
They make up all kinds of 'but awareness of options' excuses but it's ultimately variously flavored victim blaming and I'm not at all interested in arguing with their choice to enable abusive behaviors.
Alright.
Use Linux if you can.
I understand that not everybody can use it but it is certainly the best advice.
It is saying: Stop the water where it's leaking.
It is easier than cleaning up the mess after you're flooded.
I think politics should start looking into this, and there should be laws which end the ongoing changes in Windows, pestering people to buy new computers and pay again for their programs, not to mention the data loss.
the energy spent on advertising Linux in these situations should be spent improving it and the market in general to make it a more practical choice.
Then you run into the asshole greybeards who bemoan Windows dominance but absolutely rage at anything that would actually close the gap.
@anniethebruce What are these things that would close a gap, exactly?
If you say Unity I am going to scream.
Basically anything that makes it easier on newbies I see a lot of rage over.
It's more vocal minority than widespread issue, but a vocal minority can cause problems far beyond what their size would suggest.
As for Unity... I wouldn't have an issue with that but certainly doesn't need to be a priority, certainly not community wide. If someone wants to do something with it I don't really care though.
For those who must use Windows 11 - here is how to disable Recall:
- Open a command prompt as Administrator (Local Admin should do)
- Type: Dism /Online /Disable-Feature /FeatureName:Recall
Disclaimer
Do understand and Please Read - This may hinder some features of the new file explorer. Because Microsoft never learns.
Exactly. No amount of individual "choice" matters when the structural situation is comprehensively unsafe.
I'm genuinely curious to hear from corp lawyers, tbh. I have an -idea- about what they'd say, but I would genuinely value that point of view for this.
Yeah, I don't have any that deal in corporate law to refer to, unfortunately.
But given the corp infosuck policy training I have to go through every year, I'm pretty certain my people would be screaming holy hell about discovery. Hell, I'm surprised they haven't disabled the Spotlight feature on my Mac, or whatever the Windows equivalent is.
Oh hells, I hadn't even gotten to considering the 'discovery' threat surface to this. Yowza, that's gonna be spicy as fuck.
Ya think, DiNozzo? 🤣
Discovery was the third thing that came to mind, after "advertising" and "AI training for *redacted* purposes".
In fairness, my situation's a lot more compliance and malware research flavored, and the DV implications have me -extremely- shook given some past context.
But that's what friends are for, to give different points of view.
Like you not thinking discovery, I hadn't thought of DV implications. Sweet Tester.
Maybe I should take every computing device newer than my 40-year-old pocket calculator out into the driveway and set it on fire now.
Just to be on the safe side.
Problem is, can't really participate in society -without- modern information processing devices - try getting your tax info from the IRS, for example.
Dude, we both hang in the same circles of people.
Remind me again how participating in society any more is a good idea? 🤣
To be fair, I did opt out of the normative social structure a while back with the whole 'trans' thing.
Hanging out with the queer folks is a lot more chill.
Not the point I was making, but you're not necessarily wrong.
Unfortunately, I'm not certain I fit in either circle well, or at all any more.
lol, I mean, hell, I more or less vanished from -everywhere- for a couple years while I was reworking my head around this whole "wait I'm a -girl-?!" thing. Been slowly rebuilding things since and....the world changed a lot.
The world didn't change as much as your perception of it did.
My perception has changed a lot, too. Maybe for different reasons.
I'm curious how easy this "feature" will be to turn off. Or filter/limit. Or in any way control. We haven't seen that yet. But there has to be some way to exclude or disable the feature. And if not out-of-the-box, I assume some PowerToys or other 3rd party utility will soon be available to do just that.
Does not matter.
If the code is on the box, the box is systemically unsafe.
infosec.exchange/@munin/112480…
How -do- you fix this?You do not put the capability to automate screen-scraping into the OS as a canonized feature.
Yes, this does not stop screen scraping from being possible - it's been around for years.
