sylver_dragon

sylver_dragon , 4 days ago

Java is dying in the same way that Linux is winning the desktop war, it’s always going to happen “next year” but never “this year”. I spent a lot of years as a sysadmin and while I would have been quite happy to piss on the grave of Java, we always seemed to be installing some version of the JRE (though, usually not the latest version) on systems. There is just a lot of software which is built with it. This was especially true when dealing with US FedGov systems. Developers for the USG loved Java and we had both the JRE and JDK (because why not require the Development Kit for a user install?) sprinkled about our environment like pigeon droppings.

That said, don’t get too caught up focusing on one language. A lot of the underlying data structures and theory will transfer between languages. What you are learning now may not be what you end up working with in the future. Try to understand the logic, systems and why you are doing what you are doing, rather than getting too caught up on the specific implementation.

sylver_dragon , 4 days ago

I’ll throw out one from my youth that I think would be really good to see updated:
Sentinel Worlds I: Future Magic. It was a very early space RPG which was way ahead of it’s time. Something like the recent Heat Signature kinda reminds me of it, though it lacks the scope and depth of combat.

sylver_dragon , 4 days ago

I actually didn’t know that about the game, I just linked to the articled to provide details. Given the time the game was written, I suspect it was to make the music a bit more complicated. Game “Music” at the time could leave something to be desired. I played a lot of games with just a PC Speaker, which means that all of the sounds were mostly just different beeps. However, we also didn’t know any better at the time and just enjoyed it for what it was.

sylver_dragon , 7 days ago

By combining Mozilla’s scale and trusted reputation with Anonym’s cutting-edge technology…

Ya, that reputation is taking a big hit right now.

sylver_dragon , 7 days ago

It’s down to the expected use case.
If you have some reason to want portability, like you travel for work or expect to want to game at a place other than you home, then a laptop is likely the right choice.
If you only expect to game at home and don’t have a need to constantly move your system around, a desktop is usually a better “bang for the buck”.

Personally, I don’t travel and don’t have a need to move my gaming rig around. I also like having the ability to upgrade in a piecemeal fashion. So, I have a desktop. This particular PC of Theseus has been going for a decade and a half now and shows no sign of stopping.

sylver_dragon , 10 days ago

It’s not a crazy as you think.

sylver_dragon , 11 days ago

Alcohol, a common cause of and response to children.

sylver_dragon , 11 days ago

This appears to be the bill.
The House vote had 3 Nays (surprise, surprise, all Republicans)

• Foxx
• Massie
• McClintock

The Senate passed it via Unanimous Consent. So, no roll call vote.

sylver_dragon , 11 days ago

I currently work in cybersecurity in a Senior Incident Response role. Fair warning, my opinion is biased by my own route into cybersecurity and the fact that I deal with incidents and not managing people. Though, I do get involved in interviewing and hiring. I’d say you have a good start at it. While I am sure I will be accused of gatekeeping, I much prefer working with analysts who have spent time in help desk and even as a sysadmin/netadmin. It helps if you have a good understanding of how systems and networks work. I don’t expect new analysts to just jump into Wireshark and start reading through packets with me (I’m a weirdo who really enjoys that), but I will assume that I can talk, at a high level, about TCP/UDP, LDAP, SMB/CIFS, RDP or SSH and they won’t be completely lost. Though, no one is expected to know everything and we all have our weak spots; so, don’t be intimidated if any of that acronym soup isn’t instantly familiar. Everyone is Googling stuff constantly. You’ll memorize some of it due to repetition, but never be afraid to ask questions.

The last time my company was hiring for the SOC, the number one thing I was looking for in interviews was some evidence of an inquisitive mind. Someone geeking out over their home lab, TryHackMe or stuff like that was a sure-fire way to get my vote. I tend to be ambivalent about certs. I had some Windows 2000 certs (technically, those don’t expire, but ya…), a Sec+ (it’s expired) and an active CISSP (mile wide, inch deep, only useful for impressing hiring managers). I took a week long, in person training for the CEH but never took the test due to the COVID pandemic. Also, if the course (an official EC-Council course) was anything to judge by, that cert is just high-grade bullshit. I also have dealt with far too many “paper tigers” in my career to fall over swooning when someone has a bunch of alphabet soup behind their name. So, while I would recommend getting some certs, hiring managers love them, don’t get too caught up on them. You’ll learn far more just breaking stuff and troubleshooting it. The Net+/Sec+ duo is usually a good start.

On coding skills, I do recommend getting some ability to read/write code. The language isn’t super important. Python is a good one to have some literacy in, it gets used everywhere. But, unless you are going to push heavily into security development, you don’t need to be at the same level as a developer. If you can pop open exploits in exploit-db.com and make sense of what they are doing, and be sure the code isn’t going to root your test box, that’s usually enough.

Let me also recommend that you work to keep your communications/writing skills sharp. A lot of what one does in cybersecurity revolves around getting other people to do stuff. You will be regularly writing reports and needing to convince people to do stuff and/or explaining why you just kicked their system off the network. It really sucks to read incident reports from someone whose grasp of the language is lacking. Get in the habit of documenting what you do, taking screenshots, and writing in clear, concise language. You don’t need to be Shakespeare, but at least get your spelling right (spell check exists, use it), and get the basics of grammar down. If you hand me a resume with there/their/they’re mixed up, you’re going to walk into an interview with negative marks already against you.

