Notices by Eleanor Saitta (dymaxion@infosec.exchange)

Hilarious side effect of the OpenAI pivot to porn plus the Swedish ban on online pornography purchases: Paying for ChatGPT in Sweden may be a criminal act soon.

@suzannealdrich
The infrastructure needed to keep these machines happy is nontrivial. Each single server hosting eight graphics cards is north of a half million new, so even at ten cents on the dollar they're the cost of a new car and they're mostly designed to be used in clusters of at least eight and generally more like 64. They only have boot drives in the machine, if that, so you need an external storage server. The network cables they use run $600 for 3m. The switches run into the six figures too. The new hardware is designed for rack scale water cooling, so you're going to need to build a car-sized heat exchanger unless you want to literally just run all the faucets in your house wide open all day. And a half rack is still going to draw at least ten times what the entire rest of your house does.
@cstross

Ding dong the witch is dead

If you've worked with SDRs professionally, either at the hardware level or at the e.g. RF protocol implementation levels, I'd love to buy an hour of your time for a validation conversation about a potential project. DM if you're interested; boosts welcome.

@yaxu
At some point, I went to a pretty interesting seeming security and usability academic conference, breaking my general rule of not bothering with that sort of thing. Basically all the work presented was useless because folks had only studied the work, not done it, and no one in the room had context to call bullshit. Not to mention, of course the general sort of academic ritual of ignoring bad work instead of calling it out, which only helps if you already know what's bad.

When this case first came out, I was talking to a relatively senior Finnish journalist about freedom of the press in Finland. We came to the conclusion that Finland's then best in the world ranking on press freedom was entirely down to the fact that the press had never wanted anything that the government wasn't ok with having in the papers. This decision is broadly incompatible with freedom of expression. Prosecuting folks who agreed to keep state secrets is one thing. Accusing journalists of treason, let alone convicting them, for publishing material that in their professional opinion was newsworthy is completely unacceptable. The Finnish national security bureaucracy does and must not be above the constraints of international human rights law, and must not be permitted to either constrain a priori or decide post hoc what is in the national interests. I assume this will be appealed and that the Finnish Supreme Court (or, failing them, the European Court of Human Rights) does the right thing. This case has already caused a significant chilling effect on Finnish journalism — already not in a great position — and this is happening at a time when Finland's national security position and responsibilities are changing rapidly. We need transparency and accountability in the national security bureaucracy now more than ever.

https://yle.fi/a/74-20170451

@raito
Much more likely to becomea law in Europe than the US, honestly. And it might get revised quickly, but quickly in EU terms is at least a decade.
@whitequark @Di4na

@raito
I am, yes. I think it's a pretty solid balance, at the level I've read so far, and they we could do a lot worse, as a model text. It came about in part because the EU does listen to actively engaged folks from civil society, including FOSS devs, when they're willing to engage with the debate on the EU's terms. Hopeful the existing version will be improved where necessary and reasonable and adopted. It's entirely possible, though, that it will be seen as insufficient.

The exclusions in there were not put there by folks objecting to the fundamental framing.
@whitequark @Di4na

@raito
It kind of boggles my mind that folks who write software with the hope of it being used as part of a global ecosystem wouldn't really care whether their software or that ecosystem is secure. Like, sure, if it's your hobby and you don't really care about its impact on the world, you do you? It's exactly the same sort of "negative externalities aren't my problem" attitude that we decry up and down everywhere else.

But yeah, I guess framed that way, the only thing they will make those devs understand that they have to care is liability, the same as everyone else in that situation. It just happens here that liability will probably also destroy the ecosystem at massive cost to us all.
@whitequark @Di4na

@apps
Where is this in settings? I've spent about 20 minutes looking through all the settings menus a half dozen times. Autofetch missing messages and autoload remote media are both off.

@apps
The per-message dotted menu is no longer present in thread view, so I can't e.g. edit replies without re-finding them in my account view.

@clarity
I've also just had relatively good luck with managers, apparently

@clarity
That's terrifying. How do you end up being a manager not knowing this.

@ferrix
There's good money to be made being part of the problem
@evacide

@GossiTheDog
Do you know how security works at scale? This isn't news and among the majors, MS was mostly late to the party. That said, "spies" is doing a lot of work here. If you mean "collaborates specifically around threat intelligence", sure. If you mean "provides the US with general purpose intelligence outside the digital security space above and beyond the cooperation that the US can compel with statutory powers", no, we have no reason to believe that.

Also, with CISA dead, it's unclear that anyone on the USG side is still listening.

@hacks4pancakes
I would like to be fucking wrong more often. I am very tired of being right

@inthehands

@LukefromDC

@LukefromDC
Si vis pacem, para bellum
@inthehands

"We're happy to announce version 1.0 of the Torment Nexus, as popularized by the science fiction book 'Don't Invent the Torment Nexus'! Our innovative product breaks new ground in..."

https://www.theguardian.com/technology/2025/mar/08/vr-prison-california

@inthehands
We did, the NTSB.

I assume it'll be dead soon.