sylver_dragon

Perhaps a bit on the campy side, the opening theme song of the original Highlander was always one of my favorites:
Princes of the Universe by Queen.

A few from my list:

• Darknet Diaries - Interviews with interesting people around hacking and cybersecurity. This includes a lot of the actual criminals themselves and you get to hear their motivations and how they did what they did. Really neat for understanding the minds of folks who do bad things.
• FiveThirtyEight Politics - This one is good for staying abreast of US politics, polling. While the political bias of the hosts is pretty obvious, this is less punditry and more about the numbers.
• Risky Business with Nate Silver Maria Konnikova - A neat podcast covering risk, poker and politics. Just a good listen for thinking about risk and probabilities in life.
• The Lawfare Podcast - Lawyers talking about the law, and how it shapes and is shaped by whats in the news. Great for getting a legalistic view of the world.

Sears Super Pong

Honor is a social construct which is used to promote “pro-social” behavior. It can be useful in the absence of or in concert with other systems of social control (e.g. laws, religion). Of course, “pro-social” is very much a construct of what the creating society considers to be positive. This can include acting in ways which we, in our current social constructs, would consider “anti-social”. Honor ends up getting idolized in media because it often includes an element of self-discipline and self-sacrifice and is usually associated with warrior cultures. Though, it also tends to be conservative and resist changing as social mores change. This has led to some famous consequences as honor based systems tried to cling to social constructs which were no longer tenable. For example, the Satsuma Rebellion saw the existing feudal class seek to maintain it’s grip on power in then face of a changing society.

Ultimately, any system of honor would need to be taught to new adherents. It’s no different from a religion or legal system in that regard. No one comes out of the womb fully indoctrinated to a system of honor. So no, it isn’t really self-explanatory. Like any social construct, you would need to define the system and how it interacts with the society in which is was created. Otherwise, it’s just naming a system for social control and hoping no one notices that it’s a hollow shell.

Have you considered just beige boxing a server yourself? My home server is a mini-ITX board from Asus running a Core i5, 32GB of RAM and a stack of SATA HDDs all stuffed in a smaller case. Nothing fancy, just hardware picked to fulfill my needs.

Limiting yourself to bespoke systems means limiting yourself to what someone else wanted to build. The main downside to building it yourself is ensuring hardware comparability with the OS/software you want to run. If you are willing to take that on, you can tailor your server to just what you want.

You can’t convince me printer software/drivers/firmware doesn’t have an agenda.

Yes well, but they are coded by pure evil incarnate. Otherwise known as HP.

Software is not political, it’s just code executing on a machine and doesn’t care what you believe.
There is a lot of politics surrounding software.

Politics is the tool we use, as a society, to decide how we’re going to run said society. There will be areas of politics where different factions will adopt different attitudes about different bits of software. So, some software will be politicized. But, the software itself is only political in so far as we are having political discussions around it, the software itself doesn’t care.

I use Dark Reader on my work laptop was well. We had a conference call with a vendor and I was sharing my screen while talking with their team about our usage of their product and one of them stopped me and asked about the UI looking strange. I said, “oh ya, I use Dark Reader because you don’t have a native dark mode. You do lose points for that.” They had a native dark mode a couple months later.

I’ve come to the conclusion that UI designers hate their customers’ retinas.

Assuming your instance has it, use the “block” feature on communities. I like to browse the “all” version of lemmy.world; but ya, it’s a lot of memes and stuff I don’t care to engage with. So, I’ll open a new tab to that community and hit the “block community” button. That community no longer shows up.

You can also block specific users. I use this on a lot of the re-post bots. Similar procedure, open the user’s profile and “Block User”.

It makes browsing “all” far more enjoyable.

Pretty standard stuff here:

• UBlock Origin
• No Script - Yes, I run both UBO and NoScript, they have slightly different use cases
• Dark Reader
• FireFox Multi-Account Containers
• Redirector - Great for automagically changing links
• KeePassXC-Browser - For password manager integration
• Rested - For monkeying with REST APIs
• User-Agent Switcher and Manager - Why yes, I am the browser you are looking for
• Video DownloadHelper - Because sometimes, you need stuff available offline
   
  In terms of actually recommending extensions to others. I’d recommend most of the above, excepting NoScript. If you are using UBO, then the use case for NoScript is a very narrow one where you want selective whitelisting of javascript while visiting a site. UBO’s blacklisting approach works for most cases and UBO’s whitelisting feature is lacking the granularity of NoScript.

I wasn’t aware of this feature in UBO, but it doesn’t seem to be quite the same. As best I can tell (with a quick test), UBO lets me turn all scripts on or off for a site. I don’t see any sort of granular controls for selecting which domains to load scripts from (and I might just be missing it). For example, I may want to allow first party scripts to run on a site and maybe third party scripts from one or two domains. But, I don’t want scripts from other third party domains to execute. It’s very much a fine grained, least privileged style of script management. It’s a lot more work, as you often have to spend a few minutes sussing out which domains need to be whitelisted to allow a site to reach minimum functionality; but, you are not often caught offguard by a site doing strange things on your system.

