Hans-Christoph Steiner @eighthave@librem.one

There are certainly clear negative examples of this: in Cambodia in the 70s, the dictator Lon Nol was widely hated, and stayed in power due to #US backing. People were so desperate to get rid of Lon Nol, that a wide variety of people backed the Khmer Rouge in what seemed the only way to get rid of him. That finally worked for getting rid of Lon Nol. Sadly, the Khmer Rouge ended up being even worse, leading a massive genocide against its own people. 2/

The idea of limiting population growth has been popular among all sorts of racists and eugenicists for a long time, and that has discredited the idea. Economics shows that shrinking populations empower workers, and socialists aim to empower all workers. I think about this example a lot as an exercise of potential coalition building. Can people with diametrically opposed beliefs agree on a goal and actually deliver it in a way that all are satisfied? Can this actually lead to effective policy? 1/

#Vienna gets deserved attention for its #AffordableHousing policies over the last century. One of the least know is tightly regulating the tearing down of buildings, making it one of the oldest housing stocks in Europe. When a building is torn down to build a new one, then there is still just one building. If old ones are kept, then a new building means increased housing supply. Developers like tearing down since they can make massive profits in proven neighborhoods. https://wien.orf.at/stories/3203136/

The key thing to remember is that luck plays a role in not being discovered, in a way that it does not with proper security measures. In my example, the hunters could have gotten lucky if they just happened to think to open the right door nearby and look at the servers there.

Given that physical access to computers is a lot harder to defend against than internet access, my one hour of time vs the time they spent was quite a good payoff.

I learned this lesson by operating a hidden server on a university network in a room next to a lab funded by #US three letter agencies, it was actually a feeder program, the grad students mostly went to work for those agencies. They had seen that my non-university domain name was mapped to a university IP address. They emailed me while I was on vacation, saying they were hunting for it. Two weeks later, I got back, and they still hadn't found it. They never did. That setup took me an hour.

I totally agree that #Security Through Obscurity does not work, I think the key word that often gets lost is "through". Make systems as secure as you can, don't rely on them being hidden. Obscurity can actually add quite a bit. Compare a build server reachable on a public domain name to one only reachable on a tor onion service. Finding the tor onion service could take the determined attacker quite a lot of time. The key measure is time to attack vs time spent setting up defenses. 1/

Reading the section in the #PaloAlto book about #decolonialization makes me think how so much digital media is a form of #colonialism of our personal relationships, education, and even thought processes. It is driven by companies with the mentality of extracting profit from mining resources, in this case, the resources our human relationships and education.

I wonder if #ChatGPT and its kindred #AI #LLM projects will just kind of slowly consume themselves via a downward spiral of driving down the level of public, online content via computer generated spam and #disinfo. They are trained on these public datasets, for example. For example, https://www.vice.com/en/article/jg5qy8/reddit-moderators-brace-for-a-chatgpt-spam-apocalypse

So many #software projects get caught in this trap of adding ever more #complexity as users request more features. When starting out, new software needs to directly solve a problem better than others, then people adopt it. As more people adopt it, they demand more features. Incrementally adding more features works for the existing user base, but makes it harder and harder for newcomers to jump in. Then new software does a key thing better, and the complex old one collapses under its own weight.

#ArsTechnica's article on exploiting #Zimbra is a nice example to work through to understand how an advanced #cyber #targeted #attack works
https://arstechnica.com/information-technology/2023/03/pro-russian-hackers-target-elected-us-officials-supporting-ukraine/2/

Does anyone have any examples of advanced #cybersecurity #attacks that were not targeted? I guess the #GreatCannon and maybe #QUANTUMINSERT #FOXACID are examples. I'd love to see a story about a recent exploit like this (those two examples don't really work when HTTPS is used).