On the upshot, now is a fantastic time to be getting into cybersecurity. Organizations are desperate to hire trained people and some will be willing to roll the dice on a less experienced analysts who shows potential. Feel free to ask questions, I enjoy what I do most days and am happy to talk about it.

sylver_dragon , 10 days ago

I just kinda “fell” into IT. In terms of college, I hold an Associates Degree in Math/Science from a community college; so, slightly more than nothing, but only just. I was very lucky in that my father spent an insane amount of money in the early 80’s to buy a computer and then turned me loose on it. I was doing simple programming in GW-Basic by the time I was a teenager and got pretty good at making boot disks to play games. I just became that kid who “knew computers”. After leaving college, a friend of mine convinced me to put a resume in at the company he worked for. They needed a computer tech and I fit the bill. From there it was a long sequence of job hops every 3-5 years until I ended up as a sysadmin dealing with mostly Windows systems, Active Directory, Exchange and SQL. Plus, anything else which just needed someone to “figure it out”. That eventually landed me at a gig working as a sysadmin at a US FedGov site (which is why I got my CISSP). There I often worked closely with the cybersecurity team, as they would need stuff done on the domain, and I would get it done. When they had an opening on their team, they did everything short of drag me into the office to apply for that spot. I worked in cybersecurity for that site until a bit after the COVID pandemic when I got a message on LinkedIn about a “FULLY REMOTE” (yes, the message put that all in caps) position. I was curious and applied. I now work from home, reading other peoples’ email and trying to keep the network secure for a Fortune 500 company.

The best advice I can offer is: keep learning and never be afraid to just try.
A lot of my career is based around “oh shit, it’s broke. Here sylver_dragon, you figure it out.” I loved logic puzzles as a kid and now I basically do them for a living. I would also recommend nurturing professional relationships and don’t burn bridges you don’t need to. That friend, who got me my first IT job was also pivotal, about a decade later, in getting me to apply to a different company he worked for at the time. When I put my resume in, it passed through the hands of several different people, people whom I had worked with at that first job. Between my performance and them knowing what type of person I was, everyone one of them said, “yup, hire this guy”. Having good working relationships now can pay a lot of dividends in the future.

sylver_dragon , 12 days ago

Let me borrow an image to put some numbers around it:

https://explainingscience.org/wp-content/uploads/2021/10/image.png

So, in one hour, the Earth receives more energy from the sun than us humans generate in an entire year. If we took all of the energy we generated over a year (and not just the waste heat) and converted it into heat, we wouldn’t even be adding half of one percent to the system. Our direct contributions to the system are minuscule. The problem is we’re pumping out green house gasses like there’s no tomorrow. And those directly increase the amount of solar energy the Earth retains. And when we start keeping 1 or 2 more percent of that insane amount of solar energy, it adds up really, really fast.

sylver_dragon , 12 days ago

Assuming the spring dissolves perfectly (no breakage, just complete disintegration)

I think, eventually, this assumption breaks down. As the metal is dissolved away, the internal stresses in the spring will become greater than the remaining metal can hold, and the spring will break.

sylver_dragon , 11 days ago

Fair enough, thinking about it at a microscopic level, individual molecules/atoms of material will be pushed into positions where they are being repelled from other atoms/molecules via electromagnetic forces. Those forces won’t go away as the chemical reactions happen; so, I would guess that the answer is kinda the same as it is at the macroscopic level. When the bond which holds an individual atom in the lattice of the material is broken, those electromagnetic forces would push the resulting molecule away. So ya, it becomes heat.

sylver_dragon , 15 days ago

I have to believe the actual poll and report aren’t as glaringly stupid as that headline. If you ask nearly anyone, “do you want peace?” They are going to respond with “yes.” The devil is always in the details though. Ask them, “should the war in Ukraine be ended by the Ukrainian Government capitulating to all Russian demands to secure an immediate peace?” And, you might find a lot of folks are suddenly less peaceful. This reminds me of the old saw:
There’s lies, damned lines and then there is statistics.

With a crafted question and a bit of p-hacking you can get a lot of results you want out of people.

sylver_dragon , 15 days ago

I don’t know about “perfect” but I’ve found a career (cybersecurity) that I can take some satisfaction from. Would I keep doing it, if I won the lottery tomorrow? Fuck no. I’d be out the door and sitting on a beach somewhere doing fuck all. But, I’m pretty good at it, don’t mind doing the work 8 hours a day, and it pays well enough that I can occasionally go sit on a beach somewhere doing fuck all.

sylver_dragon , 15 days ago

My experience has been pretty similar. With Windows turning the invasive crap up to 11, I decided to try and jump to Linux. The catch has always been gaming. But, I have a Steam Deck and so have seen first hand how well Proton has been bridging that gap and finally decided to dip my toes back in. I installed Arch on a USB 3 thumbdrive and have been running my primary system that way for about a month now. Most everything has worked well. Though, with the selection of Arch, I accepted some level of slamming my head against a wall to get things how I want them. That’s more on me than Linux. Games have been running well (except for the input bug in Enshrouded with recent major update, that’s fixed now). I’ve had no issues with software, I was already using mostly FOSS anyway. It’s really been a lot of “it just works” all around.

sylver_dragon , 17 days ago

Had a Windows 2000 computer show up on the company network about a month ago, it was an oscilloscope. It was already infected with malware and trying to reach the malware C2 server.

sylver_dragon , 17 days ago

Russia could do that. But, they are kinda busy trying to keep up with demand from their own forces. And that’s only going to get worse as they run out of mothballed Soviet shitboxes to reactivate.

sylver_dragon , 17 days ago

As a worker in the Cybersecurity space, it’s absolutely fantastic for job security.

sylver_dragon , 17 days ago

So, one thing to consider is that “how bad it gets” can be directly related to how well people and governments prepare. For example, if the CDC starts work on having vaccines made and stockpiled now, they may be able to react quickly and decisively to any outbreaks as they happen and prevent them from growing to a pandemic level. If infections are kept to low levels and the CDC ultimately has a lot of left over vaccines, did it “over react”? It’s actually a hard question to answer, because it’s entirely possibly that the end result was a direct result of that stockpiling and rapid reaction, leading to some level of wastage. However, had those precautionary steps not been taken, shit would have hit the fan.