Disallowing it from the canonical image -of- the OS, however, means that there is an increased barrier in the way of implementing this: an abuser will need to learn how to implement this, and will need to rely on third-party software not integrated into the OS as expected functionality.
This in turn means that abuse victims are able to rely on tools already in-use to remove third-party software from the computer in order to have more assurance of private operation.
Yes, no single measure is capable of ensuring safety.
This is why it's a security -system- and not a security -item-; systemic effects require an understanding of the entire context in order to evaluate the safety or unsafety of the system.
I’m not sure if that is really relevant in the DV scenario. Whether this feature is, or could be, reliably controlled via GPO ( for domains) or local security policy ( for standalone) doesn’t change the fact that in domestic abuse situations you have to assume the abuser has top level admin access.
So (as you said) putting this in as a core feature is just flat out dumb, no internal OS control feature helps in any way. That horse has bolted.
In the set of DV situations where the abuser has only intermittent access to the system, it could potentially be a mitigation.
But yes. That it's present at all is, itself, the problem, which I brought up two posts downthread from there.
I personally am wondering if the director in charge of this project is a domestic abuser.
or just one of those weirdo micro managers that wants to see and control every bit of their underlings work lives instead of just making sure the job gets done.
[It's the same picture.jpg]
own." craphound.com/msftdrm.txt Cory, you need to go to Microsoft and repeat the talk, they forgot it in these twenty years.
clacke: exhausted pixie dream boy 🇸🇪🇭🇰💙💛 likes this.
reshared this
clacke: exhausted pixie dream boy 🇸🇪🇭🇰💙💛 reshared this.
clacke: exhausted pixie dream boy 🇸🇪🇭🇰💙💛 likes this.
reshared this
clacke: exhausted pixie dream boy 🇸🇪🇭🇰💙💛 reshared this.
This does not address the situation, because not everyone has the agency to choose their own OS environment - especially those persons who are in abusive relationships.
If the infrastructure creates the unsafe situation, it's unsafe for everyone, regardless of whether or not another option exists.
clacke: exhausted pixie dream boy 🇸🇪🇭🇰💙💛 likes this.
Speaking as a person with specific memory issues, yes, the use-case for those is obvious. However, the implementation of it is -not safe- for users by default.
Safety isn't something I can joke about.
Speaking as someone who has been in situations in the past where this capability would have absolutely been used to cause me harm, I find nothing whatsoever about this to be even slightly funny.
clacke: exhausted pixie dream boy 🇸🇪🇭🇰💙💛 likes this.
clacke: exhausted pixie dream boy 🇸🇪🇭🇰💙💛 likes this.
Oh shit, did Microsoft launch this new thing without a "private mode?"
That was very stupid of them.
@mark
It's ever so much worse than that.
ioc.exchange/@jgreig/112480136…
it’s like they got a focus group of cybercriminals together when making this
yup.
domestic abuse. law enforcement abuse. government overreach abuse. greedy ad bastard abuse. account security disclosures. privacy leaks. the things wrong go on and on. workplace micromanagement.
everyone this is good for is not the end user's friend.
clacke: exhausted pixie dream boy 🇸🇪🇭🇰💙💛 likes this.
This is the formal end of privacy. If Hackers get the Language Model (and I suppose they also do Action models of the users). If the AI model of the user is captured by a Hacker. Then the Hacker owns Everything. Favours, the behaviour, probably bank accounts and he knows the friends and secret habbits
Microsoft ist also bigest stakeholder at GPT and the yellownpress like Axel Springer provides data. Microsoft now is the biggest thread to privacy and democracy.
Sonata Arctica did it in 1999 with "Blank File"
Oh aye, mostly noting that the tropes in question are well-trod in the realm of cyberpunk fiction.
Unfortunately, this kind of situation has a severe bootstrapping problem - when the surveillance is structural like this, how do you -get- to the point where it's possible to configure it to your benefit?
