sylver_dragon

writes Nestler. “We want to hear from you when you think Reddit is making decisions that are not in your communities’ best interests. But if a protest crosses the line into harming redditors and Reddit, we’ll step in.”

Translation: We don’t really give a shit what you think. Now shut up and generate that content for us to sell to AI companies.

While I don’t agree with the criminalization of marijuana, it’s really rough when it comes to a prosecutor and a law they may not like. Step back and ask the question, “should an Attorney General (AG) be allowed to not prosecute laws they don’t agree with?” You might be willing to say, “yes” for laws you also don’t agree with; but, what happens when it starts to cover laws you want to see enforced? Should “prosecutorial discretion” effectively allow an AG a complete veto power over the laws as passed by the State and Federal legislatures?

As much as it may suck for the person in that position, it would be really bad for democracy to allow that sort of power. We empower an AG to enforce the law as written. But, we also expect that they will enforce the law as written. So ya, I would expect that Harris (or her office), as AG, prosecuted marijuana cases. That’s really what the whole “rule of law” thing means. It means the laws, as written, being enforced on all people. And it’s up to us, the people, through our representatives to get that law changed.

And hopefully, this will work out to be more than an empty campaign promise. Though, I don’t plan to hold my breath.

the filibuster bound Senate will never convict.

The filibuster doesn’t really enter into it. Article I, Section 3 of the Constitution requires a 2/3 majority to convict:

The Senate shall have the sole Power to try all Impeachments. When sitting for that Purpose, they shall be on Oath or Affirmation. When the President of the United States is tried, the Chief Justice shall preside: And no Person shall be convicted without the Concurrence of two thirds of the Members present.

The only positive fact about Thomas’s tenure is that the guy is 76 years old. The actuary tables look worse and worse for him every year.

The fact that the OS is replaceable sealed the deal for me.

And the default OS isn’t locked down and doesn’t try to prevent you from doing other stuff with it. What you want to do isn’t in the Steam interface? Switch over to desktop mode and you have full access to the underlying OS.

My only complaint with the Steamdeck is that I find using the touchpad on the right side for long gaming sessions hurts my hands. I 3d printed some grips which help; but, I think my hands just don’t like the orientation. Still love my deck though.

Been using the beta for a while and I gotta say, it’s pretty awesome. I just hope they have the purchasing as sorted as they claim. I’ve had so many issues in the past letting my kids purchase games.

I would assume they have some basic stuff running 24x7. I can’t imagine a network which doesn’t have Endpoint Detection and Response (EDR) running 24x7 these days. There’s also things like firewall logs, which are almost certainly being captured (or at least netflow). Stuff like screen recording and mouse monitoring is probably saved for extreme cases. That said, my own experience has been pretty close to:

We’re not going to look over your shoulder while you watch YouTube videos but if we notice you’re watching a lot of or you start visiting porn sites, we’re going to start monitoring you.

Quite frankly, no one’s got time for that shit. I work at an organization with a bit north of 25,000 employees, and we have less than a dozen security analysts. While I could run a search against our firewall logs and see evidence of folks dicking around. I have much better things to do, like running down abnormal processes and writing up reports on users who got their systems infected while dicking around. And that’s really the way it comes to our attention, most of the time. Someone is out trying to download movies or software on their work laptop (you’d think people would know better…) and they pickup malware. We get an alert and start investigating. While trying to determine the source, we pull browser history and see the user out on “SketchyMovieSite[.]xyz”. And then their dicking around becomes our problem, mostly because the site had a malicious redirect, which is where the infection came from.

So ya, they may not be looking, but I’d always bet they are recording. Logging isn’t useful if it isn’t recording at the time of the compromise.

Remote work and pay. I was already interested in getting a remote gig when COVID hit. We went to a hybrid schedule and I realized that I really liked working from home. Also that my job was pretty much built for it. While many of the folks I used to work with are still hybrid, fully remote was never an option. I worked with Classified systems and I could never convince them to put a SIPR drop in my home. I guess you need to get elected President for that.