We had something similar back with the Y2K Bug was being talked about. Companies lost their shit over it. But, when the date finally rolled over, it seemed to be a huge nothing-burger. Part of the reason it was such a nothing-burger was the fact that companies actually did a lot of work to validate and fix software before the date roll over. So, in retrospect, lots of people talk about the Y2K bug like it was all hype. But, had action not been taken ahead of time, it really would have caused a lot of problems.

This is the perennial problem with proactive fixes, if they are done right, people won’t be sure you have done anything at all. So, it is often difficult to get people to prioritize future problems. Even when the cost to fix those problems now will be vastly less than waiting until the problem actually arrives.

So no, I don’t think it’s “overblown” per se. It something that governments and health organizations should be tracking and should be working to have plans and resources available for. On a personal level, not much is changing. It’s not currently at a level that I feel I need to make major lifestyle changes to avoid. The CDC puts the risk as currently low, and has seen no cases of human to human transmission. If any of that changes, I’ll re-evaluate.

sylver_dragon , 18 days ago

Warning: Spoilers Ahead

If you played the “evil” plotline, there is a point where Mission (the Twi’lek girl) is telling you how horrible you are and one of your options is to get her best friend Zaalbar (a wookie) to kill her. By this point he owes you a life debt and is honor bound to do what you say. For as terrible as “evil” plotlines tend to be in games, that was an amazingly well done moment.

sylver_dragon , 19 days ago

Sen. Rand Paul (R-Ky.) said last month. “I think a lot of these cases [will] work up, and the Supreme Court finally says enough is enough, we’re not a banana republic.”

I really hope they do Senator. In a Banana Republic, the Glorious Leader is usually not held to account for his crimes. In the US and in functional Republics, we actually hold people to account for the crimes they commit, regardless of their current or former positions. Trump committed a crime, being a former President doesn’t mean he can’t be held to account.

sylver_dragon , 19 days ago

Languages shift and change over time. English, as we currently know it, has undergone several such shifts, to the point that it’s less a language and more several languages dressed up in a trench coat pretending to be one. Adding more Spanish words to the language is really just a continuation of a centuries old trend.

sylver_dragon , 19 days ago

Did the same. The writing has been on the wall for a long time, Microsoft’s anti-user behavior is only set to get worse. I made the jump to Linux (Arch) and things have been reasonably smooth. I did have a few issues with Enshrouded, but was able to get past those with Proton-GE. The only issue I haven’t worked around yet is Roblox with the kids. But, I may just have to pick up a cheap tablet for that.

sylver_dragon , 19 days ago

That is a possibility. To be honest, I haven’t tried very hard yet. I’m currently working on spinning up a Win10 VM in KVM and I’ll see how that works. And Android emulator is another good idea, I’ll have to give that a go.

sylver_dragon , 19 days ago

And once you have found your specific collection of plugins that happen not to put the exact features you need behind a paywall but others, you ain’t touching those either.

And this is why, when I’m investigating phishing links, I’ve gotten used to mumbling, “fucking WordPress”. WordPress itself is pretty secure. Many WordPress plugins, if kept up to date, are reasonably secure. But, for some god forsaken reason, people seem to be allergic to updating their WordPress plugins and end up getting pwned and turned into malware serving zombies. Please folks, if it’s going to be on the open internet, install your fucking updates!

sylver_dragon , 21 days ago

So let’s see, I can buy a computer with a new architecture, which will wreck havoc with running my existing software, all for some half-baked AI version of Clippy. That’s gonna be a, “no”.

sylver_dragon , 20 days ago

That line isn’t about voting, it’s about being qualified to be a Elector, sent to the Electoral College to actually elect the next US President. So, not exactly textual evidence that there is a right to vote enshrined in the Kansas Constitution. The next couple of sections also kinda work against a universal right to vote in Kansas:

Disqualification to vote. The legislature may, by law, exclude persons from voting because of commitment to a jail or penal institution. No person convicted of a felony under the laws of any state or of the United States, unless pardoned or restored to his civil rights, shall be qualified to vote.

This shows that the legislature does have some power to remove a person’s ability to vote under Kansas law. Granted, there seems to be an assumption implicit in this that people have a right to vote, so long as it’s not been removed. But then we get to:

Proof of right to vote. The legislature shall provide by law for proper proofs of the right of suffrage.

That, right there, is probably doing a lot of heavy lifting for this law. The legislature has the power to provide “proper proofs” for the right to vote. So, it would seem that the Kansas Constitution is setting the legislature up to gatekeep voting, based on “proper proofs”. That could well be the signature verification.

This looks like one of those cases where being a country of written laws can lead to weird outcomes. Yes, the right to vote should be universal. But, if the law, as written, doesn’t say that, then that’s not really the law.

sylver_dragon , 20 days ago

As opposed to?
While being a country of written laws does have it’s pitfalls, it also means that we have something to go back to and agree on. There is a reason that political bodies have been codifying laws since the city-states of ancient Mesopotamia. The alternatives usually break down to some sort of “guy with the biggest stick, at the moment, makes the law”. No thanks, I’ll stick with being a “codified law savage”.

sylver_dragon , 20 days ago

I was just focusing on what was there in the Kansas Constitution; but, lets walk through it:

15th Amendment, Section 1
The right of citizens of the United States to vote shall not be denied or abridged by the United States or by any State on account of race, color, or previous condition of servitude.

We’ll ignore Section 2, as it doesn’t seem useful here (same for other amendments below). So, you have a right to vote that cannot be limited by “race, color or previous condition of servitude”. That last bit meaning slavery. So, it kinda does seem to imply a universal right to vote. But again, this leaves open the possibility that the US Government (USG) and States do have the power to limit it otherwise. As a ridiculous example, it seems that this Amendment leaves open the possibility that the State could limit the right to vote for left handed people.