No amount of mitigative measures makes up for this; it has to be addressed structurally.
By proving that it will have deleterious business effects and thus impact their profitability as an organization.
Describing how it violates compliance standards that their customer base -must- follow in order to stay in business - and thus, remain as customers, and thus continue to pay MS - is an effective way of addressing MS's incentive as an organization.
Yeah believe it or not that's an artifact of how openai llms work - given that they're trained on the social corpori, they select strategies according to what got praised in the original context; thus, giving them praise is the incantation to get them to use the 'good' stuff.
Yes. If you tell it that it's good at something, it will give results better than a neutral or critical affect.
It's not appropriate to build into the OS.
If you want that capability - and, yes, I'm also someone who has frequent memory issues and who needs to keep exocortical state regarding things - then have it as a third-party add-on, that needs -specific consent- from the user to invoke.
It Depends.
Like, I have genuinely seen some people's workflows that, when tuned to their specific uses, enable them to create what they're looking for quickly and efficiently - someone I know has a very well-tuned Rust-centric environment for which copilot provides the requisite boilerplate when they're writing that kind of thing about...I think they cited 80%ish of the time?
So in specific, restricted use-cases, where it's specifically being used to augment an expert's expertise and where the output is being scrutinized to ensure it's appropriate, yes, it's useful.
Which has led to a number of thoughts on my part that maybe the gpt-style "general purpose assistant" modes are an evolutionary mistake, and that a more effective model would be -worse- LLMs that are single-focused for specific workflows and tasks.
Then as a customer, I want to know why they are creating a situation where it is impossible to maintain compliance with my customers.
I'm not entirely sure I understand. Do you mean in terms of data protection (e.g. GDPR) or other regulation?
Even though OneDrive is nominally GDPR compliant (which seems like it should be a contradiction given Microsoft can read it) I put sensitive data in my own ownCloud which is E2EE.
Here's a walkthrough infosec.exchange/@munin/112481…
@elan @jgreig @hacks4pancakesOh - no, you're focusing on a different part.
My citation of GDPR violation is: your data appears on a GDPR-enforced entity's screen during entry. Let's say, you check into a hotel and they need your billing address; this is part of the requisite collections for the workload being processed - the hotel needs to know your billing address in order to manage billing you.
Windows screen-scrapes this billing address.
The hotel is -still on the hook- for windows scraping this info, and has to be able to attest, when you demand its deletion later, that they extracted every instance of this information - and further, that this information did not percolate to -someone else-, like, for instance, Microsoft, for whom that information is -not- requisite for the processing of the workload in question.
Speaking as a person who is de-facto criminalized in multiple states, yes, that is a clear and present danger for me.
Palantir advertises its partnership with microsoft on their website.
None of this is hypothetical.
Oh, their motivations for collection? yeah, that, and the whole delusion as regards "data is a valuable resource to be collected" contra "data is radioactive waste to be minimized".
at this point I have no data, and thus I'm not inclined to speculate further on the motivations absent specific discussion with people involved with this pile of horseshit.
Preferably the kind of discussion where I'm given the latitude to make my disquiet known palpably.
@julie Yes, I do, and that's why I wrote the followup here infosec.exchange/@munin/112480…
as well as taking the position that this is a violation of GDPR infosec.exchange/@munin/112481… amongst other compliance regimes.
How -do- you fix this?You do not put the capability to automate screen-scraping into the OS as a canonized feature.
Yes, this does not stop screen scraping from being possible - it's been around for years.
Disallowing it from the canonical image -of- the OS, however, means that there is an increased barrier in the way of implementing this: an abuser will need to learn how to implement this, and will need to rely on third-party software not integrated into the OS as expected functionality.
This in turn means that abuse victims are able to rely on tools already in-use to remove third-party software from the computer in order to have more assurance of private operation.
Yes, no single measure is capable of ensuring safety.
