archon - Network

“It’s time that fascism is called fascism and Americans know exactly what they’re voting for”Don’t worry, Americans know exactly...

“It’s time that fascism is called fascism and Americans know exactly what they’re voting for”

Don’t worry, Americans know exactly what they’re voting for. The only reason they’re not calling it fascism yet is because that phase of Der neue Führer’s plan hasn’t started yet.

Remember: Nazis were voted in legally when everyone knew their politics and how they treated their political enemies of all backgrounds. This time it’s happening in multiple countries all at once and we know both politics and stated goals (which are never as bad as the actual end result) ahead of time. We have history to look back at. We have significantly /less/ excuse for allowing this to happen than early 1930s Germany did. We’re /more/ culpable for allowing things to get this bad. They’re not waiting until they have power to talk about how far they want to go, and it certainly won’t be as far as they’ll end up going.

https://mastodon.sdf.org/@uspolitics/111456941918336683

Of course it can “happen here”. Have people forgotten about the KKK?https://mastodon.sdf.org/@uspolitics/111451986462110408Or, perhaps,...

Of course it can “happen here”. Have people forgotten about the KKK?

https://mastodon.sdf.org/@uspolitics/111451986462110408

Or, perhaps, that Hitler’s Nazis took inspiration from America of that era? And that the Nazis actually rejected certain American policies and practices because they found those practices *too harsh*? https://bookshop.org/p/books/hitler-s-american-model-the-united-states-and-the-making-of-nazi-race-law-james-q-whitman/9000199?ean=9780691183060

In any sensible timeline, no one would believe a word of this article. Yet here we...

In any sensible timeline, no one would believe a word of this article. Yet here we are.

https://www.cnbc.com/2023/09/11/elon-musk-moved-twitter-servers-himself-in-the-night-new-biography-details-his-maniacal-sense-of-urgency.html

I cannot endorse, co-sign, boost, whatever, this enough. IR isn’t a checkbox you tick off and stick on a shelf...

I cannot endorse, co-sign, boost, whatever, this enough. IR isn’t a checkbox you tick off and stick on a shelf somewhere.

https://infosec.exchange/@riskybusiness/111043786108155755

Personally, right after Frodo decides they will travel through Moria. Gandalf has just said it’s a terrible idea, decides to let the...

Personally, right after Frodo decides they will travel through Moria. Gandalf has just said it’s a terrible idea, decides to let the hobbit with no real experience decide what to do, and that goes about as you might expect. In the movie, the look on Gandalf’s face says it all: “FUCK!”

The Lord of the Rings movie is rated PG-13, which under American rules entitled it to one “fuck”. Where do you put it?

The Lord of the Rings movie is rated PG-13, which under American rules entitled it to one “fuck”. Where do you put it?

The American IT industry? Try the *global* IT industry!https://lemm.ee/post/4376145

The American IT industry? Try the *global* IT industry!

https://lemm.ee/post/4376145

I *just* finished ranting about informed consent and user privacy, and this shows up on my feed. You know, just in case I needed something...

I *just* finished ranting about informed consent and user privacy, and this shows up on my feed. You know, just in case I needed something to prove my point about how important all this is and how user-hostile companies are.

https://todon.eu/@ramonita/110858332088402583

I posted this as a reply a few days ago, but it deserves a top-level post.If your #UI has a "yes" option, but no permanent...

I posted this as a reply a few days ago, but it deserves a top-level post.

If your #UI has a "yes" option, but no permanent "no" option, you have failed at both basic #UserExperience (#UX) and basic #consent. Either should be a release-blocking bug.

It's not enough to just have a "no" option either. There's a number of considerations here, and you need to pass all of them.

Is your "yes" a big button and "no" is a tiny link or in a different part of the UI? You still fail. And now you also have a #DarkPattern in your UI, so you've managed to make it worse. Your "no" option must always be at least as prominent as "yes" and they must be clearly visually (and accounting for visual processing differences, like colorblindness) distinct.