19th Amendment, Section 1
The right of citizens of the United States to vote shall not be denied or abridged by the United States or by any State on account of sex.

Pretty much exactly as above, but extending the protections to “sex”.

24th Amendment, Section 1
The right of citizens of the United States to vote in any primary or other election for President or Vice President, for electors for President or Vice President, or for Senator or Representative in Congress, shall not be denied or abridged by the United States or any State by reason of failure to pay any poll tax or other tax.

Continuing to extend the limits on USG/State powers. This time, it outlaws poll taxes.

26th Amendment, Section 1
The right of citizens of the United States, who are eighteen years of age or older, to vote shall not be denied or abridged by the United States or by any State on account of age.

And now we’ve extended the prohibition on limiting voting due to age.

There is a through-line on all of these which amounts to “The USG/State cannot limit the right to vote in these specific cases”. At the same time, they all leave open the possibility that the right to vote can be limited by the USG/States, so long as the reason isn’t one of the protected classes. The text of the US Constitution itself is pretty silent on the issue.

Article I, Section 4
The Times, Places and Manner of holding Elections for Senators and Representatives, shall be prescribed in each State by the Legislature thereof; but the Congress may at any time by Law make or alter such Regulations, except as to the Places of chusing Senators.

That kinda tosses the whole thing to the States to figure out. Though, that has been modified by Federal Law a few times.

Article 4, Section 2
The Citizens of each State shall be entitled to all Privileges and Immunities of Citizens in the several States.

This is the “Privileges and Immunities” clause of the US Constitution, and it’s been a useful “catch all” to further push the rights of the people. If a universal right to vote exists in the US Constitution, it’s probably here. But, that’s going to fall to judicial review. Which, for the moment, the Kansas court seems to have rejected.

sylver_dragon , 20 days ago

So that explains the wooshing sound.
Sorry, I guess I’ve been primed by one too many comments where folks seem to want to ignore the laws as written when they are inconvenient to the outcome they want.

sylver_dragon , 20 days ago

The US constitution does include the right to vote

Kind of, but also kind of not. I replied to another commenter on that, I’ll point you there.

The state level clause about exclusions is only necessary if the right to vote exists in the first place.

I agree that, and event directly stated in my previous post, exactly that:

there seems to be an assumption implicit in this that people have a right to vote

Unfortunately, an implicit assumption is not the same as an explicitly enumerated right. It’s a fine distinction, but can be a big pain in the arse. In theory, US Citizens have a lot of unenumerated rights, via the 10th Amendment to the US Constitution. However, as it’s left open to interpretation, it ends up amounting to almost nothing.

sylver_dragon , 20 days ago

It does seem that there is an implicit right to vote, but not an explicit one. Which is why I mentioned the Privileges and Immunities clause, if there is a Constitutional right to vote, it likely derives from there. But, being implicit, rather than explicit, means that it falls to judicial review to codify it. It’s also not as solidly guaranteed. Unlike say, the right to assemble, there is no specific text you can point to and say, “this bit of text, right here, says it.” So, it wouldn’t be surprising to see any such decision overturned later on (see: Dobbs decision).

sylver_dragon , 24 days ago

I work in cybersecurity for a large company, which also uses the MS Authenticator app on personal phones (I have it on mine). I do get the whole “Microsoft bad” knee-jerk reaction. I’m typing this from my personal system, running Arch Linux after accepting the difficulties of gaming on Linux because I sure as fuck don’t want to deal with Microsoft’s crap in Windows 11. That said, I think you’re picking the wrong hill to die on here.

In this day and age, Two Factor Authentication (2FA) is part of Security 101. So, you’re going to be asked to do something to have 2FA working on your account. And oddly enough, one of the reasons that the company is asking you to install it on your own phone is that many people really hate fiddling with multiple phones (that’s the real alternative). There was a time, not all that long ago, where people were screaming for more BYOD. Now that it can be done reasonably securely, companies have gone “all in” on it. It’s much cheaper and easier than a lot of the alternatives. I’d love to convince my company to switch over to Yubikeys or the like. As good as push authentication is, it is still vulnerable to social engineering and notification exhaustion attacks. But, like everything in security, it’s a trade off between convenience, cost and security. So, that higher level of security is only used for accessing secure enclaves where highly sensitive data is kept.

As for the “why do they pick only this app”, it’s likely some combination of picking a perceived more secure option and “picking the easiest path”. For all the shit Microsoft gets (and they deserve a lot of it), the authenticator app is actually one of the better things they have done. SMS and apps like Duo or other Time based One Time Password (TOTP) solutions, can be ok for 2FA. But, they have a well known weakness around social engineering. And while Microsoft’s “type this number” system is only marginally better, it creates one more hurdle for the attacker to get over with the user. As a network defender, the biggest vulnerability we deal with is the interface between the chair and the keyboard. The network would be so much more secure if I could just get rid of all the damned users. But, management insists on letting people actually use their computers, so we need to find a balance where users have as many chances as is practical to remember us saying “IT will never ask you to do this!” And that extra step of typing in the number from the screen is putting one more roadblock in the way of people just blinding giving up their credentials. It’s a more active thing for the user to do and may mean they turn their critical thinking skills on just long enough to stop the attack. I will agree that this is a dubious justification, but network defenders really are in a state of throwing anything they can at this problem.

