Notices by lcamtuf :verified: :verified: :verified: (lcamtuf@infosec.exchange), page 2

I hate Elf on the Shelf. I think it teaches children that it's OK to live under constant surveillance. Why not come up with a more benign explanation, such as that Santa buys behavioral information from an online data broker?

SF Bay Area dating choices: "yes" and "ask me later"

I know that many folks on Mastodon grew up in the internet era and might be wondering how our lives looked before. I scribbled down some notes:

1) We had what we called "friends" - a concept somewhat similar to Instagram followers. The most notable difference was the absence of the "like" button, so you had to converse every now and then.

2) We had no streamlined and searchable archives of everything people had ever said, so canceling an acquittance was fairly difficult. You sometimes had to tolerate people with different views.

3) We had news delivered to our doorsteps, but you had to work with as little as 1-2 rage-inducing articles per day. The headline tech was lacking too, so you often had to read the entire piece before making up your mind.

4) Shopping was really inefficient. You had to go to a mall to buy clothing instead of having it trucked to your doorstep and then returning it when it doesn't fit. You were limited to maybe a hundred brands, and today's classics - such as TUBVECHI, STREBITQ, or VIGRUEZ - were nowhere to be found.

5) We had no smartphones, so you navigated the city using a sextant. Meetings were arranged under a full moon, but that posed challenges due to werewolves.

"We have all these wood chips left over... can we get our customers to haul them to the dump *and* pay us for the privilege?"

Know your hardwood furniture! Beware of cheap melamine particleboard. Always ask for premium MDF, which holds up much better to normal household use, lasting up to several weeks.

Meanwhile in the prepper subreddit

I must say, I'm proud of my growing collection of headlines.

One of the coolest toys I had as a kid was an "electronic projects lab" that had a bunch of components mounted on a plastic board and connected to spring terminals that could be patched together with wire.

(I attached a photo of a similar product; mine was a knock-off made in Czechoslovakia.)

Anyway - the coolest part of this was that it came with a book containing schematics for several hundred (non-trivial!) projects you could assemble right away. Just everything you need in one place, invaluable especially in the days before the internet.

A bit over 10 years ago, I wanted to give my kids the same experience, so I went with Snap Circuits - but honestly, it felt like inferior tech. Fewer components, harder to put together and keep together - and to add insult to injury, the included pamphlet mostly offered endless riffs on the same idea ("get this IC block to make siren sound A", "get this IC block make siren sound B", you get the drift).

A decade ago, you could still buy spring-terminal kits from Elenco, Ramsey, and some other brands, so I later did that. But now, looks like Snap Circuits killed them all off?

A bit of a bummer... breadboards are fine, but again, there's value in having all the parts and well-thought-out projects ideas in one place.

Are you disappointed with the quality of your online interactions? The culprit are the transistors in your computer, well-known for having a robotic, tinny signal quality.

I've been gradually replacing mine with vacuum tubes. My social media experiences are now much crisper and show significantly improved tonality.

OpenAI veterans who joined to escape the bureaucracy at Google, going through their first-day orientation at Microsoft

IBM, after 90 years of careful deliberation, decides not to associate with Nazis after all.

@amuse What? I personally find the system too constraining and hope we move to the next logical step: https:// replaced with vanity protocols

What are the most remarkable TV series you ever watched?

OK, a serious and burning question: why do we have sex scenes in so many films to begin with?

Like, I came here to see a sci-fi film about time-traveling murderbots. Why is there 30 seconds of moaning and bad softcore erotica in the middle of my cybernetic murder spree? I'm sitting there awkwardly and thinking to myself: Mr. or Mrs. filmmaker, what exactly do you want me to do?!

I know it's a part of life, but we don't show the protagonist picking their nose or taking a dump. Why not just stick to wholesome murderbots?

I always found it weird how many people in tech build their entire identity around their job.

Don't get me wrong: I think it's healthy to take pride in your work and do it well. But don't let it get to the point where every argument at work is an attack on your entire self. "I work at Google" isn't a good tagline for your life. For most of us, our legacy won't be what we did in the office. In ten years, nobody will remember or care about the all-nighters we put in to refactor some JavaScript.

Part of the problem is the mythos of Big Tech: the idea that we're changing the world for the better, no matter how disconnected it is from the reality of 99% of all day-to-day work.

It's probably also a matter of recruiting folks fresh out of college and asking them to move across the country or across continents. This severs their social connections and forces them to rebuild their life around work.

But by the end of the day, tech companies are not your family. Despite the pastel-colored interiors, board games, and lounge chairs, they have no qualms firing you if you bring the wrong "whole self" to work, if they get bored of your project, or if they need the numbers to look better in the quarterly report.

Time flies more quickly than you suspect. In your later years, you probably won't be reminiscing about all the OKRs you aced at BigCo. Find ways to disconnect every now and then. Save some of the energy for your family and friends.

My next idea is to make a relay-based wall clock with seconds display

Say what you will about capitalism and socialism, but I'm pretty sure California invented the worst in-between option with PG&E.

It's essentially run by the California Public Utilities Commission, which decides rates, mandates specific infrastructure investments, and caps profits. But it's notionally a publicly-traded company primarily responsible to shareholders.

So, politicians get to scapegoat a "greedy corporation" for policy failings; while PG&E execs shrug and say they're not responsible for outcomes because CPUC effectively runs the show.

And the result is somehow worse than any conceivable alternative.

You know, I *really* dislike ad blockers from the security perspective. They need exceptionally broad permissions that make the extension a juicy target for attacks. Pop one of the maintainers' Google or Github accounts and own hundreds of millions of people overnight - their email, bank accounts, social media identities, and all that.

The consequences of simple coding errors are similarly disastrous - and I bet that there are some good UXSS bugs lurking in all that JavaScript.

For these reasons, I resisted ad blockers for 20+ years, and I endured countless cookie prompts, subscription interstitials, "sponsored results", and unskippable ads. But around 2020, the anti-user patterns on the web have gotten unbearable. And I say this as a person who grew up in the era of auto-playing Flash-based pop-under ads.

I'm not a security absolutist. It's all about trade-offs: the convenience of using a modern web browser, for example, generally outweighs the risks of living with its massive attack surface. But in the case of ad blockers, you gotta take a hit just to continue to browse in peace. It blows.

Your hacker name is your mother's maiden name + the name of your first pet

By the way, I watch a lot of movies, and I think Dr Strangelove is one of the very best films ever made. If you haven't seen it, don't be put off by its age. It's pretty timeless.

From the Cold War, to the MAD doctrine, to patriarchy, to Operation Paperclip, to fringe conspiracy theories, to the suppression and revival of Nazism (its titular character's arch), the film deals with really profound topics without ever sounding preachy.

It's profoundly quotable, too.