Infosec, offensive security.
No I can’t get into your Ex’s social media.
Which actually means it would probably end up being a multi-stage multi-day engagement that would require cross discipline techniques and for me to commit multiple felonies across several different, state lines, over telecommunications lines, international borders, not to mention how many three letter agencies, all so you can see who he’s fucking now.
Can I what? No.
Building genuinely secure computer systems is incredibly difficult. You might even be in systems/software and be thinking “yeah it is hard”, but to be really secure it’s 1000x harder than that. So everything you use off the shelf from any vendor is a massive compromise and has holes in it. But on the other hand most people don’t need really secure systems.
Isn’t a true air gap pretty solid though? Aside from someone actually coming into your house and interfacing directly it would be pretty hard to bypass, or am I on Mt. Dunning-Kruger over here this time?
Air gap is a useful strategy. But what is that system? You don’t really know anything about its origin or what any of its processors actually do. You know really nothing about any of the firmware or software you run on it. Just getting software on to it securely is a huge challenge to prove its origin and the whole supply chain. And then getting data out is a whole other problem. A general purpose computer is not a great choice if you want the best in security. And having it just in your house isn’t that secure. Obviously as I say, most people don’t need the best security.
You are correct.
The uncomfortable part is what I’ve learned about the challenges to gain physical access.
Most physical security is equally appalling to most Cybersecurity.
Edit: Incredibly unfun exercise: pick a physical security device you rely on, personally, and do a YouTube search for “device name break in test”. I’ve rarely been able to find a video more than 3 minutes long, for any product, at all. And the actual breaking is usually mere seconds in the middle bit.
The lockpicking lawyer scares me.
Imagine you wake up in the night, you hear your front door rattling. Someone is trying to break in. “No problem” you think to yourself, “I have a good lock on my front door”. Then you hear the five most terrifying words you could possibly hear in that moment:
“This is the Lockpicking Lawyer”
That guy is an exceptional picker/exploiter, and he isn’t even the best.
However, I’ve casually picked locks and always have a set of picks with me for the past 20 years. LPL makes me look like a 10 year old kid trying to open a lock with a pair of chopsticks.
In other words, probably less than 5% of the population have ever picked a lock. Of them, I’m probably better than 90% and I still suck at it. So running across an LPL level skilled person, who’s also a criminal is going to be like a list of names on a single piece of paper. Just by a lock complicated enough that you can’t scrub it open and everyone will be fine.
Allow me to drop a bunch of innocuous looking storage devices in the area, maybe some power cables with hidden microchips, or perform another supply chain attack. What if your computer is probing for wireless devices without your knowledge? Can one be snuck in?
It’s a good step, a major one, but even an air gapped computer can be infected if you have a well-funded, advanced, and persistent adversary.
Aside from someone actually coming into your house and interfacing directly
If any state entity is in your threat model then this would be major concern. If you’re of any interest to the state, first thing they’ll do is raid your home and seize your electronics. Your threat model shouldn’t depend on assuming an attacker can’t physically access your device (I know you never said an air gap should be the only defence, I’m just saying in general).
Most online services would struggle to provide their service to their users if all of their servers were air gapped.
Medicine is not an exact sience. Every human body is different and will react different to treatment or show different symptoms.
That your doctor couldn’t diagnose you right away or a treatment is not working for you as wanted (or as it did for your neighbor) has most often nothing to do with the competence of the medical personel but with the fact, that your body is not a massproduced machine but 100% unique a änd individual biological mass.
that is only partly true, health system (here) also proposes to make false diagnoses for making money while the really needed treatment is underpayed or not payed at all or - in some cases - not payed at all if some facts change “after” the diagnosis so that the involved doctors spent time and money while afterwards not beeing payed at all. doctors doing false diagnoses (here) are mainly following the systems suggestion to skip real treatment but instead abuse patients.
That is a pretty big accusation you are putting on health care professionals.
Of course the cost often is a deciding factor on what treatment is possible. I’ve seen this in european hospitals as well, that we couldn’t run certain diagnostics or give certain medications because they were too expensive and would mean the hospital spends more than it gets for the patient.
But what you are saying is that doctors and in consequence nurses, medical technicians and all kind of medical staff are all in on a conspiracy to MISDIAGNOSE ON PURPOUS (!!) causing bodily harm (again on purpous) to their patients in order to get payed by insurance?
Please provide reliable sources and proof for this accusation of significant criminal activity that is apparently the norm in your (“here” means the US I assume?) Health care system.