Can I revoke consent as easily as it was given? If not, you fail. If you're going to ask me to confirm revoking consent, you have to ask me to confirm giving consent.

Is "yes" the default option? Fail. If giving consent is worth it to your users, they will choose "yes". Assume privacy and user-friendliness, let the end user decide to give that up.

Do you have a "remind me later" option? Not "maybe later", "remind me later". Your users need to be able to say "yes I want to do this now", "I want to do this but can't right now", and "no, don't ask again". This MAY be less prominent than "yes" and "no", but probably should not be.

Do you provide clear and prominent options, not in legalese but in clear everyday language without relying on technicalities or obscure meanings, for users to make a fully informed decision? If it’s not #InformedConsent you don’t have proper consent and you still fail.

Does giving consent collect the bare minimum information, then send the bare minimum information, needed for functionality? Your app may need to collect specific information because that’s what’s available, but it should never collect more than is actually needed for the stated purpose. And everything must be processed client-side to remove as much extra information as possible before sending it along. If the data your app needs to collect, or the data your app sends out, ever changes, you have to assume you don’t have consent anymore and ask for consent again.

Does refusing or revoking consent limit functionality more than absolutely necessary? Here’s a hint: you probably don’t actually need a blanket worldwide royalty-free license to use, remix, modify, and distribute all your users’ content just to let them upload things you show to their followers. Even images and videos.

Does the terms of use limit your usage of what the user is consenting to? This comes back to informed consent, your user must consent to specific things. If you want to do fewer things later, go ahead. If you ever want to do more things, or start doing things you had consent for but stopped doing, you need fresh informed consent.

If all this seems hard, you’re probably doing things wrong already. This is all easy if you’ve been putting users first, and if your users come first you’ve already been doing these things anyway!

This article came across my feeds, and it proves a point I don't rant about nearly enough: firmware TPMs are not trustworthy. If any TPM...

This article came across my feeds, and it proves a point I don't rant about nearly enough: firmware TPMs are not trustworthy. If any TPM can be tricked into disclosing all or part of the private key, or if the private key material is accessible without physical destruction of the TPM itself (decapping attacks), the TPM is broken and can't be trusted. Sure, it's better than nothing, but that's a really low bar to try to clear.

Ever since Heartbleed, I've seen people curious about what else could be recovered via CPU faults (spoiler: anything the CPU handles). I'm just waiting for someone to disclose a fTPM attack via the CPU management interfaces (Ring -3, the OS running under your OS you probably didn't know about) or by tricking the CPU into accepting a bad firmware update that just, I dunno, adds a "GimmiePrivateKey" command.

https://www.tomshardware.com/news/tesla-mcu-amd-asp-flaw-jailbreak

Now, it does appear to be based off the faulTPM attack described in https://www.tomshardware.com/news/amd-tpm-hacked-faultpm, which does say it requires physical access for "several hours". Just remember though, attacks never get worse, only better, and firmware/microcode vulnerabilities are notoriously difficult to recover from.

Site: “You seem to be using an ad blocker…”And if you turn off the obnoxious ads and those trackers, I’ll consider turning off my ad...

Site: “You seem to be using an ad blocker…”

And if you turn off the obnoxious ads and those trackers, I’ll consider turning off my ad blocker. Ads are fine. Interfering with consuming your content or tracking me or allowing your advertisers to track me is not.

This is huge. The impact of #ABA on #autistic people is finally being recognized and a major medical organization is taking active steps...

This is huge. The impact of #ABA on #autistic people is finally being recognized and a major medical organization is taking active steps against supporting it.

https://social.translunar.academy/objects/80ee02b7-4d09-4206-913c-f466212e6666

Vote as if your life depends on it. Because for some of your friends, family, and loved ones their life does depend on...

Vote as if your life depends on it. Because for some of your friends, family, and loved ones their life does depend on it.

https://mastodon.social/@Ulrich_the_Elder/110607073413718939

All these memes and jokes about the Titanic sub have certainly been amusing, and have shown some people who can't bend over far enough...