Along with that extra security step, there’s probably a bit of laziness involved in picking the Microsoft option. Your company picked O365 for productivity software. While yes, “Microsoft bad” the fact is they won the productivity suite war long, long ago. Management won’t give a shit about some sort of ideological rejection of Microsoft. As much as some groups may dislike it, the world runs on Microsoft Office. And Microsoft is the king of making IT’s job a lot easier if IT just picks “the Microsoft way”. This is at the heart of Extend, Embrace, Extinguish. Once a company picks Microsoft for anything, it becomes much easier to just pick Microsoft for everything. While I haven’t personally set up O365 authentication, I’m willing to bet that this is also the case here. Microsoft wants IT teams to pick Microsoft and will make their UIs even worse for IT teams trying to pick “not Microsoft”. From the perspective of IT, you wanting to do something else creates extra work for them. If your justification is “Microsoft bad”, they are going to tell you to go get fucked. Sure, some of them might agree with you. I spent more than a decade as a Windows sysadmin and even I hate Microsoft. But being asked to stand up and support a whole bunch because of shit for one user’s unwillingness to use a Microsoft app, that’s gonna be a “no”. You’re going to need a real business justification to go with that.

That takes us to the privacy question. And I’ll admit I don’t have solid answers here. On Android, the app asks for permissions to “Camera”, “Files and Media” and “Location”. I personally have all three of these set to “Do Not Allow”. I’ve not had any issues with the authentication working; so, I suspect none of these permissions are actually required. I have no idea what the iOS version of the app requires. So, YMMV. With no other permissions, the ability of the app to spy on me is pretty limited. Sure, it might have some sooper sekret squirrel stuff buried in it. But, if that is your threat model, and you are not an activist in an authoritarian country or a journalist, you really need to get some perspective. No one, not even Microsoft is trying that hard to figure out the porn you are watching on your phone. Microsoft tracking where you log in to your work from is not all that important of information. And it’s really darned useful for cyber security teams trying to keep attackers out of the network.

So ya, this is really not a battle worth picking. It may be that they have picked this app simply because “no one ever got fired for picking Microsoft”. But, you are also trying to fight IT simplifying their processes for no real reason. The impetus isn’t really on IT to demonstrate why they picked this app. It is a secure way to do 2FA and they likely have a lot of time, effort and money wrapped up in supporting this solution. But, you want to be a special snowflake because “Microsoft bad”. Ya, fuck right off with that shit. Unless you are going to take the time to reverse engineer the app and show why the company shouldn’t pick it, you’re just being a whiny pain in the arse. Install the app, remove it’s permissions and move on with life. Or, throw a fit and have the joys of dealing with two phones. Trust me, after a year or so of that, the MS Authenticator app on your personal phone will feel like a hell of a lot better idea.

sylver_dragon , 24 days ago

You’re god damn right they are, and they have every right to be. I’m in It too and I’m absolutely sick of the condescending attitude and downright laziness of people in the field who constantly act like what the users want doesn’t matter. If they don’t want it on their personal device, they don’t need a damn reason.

Sure, and I suspect they company will have another option for folks who either can’t or won’t put the application on their personal device. It’s probably also going to be far less convenient for the user. Demanding that the company implement the user’s preferred option is where the problem arises.

complaining because users don’t want Microsoft trash on their phone might make marginally more work for you is exactly as whiny.

It’s a matter of scale. In a company of any size, you are going to find someone who objects to almost anything. This user doesn’t like Microsoft. Ok, let’s implement Google. Oh wait, the user over there doesn’t like Google. This will go on and on until the IT department is supporting lots of different applications and each one will have a non-zero cost in time and effort. And each of those “small things” has a way of adding up to a big headache for IT. We live in a world of finite resources, and IT departments are usually dealing with even more limited resources. At some point they have to be able to cut their losses and say, “here are the officially supported solutions, pick one”. While this creates issues for individuals throughout the organization, it’s usually small issues, spread out over lots of people versus lots of small issues concentrated in one group.

If you’re in IT, you’ve likely seen (and probably supported) this sort of standardization in action. I can’t count the number of places where every system is some flavor of Dell or HP. And the larger organizations usually have a couple of standard configurations around expected use case. You’re an office worker, here’s a basic laptop with 16Gb of RAM, and mid level CPU and fuck all for a GPU. Developer? Right, here’s the top end CPU, as much RAM as we can stuff in the box and maybe a discreet GPU. AI/ML work? here’s the login for AWS. Edge cases will get dealt with in a one-off fashion, there’s always going to be the random Mac running around the network, but support will always be sketchy for those. It’s all down to standardizing on a few, well known solutions to make support and troubleshooting easier. Sure, there are small shops out there willing to live with beige box deployments. Again, that does not scale.

I see this all the time and it’s downright hysterical. Who the hell can’t handle having to have two devices on them? “Oh yeah you’ll regret asking for this! Just wait till you have to pull out that other thing in your bag occasionally! You’ll be sorry you ever spoke up!”

Hey, if that’s your thing, great. But, there is a reason BYOD took off. And a lot of that was on users pushing for it. Having been on the implementation side, it certainly wasn’t IT or security departments pushing for this. BYOD is still a goddamn nightmare from an insider threat perspective. And it causes no end of headaches for Help Desks trying to support FSM knows what ancient piece of crap someone dredges up from the depths of history. Yes, it’s a bit of cop out to give the user a crappy solution, because they push back against the easy one. But, it’s also a matter of trying to keep things working in a standardized fashion. A standard configuration phone, with the required pre-installed, gives the user the option they want and also keeps IT from having do deal with yet more non-standard systems. It’s a win for everyone, even if it’s not the win the user wanted.

Also, develop some pattern recognition. If you can’t see how Microsoft makes this substantially worse once other methods have been choked out, you haven’t learned a thing about them in the last 30 years.

