yeroc @yeroc@qoto.org

A cryptobro DMed me to ask if I wanted to join his mailing list.

I spent slightly too long making this to send in reply.

Red Hat: those who use open source code and don't contribute back are "a real threat to open source companies everywhere"

I call them: users.

I fight for the users.

News flash: Saskatchewan is absurdly beautiful.

"typing speed"? I prefer the term: "terminal velocity"

Choosing a Mastodon instance is easy once you understand each instance’s values, customs, belief systems, and inter-instance alliances and feuds dating back 1,000 years.

I asked my friend what her take away was - she said “people really don’t like the scientific method.” By that, she meant many people become distrustful if you learn something new and change course accordingly. Essentially, the scientists should have figured out exactly what to do before saying anything and then myopically stuck with it.

It reminds me of a book I read about how people (at least in the US) view politicians: politicians who change their minds in the face of new information are seen as weak and indecisive, and their political rivals will generally capitalize on any such “flip flops”.

It’s odd to think that the very scientific method that drives our society and technology forward is the same thing that is driving us to realizing the society portrayed in Idiocracy.

Humans are weird.

I want to expand more on the comedy of errors that led to the eviction of Twitter from their Boulder office.

The story that leads up to this building even existing is hilarious, so here goes...

https://arstechnica.com/tech-policy/2023/06/judge-ruled-twitter-must-be-evicted-from-colorado-office-over-unpaid-rent/

I released a major update to my LLM CLI tool today - version 0.4, which adds conversation mode and prompt templates so you can store and re-use interesting prompts: https://llm.datasette.io/en/stable/changelog.html

You know how there's a bunch of critical infrastructure powering the internet (and presumably a lot more than the internet) is badly maintained and underfunded (often by just a few people)?

We know about several examples in the open source world, but I'm sure we all also know about several examples in each of our personal lives, in each of our places of business.

Someone has compromised a bunch of Minecraft plugin developer accounts, and has injected info-stealing malware into a number of widely used plugins for the game. Apparently, this is widespread enough that some involved in the investigation are urging people to just stay off Minecraft for now. Also, it sounds like they need some help.

More info:

https://prismlauncher.org/news/cf-compromised-alert/

More structured breakdown:

https://hackmd.io/B46EYzKXSfWSF35DeCZz9A

h/t @MrNuclearMonster

Network and email security firm Barracuda today revealed that a recently patched zero-day vulnerability had been exploited for at least seven months to backdoor customers' Email Security Gateway (ESG) appliances with custom malware and steal data.

https://www.bleepingcomputer.com/news/security/barracuda-zero-day-abused-since-2022-to-drop-new-malware-steal-data/

How fast the smoke from the Alberta wildfires swept into Calgary today in a chart and an image.

Read more: https://www.cbc.ca/news/canada/calgary/wildfire-smoke-air-quality-statement-calgary-1.6844824

#calgary #yyc #Alberta #albertafires #ABfire #wildfires

My latest Post, available at:

https://arstechnica.com/information-technology/2023/05/how-the-fbi-pwned-turla-a-kremlin-jewel-and-one-of-worlds-most-skilled-apts/

FBI officials on Tuesday dropped a major bombshell: After spending years monitoring exceptionally stealthy malware that one of the Kremlin’s most advanced hacker units had installed on hundreds of computers around the world, agents unloaded a payload that caused the malware to disable itself.

The counter-hack took aim at Snake, the name of a sprawling piece of cross-platform malware that for more than two decades has been in use for espionage and sabotage. Snake is developed and operated by Turla, one of the world's most sophisticated APTs, short for advanced persistent threats, a term for long-running hacking outfits sponsored by nation-states.
Inside jokes, taunts, and mythical dragons

If nation-sponsored hacking was baseball, then Turla would not just be a Major League team—it would be a perennial playoff contender. Researchers from multiple security firms largely agree that Turla was behind breaches of the US Department of Defense in 2008, and more recently the German Foreign Office and France's military. The group has also been known for unleashing stealthy Linux malware and using satellite-based Internet links to maintain the stealth of its operations.

One of the most powerful tools in Turla’s arsenal is Snake, a digital Swiss Army knife of sorts that runs on Windows, macOS, and Linux. Written in the C programming language, Snake comes as a highly modular series of pieces that are built on top of a massive peer-to-peer network that covertly links one infected computer with another. Snake, the FBI said, has to date spread to more than 50 countries and infected computers belonging to NATO member governments, a US journalist who has covered Russia, and sectors involving critical infrastructure, communications, and education.

Snake is among the most sophisticated pieces of malware ever found, the FBI said. The modular design, custom encryption layers, and high-caliber quality of the code base have made it hard if not impossible for antivirus software to detect. As FBI agents continued to monitor Snake, however, they slowly uncovered some surprising weaknesses. For one, there was a critical cryptographic key with a prime length of just 128 bits, making it vulnerable to factoring attacks that expose the secret key. This weak key was used in Diffie-Hellman key exchanges that allowed each infected machine to have a unique key when communicating with another machine.

In another slipup, Snake developers forgot to scrub the finished code for a new version of programming artifacts. The failure provided important new insights into how the malware worked because it exposed function names, strings in clear text, and developer comments.

AB Wildfire information lead Christie Tucker says Alberta has 700 firefighters battling the blazes and has requested *1,000* more from other jurisdictions.

Public Safety Minister Mike Ellis says 54 schools are closed and 10,500 students are displaced. They will begin looking at alternative arrangements for students who will be out of their communities for a while.
#AbLeg #AbFire #AbWildfire

Introducing Womprat, the font you’re looking for.
→ womprat.xyz

The longer I've been away from social media, the more repulsive I find it every time I check in to see if it's improved.

The sheer hatred for the "repugnant other" is as shocking as it is depressing. And the social divide between all tribes seems to only widen over time.

How can you practice proactive unity when the conversation starts at demonizing and literal death threats/calls for violence from both sides?

Is this social media's unexpected consequence? Active attacks by malicious third parties looking to amplify tribalism and hatred? Simply human nature?

I've thought about trying to bridge the gap between the various tribes you see forming online, but every time I look at social media, I get discouraged and feel like it would be a wasted effort.

If someone held views you fundamentally disagreed with, would you sit down and discuss it with them? Would you try to navigate your differences and find a compromise or at least understand the real root of your disagreement?

Or would you simply meme that the repugnant other is horrible and a personification of all that is wrong in the world?

We can make social media a better, happier, more unified place. But that's hard. And it requires mindfulness and proactive unity.

Thanks for coming to my TED talk. If I change even one mind, and they pay it forward, then maybe it's not so hopeless after all.

"If we tried to solve things like SQL injection attacks using a solution that only works 99% of the time, none of our data would be safe in any of the systems that we’ve ever built." -@simon

https://simonwillison.net/2023/May/2/prompt-injection-explained/

#security #chatgpt #ai #promptengineering

Elon Musk threatens to re-assign @NPR on Twitter to another company.

https://www.npr.org/2023/05/02/1173422311/elon-musk-npr-twitter-reassign