Hans-Christoph Steiner @eighthave@librem.one

I learned this lesson by operating a hidden server on a university network in a room next to a lab funded by #US three letter agencies, it was actually a feeder program, the grad students mostly went to work for those agencies. They had seen that my non-university domain name was mapped to a university IP address. They emailed me while I was on vacation, saying they were hunting for it. Two weeks later, I got back, and they still hadn't found it. They never did. That setup took me an hour.

I totally agree that #Security Through Obscurity does not work, I think the key word that often gets lost is "through". Make systems as secure as you can, don't rely on them being hidden. Obscurity can actually add quite a bit. Compare a build server reachable on a public domain name to one only reachable on a tor onion service. Finding the tor onion service could take the determined attacker quite a lot of time. The key measure is time to attack vs time spent setting up defenses. 1/

Reading the section in the #PaloAlto book about #decolonialization makes me think how so much digital media is a form of #colonialism of our personal relationships, education, and even thought processes. It is driven by companies with the mentality of extracting profit from mining resources, in this case, the resources our human relationships and education.

I wonder if #ChatGPT and its kindred #AI #LLM projects will just kind of slowly consume themselves via a downward spiral of driving down the level of public, online content via computer generated spam and #disinfo. They are trained on these public datasets, for example. For example, https://www.vice.com/en/article/jg5qy8/reddit-moderators-brace-for-a-chatgpt-spam-apocalypse

So many #software projects get caught in this trap of adding ever more #complexity as users request more features. When starting out, new software needs to directly solve a problem better than others, then people adopt it. As more people adopt it, they demand more features. Incrementally adding more features works for the existing user base, but makes it harder and harder for newcomers to jump in. Then new software does a key thing better, and the complex old one collapses under its own weight.

#ArsTechnica's article on exploiting #Zimbra is a nice example to work through to understand how an advanced #cyber #targeted #attack works
https://arstechnica.com/information-technology/2023/03/pro-russian-hackers-target-elected-us-officials-supporting-ukraine/2/

Does anyone have any examples of advanced #cybersecurity #attacks that were not targeted? I guess the #GreatCannon and maybe #QUANTUMINSERT #FOXACID are examples. I'd love to see a story about a recent exploit like this (those two examples don't really work when HTTPS is used).

#Varian provides yet another cautionary tale from the #SiliconValley: the founders created a worker owned #coop to make radar systems to prevent mass bombing of cities from the air. They ended up being pushed by #military and #investor money into a typical corporation that made key parts for #nuclear missiles. And the founders were distracted by their new found #wealth. Reminds me of how the #Google founders started out being opposed to advertising.

In reading #PaloAlto by Malcolm Harris, provides good examples of #Keynesian style investment in #military triggering economic growth. In the #EU, this "magic money" goes to propping up big banks that made bad loans. In a democracy, we should be able to decide where those huge piles of "magic money" go. This money could go to #RenewableEnergy and #renaturalizing or so money other things.