I do understand how bad Microsoft can be. I was an early adopter of Windows Me. And also have memories of Microsoft whining about de-coupling IE from the OS. And I don’t want MS to win out as the authentication app for everyone. That said, I still believe that the Microsoft Authenticator app on a personal device is the wrong hill to die on. There is a lot of non-Microsoft software out there and there are plenty of options out there. But, Microsoft software using the Microsoft app isn’t surprising or insidious.

sylver_dragon , 24 days ago

That might be an optional requirement which can be set by the admins. On my phone (Android) I have disabled location permissions for the MS Authenticator app. I have no issues logging in. I also regularly have to deal with alerts for users with improbable geographic logins, because they have a VPN on their phone. So, they login from their PC from one location and then their phone logs into Azure from the other side of the planet moments later.

sylver_dragon , 23 days ago

My phone is my phone. They didn’t buy it, they don’t pay for it

And that’s completely fair. As I said above, the end result will almost certainly be a company provided phone with company provided apps. I’ve seen (and had) both solutions. It all comes down to how you view the risks. If you see running a Microsoft app on your personal phone as too great a risk to your privacy, then go for the two phone option. Personally, I don’t see that as a high risk and think it’s kinda silly.

sylver_dragon , 23 days ago

You work in cybersecurity, yet you have company-controlled assets on your personal phone?
X DOUBT
Either you don’t give a single sh*t about your personal privacy, or…

Here’s the rub, I’ve been through enough of this to take a realistic, risk based approach to security. Knee-jerk reactions like the one you are giving are not really useful. Step back for a moment and think about what’s going on here. First and foremost, this isn’t MDM on a device, that’s entirely different from installing the MS Authenticator app from the public Google Play store and adding a work account to it. So no, the company is not able to go rooting around in the user’s device willy-nilly. Second, even with MDM, IT control of the user’s device isn’t what it used to be. Google implemented containerization of work profiles some time back. Without Work Profiles and containerization, I would agree that enrolling my personal device in MDM carries too much risk to my privacy and also having my device remote wiped. But, the advance of technology has altered that calculus. While there are still risks to consider with having a work profile on my device, it’s also not as worrisome as it used to be.

Security isn’t some binary thing. There is no hard and fast set of rules, given from some entity on high. It’s a game of deciding what risks are acceptable and what risks need to be mitigated and how. If you work for a company which you believe is trying to use MDM to go rooting around in your personal device, I’d suggest finding an new job. This isn’t to say you should trust the company 100%; but, you need to take a realistic look at what the ask is, what risks it carries and if the trade-off in convenience is worth it. The risks inherent in the MS Authenticator app are basically nil. At least on Android, you can audit it’s permissions and disable the ones you don’t want it to have. The app provides zero control over the device to the company. Really, there’s just nothing there to get your panties in a bunch about.

But hey, if knee-jerk reactions are your thing, then you do you. This whole tempest in a teapot still amounts to “Microsoft bad”.

sylver_dragon , 27 days ago

Story about Belgian F-16s.
Picture shows US F-35.
Guess the AI’s came for Politico’s editors first.

sylver_dragon , 26 days ago

I suspect Politico fixed it. When I first loaded the page, it had the same image you see in the thumbnail. And that’s was what prompted my comment. Looks like they updated the page and it’s now an appropriate image.

sylver_dragon , 30 days ago

The first thing I learn to replicate: coffee.
My cup gets empty, just point a finger in and squirt out another cup.

This is going to be followed by water and various food items and gasoline. My wife would be in on the secret, I’d keep the kids in the dark as much as possible. Now it’s time to try and generate a living. Creating cash is a no-go as it’s serialized and someone is going to notice bills showing up with the same numbers. I’d also avoid most high value, finished goods, as those also tend to be serialized and might get noticed. It’s not that I wouldn’t catalog them, but that would be for emergencies. For a while (probably years), life would continue as normal. I’d just be saving a lot of money by not buying groceries, sundries or most things I could get by handling it in a store and replicating it at home. Anything big or obvious gets bought normally. This is things like cell phones or cars. But, by shaving a lot of the regular costs, I suspect I could save up a good bit in a reasonable amount of time.

Once I have the funds, it’s time to move to phase two. Locate a claim in Alaska which is both somewhat likely to have gold, is close enough to a town to visit with a short drive, and has a scenic spot to build a house. Buy a nice R/V and spend a few weeks every summer prospecting on the land and building out a homestead. I’ll need to start visiting home improvement stores to catalog the materials along with visiting conventions and the like to handle samples of other stuff needed to build. I’d be aiming for as much of a net-zero, off-grid home as possible. Internet would be via Starlink (which would be bought and paid for). And most of the other stuff (food, materials, etc.) get’s zapped into existence.

The “prospecting” part of the trip would be real enough. The finds would just be padded, a bit. The first few summers will result in finding nothing but gold dust and maybe a nugget or two gets added over time. Nothing big, nothing notable. Just enough that it makes sense for me to keep going back. This trip would be a family tradition (I’m sure the kids would hate it), but it’s how we spend a couple weeks every year. This goes on with finds being padded out more over time with most of the money going into stocks, bonds and other investments. My paycheck would also be mostly used this way, keeping enough to pay for unavoidable costs like taxes, trips and services. When the home is ready, sell the R/V and use it as the base of operations for prospecting. This all goes on until the kids are grown and moved out. We continue to live in our current home, the kids keep going to school and doing the normal growing up and getting prepared for life. Nothing changes for them and they get a normal, stable childhood. Once they are on their way, the wife and I move to Alaska permanently. I continue working (I already work remotely) and prospecting until the investments are big enough that we can live off the interest comfortably with the principal growing 3-5% per year to keep up with inflation. Though, I kinda suspect this would happen before the kids are fully grown. With my ability to just create the food, sundries and fuel we need, we’d be saving money pretty quick.