This is why it's a security -system- and not a security -item-; systemic effects require an understanding of the entire context in order to evaluate the safety or unsafety of the system.
@julie There's two primary audiences to address for this: corp users and home users, each of whom has different incentives and concerns.
For corp users, making the case that this product will harm profitability by making compliance certifications that are necessary to do business at all impossible is the effective argument; it speaks to business incentives.
For home users, making the case that MS is implementing something that will cause direct harm to them is the more useful stance.
I've been following this news throughout the day. Yes, M$ looking to implement this is going to be a disaster for all.
As to the home environment, I hope that no one who is at risk of abuse ever trusts their PC. Ever. Controlling parents or spouses will always figure a way to spy. If your device is not 100% under your control it should be considered suspect. This includes phones.
As to everyone else, your only right is to vote w/ your $$. And that's not easy.
my idiolect version tends to stick in people's head via the unexpected concept of a "security item" being contrasted with the 'system' as well as having the -em rhyme and similar stress cadence, as well as allowing me an opening to discuss systemic vs. iterative thinking patterns in evaluating security. It's been fun developing an aphorism that has those affordances.
@crankylinuxuser This is the same BS argument by everyone else supporting asocial maniacs in exchange for convenience - against non-megacorp social media ("but I'd lose followers temporarily"), public transport ("but with the current time tables, it would take 10 mins longer"), EVs, heat pumps, renewables, etcpp.
People are not willing to take even minor inconveniences to make the world a better place, then cry when indeed the Leopard Company ate their face as predicted, and then demand that those of us who predicted this and invested some time and money and inconveniences to protect themself from that and got ridiculed for that to save them.
One dimension of the always-on "Recall" scraping feature makes me very certain it will
a) happen
b) be default and
c) probably will become impossible turn off (i.e. just work in the background)
And it's because of the advertising industry. With it, you can sell attention metrics and guarantee that the target has been subjected to an ad.
Many arrows point that way.
hackaday.com/2024/02/27/big-ca…
Big Candy Is Watching You: Facial Recognition In Vending Machines Upsets University
Most people don’t think too much of vending machines. They’re just those hulking machines that lurk around on train stations, airports and in the bowels of school and office buildings, …Hackaday
My two year old walks up to me holding a stick "It's my shilleilagh!"
I stop
I skip a beat
I realize that there's a troll in True And The Rainbow Kingdom who calls his stick a shillelagh.
The real question is how can a 2 year old say Shillelagh pefectly
like this
Emmy "Breadsong" Weimar and Hypolite Petovan like this.
Hypolite Petovan likes this.
silverwizard likes this.
Hypolite Petovan likes this.
silverwizard likes this.
I boot an old Mac I rarely use except when I need a mac. I run "brew update" and... it updates XZ
Painful :(
like this
Alex P. 👹 and Hypolite Petovan like this.
like this
chiasm and Hypolite Petovan like this.
Hypolite Petovan likes this.
reshared this
John-Mark Gurney, Captain ACAB, silverwizard, M. The Crystalline Entity and Ten reshared this.
reshared this
I am Jack's Lost 404, d.rift, Jima, bert hubert 🇺🇦🇪🇺, Kristof Provost, zhenech, taco, bird/cat ❄️, Tindra, Curtis "Ovid" Poe (he/him), Peter N. M. Hansteen, Michael Dexter, FoolishOwl, silverwizard, The 500 Hats of LambdaCalculus, 08956495, christian mock and [Yaseenist] CauseOfBSOD :fediverse: :msbs: reshared this.
reshared this
The 500 Hats of LambdaCalculus reshared this.
I think most science fiction writers imagined an evil supergenius which would at least cackle menacingly, rather than mindless spam generators.
That might be on brand for Stanislaw Lem's more satiric stories, though.
post signs that say:
“Do not disclose any private information to the computer. It cannot be trusted to keep secrets.”
