Nick @internic@qoto.org

Today is my last day at IBM.

I joined Netrex in February 1999 as a Unix admin

In late 1999 Internet Security Security Systems bought Netrex, largely for its managed services business.

In October 2006, when I was the director of IT, IBM bought ISS largely for its managed services business.

I was given lots of opportunities at IBM. Twice I found myself in the wrong place at the wrong time and was on a list to be let go, but other parts of IBM decided to pick me up. I once resigned to take a job at Deloitte, and at the time my manager told me that didn’t work for anyone and made it worth my while to stay. For many years, I led an incident response function for the strategic outsourcing business, which was later spun off to be what is now Kyndryl. I learned a LOT. I learned so much, in fact, that I decided to start a podcast in 2012, partly to make myself smarter, and partly in hopes that I could help the industry avoid the mistakes I was seeing our clients make on a near daily basis. I have deep scars from all the big security events of the 2010’s - heartbleed, shellshock, wannacry, notpetya, and many others.

In 2019, I was leading an internal practice around cyber regulations (in addition to the IR role) and ended up helping the cloud business out of a sticky situation. Unbeknownst to me, cloud had been looking to replace their CISO, and in March 2020, they offered me the job. My first big test was leading Cloud through Covid.

I had the extreme privilege to lead a team of 184 remarkably talented professionals. We did some cool things, but I regret the long list of things that didn’t get done.

As well published in the news, IBM took a hard line on return to office, particularly for executives. They gave people like me a choice: relocate to a key site (Atlanta was not one of them) and work from the office 3 days a week (with tight attendance tracking), or be let go. I have been working from home full time since shortly after IBM bought ISS in 2006 - nearly 18 years. I spend about 1/3 of my time at my beach place, which I was not willing to part with. Plus, I fundamentally disagree with the return to office approach and with how people have been treated, so I opted to “let it happen”, and so today is the day IBM terminates me.

I’ve saved up enough money that I can take a break for a while. It’s been 32 years since I’ve had more than a week off work, and at least 20 since I’ve had any sort of vacation that wasn’t disrupted by urgent meetings, crises, and so on. I’m going to spend some time with my family, especially my extremely patient wife, in ways that I haven’t been able to.

I have a very long list of things I’ll be doing during this downtime. I intend to get back into podcasting; I am going to write some including maybe a book; I am going to focus more on the fediverse instances I manage to ensure they are enduring; I am going to way too many baseball games with my wife (she is a mega baseball fan); and I am going to take way too many pictures and hopefully find some creative ways to make money with those pics.

TL;DR: today is the end of a long journey for me, and the start of a new one. And it’s a good day.

NEW by me: TeamViewer, the maker of remote access tools, says its corporate network was compromised.

The company has attributed the ongoing cyberattack to Russian government-backed hackers known as APT29.

https://techcrunch.com/2024/06/28/teamviewer-cyberattack-apt29-russia-government-hackers/

HISTORY OF PHYSICS

(as told by Werner Heisenberg)

During the Solvay Conference in 1927 we lived in the same hotel and the younger people of the group sat one evening together drinking of wine or so.

Somehow the problem had come up about religion and natural science.

Dirac was a very eager defender of the view that religion was just nonsense, was opium for the people, it was just made to make people foolish, and so on. He argued rather strongly.

1/

Whoa. Beginning in November 2024, Google will be un-trusting Entrust certs in Chrome.

"Over the past six years, we have observed a pattern of compliance failures, unmet improvement commitments, and the absence of tangible, measurable progress in response to publicly disclosed incident reports. When these factors are considered in aggregate and considered against the inherent risk each publicly-trusted CA poses to the Internet ecosystem, it is our opinion that Chrome’s continued trust in Entrust is no longer justified."

https://security.googleblog.com/2024/06/sustaining-digital-certificate-security.html

If you want a free tier 2 piece of Cat research that has gotten two excoriating journal rejections and been called "useless" (!) here is my qualitative study sitting with engineering managers' experiences and strategies

https://osf.io/preprints/psyarxiv/kpxw5

NEW: Wind through the iconic Pillars of Creation, switching between Hubble’s visible-light observations and #NASAWebb’s infrared view, and see how they are being eroded by the fierce winds of nearby hot, young stars.
https://www.youtube.com/watch?v=1itvyekUbWU

The fact that Microsoft Teams 🤮 contains a feature called "Teams" where actual teams can create a Team, and at Microsoft the teams working on that feature probably have a Team to discuss the Teams feature, suggests that there exists a Microsoft Microsoft Teams Teams Teams' Microsoft Teams Team.

Worth grepping your source code for "polyfill.io" and taking urgent measures to remove that code if you're linking it into your site - the domain name apparently now intermittently serves malicious JavaScript

My notes here: https://simonwillison.net/2024/Jun/25/polyfill-supply-chain-attack/ - or read this article https://sansec.io/research/polyfill-supply-chain-attack

When my computer suddenly starts being weird and ignoring mouse buttons and keystrokes, I pull this Oz looking key out of my pocket and turn the keyswitch. It reruns my xmodmap & xkbset commands from my .xsession startup file.