All these memes and jokes about the Titanic sub have certainly been amusing, and have shown some people who can't bend over far enough or fast enough to kiss billionaire ass, but there's one thing nowhere near enough people are talking about: how much did all this cost?

Let's look at the "tickets" for the "crew". At $250k/head, 4 people (plus the "captain" who presumably didn't pay to go on his own sub) spent a million dollars. That alone is more than the entire annual budgets of the majority of American non-profit organizations. The price of a *single ticket* is about 5x the size of the majority of non-profit annual revenue (almost 1 million American non-profits have annual revenue below $50k/year).

The cost of the search operation is expected to be many millions of dollars. It's not unreasonable to expect that the cost of building the sub was also quite substantial, even though it seems to have been done with cheap shit that no one was willing to sign off on as being suitable for the intended task.

Side note: it would have most certainly been significantly cheaper to rescue the 500 people who died within sight of ready and available aid crews who did nothing. All animals are equal but some are more equal than others.

Now, put all those big numbers together. Any one of these billionaires could pay for it entirely out of their own net worth. And honestly, all their estates should be held jointly and severally liable for the full cost plus damages. But think: how many people could have been helped with this money? But instead, in true rich person fashion, it's "all about me and fuck the plebs".

Tell me again about how everyone is supposedly equal!

Tell me again about how everyone is supposedly equal!

This represents the entire problem with #corporate #SocialMedia ownership. You aren't a person, you're a source of #data to be...

This represents the entire problem with #corporate #SocialMedia ownership. You aren't a person, you're a source of #data to be #monetized and manipulated. Have you read the terms you agreed to when you signed up? It isn't really your #content anymore.

Especially now that your content is being used to train #AI models. Sure you retain ownership over your content (usually), and you can delete it (or "delete" it), but it doesn't get magically taken out of the AI's trained model when you do. You may still own your content, but they get to do anything they want with it and not share a single penny of the money they may get because of it.

https://indieweb.social/@jaredwhite/110556419815993991

When I was a kid, I remember we were always told that we can be anything and anyone we want to be.Now a bunch of you are probably thinking...

When I was a kid, I remember we were always told that we can be anything and anyone we want to be.

Now a bunch of you are probably thinking "lolz, Archon that's identity theft". You're not wrong, but not the joke I was going for. This time.

The real joke is that these same people are now giving us the living embodiment of the "no not like that" memes. The same people who said "you can be anything you want" and "you get to decide who you're going to be" are trying to say we can't be #gay, #lesbian, #trans, #bi, or #queer. We can't be #autistic or #ADHD, or any number of other things we don't get a choice about. We just *are*.

And sure, maybe they meant things you have a choice about, but nope. They're even trying to say we can't be #AlliesAndAccomplices!

Hello, World! This is my #introduction post. I'm me, you're you (at least I hope so), and I'm glad to be here with you.I talk...

Hello, World! This is my #introduction post. I'm me, you're you (at least I hope so), and I'm glad to be here with you.

I talk about politics, #infosec, bad jokes, memes, and the terrible things we're expected to just accept in the name of capitalism and making the rich richer. Black Lives Matter, trans rights are human rights, sex work is work. SWERFs, TERFs, Nazis, and their apologists need not apply.

I'm an infosec generalist, working on securing both back-end infra and client devices. #ZeroTrust, #2FactorAuthentication, #certificates (both TLS and SSH), are major focus areas for me.

I'm also a reasonable #software #developer (just don't ask me to pass a software engineering interview loop) and a pretty good #Linux and #OpenBSD sysadmin. I also know my way around #database systems, preferably #PostgreSQL or #MySQL.

I like to think I'm reasonably competent at what I do. My employer has agreed for over 15 years at this point, for whatever that's worth.

What would I say it is I do here? When I'm not guarding my stapler, I like to read fantasy novels and I play #GenshinImpact and #HonkaiStarRail. I'm also making my way through #TearsOfTheKingdom slowly. No multi-player games for me, not even tabletop anymore, but I might watch if you're streaming.