Notices by Fi, infosec-aspected 🏳️‍⚧️ (munin@infosec.exchange)

"The map is not the territory" is a valuable concept in engineering and something which trans people know from the core of our being.

@cstross @SwiftOnSecurity

having a sudden impulse to watch "Gone in 60 seconds" again lol

@jefftiedrich @cstross

as someone who ended up getting shingles, same but doubly so.

@cstross @gsuberland @SwiftOnSecurity

Oh, certainly not for a commercial endeavour, no.

This is more along the lines of 'new deal' style infrastructural investment as a jobs program type work, if someone were to actually take it seriously.

Tho also, in keeping with the nature of extractive colonial logic, what do I care about how the locals value their historical sites when there's a resource I can grab out from under 'em? ;3

@cstross @gsuberland @SwiftOnSecurity

Sure would! it'd employ a large number of engineers, and likely have synergy with, e.g., petroleum workers and other people who do earthmoving and installation of infrastructure.

Like other forms of resource extraction, building the infrastructure would provide substantial economic benefit of itself.

Also, it'd fuck up the market for oil drilling equipment and make that harder to obtain, so, y'know, win-win.

@AnarchoNinaWrites @Nonya_Bidniss

there's no indication where he got that '600' number from, is there - is that his brainworm's contribution, or is there a citation I missed?

@cstross @SwiftOnSecurity

ok so, per https://www.gov.uk/government/statistics/english-housing-survey-2022-to-2023-energy/english-housing-survey-2022-to-2023-energy-report the modeled heat requirements are 231 kWh/m^2/yr, so that means your cold-start train could service ...a little under 26 square-meter-years' worth of heat.

So, a hundred tube trains would give you 2600 square meter years' of domestic heat, under UK gov't models.

@gsuberland @cstross @SwiftOnSecurity

Yes, making actual use of this would require installing heat exchange pipes throughout the area, and the requisite infrastructure for heat pumps and the like.

But we already know how to do that kind of thing: trenchless pipe installation is a well-practiced field.

@cstross @SwiftOnSecurity

I expect not, with all that untapped heat resourcing just leaking through the foundations like that!

@SwiftOnSecurity

and yet they haven't implemented any use of this carefully-hoarded resource to manage energy costs in chilly weather.

Chewing on the thought that 'generative ai' relies on the assumption that nothing new will ever be created and that only the masters of the past knew how to make true Art.

It's a very Aristotolean view, and explains why they can't get the number of teeth right.

I was ready for something amusing that might be actually interesting to write a detection for for fucking once and it's this crap.

I was fucking promised RCE, godsdamnit.

"Oooh, I tricked the user into running my program lololololol"

Grow up and get a real fucking job.

Otherwise it's just sparkling phishing.

Consulting gets you some wild stories lol.

The big cups thing is absolutely zero relevance to home users, datacenter users, or....honestly pretty much everyone.

The last time I saw a workflow involving cross-network-boundary printing involved a guy running an office in Nicaragua who was interacting with some governmental office that insisted on doing it that way, back in like...2016?

But, from a production standpoint?

If you're vulnerable to this, you've done a lot of shit wrong, and made an effort to do a lot of shit wrong.

The one place I can think of that might even encounter this threat surface is some of the universities, because they have peculiar ideas about what's appropriate to put on publicly routable networks.

Remediative infosec concepts time here:

RCE is when you, remotely, as an attacker, can execute code on the machine WITHOUT the user's intervention.

Also, reading this writeup?

You have to -take specific action- to -be- vulnerable.

It's not RCE when the user has to initiate the action, fuckhead.