Kyle Rankin @kyle@librem.one

Two interesting tidbits:
1. Actual enforcement of the penalty clause for abusing DMCA takedowns.
2. He could use DMCA takedowns to get a person's home address!

https://arstechnica.com/tech-policy/2019/10/man-agrees-to-pay-25000-for-abusing-youtubes-takedown-system/

I've gotten some questions about Packagekit and why we don't provide interactive signing during package updates. I talk at length about some of the challenges with that approach here: https://github.com/osresearch/heads/issues/533

I wrote an article about best practices (including travel tips) for PureBoot, @purism 's #FOSS tamper-evident boot firmware that allows the user to control all of the keys and secrets used for the signing process. Check it out here: https://puri.sm/posts/pureboot-best-practices/

Hey! Hackers disrespecting me?
Take 'em out.
You gotta keep 'em separated.
Hey! Pager's calling after me?
Prod is out.
You gotta keep 'em separated.
Hey, they don't pay no mind,
If they're not on a pager won't be working overtime.
Hey, come out and play.

By the time you hear the pager,
It's already too late,
Some untested code pushed to Ruby on Rails,
One server's wasted and your uptime's a waste.
It goes down the same as the thousands before,
No one is getting smarter,
No one's learning the score.
The neverending spree of hacks and simple mistakes
Is gonna tie your own rope tie your own rope tie your own.

Hey! Pager's calling after me?
Prod is out.
You gotta keep 'em separated.
Hey! Hackers disrespecting me?
Take 'em out.
You gotta keep 'em separated.
Hey, they don't pay no mind,
If they're from a different country won't be doing any time.
Hey, come out and play.

Like the latest fashion,
Like a spreading disease,
Devs will login all the way to production,
Getting root shells with the greatest of ease.

Pentests staked out your whole network locale,
And if they pop your Jenkins then it's all over pal.
If one dev exploit gets a shell in Linux,
They're gonna bash it up, slash it up, hack it up, prod's not up.

Inspector Gadget is a cautionary tale about a tech-obsessed gadget geek dealing with the consequences of buggy voice recognition software.

That said, if I ever do use a voice assistant, I'm changing the trigger phrase to "Go Go Gadget."

@pedro@social.linux.pizza Yes, and without effective state oversight or regulation.

Translation: PG&E has neglected maintenance and upgrades for so long that even with the spotlight on them it's going to take a *decade* to catch up.
"California Can Expect Blackouts For A Decade, Says PG&E CEO" https://n.pr/31oc020

@Amgine Thanks for the suggestion, I'll add it to the list!

@laura One of the interesting points in Snowden's autobiography was his description of the Internet of his childhood vs. today. Back then he could try on and dispose of personas and there was a stronger distinction between "real life" and "online life" that allowed one to make mistakes, mature, change ones mind, etc.

He makes a pretty strong case that many of the problems with the modern Internet are rooted in companies wanting to link real identity with online identity for ad targeting.

I've said it before and I'll say it again: the most persistent, resourceful and difficult adversaries to secure against are kids behind parental/school controls and employees behind corporate firewalls: #infosec https://www.washingtonpost.com/technology/2019/10/15/teens-find-circumventing-apples-parental-controls-is-childs-play/

@okennedy This problem already exists, you have a central mastodon sysadmin who isn't an expert in these areas and likely doesn't share your views as the one abusing the #hatespeech hashtag. With my approach the user at least has a recourse if they discover someone in their feed is abusing tagging--one click and it's resolved.

Phase one is to get the tagging feature in place. Phase two is to expand it to give individuals even more control over what they filter and more visibility into it.

@okennedy It's a crowd that you explicitly choose (like how you can choose whether you see boosts from someone you follow). You won't see bullying or tribal behavior unless you follow a bully or tribe and choose to see their tags. I give examples in that link.

@okennedy The approach I'd like to take is something I documented in this feature request: https://source.puri.sm/liberty/smilodon/issues/6

In essence, allow users to add custom hashtags to posts, allow their followers (optionally) to see them, search/filter on them.

Giving users the power to moderate their own feeds is the key. Centralized moderation will always be flawed--a company can never represent your sensitivities as well as you and your peers (and will likely bow to outside pressure to censor, whether it's China or groups of users).
https://www.vice.com/en_us/article/a35yke/tech-companies-didnt-plan-for-chinese-censorship

@zemmert Back in my day grub.cfg contained references to actual kernels and initrd files. Now it's some kind of crazy dynamic bash script...