Every company saying that their data is encrypted at rest with "strong encryption" is saying nothing. It's a free, effortless and shameless statement to boost the org's false security posture to the untrained masses. It's even worse when they say it to justify that their security was sufficient after a breach.
Encrypted data at rest just means they use the cloud. It's standard cloud practise. They give it basically for free at a button toggle. "Using military grade encryption" yes I know it's AES. That shouldn't make you feel any safer. Optus even said their unauthenticated API was protected by double layers of encryption! (TLS in transit and AES at rest!). That meant nothing, and did nothing to protect their breach. Why?
Because the threat models that encryption at rest protects against is someone walking into some data center and grabbing hard drives. And no one does that. Every piece of encrypted information stored by your business is constantly decrypted at some point for use - especially customer and production data. Any attacker who compromises your employees with access to cloud resources, or an application/system with access to those cloud resources will have credentials and permission to decrypt the data. Because at the end of the day encrypted data is just as useless to you as it is to the attacker.
when we, 1Password, talk about our layers of encryption we don’t even mention the encryption that comes free with AWS. What matters is data encrypted with available only to our users.
yea no, I get that, and SRP is not in the typical encryption bullshit list that I meant. 1password being a password manager obviously needs to have its encryption described on the tin, in technical detail, which it does quite well.
@h4sh, thank you. I wasn't taking your post as being about us. I, too, get very irritated when services call "encryption at rest" is a defense against an exceedingly narrow threat. (Someone walks away with the hard drives.)
I get even more irritated when auditors and the like conflate that with what we do.
- "How obscure are your musical tastes?" - "Well, today I found out I've got a full shelf of CDs the national library in charge of the mandatory deposit in my country does not even have in its database, which lead me to read back the law to ensure I wasn't liable to a hefty fine."
tbf I share 99% of my library being online daily. But I still keep a few exclusive recordings which I know are either very rare to come by or shit I recorded from livesets from when I used to work as a sound engineer.
The rare records no one would actually be interested in, the live sets could easily be tied to me if they happend to leak on yt or something.
Note this is a choice some IT person made years ago and nobody realizes is optional, or something is actually broken and people just got used to it. Re-Auth could be entirely seamless if they wanted, or only enforced for certain apps. This is not intrinsic.
Something I see a lot is people accepting bad IT experiences as mandatory. Like this is life, get on with it. But this isn't remotely true. It's a choice, sometimes just not a choice an organization realizes it has. I have to be the person calling bullshit on stuff because I know. Because I understand what's normal outside the org, or I have literally done their job before as an IT Generalist.
The business malaise in accepting deteriorated user experiences is frankly shocking. You're being led like a dog by people who aren't being challenged to do better. Who often are not stupid and can do better, but have no mandate to venture it.
Honestly, one good thing for 2023 would be to set back up a blog, importing my old articles, doing old links management and posting at least once per month.
can't wait for 2050s ham radio repeaters where instead of old guys talking about the wife or whatever diseases they have, there's a bunch of trans girls complaining about drama in their polycule
Hearing radio astronomy objects is actually fairly easy on the 2m amateur band with a small array. Here a 4x7 element array easily hears the Sun and Sagittarius A. This from an urban backyard!
I was unable to pull the data wire, since the duct was obstructed, so I went the wireless way. Next step: attempting to switch telemetry from legacy to standard format.
j'avais évité ce truc car zéro intégration avec home-assistant et pas envie de bricoler... dommage ça semblais quand meme intéressant. enfin, 50€ pour ça ça reste quand même du vol.
Let's talk about how relays work, and how we can use them in basic circuits :)I scanned The Design of Switching Circuits and uploaded to the Internet Archive...
Top Secret Abandoned Satellite Dish Found On A Mountain. Explore # 107B.C. CanadaDoing some digging online I came across this top secret abandoned satellite ...
We have to deromanticize community. It's not some pristine untouched forest of soft moss and good vibes. The corporations count on that misconception to stripmine us for content.
Community has always been as weird and messy as humans are. It's work. It's relationships. It's hard. There isn't a magic number. They aren't inherently anticommercial. They don't all look or act the same.
It’s almost 2023. The world is different, the online world is very different, and I’m pushing 50. So I think it’s time we all start talking about online gathering places with a mo…
I slept very poorly last night due to the news that Musk gave privileged / possibly PII & DM level access of Twitter mod access to a variety of strident anti-LGBTQ (especially anti-trans) bigots who masquerade as journalists. This is an incident which would require user notification under California law, if it weren’t for the platform owner granting it. It still might be a violation of privacy laws. It’s absolutely a disaster for all LGBTQ people who used Twitter.
In short: presume that transphobes & homophobes in the employ of theofascists with ties to foreign governments can read your Twitter DMs & aren’t bound by any NDA, & will use that information however they please.
there's an option to download your data in the settings. When I did that with FB, it downloaded those conversations as well. Maybe do that before deleting everything?
