Notices by Tom Bortels (tbortels@infosec.exchange)

Hello mastodon. I could use some help.

TL;DR: I was laid off a while ago, and the traditional "go scour job sites and apply" is currently broken. So - let's try social media. Please boost if you are willing, or pass this along if you know someone who needs what I can offer.

I'll be brief: I'm a very experienced System Reliability Engineer, with a track record of dependability and scalability. I take people's problems - stability, uptime, scale, cost, durability, speed, security and attack resistance - and fix them. I have the dubious honor of generally costing less to employ than I save my employer. If everything is perfect - you don't need me. But if you do, you may need me badly.

I'm available. Drop me a note.

I am located in Ventura, California, and strongly prefer remote work. I don't require visas or special accommodation to work in the US.

Here's a resume: https://www.bortels.us/TBortels_Resume_2025_public.pdf

@Remittancegirl @cstross

So - do you trust Germany? I do.

2025 is 80 years after 1945. And I think we've mostly trusted them not to repeat the ugliness for most of that, because they took steps internally to regain that trust.

The real question is, does the US have what it takes as a nation to disavow and prevent this once cured in the same way Germany did? And I don't know the answer to that.

@dalias

The truth is simpler than the conspiracy: they're not on the platform because that's not where there peers are, and there's no advertising or other evangelism constantly telling them they'll miss out if they aren't there.

And - that's fine. I have to admit, I'm very confused by the attitude that if everyone isn't on mastodon it's somehow a failure, or indeed that we even want everyone here. Big crowds bring trouble with them. We left a lot of those people behind on purpose. Is that condescending? Then fine - we condescend. The world isn't made for you, I hope you find somewhere else you are happy.

@cstross

Counterpoint: this is an add-on, not installed by default. You have to actively opt-in to use it. If you're going to dabble in AI, there are far worse ways to introduce it as an option.

AI is like a box of matches, or a forklift - it's just a tool. It can be used for a few very specific tasks, or misused, and if misused you can do a lot of damage with it. Being ignorant of how to use it safely isn't a great long-term strategy to be safe. This may just be a way for the layman to try it safely and grok what it can do, and more importantly what its failure modes are.

I'd say at some point once people have a firm grasp on what it can and can't do we can make intelligent decisions on how it should fit into society - but we didn't bother to research first with fire or the wheel or electricity or computers, so we won't do that here either. That just means it's more important than ever for individuals to educate themselves.

Hint: for certain very narrow cases, AI can add utility when used by a skillful operator - some computer code tasks come to mind. Its output seems awfully human at times, and that's where the danger lies, as it doesn't actually think or reason. Never trust the output - you need to verify.

It's also an energy hog, but that's a different failure mode. It also is poisoning the infosphere, but that problem is sadly self-correcting. Books are good - they don't change after the fact.

Would I recommend using this? Probably not, but learning somewhere is good - I may try it on an isolated VM. If you're savvy you can download the model and mess with it locally, which is a security win. For many, this may be an ok choice.

@klardotsh @dealingwith

Ooh. Here's a thought...

1) develop some heuristics to detect AI scrapers. That may be as simple as activity significantly higher than legitimate users.
2) transparently send their connection to a dedicated server that..
3) doesn't block or throttle - just poisons the well. Feed them bad data. Wrong data. Nonsensical data. Well formed nonsense. For as long as you can.

@dealingwith

If they ignore robots.txt, if they change useragents, if they just come back on a new IP after banning... it's time to pull out the good tools. The tarpits. The rate limits. The counterattacks. The press.

@crankylinuxuser @ClipHead @pluralistic

FWIW - Radio Shack collected name/address originally because direct mail marketing was super effective. We're talking US Post here, the radio shack catalog with the coupon for a free flashlight, and hey, we sell batteries you might want for it. We'd see store visits go up like crazy the day the catalog hit. It sounds like the scope crept significantly after I bailed.

@crankylinuxuser @ClipHead @pluralistic

It's not quite as bad as described.

"Ultimately, a settlement was reached and the sale of customer information was approved, but in truncated form. RadioShack agreed to limit contact information to email addresses only, and only those that were active in the two years prior to the bankruptcy filing. Additionally, transaction data was reduced from 21 fields to 7. The purchaser agreed to abide by RadioShack’s privacy policies and to require affirmative assent to any material change to them. The settlement also provided that customers would receive a notice of the transfer of their information and an opportunity to opt out."

https://privacylaw.proskauer.com/2015/10/articles/ftc-enforcement/the-legacy-of-the-radioshack-bankruptcy-and-the-importance-of-pii/

@cstross

It's the same reason I don't have a nice suit of plate armor today: it's wildly expensive. Not so much the materials, but the manufacture.

In the modern world, I don't have a helicopter. It's wildly expensive.

In fantasy magic times - the only people who fly around on brooms or carpets are the very specialists who know how to manufacture and maintain them. Random mundanes don't have the skills/training/talent to fly them, much less make one, unless you're the scrappy protagonist.