Old Fucking Punk @lwriemen@librem.one

@junocomputers
You get a completely free operating system, please support us in developing it with detailed
reports rather than pushing end user support upstream.

At the very minimum check with the communities upfront how to best interact and supply them with hardware.

2️⃣ /2️⃣

Dear @junocomputers if you sell computers and use Free Software Operating systems it is not o.k. to assume you can free ride on community support.

It makes me sad to have mails from users in my inbox that are stuck with an unusable device on a Sunday and are seeking help to get it going again. This is your job.

Please listen to your customer's issue. If it's a software issue in the latest upstream version forward it with a good description.

Screenshot is from https://junocomputers.com/product/juno-tablet/

1️⃣ /2️⃣

This past week, I had the good fortune of going to a talk by Shannon Clay, one of the coeditors of the must-read anthology “We Go Where They Go: The Story of Anti-Racist Action” (@pmpress). There was only a small number of us, but that made it all that much better, as Shannon let the thoughtful and provocative questions steer the evening. And that meant that the talk and conversation, because of who showed up, revolved heavily around looking back at this antifascist history through today’s lens of queer, trans, and feminist anarchism as well as how Anti-Racist Action’s (ARA) tactics did or didn’t carry forward to the past or make sense for where Christo-fascism is at in 2023/5784.

So many points have stuck with me theoretically—the sign of a good, generative event—but one in particular already came to life in practice. Shannon had noted how most of the ARA chapters weren’t in big cities; they were basically four people in a small town, yet like ARA in general, they succeeded in kicking fascists out of their communities.

Little did I know that two nights later, I’d being going to a small, lifeless suburb. Yet a precocious, absurdly well-read and well-spoken, upbeat queer+trans young anarchist—just barely past being a preteen—invited me to their trans youth distro there, precisely to “go where they go”—in this case, a TERF, who’d been asserting their presence via stickering.

Our numbers mostly hovered around four or five—but between us all, there were hundreds of colorful, binary-smashing, bodily autonomy affirming, genderqueer-anarchic stickers, posters, patches, and even a tiny pink-and-black flag. I’ve no idea if we scared away the TERF, nor had any sort of pro-trans impact on this sleepy little town. What I do know is: the two middle schoolers who were there, both newish to anarchism and their queer+transness relative to the rest of us, got to share their hopes, enthusiasm, and dreams, and offer me hope in return, and as one said, got to feel at home and fully seen with their chosen family: us, other queer+trans anarchists.

#BeGayDoDistros
#MakeMediaMakeGenderTrouble
#KidsAreAllRight
#QueerYouthLiberation

(photos: some of the distro goodies)

At some point, our public service will realise that, if it's suggested by Microsoft, Amazon, Google, Oracle, Salesforce, Adobe, Apple, Facebook, etc. it can be discounted immediately as a Very Bad Idea [R]. Until our bureaucrats understand that fact, they should be prohibited from making any digital policy or procurement decisions.

Not to jinx it, but there's a perfect weather forecast for the NYC Anarchist Bookfair tomorrow -- come say hi at the @pmpress table! More info available here: https://anarchistbookfair.net/

Cool! Got a #Kbin instance up and running for the #FOSSDLECommons... That's me done for the week. https://fedidevs.org/projects/kbin/ and https://kbin.pub/en

10 Build something on a proprietary platform

20 Get pushed out by the platform's money grabbing stunt

30 Learn about awesome free and open platforms that could full the void

40 Ignore all that and find new proprietary platform

50 goto 10

NONPROFIT JOB ALERT:

We're hiring a Senior Security Engineer!

Help strengthen our security posture across our infrastructure, and partner with our software development teams (e.g., @dangerzone and @securedrop) to protect journalists and whistleblowers.

Remote; 4 hour overlap with NYC business hours required. Salary range $125K-$140K.

https://grnh.se/cacbf6065us

Solidarity with French comrades against state repression! – An International call for a week of action! https://www.anarchistfederation.net/solidarity-with-french-comrades-against-state-repression-an-international-call-for-a-week-of-action/

The Swiss Government has officially launched their Mastodon server at https://social.admin.ch/

In their official press release the Government confirms it is a trial for one year. They state that "Mastodon has several characteristics that make it fundamentally attractive for government communications", such as being beyond the control of others, as well as it being privacy friendly.