I understand that your health care system is wack. But the fish stinks from the head and that’s usually not the medical staff providing your care, which you are accusing of serious crimes here.
I feel like you’d have a better conspiracy statement if you at least spelled paid correctly.
And now I am thinking how the mrna “vaccines” must have worked for every person or else…
Everyone gets older. Everyones body breaks down eventually. The amount of elderly who have said “I never thought something like this would happen to me”. Look around Edna! What made you think you were going to avoid what happens to everyone else!?
At least personally, the idea is that I will die before I get old.
I dunno that seems awful c-c-cold. Are you just trying to cause a big s-s-sensation?
“Everything that happens happens to someone else”
Also the reason people don’t buy even the most basic insurance, or take even to most basic disaster preparedness steps.
Factors of safety are defined to deal with the probability of things going wrong in a manner that is acceptable to society based on a body of knowledge and experimentation. You can’t just define your own.
Also, just because something is designed for a specific load doesn’t mean it will fail at that load.
The scientific method
At most corporate pizza places only a fraction of the delivery charge goes to the driver. My job, for example, charges $4.99 for delivery and gives the drivers $0.60.
To play devil’s advocate, it’s not just the delivery that’s included in those costs. It’s also the development and maintenance of the ordering platform, vehicle maintenance, etc.
Vehicles are generally owned and maintained by the driver. Also, these charges long predate the digital age. They pass them off as paying for maintaining a shitty app for ordering, but it is just a convenience fee, extra money they can make off those of us who are too busy, tired, stuck, or lazy to go pick it up. Always has been, always will be. Proof: if I go the old school way and call in to order it directly they still charge it.
Exactly one pizza place I’ve worked at (pre online ordering) had an adjustable delivery charge based on mileage that went entirely to the driver. However that was a Mom and Pop shop so it doesn’t count for this conversation about corporate pizza.
The pizza place doesn’t pay for the vehicle’s maintenance, usually.
So young. So naive.
I once interviewed to be a delivery driver for Domino’s and my Dad was adamant it was a bad idea and I should find different work and then insisted that I ask them about insurance if I was going to do it.
It felt super awkward because I was pretty young and people just don’t ask those kinds of questions for minimum wage. He wanted me to ask them if they provided insurance to their drivers when they’re driving cars for them on the clock and explained to me that if there’s an accident while using the car for work then my insurance wouldn’t cover it which I checked and indeed they wouldn’t.
The interviewer said they didn’t provide insurance but asked if I was insured and if I was, wouldn’t I be fine anyway? I said the insurance was not going to cover me while using the car for the job and the guy had this answer in a different tone like a kind of I’ve got this super clever scam that no one’s ever thought of but I’ll let you in on it vibe and leant forward and said “oh yeh, we know what to do here in that situation, what you do is you just say you weren’t working at the time”. I was incredulous but still a nervous teen and kind of meekly protested “but like what about the several pizzas in a bag and the uniform?” And he’s like “oh you just tell them you were on your way home from work and that’s your dinner”. That, along with many other fucked up things that occurred in the brief space of time this interview occupied convinced me to nope out of there.
Yeh dude, I’m going to try and commit insurance fraud… very poorly… for Dominos… who can’t simply provide the necessary protection to allow people to do the job they’re asking them to do. If I have to get my own insurance, if it has to be a special kind of more expensive insurance that’s going to cover me driving for work, then I’m a contractor, not an employee and I’m going to set my own rates and they’re going to be a lot higher then what they were offering considering I also have to maintain my own vehicle and pay for fuel and insurance, to a certain extent I even arguably have to use the skill of knowing how and also being licensed to drive in the first place which makes it not exactly “unskilled” labour in this first place.
Former pizza driver here: Yeah it really does work like that, the cops never ask nor do they report it unless you say “Well there I was, delivering a pizza…” and your insurance company doesn’t send reps to accidents. We had people get in accidents, including me twice, every one was covered by the person’s insurance without question. Nobody cares but the insurance company and everyone from the store to the cops seems to agree “fuck them.” Sure it’s kind of insurance fraud but they deserve it and I never saw anyone get caught in the 10+yr I worked for multiple stores/companies.
Now, your rates going up? That’s a different story. That’ll happen just like any other accident, and for that reason it’s better if the store pays, but that just isn’t how it works at any store nor for Uber/Ubereats, etc.
