Notices by Eleanor Saitta (dymaxion@infosec.exchange)

@rafi0t
Or perhaps we should say, Quíñ.
@quinn @whvholst @th

@rysiek
Honestly, this is the first I've heard of it, and hopefully the last. If it's even dumber in other ways too.... Yeah. Lolsigh.

Could people just stop trying to "improve" things they don't understand?

https://soatok.blog/2025/01/14/dont-use-session-signal-fork/

@dalias
Idk, I have pretty strong feelings about not inviting queer folks to have a nice time in a country that kills queer folks, even if the folks one invites are gonna be safe themselves. It's pretty colonialist, if you're going there for that reason.
@n3tn3rd @hacks4pancakes

Do (software) emulators/VMs exist for Sharc DSPs? How performant are they on, say, modern macOS ARM?

@dalias
Yeah, I have bad news for you about the reality of queer rights in Nepal. The rhetoric is good and the tourist experience is ok, and that's about as far as it goes.
@n3tn3rd @hacks4pancakes

Having just read a bit about the impact of the "business as usual" bias among German Jews in the runup to WW2 and the lack of meaningful resistance that it led to, is pretty terrifying watching the same bias today.

@dalias
I mean, it's also wildly insane from a climate perspective to fly the entire security community to Nepal? We shouldn't be flying nearly as much as it is — doing it much much more is an unserious suggestion.
@n3tn3rd @hacks4pancakes

@dalias
I have bad news for you about the availability of conference facilities in hotels (there are some! At least a half dozen credible options as long as you're under 1k people and can book the whole hotel! Let's move RSA there!)
@n3tn3rd @hacks4pancakes

@dalias
Oh man, if only a country like that existed.
@n3tn3rd @hacks4pancakes

@hugo
I'd look at a pixel running grapheneOS personally, but it does mean mucking about with re-imaging the phone. They've got an aggressive sandbox for Google play services (not installed by default) so you can still interact with the normal app store and most stuff should run fine. There are exceptions — often the banking apps — that won't run on anything without a stock os, which will also include the de-googled fairphone.

https://grapheneos.org/usage#sandboxed-google-play

@iraantlers

@hugo
I will note that despite owning a recent pixel, I haven't yet done this myself, because I loathe sysadmining a damn phone
@iraantlers

@hugo
You're going to want a shop to do a lot of the work on the current models, at least, but I'm hoping the EU right to repair law will at least push things in the right direction.
@iraantlers

Oh, and obvs this is just fallout from this set of laws. There will be other pushes, too — one I'm particularly worried about, once a standard for obscenity is set, is the destruction of paper archives of queer and trans history (many of which are not digitized), and attacks on US-held digital archives. They mean to erase queer and trans culture by whatever means are necessary, and erasing history is a critical component of that. This has happened before, and it must not happen again.

@hacks4pancakes So, the way I'd guess they would like this to play out:

1. Successful state porn ID requirements are a model for a federal requirement passed later this month.

2. The federal requirement is a global requirement on US companies, meaning that if you want to host porn, you can't have a US company in the stack.

3. The definition of porn is expanded to include all material that discussed queer and trans people, probably in stages, as well as abortion, contraception, and general reproductive health, at a minimum.

4. It's made clear that the same standard must be met for personal and non-commercial sites, including offline and paper storage, providing an easy avenue for targeted prosecution, especially of queer folks with kids.

5. A requirement is added that all logs must be forwarded to the government for compliance checks, which then provides reasonable for device searches during any other routine interactions with authority, like traffic stops and border crossings.

6. The definition of obscenity (which is what this is — bringing back Comstock is a stated goal) is expanded to include seditious materials, aka left-of-center political material, "critical theory", "DEI", etc., again with the onus placed on companies to positively prove they are not hosting it illegally — again, globally, regardless if the content is legal in the country the company operates in.

It's another looming disaster even if the database is never breached and malware groups never take advantage of it (which they will, obviously).

@bedast
Interesting. I'm very curious if they also do this in Europe. It's directly illegal in Finland at the very least, regardless of what legal agreement they have with the driver.

@quinn
Obvs, yes, I'm poking at etymology.
@KevinMarks @Tarah

@Tarah
I'm not sure if that was original to @quinn , but that's certainly who I heard say that first, maybe fifteen years ago

@nonnihil
Ok, it's wild that this is that different. In Finland, with much shittier on average weather and a pretty hardcore drinking culture (although it's gotten a lot better), but much more aggressive driving training, we have 7.5 fatalities per *billion* VMT.
@SwiftOnSecurity

@Menhit
It means it's a mouse that went to Eton, and mere housecats aren't permitted to go after it. Go and bring a swan into the office and get it to attack the mouse.
@cstross