As the world was opening back up, many companies saw remote work as a carrot to offer cybersecurity folks and I started to see a lot more job postings with it as an option. So, I put my LinkedIn profile to “looking for work” and started getting recruiters messaging me on a regular basis. One hit me up with “REMOTE WORK OPPORTUNITY” (yes, all in caps) as the lead for an offer. What followed that sounded interesting and I started talking with him. A few week later, I put in my notice and started working in the private sector. Got a pay bump in the move as well.

My time in the FedGov space was overall a positive thing. I learned a lot and got to see systems locked down in a way that actually mattered (I never thought I would miss STIGs). At the same time, I don’t see myself ever going back. The bureaucratic nature of everything is soul crushing. And sitting in an OSS all day long sucks. It especially sucks when you’re the only one in the container and need to go out and take a piss. Clear the room, arm the alarm, spin the lock, sign the sheet, go piss. Open the lock, sign the sheet, disarm the alarm, get back to wishing for the sweet, sweet embrace of death.

When I worked as a US FedGov contractor, I was greeted with a long warning banner every time I logged into my computer. The tl;dr version of it is “fuck your privacy”. Being that I was part of cybersecurity for the site I was working at, I was one of the people doing the fucking. While we didn’t read everything from everyone all the time, we were logging it and could pull it up, if we were performing an investigation. We also had some automated stuff scanning for patterns and keywords on a regular basis, which could trigger an investigation.

While I’m no longer in the FedGov space (thank the gods), I still assume that everything I do on my work system or with work accounts is being logged. Also, I’m still working in cybersecurity and am often still the one doing the privacy fucking. Yes, everything is being logged. We may not look at it today, we may not look at it tomorrow. But, when HR and Legal ask us about a user’s activity, we can usually be pretty detailed. Act accordingly.

It is now functionally impossible to detect anything about the traffic or the Wi-Fi router without some serious or illegal methods.

You should really spend some time learning about WiFi signals. Tracking down rogue Access Points is a pretty common thing and having the SSID turned off does fuck all to prevent it. On the easy end, many enterprise wireless network controllers have rogue AP detection built right in and will show you a map of the location of the rogue AP. Harder, but still entirely possible, is running around with a setup just detecting the signal and triangulating it.

But they pinky promised that only the “good guys” would use the “front doors”. /s

Welcome to AI:

Re-read what I wrote, but hop down off your high horse first, it’s obvious you weren’t able to read it clearly from up there. I’m neither promoting nor defending piracy. Quite the contrary, I’m praising the legitimate services (and Steam in particular) for understanding that competition with piracy isn’t all about money, it’s often about the quality of service. Funny enough, your own comments are actually a point in favor of this:

You ever wonder why these companies don’t operate in countries that don’t have strict piracy laws and can’t shut down sites with court orders? Because it’s still easier to pirate than face criminal charges.

Yet somehow, with a lot of time, money and effort put into shutting down piracy, the pirates were able to provide a better service. Seriously, step back from the whole “napster bad” for a moment and think about the dissonance of the situation. Large companies, pulling in millions of dollars a year, with no need to worry about law enforcement or monied interests coming after them, somehow failed to create anything resembling a functional digital marketplace. They were stuck in the physical distribution paradigm and fought tooth and nail to avoid digital distribution. At the same time, a few kids, with little money, and law enforcement trying to shut them down created a pretty good user experience. Sure, some of that is not having to worry about licensing. But, a large part of it is understanding what the users want and giving it to them.

It wasn’t until Apple came along and basically created “Napster, but legitimate” that music piracy really fell off. Netflix pulled off something similar with video (though that is rebuilding some rough edges at the moment) and Steam did it for games. Sure, piracy still exists, and it will always be a problem. But, a lot of piracy can be tamped down by having a good service available.