Yes I figured that that was how it worked when Dad insisted I asked because, although, of course, logically what he was saying made sense, I knew intuitively that that isn’t the world I live in, and that unlike a white collar career, the minimum wage world does not care about making conditions or contracts that would attract or retain employees because they have 100% of the bargaining power and will find a different wage slave if you ask weird and inconvenient questions. That was why it was so awkward and I was reluctant to ask in the first place.
The thing is, while I’m all for a “fuck them” attitude towards insurance companies, if I’m going to commit insurance fraud, even if I think the risks are exceedingly low, I’m not doing it for Dominos, and doing it for them is indeed what’s happening there because in a just world this should obviously be the cost of offering a delivery service and by taking on this legal risk myself (and the burden of the increased premiums in the case of an accident) I’m gifting Dominos, the multinational megacorp, the opportunity to shirk what should definitely be their responsibility.
The insurance issue and terrible amateur legal advice alone wasn’t actually what made me pass on that job, despite really needing it at the time. The rest of the interview was a train wreck in terms of me evaluating them as employers and though they seemed keen to hire me anyway on the basis of me apparently having a pulse, I was fortunate enough not to actually be destitute at the time and so wasn’t obliged to accept the offer.
The speed of the conveyor belt does not impact the cycle time. No you cannot fucking slow down the conveyor belt to make it so you can work slower. You can’t speed it up to make people work faster. The speed of the fucking conveyor belt determines how long the things stay on the fucking conveyor belt. If it’s too slow things just stack up on it
Sorry, fucking line workers, managers, and executives in a factory…
Just stick a speed module into the workers. That should help. May increase their power consumption though
Expected Factorio.
Okay I hear you, but have we tried speeding up the conveyor belt?
sighs and speeds it up sure whatever vp,
If you could speed the conveyor belt up, that would be greeeeat.
I am the company IT guy. Not your IT guy.
That current “AI” is not turning into Skynet any time soon.
It might turn into dumb skynet though. Like a version of skynet that does malicious things, but not because it’s trying to hurt people, just because it’s really stupid and we put it in charge of things.
Oh like politicians and CEOs? Can we try replacing them with AI?
Boards are certainly looking at this. They certainty won’t align with the workers, consumers, or publics interest.
Yeah, the McKittrick effect (remember Wargames?)
We can’t even get them to not be racist when pointedly asked. Billions of dollars have probably been spent on that problem to no avail.
LLMs like ChatGPT have kind of just turned the problem of getting knowledge into a computer, into the problem of getting it back out in a controlled way. It’s still hard and failure-prone but now nobody knows how it works inside.
I’ve begun to think of LLMs as compression algorithms for patterns. It can take an existing pattern and apply it on unusual subjects. Like take the pattern of a limerick and apply it to the patterns of Danny Devito, that’s the upper limit of their creativity. So rather than storing information, it stores these patterns making it seem more dynamic.
The way I see it, human creativity is the combination of patterns but in a chaotic non-analytic way. We make leaps of logic that without precise knowledge of our brains can’t be exactly replicated. Meanwhile LLM’s just do the basic combination of patterns that result in the most generic realization of any idea.
However the well dries up as soon as we stop training them. They’ll store the basics of any field but fail to replicate new developments or conclusions until trained.
However the well dries up as soon as we stop training them. They’ll store the basics of any field but fail to replicate new developments or conclusions until trained.
Exactly this is the reason we should prevent any further data collection by these bastards…
Don’t feed the beast!
Ambulance’s should be used for emergencies
Currently working on one. Shifts nearly over. Am a CritCare certified provider.
Didn’t see a single remotely sick patient today even though we ran calls back to back for most of the day.
I’ve been one of those calls. Woke up with chest pain and pain in my left upper arm. Called 911.
Diagnosis was heartburn+slept wrong.
Nah, that’s seriously sick. Would absolutely be a warranted call for me.
Yeah that’s reasonable. A reasonable person could see how that could look like something life threatening until examined by a health care provider.
Knee pain you’ve had for a month? Had a panic attack yesterday? Pain because you just had surgery and don’t want to take your pain medications? This is more what I’m talking about
Todays results:
-
Diarrhea for a week. Didn’t think he needs to see a GP but today he felt it does not get better and he needs to see someone now.
-
Diarrhea and didn’t feel good. Yeah. That’s it.
-
Had a fall three days ago. Now the elbow hurts. Does not want to go to the GP/ED,but now the daughter has arrived and basically forced the patient.
-
Fall. Zero injuries. But the nursing home wanted to get
-
Another fall yesterday. Zero pain when not moving, minimal pain in slight bruise.
