Notices by Eleanor Saitta (dymaxion@infosec.exchange), page 3

@clarity
Shingy?

When Silicon Valley talks about meritocracy, this is what they mean: https://mastodon.social/@grimalkina/112205399028342839

It's obviously never been about merit, but it also doesn't work for anyone — even the people who have enough privilege that they get held to a lower standard.

@inthehands
The Democratic party exists to govern within a logical institutional framework. The right has spent almost 40 years working to undermine that structure, and is positioned to directly and immediately benefit from it. You think that the democrats going all in on post-truth discourse is going to help? There's no need to also defect from reality — you're not going to win any ground, but you will find there's more to lose. All the democrats need to do is decide they care more about people than money and actually fight.

They won't, of course. Nor will they yield the ground to folks not bought by oligarchs.

@kevinriggle
The primary job of a development team is the creation and maintenance of a shared mental model of what the software does and how it does it. Periodically, they change the code to implement changes to the mental model that have been agreed upon, or to correct places where the code does not match the model. An LLM cannot reason and does not have a theory of mind and as such cannot participate in the model process or meaningfully access that model — written documentation is at best a memory aid for the model — and thus cannot actually do anything that matters in the process. The executive class would prefer that other people in the org not be permitted to think, let alone paid for it, and therefore willfully confuses the output with the job.
@inthehands

Your movement can either be ideologically pure or have an impact on the world.

Your call!

53 years. Finally.

I hope the next chapter is much, much brighter.

@cstross
And? Every significant operational group in every branch of the military in every country that has one has a group of folks doing intelligence — even if the core intelligence function is entirely externalized to a single organization (or more commonly, three, one for domestic, one for foreign, and one for military), those organizations will have intelligence capacity native to the unit, because they need those folks on the ground in the field at all times and they can't do anything without it. The work that all these folks do needs coordination. It's a complicated intelligence structure because it's a massive imperial military.

If I were a CEO, I'd simply ensure my business didn't kill so many people it inspired assassins.

@inthehands
"Free as in a piano" has been in my vocabulary for a long time, as another point on the "free as in [speech|beer|a puppy]" spectrum

@rysiek
It was just starting to be. The approach we were poking at would have been a browser plugin that let you do cert pinning for SRI, possibly with some kind of certificate transparency style system for the SRI hashes that have been seen. There are a lot of devils and details, but I think it could have both worked and likely turned into a standard, eliminating the need for the plugin and letting it lift the whole ecosystem.

Similarly, what's out there for cryptpad? They obviously both share the "you trust the server to not send you backdoored JS problem" that all these tools have, but beyond that?

(back in the day, we spent a while digging into ways you could chip away at that problem when I was working on SecureDrop architecture bits, but afaik no one ever took a serious swing at it)

Is there a good, detailed protocol doc/security analysis for the Proton e2e/docs stuff they've come out with? I'd like to believe, but they really don't give you much to go on.

@rcz
Christ what an asshole
@mjg59 @rysiek @darnell @lxo

Repeat after me: all technical problems of sufficient scope or impact are actually political problems first.

@quinn
Never underestimate what a gamer can decide they enjoy
@whvholst

@quinn
Idk, that sounds pretty interesting
@whvholst

This year for tdor, I read a lot of the posts and... Like, fuck, we're going to remember our dead the best ways we can. But if you're cis, I don't give two shits about your sympathy, I care if you're willing to fight for us. Don't talk to me about your feelings, send me a picture of the entrails of a transphobe whose belly you just cut open in the middle of fifth avenue. Make next year's list shorter the fucking hard way, because the "easy" ways aren't real any more.

[PS: Please do not actually send the photo, I don't want to get charged as an accessory. Better yet, don't take it, have good opsec, and live to gut another dozen transphobes.]

[[PPS: if this offends you or seems too radical, congratulations, you are the white moderate who terrified Martin Luther King. You are the obstacle.]]

[[[PPPS: No, this isn't me saying transphobes aren't people. Everyone is human and deserves basic common decency. But as they said (paraphrasing) in Tahrir Square, "yes, we're nonviolent, but that didn't mean we're going to just stand her and let them murder us. "]]]

@futurebird
Hmm. Often, really just basic statistical numeracy so they could understand data they seeing in papers, etc. Sometimes, more the ability to reason about what is and isn't good data for quantitative decision-making — folks really love to make up meaningless numbers to let them avoid qualitative decisions when quant data isn't there. Sometimes data analysis to understand things like perf impact from log data for edge cases. So in some ways, not really statistics itself, but all things that I find that folks who made it through at least one real stats course are likely to be better at, if that makes sense?
@whknott

@futurebird
Yeah, largely in that kind of space. Also rigor around what it means to measure something, etc. Like, obviously calculus is useful — if nothing else, not having the conceptual tools of first and second derivatives makes looking at a line on a graph or the area under it less intuitively useful — but I think it's more about the things that you learn along the way.
@whknott