🤔
Colin Coghill likes this.
Threat models matter.
When a platform/service/app tells you they are “private” or “secure” always ask “from whom?”
Criminals, domestic abusers, law enforcement, data brokers, and intelligence agencies are all different attackers with very different capabilities.
Haelwenn /элвэн/ likes this.
reshared this
Eric Schultz, VM (Vicky) Brasseur, Molly White, M. The Crystalline Entity, Alex P. 👹, Peter Healy, Shatter Ⓥ 𓅃, Cassandra Granade 🏳️⚧️, John-Mark Gurney, Eva Winterschön, silverwizard, alcinnz, bluestarultor, djb, I am Jack's Lost 404, Ruben Schade 🇦🇺🇸🇬, Michał "rysiek" Woźniak · 🇺🇦 and jollyrogue reshared this.
*nods*
There's very little that's secure against a warrant, and any warrant can sweep up a lot it's not aimed at.
I've got no warm fuzzies toward kolektiva, but the FBI got their database without even really trying.
I learned and used Threat Modeling in my last employment before retiring.
The "Insider" Threat Actor was always troubling to me. What if *I'm* the Threat?!
like this
Darcy Casselman, chiasm and Hypolite Petovan like this.
like this
chiasm, Alex P. 👹, not Evander Sinque and Hypolite Petovan like this.
@Hypolite Petovan maybe, my brain is illness soup
The word Parent is a verb here, meaning to act in the parental role, which might be the barrier?
@Hypolite Petovan I figured it was brain soup or English verbing nouns
So Zeitgebers are a thing in psychology deeply linked to sleep, addiction, and hunger. Basically the theory as it works is that the brain produces certain neurotransmitters based on external events (this is pretty easy)
But this means that the best way to make someone hungry is to *do thing things that lead to lunchtime*, or the way to make someone tired is to do thing things that happen before you sleep.
So, my wife did her thesis in zeitgebers during exams and sleep disruption caused by it (with an emphasis on effects of people with Bipolar Disorder, since you know, fields get narrow), and so we thought a lot about them for our kids. We established good rituals before sleep, managed a good bedtime routine, but also made it repeatable.
This meant my sick 2 year old had napped a bunch and didn't want to sleep, so I kept him up an hour, did toothbrushing, gave him a bedtime snack, and gave him lullabies, and he was asleep instantly
Hypolite Petovan likes this.
Hypolite Petovan likes this.
Hypolite Petovan likes this.
silverwizard likes this.
@Hypolite Petovan Obviously they are:
Phising but with your voice
Phishing but via an SMS
Phishing but via a QR code
Obviously! Aren't you glad we have clear terminology!
Hypolite Petovan likes this.
silverwizard likes this.
@Hypolite Petovan I have been sick for days and missed this!
Catfishing is a separate type of scam than phishing. Both are deception based scams, but is generally about stealing credentials and another is generally directly stealing money. The joke was just taking cat fishing and acting like it was a subset of phishing due to the similarities and then giving it a confusing name. The smishing and vishing.
Hypolite Petovan likes this.
silverwizard likes this.
Hypolite Petovan likes this.
reshared this
kf and silverwizard reshared this.
“If you're not paying for it, you're the product, except that if you are paying for it, you’re potentially still the product, unless the software in question is Free software, in which case you’re probably not the product even if you are not paying for it, but you should be trying to pay for it anyway if you can to support the developers”.
Simples.
Hypolite Petovan likes this.
reshared this
taco, bird/cat ❄️, Jima, silverwizard, Alex P. 👹, Bob Jonkman and Jay Hannah reshared this.
like this
Sir_L0ins v2.0 :fedora:, Fennix, christian mock, djb and AN/CRM-114 like this.
reshared this
Fritz Adalis reshared this.
If you are talking to a lot of non-infosec manager folks, and it's a work email (assuming it is, not personal), then I am leaning towards adding it.