Official press release: https://www.admin.ch/gov/de/start/dokumentation/medienmitteilungen.msg-id-97696.html

Speaker of the Swiss Government: @gov

I don't find myself giving Apple props on web decisions very often, but the way they're implementing Web Push is objectively the best way it can be done, and the fact that Apple people are upset about it is somewhat baffling to me.

On iOS, a website cannot nag you to accept push notifications unless you've done "add to homescreen" to turn the webpage into an "app." Once it's an "app," then it can prompt and ask you if you'd like push notification.

I've spent years getting irritated on Android when every goddamned website begs to enable push notifications, I've said yes to exactly zero of them that I haven't also installed as a PWA.

Requiring that a page is installed is better in every way, and I wish Google would change their model to match.

Hurricane Lee got enormous as it moved north because of the Coriolis force, which is stronger at higher latitudes, and because it had an "eye wall replacement cycle," a new ring around the original eye of the hurricane https://www.scientificamerican.com/article/why-hurricane-lee-is-growing-bigger/

The MGM attackers claimed they used one of the easiest ways to breach/ransom a company, a method I use often in my hacking:
1. Look up who works at a org on LinkedIn
2. Call Help Desk (spoof phone number of person I’m impersonating)
3. Tell Help Desk I lost access to work account & help me get back in

While we wait for attack method confirmation, I’ll say that the attack method they claim worked for them does indeed work for me. Most orgs aren’t ready for phone based social engineering.

Most companies focus on email based threats in their technical tools and protocols — many are not yet equipped with the social engineering prevention protocols necessary to catch and stop a phone based attacker in the act. Teams need protocols to verify identity before taking action.

The 1st teams I go after when hacking are the folks who deal with requests from people constantly — IT, Help Desk, Customer Support, etc.
I often pretend to be an internal teammate to convince them to give me access, and I usually start with phone attacks bc they work fast.

Email phishing attacks can get caught in good spam filters and reported.
The soft spot for many teams are the folks who handle the phone call requests.
There’s a perfect storm: lack of verification protocols, easy spoofing, compensation tied to how fast they handle requests.

Questions to ask internally to see if your team is prepared to catch this attack:
- Do the folks who handle requests from team/customers use identity verification protocols?
- Do we rely on knowledge based authentication? DOB + caller ID matches ☎️ number in system, for example.
- Are our IT/Help Desk/Support teams compensated or promoted on the speed of saying yes to requests? Have we incentivized time for security protocols in Support?
- How do we verify identity first?

Remember, most folks at work want to do a good job and often times “good work” means “fast work”. We can’t expect every employee to be able to come up with their own identity verification protocols on the fly — it’s our job to provide the right human protocols to catch this fast.

We’ll need to wait to learn the details of the attack and get confirmation.
In the meantime, I can tell you I compromise orgs w/ the exact phone attack the attackers claim to use and many orgs don’t have phone call based identity protocols to catch it yet.

Update your phone based identity verification protocols to catch account takeover attempts!
You know your org best & there’s no one size fits all.
You can move from KBA (like DOB) to OTP on 2nd verified comm channel, call back to thwart spoof, service codes, pins, and much more.

After hacking & educating orgs on how they can catch me, the biggest task I spend my time on is updating verification protocols to spot me next time. It’s maddening to get caught on their new identity verification protocol on the next pentest but there’s also nothing I love more.
More details here: https://x.com/RachelTobac/status/1701801025940971792?s=20

Tom the Dancing Bug: One Day in France, 1940 - https://boingboing.net/2023/09/13/tom-the-dancing-bug-one-day-in-france-1940.html <zing/>

California passes right-to-repair act guaranteeing seven years of parts for your phone

https://www.theverge.com/2023/9/13/23871712/california-right-to-repair-act-sb-244

#RightToRepair

"You heard about overt acts from the judge during the instruction. An overt act. That you have to take a step in a conspiracy, you actually have to do something for it to happen. My first overt act in this alleged conspiracy is I was born into a particular class of workers that was severely exploited and subjected to certain kinds of conditions. And that left an imprint on my mind that I was going to have to do something about it, when a factory owner puts more value on his profits than your health and life. I think that those are priorities that need to be changed."

https://libcom.org/article/until-all-are-free-trial-statement-ray-luc-levasseur

Check out the Burning Planet Reading List

Save 40% on select titles to understand and fight climate change with coupon code LIST until 10/1.

See them all https://blog.pmpress.org/2023/09/04/starting-fires-reading-list-titles-for-troublemakers-40-off/#burning