And then, we just live. I’m not going to save the world, I don’t think I can. If I can generate enough money, I would start donating to worthwhile causes. Things which provide water, food and micro-business loans. I really want to avoid discovery and ending up as a lab rat or having my family ripped apart as various government agencies try to figure out if my ability is genetic. Anything I do, which gets me noticed, results in my kids not getting to have normal lives. And that is goal number 1, my family gets to live a normal, happy life. Depending on how the ability works, I might go for a MAD style option over this. If I can create objects very fast and at far enough distances, I’d work to learn as powerful of explosives as possible over the years (nuclear weapons if the option reasonably presents itself, not sure how it would). If I am discovered, the threat becomes “leave my family alone or I blow the fuck out of everything, everywhere, all at once”.

But ya, that’s basically it. My kids grow up and have a trust fund waiting for them when my wife and I kick it. My wife and I get to retire as far away from other people as possible. We grow old hiking and playing video games together. Considering family history and actuary tables, I’ll die first and she can spend her last years (possibly decades, based on her family history) dotting on grandkids and hopefully finding someone else to be happy around in those years.

sylver_dragon , 27 days ago

I apologize now for the hostility I’m about to through your way,

Can’t say I really felt your reply was hostile. But, I appreciate that you tried to prevent and bad feelings.

You have 4 paragraphs and 864 words, explaining a fantastically well thought out premise and long term plan that is so absolutely achievable that you could literally do this right now with a like $100k extra.

I mean, I already live semi-rural in a good place for the kids to have friends close, go to good schools, and still have a bit of separation from the neighbors. When the kids are out on their own, we’ll probably sell this place and buy a smaller home on a larger plot of land further away from people. Having the passive income setup for retirement may already be in the cards, though certainly not at the level I could pull off by being able to create objects out of nothing. Also, without that ability and the need to hide it, rural Virginia is plenty far enough away from other people for me. Part of picking Alaska for that scenario was accepting that you don’t want to get noticed, ever.

With a mix of imagination and diligent scanning you could make yourself your own distinct content with no long term tectonic impact on the planet and a technocratic government that runs everything with a goal of perfect balance between human comfort and long term global stability. You could retire there with your family within the first year to watch your children grow up as the first generation of a true utopia.

Utopias have a bad habit of falling over when you get humans involved. I’d love to believe that, with a human replicator running about, we could end all suffering and bring world peace. I actually believe that the usual mix of greed, ego and self-centered-ness would result in just as many wars and strife as we see today. Hell, if you sit back and take a cold look at reality as it exists today, we should be living in a time of unparalleled peace and abundance for all. As a species, we have plenty of resources that no one should be hungry, no one should be without a roof over their head and no one should be worried about a bomb being dropped on them tomorrow. Yet, here we are. Now, this isn’t to say things are all doom and gloom. For all the news reporting to the contrary, we are actually living in an incredibly peaceful time, historically. Even with the invasion of Ukraine, the civil wars in Somalia and Yemen and the genocide in Palestine, the world is actually really peaceful, by historic standards. But, the wars that are going on are driven by assholes who feel they should be in control and that some group of others is less deserving of the right to live in peace. Adding a human replicator to the mix would just mean people fighting to get control of that human replicator. If the US Government discovered a human replicator today, you can bet they would be scooped up and be chained inside a warehouse tomorrow churning out 155mm shells for the war in Ukraine. Rights of that person be damned. Better to hide and just let the world keep spinning.

You could populate the universe with so many tardigrades that the simulation you exist in crashes, or place a bowl of soup on the head of every cat on the planet, or make a new constellation to name after your wife, but instead the real life version of God mode isn’t actually part of your 10 year plan. It’s just a well managed lottery win. It’s this what those wackos are talking about when they preach about internalizing the system? Because if so they’re a lot less nuts than I originally thought.

Maybe. I think it’s mostly just a matter of getting older and having perspectives change. I’m not going to say the world is perfect by any means, or that there isn’t a lot which needs fixing. But, I think that the world is also not all that bad. Certainly not as bad as the folks screaming on Twitter would have you believe. Sure, I’d change a lot of stuff, had I the power. But, I don’t and I don’t see it as worth it to wring myself out trying to pretend I do. I’d rather spend my time and energy just trying to make a small corner of this world comfortable for my family. If that means I’m uncaring or a terrible person, because I don’t seem to care about everyone else, then fine, I’m a terrible person. Good luck saving the world, I’ll be over here eating popcorn and watching you slam your head against a wall. My skull just won’t take that sort of punishment anymore.

The thing is, “the system” is rigged and we could do a lot better. And I’ll certainly vote and maybe argue a bit online, to push it towards my view of “better”. At the same time, “the system” could be way, way worse. And this is one of the problems with people who talk about “blowing up the system” or similar revolutionary language, they usually have a very poor understanding of what comes after. People like to pretend that there is some glorious path from tearing down the system to some sort of utopia. Anyone selling you that bullshit is either lying or has never picked up a history book. The French Revolution was followed by the Reign of Terror. The October Revolution was supposed to lead to a Marxist style utopia, instead they got the USSR and Stalin. The Chinese Communist Revolution was again supposed to lead to a people’s utopia. Instead, they got the Great Leap Forward into mass famine, followed by the People’s Republic of China we all know and love today. Simply put, most revolutions just end up shifting which horrible group of people get to do horrible things to the other group.

This isn’t to say that people should try to overthrow really bad governments. In every one of the examples I listed above, what came before really did need to be torn down. But, I think the Douglas Adams quote is quite apt here, “it is a well-known fact that those people who must want to rule people are, ipso facto, those least suited to do it.” Unfortunately, the folks who tend to lead revolutions also tend to be exactly the people you don’t want in charge. You get ideologues who then seek to purge the “bad group” for whatever definition of “bad group” they have decided to come up with. Usually, said the Venn Diagram of the “bad group” and “people who question the leader’s actions” looks a lot like a single circle. It can go the other way, but it can’t be premised on any sort of ideological purity, or you just get The Reign of Terror. You need a really special set of people who are willing to tear down the bad system and then walk away from power. That is really, really rare. And I doubt you can really tell who would actually do that and who would descend into paranoia, once they had power, and refuse to let it go.

