The claim is that audio and video are E2EE. I’m not sure how you’re unable to disprove that using the linked code, audit report, and COTS debugging tools. Can you expand on that? I see a lot of FUD without anything more than “they’re not libre” which, again, doesn’t do a great job of selling your point.
Interesting. I was able to access the linked whitepaper and repositories without trouble and the 3rd party stuff too. Do you have local config preventing you from downloading the source code to review?
While I can respect your distaste for non-libre software, you’ll need to back up the malware claim. There are real security concerns out there in common non-libre; labeling things that are not libre as malware solely because they are not libre muddies the waters and makes your message much less palatable.
You’ve turned this into a catch 22. If there were no female characters, you could argue that’s sexist. If the idiotic boss was female, you could argue all of the dumb characters are female so that’s sexist. If Jarod were the only female, that would be sexist.
How does this sketch get rewritten in such a way that it is not casually sexist?
To be clear, usually there’s an approval gate. Something is generated automatically but a product or business person has to actually approve the alert going out. Behind the scenes everyone internal knows shit is on fire (unless they have shitty monitoring, metrics, and alerting which is true for a lot of places but not major cloud or SaaS providers).
Speaking from 10+ YoE developing metrics, dashboards, uptime, all that shit and another 5+ on top of that at an exec level managing all that, this is bullshit. There is a disconnect between the automated systems that tell us something is down and the people that want to tell the outside world something is down. If you are a small company, there’s a decent chance you’ve launched your product without proper alerting and monitoring so you have to manually manage outages. If you are GitHub or AWS size, you know exactly when shit hits the fan because you have contracts that depend on that and you’re going to need some justification for downtime. Assuming a healthy environment, you’re doing a blameless postmortem but you’ve done millions of those at that scale and part of resolving them is ensuring you know before it happens again. Internally you know when there is an outage; exposing that externally is always about making yourself look good not customer experience.
What you’re describing is the incident management process. That also doesn’t require management input because you’re not going to wait for some fucking suit to respond to a Slack message. Your alarms have severities that give you agency. Again, small businesses sure you might not, but at large scale, especially with anyone holding anything like a SOC2, you have procedures in place and you’re stopping the bleeding. You will have some level of leadership that steps in and translates what the individual contributors are doing to business speak; that doesn’t prevent you from telling your customers shit is fucked up.
The only time a company actually needs to properly evaluate what’s going on before announcing is a security incident. There’s a huge difference between “my honeypot blew up” and “the database in this region is fucked so customers can’t write anything to it; they probably can’t use our product.” My honeypot blowing up might be an indication I’m fucked or that the attackers blew up the honeypot instead of anything else. Can’t send traffic to a region? Literally no reason the customer would be able to so why am I not telling them?
I read your response as either someone who knows nothing about the field or someone on the business side who doesn’t actually understand how single panes of glass work. If that’s not the case, I apologize. This is a huge pet peeve for basically anyone in the SRE/DevOps space who consumes these shitty status pages.
This is a common problem. Same thing happens with AWS outages too. Business people get to manually flip the switches here. It’s completely divorced from proper monitoring. An internal alert triggers, engineers start looking at it, and only when someone approves publishing the outage does it actually appear on the status page. Outages for places like GitHub and AWS are tied to SLAs that are tied to payouts or discounts for huge customers so there’s an immense incentive to not declare an outage even though everything is on fire. I have yelled at AWS, GitHub, Azure, and a few smaller vendors for this exact bullshit. One time we had a Textract outage for over six hours before AWS finally decided to declare one. We were fucking screaming at our TAM by the end because no one in our collective networks could use it but they refused to declare an outage.
They’ve renamed Kyber512 and still recommend it. If you believe DJB this is bad. If you believe in a government agency avoiding even the slightest appearance of backdooring (which they have consistently done), this is bad. If you trust NIST, this is fine.
The Delta board post doesn’t contradict the accusations at all. It’s possible for that person to have worked through the night and for Delta to still be overly fucked. Direct contradiction is going to involve receipts. DeWalt specifically has a vested interest in the appearance of cybersecurity success as his firm, NightDragon, is heavily invested in cybersecurity and probably upsells for CrowdStrike.
Without receipts, we just have two very shitty companies taking swings at each other in the media. We should hate both for their exploitation and wait for receipts that will come with discovery.
The only thing you need to know is that Randy Pitchford was involved. This guarantees it’s going to be a shitshow.
Just alias pdoman=podman. I do that with all my common typos.
The problem is the underlying API. parseInt(“550e8400-e29b-41d4-a716-446655440000”, 10) (this is a UUID) returns 550. If you’re expecting that input to not parse as a number, then JavaScript fails you. To some degree there is a need for things to provide common standards. If your team all understands how parseInt works and agrees that those strings should be numbers and continues to design for that, you’re golden.
You realize that Bitcoin is traceable, right? You kinda picked the wrong crypto to use as an example. Unless you’re completely in the Bitcoin system and never connect to any outside system or interact with anyone who interacts with an outside system or interact with anyone who interacts with someone who interacts with an outside system or so on (it’s not quite ad infinitum), you are most likely traceable. Tools like Chainalysis have been used by governments for almost a decade.
Your other points aren’t really valid if you ever want to convert Bitcoin to something that isn’t Bitcoin. I’m not aware of complete supply chains and grids that exist solely on Bitcoin (or any combination of crypto for that matter) so things like having control of your money, needing ID, and trusting centralized entities (sure, exchanges plural) are a huge part of Bitcoin.
It doesn’t sound like you have a good grasp on the differences between this case and Ross Ulbricht.
I wasn’t aware Silk Road was taken down via FISA. I’ve read all of the long form accounts of it that I’m aware of and I don’t remember FISA being mentioned at all. Can you share a source?
I can’t find this being a problem. What circles do you move in where “jerk” is a problematic word?
All of these packaging systems have plenty of tutorials. Speaking from experience, many maintainers were not developers when they started maintaining packages for distros other than the official distros. I have worked with several maintainers who do work in tech and know socially several who had no background. This could be a great place for you to start!
You bother because FOSS is as much paying it forward as it is getting shit for free.
I mean it’s FOSS. Have you considered opening a PR to contribute what’s missing? You can be the change you want to see. I wouldn’t normally comment something like this. Your emphasis on “still” raised my hackles a little bit and led me to ask why you still haven’t made your own.
It’s a really powerful story and shows up a lot in SF academia. I was introduced to through Dr James Gunn’s histories.
In another post you’re actively looking at purchasing GPS systems. The satellites you’re sending info to are not available to dissect and I highly doubt the firmware of the devices you’re looking at is publicly available much less libre. Your trolling is not internally consistent so it’s clear you don’t have any clue what you’re on about. Good luck with that.