Depends on the culture also, startup vs corporate.
silverwizard likes this.
@HCS ▋ I'm mostly joking. It just feels like everyone does it.
I definitely have it because we're a startup working with insurance companies, so it makes our clients feel a lot better, and so there's actual value to it.
I don't any titles on my signature, not even in talks that I have done.
So far it has been on my invoice only...
Makes one wonder..
silverwizard likes this.
@AN/CRM-114 I am excited to announce my CISSP allowing me to leverage my knowledge in assisting organizations in their DevSecOps journey!
(I was to be clear - I'm making fun of me, not others, this kind of language has its place)
AN/CRM-114 likes this.
Lapo Luchini likes this.
reshared this
silverwizard and Lapo Luchini reshared this.
Lapo Luchini likes this.
@silverwizard @Ruben Schade :runbsd:🇦🇺🇸🇬 @aru I store the password database on NextCloud through the synchronization client on Windows, and the password database has my NextCloud password in it. I'm retrieving the database using the iOS NextCloud app and open it using KeePassium.
I also store all my TOTP seeds in the database using the TOTP plugin in KeePassXC and it's a native feature in KeePassium.
how do you synchronize your KeepassXC database between computers? I use LastPass, but it limits me to fetching passwords from my phone because I won’t pay.
I’d like to have something like the paid version of LastPass, but with some kind of federated local storage.
I wouldn’t mind storing the passwords on my VPS if KeepassXC allowed me to synchronize to it.
Can't wait for version 2.7.7 to be in the Ports, as it adds supports for Passkeys! 🎉
(I already use it on Windows and on SteamDeck/Linux)
PS: I also use Syncthing on all my PCs and also on my mobile phone, on which I run KeePassDX.
like this
Alex P. 👹, Craig P, Dianora (Diane Bruce) and Hypolite Petovan like this.
Lapo Luchini likes this.
reshared this
Billy O'Neal, silverwizard, Jima and Luke Waite 🇨🇦 reshared this.
As a kid I watched the PBS show Ghost Writer, but on TVO. Now my kid is starting to watch it, and, uh.
Wow it's better than I remember.
It is better at talking about race in America than any show I've seen, and it does *the fucking work* to make sure its kids feel like kids but also never once talk down to a kid.
I honestly wonder if, as a show, radicalized me into the person I am.
My wife who has never seen any episode is so fucking invested we've watched some episodes while the kids were asleep.
like this
ToweroftheArchmage, AN/CRM-114, M. The Crystalline Entity and /bin/snep-v7.2.3-LP like this.
like this
compostablespork and djb like this.
I should be flattred that when I make brownies my kids start chanting impatiently, shouldn't I?
it's just very stressful
like this
Hypolite Petovan, gtewallace, Todd Turnbull and chiasm like this.
like this
FoolishOwl and Hypolite Petovan like this.
like this
Rev. Odessa Cathode Ray and Hypolite Petovan like this.
silverwizard likes this.
silverwizard likes this.
My site's RSS, for an unknown amount of time, has been fucked, because it gets generated using the creation time on the file. But apparently something is updating the creation time on every file in the directory. Shit.
FoolishOwl likes this.
At the park with my kids. A group of older kids (8-10ish?) are playing Among Us, which appears to be Mafia Tag, where you secretly make someone IT, they all play together, and people can die, then they vote like mafia. If they figure out who is It they play tag with a safety spot.
I am so fucking jealous of this group of kind accepting kids, who are stopping to help and play with my four year old and two year old, while also playing the coolest tag variant in history.
The Kids Are Doing Amazing
like this
Ralph (AF4EZ), Lime Bar, christian mock, None Hitwonder, Rivetgeek (He/Him), Bee O'Problem, Charles Castleberry :pika:, j_angliss, Hypolite Petovan, Puck Rickenbacker, OtterForce and SusanneBonn like this.
SweetMonkeyJesus reshared this.