So all this is to say that yes, I probably have “internalized the system”. Because, sure it sucks, it just sucks less than most of the other options.

Get off lemmy, do some research into properties in Alaska and gold speculation. This is so genuinely possible of a life goal that I genuinely believe you deserve to achieve it.

Once again, I think history is pretty instructive here. If you ever read about the California Gold Rush it wasn’t the prospectors who got rich. Sure, some got really lucky, most toiled for decades to just scrabble out a living. Gold speculation in Alaska is actually really hard and down to a lot of luck. Sure, my current living of working for some faceless corporation may not be glamorous, but it provides a comfortable, reliable living. I’d much rather have stability than roll the dice on picking the right plot of land. Also, I’m lazy. Doing gold prospecting for real requires tons of hard work and physical labor. Without the magic ability to just spawn gold, it’s not worth currently worth it for me.

You have 4 paragraphs and 864 words

I grew up in a time before Twitter. I’m used to longer form discussion boards. While “brevity may be the soul of wit” it’s also often a sign that someone hasn’t put any thought into what they are writing. The world is a messy place, it’s very rare that the reality of a situation can be crammed into 140 characters or less. Also, arguing with people on the internet is my version of “drinking my morning coffee while reading the newspaper”. I can wake up, sip mu coffee and pretend the world gives a damn about my opinions. Maybe it does and maybe it doesn’t. But, it’s now used up a bunch of electricity getting spewed about the world. And I’m much better caffeinated.

sylver_dragon , 30 days ago

I think AI is good with giving answers to well defined problems. The issue is that companies keep trying to throw it at poorly defined problems and the results are less useful. I work in the cybersecurity space and you can’t swing a dead cat without hitting a vendor talking about AI in their products. It’s the new, big marketing buzzword. The problem is that finding the bad stuff on a network is not a well defined problem. So instead, you get the unsupervised models faffing about, generating tons and tons of false positives. The only useful implementations of AI I’ve seen in these tools actually mirrors you own: they can be scary good at generating data queries from natural language prompts. Which is, once again, a well defined problem.

Overall, AI is a tool and used in the right way, it’s useful. It gets a bad rap because companies keep using it in bad ways and the end result can be worse than not having it at all.

sylver_dragon , 1 month ago

The crux of this issue (and the Supreme Court identified this while more liberal leaning) is that it’s really fucking hard to measure gerrymandering-ness

Yup, for anyone who hasn’t heard it, I’d highly recommend people listen to FiveThirtyEight’s Gerrymandering Project. While this isn’t to say that gerrymandering isn’t a problem, it’s not as simple as many people make it out to be. Especially with the high level of self-sorting which has been going on, packing lots of Democratic votes in a single district tends to happen, even without trying.

sylver_dragon , 1 month ago

Pretty much it’s the Four Horsemen of the Apocalypse: War, Famine, Pestilence and Death.
Any sort of collapse is going to lead to a lot of people fighting over dwindling resources. It’s also going to provide fertile ground for warlords to take over and run their own kingdoms. And those kingdoms can be expected to fight. The collapse of the Western Roman Empire is likely instructive here. You will have a hollowing out of the cities as the logistical chains supporting them collapse. Where they make sense, the ruins will be used by smaller populations and in surprising ways (stables, forts, ramshackle dwellings). Subsistence farming will again be the occupation of the vast majority of the population. Though, that’s going to take time to get going again; so, expect a lot of people to die of starvation. And, of course, farmers will regularly find themselves subject to raids from the previously mentioned warlords. Some might be lucky enough to be left with enough food to keep feeding themselves and just become serfs to said warlords.

With modern medicine and vaccines gone, our old friends tuberculosis and small pox likely show back up and start taking their toll. A lack of sanitation and water treatment brings back cholera and dysentery. And then there’s all the joys of bacterial infections, without anti-bacterial medications. So, one unlucky scratch and you get to die a horrible death or face an amputation without the benefit of anesthetic.

So ya, pretty much we get to go back to scrabbling in the dirt for the hope to not die horribly. And maybe, if we’re lucky, society will put itself back together again, eventually.

sylver_dragon , 1 month ago

I know this is just being silly, but stop and think about the difference in scale between a yacht and the larger ships in the ocean. There was a recent case of a cruise ship showing up at port with a whale over it’s bow. The ship rammed a whale, effectively beached it on the bulbous bow and no one on the ship noticed. And then you have things like an Eisenhower Class Aircraft Carrier. At over 1000 feet long, 250 feet wide and displacing over 100,000 tons the sheer scale of the ship is hard to imagine without seeing it. Imagine taking a sky scraper, tipping it on it’s side and floating that out to sea. That’s what we’re talking about. You could have 10 large blue whales laid out tip to tail along the length of the carrier. An entire pod of whales ramming such a ship would just result in whales with concussions. And then CWIS goes brrr….

Whales, dolphins and other marine animals are amazing, but their scale and coordination pales in comparison to what humans do. We have basically no natural weapons or advantages in strength or speed. But, we dominate the planet because we can plan far ahead and work in groups much larger than a local tribe. We also harness energy in ways well beyond what animals do. Even something as simple as fire is outside the ability of other animals to create and use effectively.

sylver_dragon , 1 month ago

People being assholes over it is dumb, but I can’t say I would want one. I saw one recently at my local grocery store and I couldn’t stop thinking how poorly built it looked. It just seemed like the fit and finish of the body panels was kinda bad. I got an overall feeling like it was something put together by a couple of teenagers in metal shop.