Raw cashews. Very specifically the raw ones. They are a bit hard to find, but they have a really great flavor.

It’s important to get offline and go touch grass from time to time. If you are getting your view of the world through FaceBook or Twitter, you’re getting a very warped view of the world. People are pretty horrible online. This was well recognized 20 years ago:

I use my domain for two purposes:

1. I host my own NextCloud instance, so that I don’t have to put my data on someone else’s computer.
2. I have a blog (WordPress) with less that a dozen posts. Just random stuff that interested me and I got myself to actually write up.

The goal of any military is to build and maintain a technological edge over potential adversaries. Because of that, a lot of basic research happens in and around military organizations.

You mentioned the internet as one such technology and it’s a great example. The Defense Advanced Research Projects Agency (DARPA) started a project to build a communications network which would be resilient in the event of a nuclear war. Their work created ARPANet. And for a long time, it was really just intended as a US DoD thing and no one really considered its potential uses for the civilian world. It wasn’t until it was opened up to the civilian sector that its potential to change the world was recognized.

Many other technologies follow this trajectory. There is a need in the military and research is done to fulfill that need. If that research is successful, new technology can be created and may eventually move into the civilian market and be very useful. Though, as part of that technology transfer there is always pushback from the military that opening up that technology may reduce or eliminate the technological edge the military holds over potential adversaries.

An example of this would be the Global Positioning System (GPS). GPS was supposed to be a way for the military to be more accurate in the stuff it blew up. When they began opening GPS up for civilian use, there was the worry that adversaries would use GPS against US forces. And so, part of the initial opening up involved intentional inaccuracy in the GPS signal for civilian use. Over time, this has been removed; however, the US DoD does maintain the ability to introduce inaccuracies if considered tactically necessary.

you’d think some five or 6 star general would go “Yeah nah we don’t need this shit, waste of tax money just stick with what works”

So, this actually does happen. In 2013, the US Army famously said tanks, but no more tanks. And Congress overrode that request. At the same time, just “sticking with what works” is a tough thing to know ahead of time. Prior to WWII, air power was considered more of a niche thing. Useful for reconnaissance and not much else. And then the Luftwaffe adopted dive bomb tactics and started wrecking shit from the air. By the end of WWII aircraft had reworked a lot of military doctrine. For example, WWII navies were built around battleships. And then the Japanese rather definitively proved what air craft carriers were capable of (see: Pearl Harbor). Navies are now built around air craft carriers and battleships are largely museum pieces. But, this only happens when militaries are willing and funded to try new things out. Not everything works and that means a lot of money expended on failed projects. But, sometimes it pays off and a military is able to create or extend a technological edge.

So, why does the the bleeding edge tech seem to always come out of the military? It’s because they often have the reasons and resources to do the research. As much as it sucks, the world is still a dangerous place. And so, militaries the world over will always be looking to push the boundaries on technology. And they will also be the first recipients of said technology and will guard it jealously to prevent losing the technological edge it gives them. Yes, the world would be far better off, if humanity was not hanging from a cross of iron. But, thanks to assholes like Putin, here we hang.

At the very minimum, I’d suggest waiting until you are actually working that 9-5 office job, before considering giving up your weekends. You may feel very different about things, once you are in that position.

My own situation is that I work generally 8-4 in a fully remote position. I like what I do and often spend my personal time reading and learning within the same field, just because I like that sort of thing. Even still, when the weekend starts, I have zero desire to go work somewhere else. I have a family I want to spend time with, hobbies I want to engage in, and just generally not be “on the clock”. There is a lot more to life than work, go do that.

That said, if money is an issue, I can certainly understand the desire to work more. My income is high enough that I don’t have to stress over money. So, the pressure to earn more just isn’t there. Any extra income would either just be used to pay stuff off faster or go into savings. If you are in a position where money is a significant stressor, then the extra work may make sense. Some extra time with your nose to the grindstone now could pay dividends in the future.

Overall, I’m in the camp of not spending all your free time working. Work to live, don’t live to work.

Humans are pretty terrible and we’ll find any excuse to justify our terribleness. One of the parts of the French Revolution was the Dechristianization of France. While this may sound like a good thing, which should lead people to live their lives based on reason, it also led to violence against priests. And the lack of religion did nothing to stop the Reign of Terror. In short, it was less an atheist utopia and more just humans finding different excuses to be terrible to one an other.

