Notices by Patrick Howell O'Neill (howelloneill@infosec.exchange)

@GossiTheDog my old apartment had a smart thermostat, it was great. more comfortable, more savings, more sustainable. wish I had one in my current place.

@GossiTheDog @BruceMirken now anti-ai hype outrage, that I'm completely onboard for

while i'm tooting out toothbrush-related takes, we all recognize that the "just say no to iot" dogma that some people in infosec tout is, at best, sisyphean, right? That's not the world we live in, look at any statistics whatsoever on that matter. a more realistic and constructive approach might be to direct people to better iot devices, vendors, and practices. we're not turning back the iot tide, I'm sorry to break this. Improving standards, talking about who does it well, calling out bad actors, these things can be helpful. But "just say no" works about as well here as it is ever has.

@GossiTheDog fair enough, maybe the viral outrage prevents further harm in a big way. that's an interesting hypothesis and could very well be true. as it is, the outrage went more viral than the story from my anecdotal perspective, and that warrants some self-examination imo. my optimistic hope is that this leads the outraged readers to be better at identifying which outlets are primarily aggregation machines rather than journalism outlets

@zackwhittaker @GossiTheDog I think aggregation with no vetting is not going away any time soon, unfortunately, and that's ultimately what this is about.

your concern about desensitization is valid and real. however, the issue of cyber fatigue is so vast that I am extremely skeptical that one weird little toothbrush story makes significant impact. Every six months we have a new worst vulnerability ever headline, a huge breach, mass exploitation, etc.

Again, you're totally right to have an issue here! Maybe the best case scenario is that this helps the general reader understand which publications are aggregation factory and which do actual reporting. That would be a good outcome.

I just think any time the outrage goes more viral than the bad story itself, we can all take a step back and consider how much it really mattered

@GossiTheDog yeah I just saw some posts talking about how this was an example of highly trusted outlets going astray and, to be blunt, I just don't see any highly trusted outlets there is all. I see aggregation noise. Again, not good and worth examining! Just not worth this level of group outrage imo

@GossiTheDog I must be misunderstanding the independent, I see it badly and slowly aggregating tech news all the time but I'm not a brit. And the front page of Microsoft news is almost always garbage. In fact, normally it's more impactful garbage that i unfortunately have to see regularly. Sorry, I still don't think that's a huge deal.

If the BBC published it, okay, that would warrant the reaction. As it is, it's a minor and very silly misunderstanding. I'm open to the idea that I'm missing something but right now it just looks like a funny fixation on a strange little story that no one outside of cyber cares about anyway. We're in a bubble.

This isn't meant to be an attack on you btw. I think the work you do to respond to media issues is super valuable. I just think, in aggregate, this community is overreacting.

i've seen literally 50x more people complaining about the toothbrush thing compared to actual blogs, which is funny to me but okay, I understand.

It's probably significant that all the places i've seen publish it are mass production reblog factories. all due respect, these are not well regarded news outlets. maybe that's not obvious to the general public or even the cyber expert public? There's a difference.

contrary to the viral outrage, this is absolutely not an example of "a dozen well-regarded news outlets" being tricked. It's still worth learning from as an example of the pitfalls of aggregation but you all could act a little less outraged, if I didn't know better I'd think this thing was just published on the front page of the washington post. everyone, drink a glass of water and get some air. This is not a big deal :)

is this a good time to start my smart bathroom cybersecurity company?

"Over 2 percent of the US’s electricity generation now goes to bitcoin"

This news won't resonate because 2% feels like such a small number but it is in fact an insane amount of energy: "that's roughly the equivalent of having added an additional state to the grid over just the last three years." https://arstechnica.com/science/2024/02/over-2-percent-of-the-uss-electricity-generation-now-goes-to-bitcoin/

Hi @ivory. Love the popular and trending tab in the app, great job, high five. For the popular news section, you have metrics like “shared by 269 people.” If you have that number, is it possible to make it easy and clickable to read some of those posts? Searching links on Twitter and following the actual posts and discussion was really valuable and I’d love to see that here if possible.

@ivory I figured as much! Is that something that feasibly could be fixed in the core Mastodon project? Not that I'm asking you to go on a crusade to make post discovery better but I'm not not asking you to make post discovery better. Anyway, thanks for the reply, I do appreciate it.

I have too many calendars, calendars that can't be connected, I must therefore announce that I will no longer acknowledge the concept of time

Happy SEC’s new data breach disclosure rules day: "Starting from today, December 18, publicly-owned companies operating in the U.S. must comply with a new set of rules requiring them to disclose 'material' cyber incidents within 96 hours." https://techcrunch.com/2023/12/18/new-sec-data-breach-disclosure-rules/

customer service

It's Black History Month so I'm reading the Declaration of Causes of Seceding States (which, admittedly, is a lot of White history but you see the point). You ever read all 8,000 words of this thing? How long exactly do you think it takes them to get to slavery? A lot of people argue to this day that the Civil War wasn't primarily about slavery. And since this document is pretty long, I bet it takes a while to get to slavery, right? Well anyway, in the first sentence they say "okay, we're going to present the causes of the Civil War!" and then in the second sentence, spoiler alert, it's slavery baby!

"The people of Georgia having dissolved their political connection with the Government of the United States of America, present to their confederates and the world the causes which have led to the separation. For the last ten years we have had numerous and serious causes of complaint against our non-slave-holding confederate States with reference to the subject of African slavery."

I know that I'm probably preaching to the choir on Mastodon but I bet even most of the choir hasn't tried to read this thing. It's not just kind of about slavery. They don't mention slavery as one thing among many other grievances. It's slavery all the way down. https://web.archive.org/web/19980128034930/http://sunsite.utk.edu/civil-war/reasons.html

It's also honestly one of the dumber historical documents I've ever read. Here's Mississippi's declaration which also waits all the way until sentence number two to explicitly state the cause: "In the momentous step which our State has taken of dissolving its connection with the government of which we so long formed a part, it is but just that we should declare the prominent reasons which have induced our course. Our position is thoroughly identified with the institution of slavery-- the greatest material interest of the world. Its labor supplies the product which constitutes by far the largest and most important portions of commerce of the earth. These products are peculiar to the climate verging on the tropical regions, and by an imperious law of nature, none but the black race can bear exposure to the tropical sun. "

I grew up in New York City and I still remember a teacher who tried to argue that the war was about "state's rights." Imagine growing up in a place where the text books and political zeitgeist tries to pass that off as fact. Something to think about for the disinformation researchers out there.

Mastadon has a lot going for it but I haven't figured out if it's possible to follow news here the way it is on Twitter. Maybe that's the platform, maybe it's that there isn't a critical mass of people over here, maybe that's just my lack of imagination. Whatever it is, it's pretty important to how I used Twitter. This probably isn't important to most people but, hey, if people are or aren't finding good ways to track news I'd be interested to hear experiences/thoughts.