@CordiallyChloe Thank you thank you thank you! I downloaded my data in April. My convos are in a zip file backed up to long term storage only I and my family have access to. You just set my heart at ease ❤️
Python code to parse a Twitter archive and output in various ways - GitHub - timhutton/twitter-archive-parser: Python code to parse a Twitter archive and output in various ways
It's incorrect. The Slack DMs are screenshots because they have direct access to them. However they only have picture of a screen of the Twitter admin panel because they weren't given full access to them, they were only given access to the given pictures.
The Twitter employee whose admin access was used explained it but I can't find it again.
Elmo is a a**hole but we should still be accurate.
Musk gave Bari Weiss some level of employee-privileged access to the control / moderator functions of Twitter. We already knew from Pieter Zatko’s whistleblowing that there are few, if any, meaningful data controls on Twitter once past the perimeter. So we have to assume that Bari Weiss’ cohort of Culture War Manufacture LLC have read DMs. And if so, are likely to behave as if they’re not subject to the implied and explicit privacy regs attached to Twitter user data.
Got recognized in the street by somebody I either don't know or don't remembered 💀💀 0/10 won't recommend the associated feelings. I wonder how famous people cope with this.
In August 2011, Los Alamos techs posed 8 plutonium rods on a work table to take a few photos.
Had these rods rolled into each other there would have been an instant criticality event. (Think "Demon Core")
Worst still, a supervisor who saw the display ordered the techs to safe the rods, ignoring the protocol to evacuate EVERYBODY (b/c even a hand could moderate the neutrons & cause criticality).
Background There is growing evidence that patients recovering after a severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2) infection may have a variety of acute sequelae including newly diagnosed diabetes.
For #TDoR2022, I'm having a thought for @lumi_enby@twitter.com who left us on Dec 31st, as well as all of us who didn't make it because of transphobia. We miss you.🕯️ #TransgenderDayOfRemembrance
Finally got rid of Google Authenticator (I'm using Aegis as a replacement). The transfer was a bit tedious, because you need to export up to 4~6 accounts each time with the QR code technique but it worked.
Watching the wild ride that is South Australia power network islanded and having too much uncontrollable power generation (solar). They are apparently tapping sub station transformers to beyond 253v to trip solar inverters.
are there reliable ways in which to control household solar outside of tripping inverters? I like that our power is green, but uncontrolled grid not so good.
@ellie AEMO / South Australia introduced some standards / policies around inverters being remotely controllable (DPVC) however this is fairly recent, so not many inverters have this
@ellie from what my SA friends told me they connect to your inverter to your wifi / and connect to it remotely. it all seems hacky and needs inverters that are supported by the program - but apparently required for new installs.
@ellie TF? Sounds like it'd need to phone home unless port forwarded, but ... something Target something hvac something disaster, but inflicted on the population by the government.
we had an outage here last weekend, things died with weird noises. Reset mains, and some things came on but ups's still beeping.
UPS stats say Input voltage: 74
but spot on 50Hz, which isn't how AC under-supply is supposed to work.
I'm guessing we were islanded, but there was enough solar that a bunch of people's inverters were still keeping clock and trying to feed power. Which clearly they shouldn't.
Weird case of needing more load to cause shutdown, but heavier loads wouldn't start and all that was left was a bunch of switchmode and LED lights and such.
that brings back bad memories of a Christmas eve back in the UK when the cooling at one of the DC's we managed hardware in failed causing a cascading failure of _everything_ and the number of servers and UPSs beeping :|
Was >45°C air temp on the data floor, in UK Winter when it was snowing outside.
not something I wish to repeat for sure. Most of the places I worked in moved to the high mist systems with the double knock to kill power and localised suppression which was less horrible.
not something I wish to repeat for sure. Most of the places I worked in moved to the high most systems with the double knock to kill power and localised suppression which was less horrible.
There's a lot more to play around with for sure, but this is a good starting point to make your own bot or client. You could have it chunk up messages to fit your instance's character limit and then send posts in a thread. The pastabilities are endless.
a couple of years ago I wrote a (partially complete) "Modbus Tweets" account on the bird site. Never finished it. Kinda wanna dust it off for Mastodon though. I was going to have one of my home's lights operable via @ and DM, just base64 encode a modbus request and get a base64-encoded response...
@reverseics that's such a sick idea. The twitter dev API is annoying because you need to apply to do an application and can get rejected (like me) for not having a good enough reason to have a token. There's a lot of potential for really easy automation with mastodon and enough access controls to make it work without as much hassle
![[object Otter] :verified_paw: ](photo/contact/80/318?ts=1683270341)
Jeffrey Goldberg
in reply to h4sh • • •h4sh
in reply to Jeffrey Goldberg • • •Jeffrey Goldberg
in reply to h4sh • • •I get even more irritated when auditors and the like conflate that with what we do.
Cendyne
in reply to h4sh • • •