I mean, think about this for just a sec: LinkedIn, Twitter, SnapChat, Instagram, the list goes on and on. The VERY first thing these platforms will do after you've installed the app and logged in is to ask you to share all of the information in your address book. Ever wonder how these social networks got so big so fast? It's remarkable how much of their growth is based on convincing everyone it's totally fine and normal to give away all of the contact information given to them by friends, family and acquaintances.
Some thoughts about attribution in the XZ backdoor, having just wasted so many hours digging into the details.
The email addresses used for a couple of years at least by the parties involved have absolutely *zero* trace in any kind data breach or database beyond Github/Gitlab, and maybe Tukaani and Debian and a few mailing lists.
Normally when I see this, the assumption is that we're dealing with a single-use or single-purpose email address that was created either for fraud or b/c someone is super paranoid about privacy.
The people in the latter camp who do this tend to have other tells that give them away, or at least *some* trace or home base in the online world. Especially if we're talking on the order of years using that address.
Either way, very few people do opsec well, and for every year you're operating under the same name, nick, number, email, etc you dramatically increase the risk of screwing up that opsec. And almost everyone does, eventually.
To see this complete lack of presence in breached databases once or twice in the course of an investigation is rare, but to find it multiple times suggests we're dealing with an operation that was set up carefully from the beginning. And that almost certainly means a group project (state-sponsored).
Some astounding dataviz here. Wikipedia visualized: https://www.youtube.com/watch?v=JheGL6uSF-4
Me, an idiot: “So, kids, by setting the thermostat a little lower and eating less meat, we’re doing our part to make the world more sustainable”
VCs, very smart: “We just raised $100 billion dollars from the sovereign wealth funds of three petrostates to build the world’s largest AI supercomputer. It uses as much power and water as Guatemala and the primary use case is for management consultants to autogenerate powerpoints for justifying mass layoffs.”
Concerning the xz affair, I am struggling on how to explain this to a normal person. The best approach so far:
This is as if an attacker succeeded in manipulating the manufacturer of a small part that is built into every car worldwide. Every car that would have been built in the future, the attacker could crash upon pressing a button.
And we noticed only because a car fanatic took a prototype to the racetrack and noticed that when he drives it backward through with hand brakes applied, the lap time would be half a second off.
Easter Sunday and #TransDayOfVisibility on the same day?
This seems rather appropriate.
Can we humans work together to solve collective problems? Climate change is a huge problem, but slow moving. The AI sludge filling the internet is faster moving, and easier to see. Will we do anything about it?
This NYT article (gift link) reviews things I already knew, but in a way that makes it clear just how bad things are getting.
AI and Trust
Watch the Video on YouTube.com
A 15-minute talk by Bruce Schneier.... https://www.schneier.com/blog/archives/2024/03/ai-and-trust-2.html
#Covid... We must advocate IAQ for public buildings (& prv.):
Ppl living in urban & industrialized societies spend >90% of their time indoor, breathing indoor air (IA). Most countries don't have leg. IAQ performance standards for public spaces that address concentration levels of IA pollutants. Few bldg. codes address op., maint., & retrof., & most don't focus on airborne disease transmission. COVID has made society realize the importance of IAQ for human h-. h/t E Topol https://www.science.org/doi/10.1126/science.adl0677
An Alabama Democrat just flipped a district that Trump won by massive margins after focusing on the right-wing attacks on IVF in her state.
MAGA extremism is deeply unpopular. That's why we're contacting voters whose GOP representatives support legislation that would end IVF as we know it. Help us raise awareness about Republicans' plans to roll back our reproductive freedom: https://indivisible.org/resource/phonebank-voters-about-republicans-hypocrisy-ivf?source=mastodon&medium=directpost
I feel like the funny thing for me with the Tiktok ban is that a lot of Americans, on either side of the debate, don't seem to realize that Tiktok feels to Americans like every single social media platform feels to people outside the US. You're telling me the app is located outside your country and your government's control, and you don't know how its data gets handled in that country? That's every app, to me.
"’If technology is our master, it
dilutes our connections, erases our free time, and pulverizes our learning skills. But if technology is our servant, it deepens our connections, frees up time, and broadens our minds. All three connections can suffer from an unhealthy relationship with technology, and all three can gain from a healthy relationship with the same technology."
(Goodman, 2022)
There’s a good point in this thread. If you’re a privileged cis-white person who is likely to be able to talk your way out of a police situation. Don’t.
Aside from the risk that you’re wrong, every time you assert your right to be silent, you’re making it easier for non-cis and BIPoC folks to assert their rights. Normalize using your rights. https://mastodon.social/@D_J_Nathanson/112113370386181454
Now at: @haiku_brian
Proud papa/dad/husband. Choral singer. Aspiring linguist. CTO at Backblaze. Usually in Indiana, sometimes on Maui. He/him.