• 0 Posts
  • 81 Comments
Joined 2 years ago
cake
Cake day: August 8th, 2023

help-circle
  • The most-aggressively short timelines don’t apply until 2029. Regardless, now is the time to get serious about automation. That is going to require vendors of a lot of off-the-shelf products to come up with better (or any) automation integrations for existing cert management systems or whatever the new standard becomes.

    The current workflow many big orgs use is something like:

    1. Poor bastard application engineer/support guy is forced to keep a spreadsheet for all the machines and URLs he “owns” and set 30-day reminders when they will expire,

    2. manually generate CSRs,

    3. reach out to some internal or 3rd party group who may ignore his request or fuck it up twice before giving him correct signed certs,

    4. schedule and get approval for one or more “possible brief outage” maintenance windows because the software requires manually rebinding the new certs in some archaic way involving handjamming each cert into a web interface on a separate Windows box.

    As the validity period shrinks and the number of environments the average production application uses grows, the concept of doing these processes manually becomes a total clusterfuck.





  • Yeah, this blows. As I have stated in other threads, my last full desktop build was in 2014/2015.

    Now Microsoft is forcing an artificial deadline on me, as I cannot upgrade my non-TPM hardware to Windows 11 (Win 11 sucks ass anyway). So my choices are to run Win10 past EOL on my old rig, install a Linux distro to extend the life of the old rig, or build new. Frankly I’m kinda done with Microsofts bullshit.

    I would like to do a new desktop build but cannot justify $4-5K for a commensurate bump in specs.

    I guess I could try to slum it with a Intel Arc Battlemage build, but I’m not sure about the Linux driver support.





  • I mean, people already know. A tariff is literally a tax that artificially bouys one domestic industry or class of product, at the expense of all others who participate in the market.

    I’ve never seen or heard of any point in history where the apparent “desired effect” is achieved and all manufacturing production is magically reshored resulting in prosperity. The actual result is Joe Consumer having fewer choices or buying a Chevy he didn’t want vs. a Toyota he did want.

    … and while we are at it, what is an “American” car these days? Any company that was started or Headquartered here? Anything that undergoes final assembly here? The Ford I used to drive had parts and assemblies from Japan, Turkey, South Korea, Canada, Mexico, and probably China.


  • I used to do this when I was below 30 and it works pretty well for a time. If you work and have a family, this is the only segment of time you can carve into, to create more time for yourself.

    One thing to be careful about though- there is growing evidence that not getting enough sleep earlier in your life like this can lead to dementia when you’re older.








  • People don’t seem to understand the risks presented by normalizing client-side scanning on closed source devices. Think about how image recognition works. It scans image content locally and matches to keywords or tags, describing the person, objects, emotions, and other characteristics. Even the rudimentary open-source model on an immich deployment on a Raspberry Pi can process thousands of images and make all the contents searchable with alarming speed and accuracy.

    So once similar image analysis is done on a phone locally, and pre-encryption, it is trivial for Apple or Google to use that for whatever purposes their use terms allow. Forget the iCloud encryption backdoor. The big tech players can already scan content on your device pre-encryption.

    And just because someone does a traffic analysis of the process itself (safety core or mediaanalysisd or whatever) and shows it doesn’t directly phone home, doesn’t mean it is safe. The entire OS is closed source, and it needs only to backchannel small amounts of data in order to fuck you over.

    Remember the original justification for clientside scanning from Apple was “detecting CSAM”. Well they backed away from that line of thinking but they kept all the client side scanning in iOS and Mac OS. It would be trivial for them to flag many other types of content and furnish that data to governments or third parties.



  • Remember, when iPhones are off, they just become Airtags. Most modern phones are sending/receiving BLE signals even if you don’t expressly intend them to. I wouldn’t go anywhere near a protest with anything besides degoogled Android, because its the only OS where you can actually disable the radios. Even then I would probably opt for a Faraday bag.

    Other considerations… Apple (and probably Google) devices are doing client side scanning of images and turning on GPS to geotag images unless you specifically disabled that features. In other words, there are ways you can be correlated to locations and activities after the fact. Just ask all those J6 rioters.