Notices by RootWyrm 🇺🇦:progress: (rootwyrm@weird.autos)

@blogdiva the fact that two people who were kidnapped and being illegally held are worth more to the FBI than the capture of a terrorist who had already assassinated two, attempted two more, and fired at police officers... *REALLY* says it all.

@bortzmeyer the year is 1997. I am explaining why there is no such thing as a 'safe' backdoor.

The year is 2001. I am explaining why there is no such thing as a 'safe' backdoor.

The year is 2007. I am explaining why there is no such thing as a 'safe' backdoor.

The year is 2011. I am explaining why there is no such thing as a 'safe' backdoor.

The year is 2016. I am explaining why there is no such thing as a 'safe' backdoor.

The year is 2025. I really want to just chug bleach now.

@dangillmor now Dan, let's not be too hasty here. To demand consequences would do irreparable damage to the tradition of collegiality and imperil their ability to pass any legislation!

But if you donate just $5, $20, or $250 per month then they can draft a sternly worded letter to back up their empty words!

(Nope, you still didn't read it with enough sarcasm, I assure you.)

@cR0w @darfplatypus @da_667 please start with Google and NaziFlare's personal data harvesting operations.

@cR0w @darfplatypus @da_667 the hilarious thing is that this will instantly nuke an offensive number of applications and infrastructure that thinks that hard-coding public resolvers used for data stealing is a great idea.

Hey, uh, folks?

I don't know if you missed it, and I REALLY hope you didn't, but Muskrat and Twitler are having a very, VERY, *VERY* public fight replete with threats of taking away subsidies and immediately decommissioning rockets.

And my gods, the world's popcorn supply may NEVER recover if we don't die of schadenfreude overdose first.

@anildash you are absolutely presenting them as equivalent.
Someone who has worked at the VA for 20 years, doing the job across 3+ administrations, has absolutely NOTHING in common with some 'founder' joining up as an 'adviser' to grandstand proudly alongside a man who gives Nazi salutes and spouts Nazi ideologies.

Or are you claiming that people making $75k pre-tax can afford just give up all their income, healthcare, and hope of retirement?

@anildash piss off with the insulting false equivalence. These aren't even remotely comparable things, something you claim to be smart enough to know.

But I guess since he's an "entrepreneur" he gets a free pass for signing on months AFTER Elon's Nazi salutes, embracing of openly Nazi organizations, and blatant bigotry?

@anildash or are we going to pretend that, in his own words, he didn't sign up on MARCH 17, 2025.

Literally the day after the regime signed an illegal 'executive order' shutting down Voice of America and Radio Liberty among others.
Two days after Judge Boasberg issued the first injunction (still being ignored) that blocked illegal deportations to concentration camps.

So no. He knew full well, 100% he was signing up for literal Nazi ideology.

@anildash "Senior Advisor to the Chief of Staff Christopher Syrek, and my salary, $0." And then a bunch of excuse making for literal Nazis.

Lie down with dogs, wake up with fleas. Absolutely no sympathy, no mercy, and NO redemption for fascist collaborators like this OR their business Gumroad.

NONE.

They actively chose to support this knowing full well what it was. They collaborated with Nazis. The end.

@GossiTheDog it's even worse than that. They're fucking with this bullshit in the .NET ecosystem, and pushing 'vibe coding' hard.

Literally over a decade of effort to make it open, accessible, building rapport with numerous communities, and untold hours proving .NET's real worth.

This isn't just customer code; this is literally an entire ecosystem impacting over a hundred million users.

Just getting pissed right down the drain.

@GossiTheDog "there's no way it-" Samsung Tizen OS.
Every smart TV from Samsung is running .NET. Not just running it but very heavily dependent on it.
Those idiotic smart fridges? .NET inside.

And the list just goes on and on to the point where 100M devices is likely a massive underestimate.

(Disclosure: I am a member of the .NET Foundation. But I don't speak for them.)

@GossiTheDog and boy howdy are those products full of red flags.

For example:
https://www.smarsh.com/platform/enterprise/conduct

"Supervise[s] more than 100 communication channels (including audio and video)"

So it's not so much 'archiving' as 'spyware' where everything is being dumped into S3 buckets by people with ... *questionable* security practices.

@GossiTheDog and people are still sleeping on the fact that this is not some 'small fry' company. "TM_SGNL" can reasonably be assumed to reflect the practices of OTHER products at parent company Smarsh. Which is actually a fairly large player in the compliance archiving space.

Which tells me that there's a non-zero chance their other products (which are all SaaS) have similar 'security' practices.

Just what you want from a company selling you 'Conduct Surveillance.'

@amszmidt I don't engage with or tolerate illiterates minimizing the regime.

You are not at all cordially invited to choke on a brick.

https://en.wikipedia.org/wiki/Concentration_camp

REMINDER: do NOT sign up for protests. No matter how 'innocent' it seems. No matter how trustworthy the signup sheet. No matter what.
Nazis are going to get their hands on these lists. They are already surveilling these protests, recording license plates and photos, using fake cell sites to capture phones, and building lists of opponents to send to the concentration camps.
Practice good security.

@da_667 @GossiTheDog oh, it's even more trivially readable. Because I can pretty much fucking guarantee you that the SQLite isn't ACTUALLY encrypted. Because presumably they're using Microsoft.Data.Sqlite. Which means no proper encryption. So there's a fleet of trucks sized hole there.

https://learn.microsoft.com/en-us/dotnet/standard/data/sqlite/encryption?tabs=net-cli

#infosec people, THIS is big and you need it in front of management RIGHT NOW.

MITRE has informed the CVE board members that effective TONIGHT, funding to run CVE and CWE is effectively gone. The US federal government contracts MITRE to run these programs including both management, operations, and infrastructure.

This not only could but almost certainly will result in disruptions to CVE and CWE including a halt of all operations if new contracts/funding are not secured.

@silverwizard one look at YouTube comments answers that question. They gave up on it long, long ago because spammers and scammers drive clicks.

@silverwizard a perfect example of this is the LePotato AMLogic boards. Basically none of them have a valid or legal license to the firmware. You HAVE to use incredibly specific versions of everything because of cryptographic signing and encryption, which not only can you not build, *they* can't build or obtain. DTB is completely worthless because the problem is the encryption and signing.