Show newer

Some thoughts about attribution in the XZ backdoor, having just wasted so many hours digging into the details.

The email addresses used for a couple of years at least by the parties involved have absolutely *zero* trace in any kind data breach or database beyond Github/Gitlab, and maybe Tukaani and Debian and a few mailing lists.

Normally when I see this, the assumption is that we're dealing with a single-use or single-purpose email address that was created either for fraud or b/c someone is super paranoid about privacy.

The people in the latter camp who do this tend to have other tells that give them away, or at least *some* trace or home base in the online world. Especially if we're talking on the order of years using that address.

Either way, very few people do opsec well, and for every year you're operating under the same name, nick, number, email, etc you dramatically increase the risk of screwing up that opsec. And almost everyone does, eventually.

To see this complete lack of presence in breached databases once or twice in the course of an investigation is rare, but to find it multiple times suggests we're dealing with an operation that was set up carefully from the beginning. And that almost certainly means a group project (state-sponsored).

@seanbala

This is why I keep harping on reinvigorating career specific technical training. Most students will be better prepared for a job in their field after 18 months of focused training by professional trainers than by 4 years of random courses taught by people who would rather do research anyway. Our post WWII history ended up sending far too high a proportion of people to 4-year universities.

@Zeb_Larson @academicchatter

@julesh I'll add Reykjavik, Iceland an Anchorage Alaska to your list.

I don't want the whole world to give up what we call Daylight Savings Time, I just want California to stop switching and always be UTC+7:00 which in my part of the state is only 35 minutes off of local mean solar noon. If our neighbor Arizona can do it we can too.

Thinking about Easter reminded me of something I learned about Uruguay.

Uruguay is determinedly secular, and doesn't want to give special status to religious holidays. So the week leading up to Easter was renamed "Tourism Week”.

But people still celebrate Easter, because it’s a longstanding tradition.

And that's why you're quite likely to find a sign on the door of the tourist office that says "Closed for Tourism Week”.

Happy Tourism Week to all who celebrate!

Mildly interesting: these two trucks have the same bed length.

@floatybirb depends on where in the south one if from. Either way it comes from the phrase "I'd rather vote for an old Yeller / Blue dog than support a carpetbagger Republican."

@FantasticalEconomics did you miss the part about the patient being a quadriplegic?

"Arbaugh explained that he had largely given up on playing Civilization 6 prior to having the surgery, as he needed ”complete help” from a friend in order to play, and the time intensive nature of the game had made prolonged play sessions untenable."

@floatybirb I think it would be The Blessed Virgin Mary or St. Patrick who were the choice of Italian and Irish Catholics for a Roman Catholic holiday to put on the calendar - a campaign promise from FDR to Catholic workers in 1936. He chose Columbus instead because that choice faced less push back from Southern Yellow Dog Democrats who were also an important part of the '36 Dem coalition.

@LouisIngenthron then I claim that anyone not living in Michigan, Wisconsin, Pennsylvania, Georgia or Nevada has an obligation to vote their preference as their vote will have zero effect on the outcome of the election. It is only the people in those swing states where more than one candidate has any real chance of winning where voters even need to consider voting strategically.

@LouisIngenthron @freemo So my relatives who live in states where polls say Biden has no better chance of winning than a third party candidate should vote for Trump because "The significance of a vote for a candidate that cannot win is zero"?

@AccordionBruce @luckytran @MatWright except of course that every study that has studied mandatory mask wearing has concluded that there was no significant difference in infection rates or deaths at a population level. What I'm saying is that the research backed statement would be "We have adjusted our recommendations because our previous ones where quite burdensome with no discernible effect on contagion or deaths."

@anubis2814 @raganwald [Ricci v. DeStefano](oyez.org/cases/2008/07-1428) has set a clear process that you screen for acceptable candidates first then hold blind evaluations like test or auditions. You do not want a candidate who scored best on your blind test coming back and using that fact in a discrimination suit.

It's important to understand that "age verification" schemes being passed by states, ostensibly to "protect the children", won't do that and will bring about incredible abuses.

In order to age verify children, obviously EVERYBODY of any age must be verified, for every account, under every name or pseudonym, ultimately on every site no matter how public or private the topic, and before downloading any apps.

Children will find ways to work around this. They'll use the accounts of adults, which will be openly traded. But because these age verification systems must by definition be based on government IDs, the verification process creates a linkage between your account names and your actual identity, subjecting you to all manner of leaked personal information, government abuses (think MAGA in charge), and worse. Firms will claim their systems either don't keep this data or can't be abused. History strongly suggests otherwise, and when courts step in, those firms will have to do what the courts say, often in secret, when it comes to collecting data.

Age verification is in actuality a massive Chinese-style Internet identity tracking project -- nothing less -- and there are many politicians in the U.S. who look with envy at how China controls their Internet and keeps their Internet users under police state controls.

@raganwald Are you willing to accept *all* candidates who come out the best on a blind audition? There is a now famous story of a CS conference who thought they were doing the right thing by selecting their speakers based on blind submissions. They then got a lot of hurt feelings on all sides when one of the invited presenters was notorious for his misogynistic social media posts.

I think there is a place for blind auditions, but there needs to be some fully transparent screenings before candidates are invited to audition.

Just a reminder folks, unless you agree with them, no matter how polite you are, you will always get blocked... I get 10 examples a day why I cant stand the left, even as a person who is on the left (slightly)

mastodon.social/@Radical_EgoCo

@canticanovae Your feeling is that they will eliminate positions rather than increase enrollment? The fear with improving productivity through technology is always that people will lose jobs, but historically, the result is that lower cost increases demand to the point where more people are needed than before the disruption.

Just a reminder... no matter how much you listen or try to genuinely understand them.. this is almost always the outcome when you discuss things with a leftist... Either you agree with them, or they get offended, make personal attacks, and walk.

Every interaction I have with the left leaves me wanting to have less to do with them than the time before, and this is sad since I associate more with left ideals in many cases than right ones.

libramoon  
@freemo clearly you are not interested in what I have to say (or what you say) done here

@PJ_Evans @rbreich This is all true. It is also true that by any reasonable metric The Oakland Coliseum is now the worst of the 32 major league baseball venues. Both Oakland and the owners agree that it needs to be replaced. The A's wanted Oakland to chip in a large portion of the cost which, as Prof. Reich looks down from the Ivory Campanile of Cal, was a bad deal. Oakland, per his essay, is better off letting some other city bear the burden of stadium construction rather than capitulate to the A's PITA owner.

@rbreich So you think made a good decision to let the A's leave town rather than offer more for a replacement for the Coliseum?

@professorhank But in practice capitalism has created historically stable and prosperous economies. Maybe academic intellectuals need to reexamine their priors.

Show older
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.