@Hypolite Petovan Oh I know. But honestly, I wish I was the kid I was with this group of kids.
One of them cried because they got deceived in the Mafia portion, and they seemed pretty kind about it!
Hypolite Petovan likes this.
Uuuh, I guess I need a new job soon...
Who's hiring Rust people at the moment? Preferably based in Germany/ Europe? CV is here: spacekookie.de/downloads/resum…
[ #GetFediHired #Rustlang ]
reshared this
✧✦✶✷Catherine✷✶✦✧, silverwizard, Daniel Bohrer and bluestarultor reshared this.
Also I guess a gentle reminder that if you have too much money and would like to give it to me, I have a Github Sponsors 😅 github.com/sponsors/spacekooki…
At the moment I'm not doing a lot of outward facing open source work, but I want to change that again. If there's something you'd like to see me work on stream, let me know too!
Sponsor @spacekookie on GitHub Sponsors
I'm a software researcher living in Berlin, working on distributed mesh networking, NixOS tooling, and educational material. My main research project is https://irde.stGitHub
alcinnz reshared this.
silverwizard likes this.
reshared this
peter hessler @openbsd, silverwizard and bluestarultor reshared this.
AN/CRM-114 likes this.
AN/CRM-114 likes this.
silverwizard likes this.
like this
Bee O'Problem, Derek and Hypolite Petovan like this.
like this
gnu/m43, Dee (not scary), ~robby and nigel like this.
reshared this
gnu/m43, PulkoMandy, Eric Schultz, Blaise Pabón - controlpl4n3, Andy H3, zhenech, christian mock, silverwizard, Haelwenn /элвэн/, nigel and The 500 Hats of LambdaCalculus reshared this.
Does anybody have a connection at Netlify?
Long story short, they won’t work with you if you’re #transgender, and they’re holding my domain hostage. They refuse to speak to anyone except [deadname] via an email that no longer exists.
After explaining my transition to the support rep, and offfering to give them an updated ID, they’ve just stopped responding to my emails. I need to get ahold of a human who isn’t an asshole.
I am so fucking tired of the trans tax.
reshared this
pettter, Jima, silverwizard and Bee O'Problem reshared this.
One of my groupchats has a channel called "Dystopic Chuckling" and it's just us making jokes about the horrors around us.
And... why
Why is this necessary.
like this
Alex P. 👹 and Hypolite Petovan like this.
This is an endorsement
like this
Craig P, Alex P. 👹, St Woke of Pronouns, screwlisp, Hypolite Petovan, Peter Eitelhuber and Radiojane like this.
reshared this
Alex P. 👹 and Hypolite Petovan reshared this.
Fuck KnowBe4.
Phishing Simulation training is so often just a way of making companies and employees feel bad.
But apparently insurance has read a KnowBe4 report and has made our insurance contingent on it.
Insurance companies need to keep up.
like this
M. The Crystalline Entity, /bin/snep-v7.2.3-LP, Hypolite Petovan and серафими многоꙮчитїи like this.
like this
M. The Crystalline Entity and Hypolite Petovan like this.
silverwizard likes this.
I didn't expect Title IIing to happen today. It's like... uh...
Title II of Internet Services out of nowhere (at least to me, a non-American) is giant. Whoa.
theverge.com/2024/4/25/2414015…
FCC votes to restore net neutrality
The Federal Communications Commission voted to reclassify internet service providers under Title II of the Communications Act but will forbear on rate regulation.Lauren Feiner (The Verge)
@Ji Fu theverge.com/2024/4/25/2414015…
Just... out of nowhere
It keeps saying 2024-04-25 every time I double check the date!
The agency voted to reclassify internet service providers under Title II of the Communications Act but says it doesn’t plan to regulate prices.
theverge.com/2024/4/25/2414015…
I mean, I guess?! I don't even know?! What happened!?
silverwizard
in reply to silverwizard • •