To be fair we had a massive multi vehicle (5 cars) accident as the last call (5min before the end of our shift) that required helicopter backup and everything (severe brain, spine, thorax and abdo trauma). But still…
-
Just google the error message. Copy, paste. Read the top 5 results.
No, click on the results and read the page.
Did you read it? Explain to me why it doesn’t work.
Still broken? Call the vendor.
Hello Google! Hey I was trying this function in Android and it’s not working. Plus when I search the first link is to your bug tracker and it’s marked as non fix.
What do you mean this is a Wendy’s? What do you mean that’s a free product and there’s no support?
The more users you have, the more expensive it is to run.
Like, compute, storage, bandwidth, none of that is free. If you’re providing a free service, like Wikipedia, and you have many millions of users, like Wikipedia, your expenses will be enormous. You can either accept donations, like Wikipedia, require payment, or sell your users.
If there’s something you like that’s free online, support them. If they don’t accept donations, well, I hate to tell you, you’re the product.
Also when “you’re the product” that doesn’t just mean that your data is the product. A user is a person whom you can influence. “You’re the product” means this company can direct you, influence you, change your behavior. They can offer your behavioral changes, as a service to their other stakeholders.
This ☝️✅
Shit. People think they collect all that data just for fun, don’t they? Time to change how I talk about this…
Marketing can be such an immoral, insidious process.
And it takes thousands of people pushing this shit mindlessly, because hey… “It’s just a job, right? Nine to five”.
If they don’t accept donations, well, I hate to tell you, you’re the product.
A statement has never been truer than this
Read the error message. The whole thing.
This comes up even with coworkers who are allegedly senior software developers.
“It’s just a white page it’s not working”
“Ok well what does the console say? Network requests?”
“403?”
“Ok now what’s in the response body?”
“The what?”
"Click on it. Then response "
"It says I don’t have permission to view this page "
“Do you have permission to view this page?”
“…no.”
“What does the error message say?”
“I already closed it. Those things are always gibberish”
Yep, so many clients: I have this problem and an error pops up, I need immediate help.
Me: Ok send me the data and the error log, and a description of what it is telling you on screen.
Client: I forget what it said, i didn’t save the log, And i needed to keep working so I deleted the file and started again.
OR
Client: My set of files is doing this, and giving me this specific error.
Me: Ah OK, that is a known issue, close all the fikes and open the top level only, open each sub fike one by one till the error pops up, that will be the culprit so run this clean up tool on that file only.
Crickets
Week later, Client : Im having that same error again, can you help?
Me: That cleanup tool should have fixed it.
Client: I didn’t have time to do those steps so I just kept working as is.
me: hopefully a gangster shoots me in a drive by crossfire on the way home.
“That’s fine, when you have the time, run the tool I sent you, it takes 30 seconds and should solve your issue!”
I wish that worked. Rather than spend an hour diagnosing which file is causing the error, they would rather struggle with it crashing for a week.
Yep, but that is their problem, I have it logged that I gave them the tool with instructions on how to use it, with them dismissing it, even when I followed up on it.
I won’t work myself up over a user who is not interested in solving their issue.
Now obviously in real life I would remote in and run the tool for them, but there have been time when they have been unwilling to do that due to some pointless reason, that’s fine, I have logs showing that I tried.
“Sorry, I cannot help you without the message.”
Close ticket.
I’ve had this and similar conversations far too many times, I keep professional but holy shit, and then when they do get a call going with a screen share they zoom past the error every. Single. Time.
I literally once got an email from another engineer using our internal tool at the big tech company I used to work for which said something like, “the page isn’t working. Please help. Attached screenshot of error.” The attached screenshot showed the error message, “Your authentication token has expired. Please refresh the page.”
I emailed him back, “oh yeah, that happens when your authentication token expires. Try refreshing the page.”
He emailed me back, “that worked, thanks!”
(For anyone wondering, no, we can’t refresh the page for the user, because they might have unsaved data on it.)
Space is hard. You’re strapping something inside a big tube with basically directed explosives at the bottom, hoping it survives the trip, then subjecting it to constant radiation, huge temperature swings, and other brutal environmental factors like micrometeoroids. Just because we’ve been sending satellites and people up to space for nearly 70 years doesn’t mean it’s gotten easier; we’re just better at knowing what to expect so we can test for it. Failures in rockets or satellites or even manned spacecraft are going to happen as much as we work to prevent them.
Your job must be pretty cool.
You beat me to this comment
I feel like most people know that rocket science is hard.
Well, It’s not exactly brain surgery.