One thing that we have learned is that piracy is not a pricing issue. It’s a service issue. The easiest way to stop piracy is not by putting antipiracy technology to work. It’s by giving those people a service that’s better than what they’re receiving from the pirates. – Gabe Newell, 2011

Time and again, digital distribution platforms have proved this. Apple Music became a dominant music distribution platform at the height of Napster, LimeWire and other peer to peer sharing apps. They did it, because it was easier to just buy the tracks/albums you wanted than to dig through trackers and websites which may or may not actually have what you want. Netflix became the de-facto source for streaming movies at a time when BitTorrent was common and well known. Again, they made it easy and convenient, while not charging an arm and a leg. Steam also faced competition from BitTorrent piracy. But again, Steam made buying, downloading and running games easier than the pirates. And people are willing to pay for that convenience and not dealing with the crap which floats around the high seas.

And, so long as Steam continues to treat it’s customers right, those customers will keep coming back. And that’s the problem with Pitchford’s whole premise. Developers will go where the customers are. Sure, you’ll get the odd case of a publisher/developer doing an exclusivity deal. But even then, it’s probably limited, because the customers are on Steam. If another storefront wants to draw customers, they need to start with treating customers well. They will still face headwinds, as Steam has a large “first mover” advantage. But, success is going to start with making customers want to come back.

There may also be a (very weak) reason around bounds checking and avoiding buffer overflows. By rejecting anything longer that 20 characters, the developer can be sure that there will be nothing longer sent to the back end code. While they should still be doing bounds checking in the rest of the code, if the team making the UI is not the same as the team making the back end code, the UI team may see it as a reasonable restriction to prevent a screw up, further down the stack, from being exploited. Again, it’s a very weak argument, but I can see such an argument being made in a large organization with lots of teams who don’t talk to each other. Or worse yet, different contractors standing up the front end and back end.

I don’t know how anyone makes it without a password manager at this point.

Password reuse. Password reuse everywhere.

Ok, good luck with that! Can’t wait for this guy to start whining that he can’t find employees.

Growing up (I was a kid during Reagan’s Presidency), I heard more than one conservative pundit saying “better dead than Red!” I guess Russia is technically not the USSR; but, it strikes me as funny to see conservative pundits now seemingly open to becoming Russian.

What’s next?

We already got Windows taking timed snapshots, and ads in the Start Menu. I’m not sure I want to know.

How do you mandate lower grocery prices in that?

You don’t. Price controls don’t work and usually backfire in the long run.
Instead, you modify the incentives which exist around prices via taxation. As a simplified example, if you want to prioritize lower prices on staples such as milk, vegetables or beef, then businesses which can show that their margins on those products are within a defined range pay 1% less on corporate taxes. The numbers and ranges would need to be discovered via both study and experimentation. But, by tying a savings for those business to their behavior, said behavior can be influenced. The prices can then be further manipulated lower in the logistical chain, either by direct subsidy or via similar manipulation of incentives to growers and distributors.

We live in capitalism.

Yes, but functional capitalism requires regulation to prevent monopolies, collusion and other activities which distort markets. And there are plenty of areas where capitalism fails and government (read:socialism) needs to step in to provide something which society needs, but for which the incentives do not exist to provide it in an efficient manner. Or for which the efficient providing of that thing creates moral hazards. There is a reason we don’t privatize the military.

This is going to suck for a lot of people. I’m all for encryption. If any of the laptops, in the business I work for, lack encryption, I’m going to throw a fit. But, for home use the situation is not the same. I’d argue that the risk of device theft leading to critical data compromise is pretty low and the risk of the user needing someone to perform offline data recovery for that user is much higher. And the number of users who will actually have the key saved in a location they can get to it, and provide to the data recovery tech, can probably be counted without taking off my shoes.

This is dumb. It’s yet another case of Microsoft picking a default for users which helps Microsoft but isn’t good for users.