All fixed.

(This only happens once or twice a year, but it can be such a hassle to fix by hand...)

#Geek

Hive mind:

Now I have a 1Gbps net connection, I'm thinking about a cloud backup service for my work laptop (~2TB of stuff) & ideally our home computer (photos) & phone as well. All Apple, macOS & iOS.

I have TM & CCC backups on separate disks on my desk, but want one offsite too.

Would prefer a Europe-based provider for ~5TB, but none of pCloud, icedrive, or Jottacloud quite fit the bill.

Any Apple friendly alternatives I should look at? (Not interested in US-based iDrive, Backblaze, etc.)

sent "How Git Works" to the printer last week! So we're getting closer to shipping everyone's orders, though there are literally 1000 orders to ship so it'll take a little while still.

if you'd like a print copy shipped to you it's not too late to order -- you can get yours at https://wizardzines.com/zines/git/

(also someone asked if ordering print copies creates more work for me -- and it doesn't! We work with an amazing small fulfillment company that handles all the shipping ❤)

(CNN) - Conspiracy theorist Alex Jones’ Infowars media empire will be shut down and sold off, according to a bankruptcy court-appointed trustee in an emergency court filing. https://www.cnn.com/2024/06/24/media/alex-jones-infowars-court-trustee/index.html

So yeah, I'll be getting laid off along with my whole team from Fastmail at the end of this week. If you know of anyone hiring backend developers (or frontend, designers, PMs, marketing, or managers who are also getting laid off) Please let me know!

New article in Tech Policy Press with Janet Haven of Data & Society:

"The safety and effectiveness of high-stakes digital products should be determined by industry-independent research. By disallowing research on any terms but their own, tech companies (from established social media platforms to the creators of the latest AI chatbots) ensure that there are huge gaps in understanding the impacts of their products."

https://www.techpolicy.press/social-media-warnings-alone-cant-solve-the-youth-mental-health-crisis/

BREAKING: Los Angeles Mayor Karen Bass says she is discussing a mask ban for protests with the City Attorney.

Source: https://youtu.be/5R6krNYXnZI?si=xLMg1x5DbwtImKfy&t=232

Ok kids, here we go:

#Bandwagon, the open #Fediverse alternative to #Bandcamp is ready for its first steps into the light.

I have a waitlist online at
https://bandwagon.fm if you'd like to try it out.

I'm planning to build the first (dozen? I don't know) profiles in the waitlist personally, with an email questionnaire and FaceTime follow-ups if necessary.

Once I'm confident in the UX, we'll open up self-serve signups for everyone.

Hello everyone!

We have some unfortunate news. @fastmail has made the decision to lay off 60% of our bargaining unit, including our bargaining committee, in a surprise restructure while we were in the middle of contract negotiations. Fortunately, we were able to negotiate for a much better severance package than we would have gotten had we not unionized when we did. We are grateful for the work that the Communication Workers of America put in on our behalf to get us the best deal they could.

The second #ESA Science Newsletter is out. This time with:

* #Euclid ERO data access (&images)
* #Envision call for interdiscriplinary scientists
* Research Fellowship call pre-announcement (call expected end of August with deadline mid-September)
* NewAthena science study team announcement
* DASH & IHDEA conference announcement
* Mercury Laboratory Workshop announcement

▶️ https://www.cosmos.esa.int/web/scinews/2024-02

#astrodon

There are a lot of untested, bold-claim products that claim to repel insects. Here's why to use DEET (for skin) and permethrin (for clothes) and a very few other things that actually work. Better living through chemistry https://www.scientificamerican.com/article/the-best-mosquito-repellents-according-to-science/

#AI #GenerativeAI #LLMs #OpenSource #FLOSS #EU #AIAct: "Technology giants such as Meta and Microsoft are describing their artificial intelligence (AI) models as ‘open source’ while failing to disclose important information about the underlying technology, say researchers who analysed a host of popular chatbot models.

The definition of open source when it comes to AI models is not yet agreed, but advocates say that ’full’ openness boosts science, and is crucial for efforts to make AI accountable. What counts as open source is likely to take on increased importance when the European Union’s Artificial Intelligence Act comes into force. The legislation will apply less strict regulations to models that are classed as open.

Some big firms are reaping the benefits of claiming to have open-source models, while trying “to get away with disclosing as little as possible”, says Mark Dingemanse, a language scientist at Radboud University in Nijmegen, the Netherlands. This practice is known as open-washing.

“To our surprise, it was the small players, with relatively few resources, that go the extra mile,” says Dingemanse, who together with his colleague Andreas Liesenfeld, a computational linguist, created a league table that identifies the most and least open models (see table). They published their findings on 5 June in the conference proceedings of the 2024 ACM Conference on Fairness, Accountability and Transparency."

https://www.nature.com/articles/d41586-024-02012-5