Similarly, the Soviet Union was founded on the Marxist principal that “religion is the opiate of the masses”. This meant that the Soviet Union was officially athiest. However, unlike some of the French Revolutionary governments, the USSR largely tolerated religious practices. At the same time, the officially a theist state got up to a lot of horrible stuff.

At the same time, there is an argument to be made that Christianity helped reign in some of the worst excesses of monarchs during the Middle Ages. It’s important to remember that people really believed this stuff. Kings really did think about their immortal soul and what they would be forced to answer for on “judgement day”. Fear is a powerful motivator and it may be that, for all their terrible selfishness, some monarchs may have been led to moderate the worst of it based on that fear.

All that said, I’m not sure how much differently history would have played out, without religion. As I led with, humans are pretty terrible. Many wars may have had a religious veneer, to get the people to go along with them, but they were more often about power, control and ego than religious conviction. Religion provides a convenient excuse to define “the other”. The othering of people creates a permission structure where we will not only tolerate, but often gleefully engage in, truly horrible acts against “the other”. And it doesn’t require religion to do it. Take a look around the Lemmyverse and you’ll find videos of Russian soldiers being blown apart by drone dropped munitions. And the comment sections will be talking about how “they deserve it” or making jokes and light of another human being ripped apart. And these comments will be defended because of the horrible actions of the Russian Government and some Russian soldiers. Russian soldiers have been placed firmly in “the other” and so we can celebrate their horrible deaths, and be cheered on for it in many corners of Lemmy. No religion required.

So ya. I’m not a fan of religion, nor am I religious myself. But, I have no illusions that religion has a lock on people being terrible to each other. It has absolutely been involved in making it happen throughout history. But, I am skeptical of the idea that history without it wouldn’t have been just as filled with humans doing terrible things to each other. Human nature tends towards tribalism and the creation of “in groups” and “out groups”. With those in the former more than willing to do anything and everything to the latter.

So how about hacking CrowdStrike and obtaining that access? I’m guessing it might be easier than hacking Microsoft?

Maybe. CrowdStrike is a company which specializes in security and has some pretty smart folks in that area. They also live and die by the perceived value of their security products. So, security is pretty important to the company. Microsoft is a conglomerate, and while it does have some arms which specialize in (and are pretty good at) security, the company’s continued existence doesn’t depend on their performance. So, the Microsoft President can go in front of Congress and promise to do better, and we all know this is bullshit and Microsoft will continue to be Microsoft.

As for an attacker actually leveraging the CrowdStrike platform as part of an attack. It’s entirely possible. Security products have been found to have vulnerabilities in the past. IIRC, McAfee’s ePO server was vulnerable to Log4j. And given CrowdStrike’s engine runs in Ring 0 on the endpoints, it’s certainly an attractive target. Finding a Remote Code exploit in it seems like something an APT like the NSA or PLA Unit 61398 might get up to. That said, as I mentioned above, CrowdStike also employs a lot of smart folks and is likely doing it’s level best to find those vulnerabilities first and fix them.

Are there other companies having the same access level as CrowdStrike? How vulnerable are they?

Ya. Really, any EDR or A/V product is going to run in Ring 0. And any such kernel level driver crashing is going to cause a BSOD. That’s just the way Windows is designed. I have personally dealt with bad updates from several other products causing BSODs. Including one which brought down the entire site I was working at, at the time. I believe it also took down a number of other sites as well. Since, once I figure out how to get the bad update out of our system, the folks responsible for the update actually reached out and asked me what I did.

Ultimately, products like these exist in a very trusted state on systems, because they have to. if and when they crash, you can expect a BSOD. In this case, I suspect CrowdStrike is going to receive (and they deserve) a lot of shit for the way this one went down. The reporting I’ve seen states that the update file was just a mass of null bytes. And it seems there was no sanity checking or error handling for a corrupt update being pushed by CrowdStrike. I suspect that’s gonna get fixed pretty quick, but it was a pretty bad oversight for a product with regular, live updates.

Fantastic write up. I’d just add something to this bit:

Basically companies wouldn’t use CS unless they are too lazy to change away, or they think it’s really that good.

I work in Cyber Security for a large organization (30,000+ end points). We’re considering moving to CrowdStrike. Even after this cock-up, we’re still considering moving to CS. I’ve had direct experience with several different A/V and EDR products, and every single one of them has had a bad update cause systems to BSOD. The reason this one hit so hard is that CS is one of the major EDR/XDR vendors. But ya, it’s generally considered that good. Maybe some folks will move away after this. And maybe another product is nipping at their heels and will overtake them in the near future. But, for now, it’s not surprising that it was everywhere for this situation to get really FUBAR.

I do agree with what you are saying, but for a complete beginner, and a very general overview, I didn’t want to complicate things too much. I personally run my own stuff in containers and am behind CG-NAT (it’s why I gave it a mention).

That said, if you really wanted to give the new user that advice, go for it. Rather than just nit pick and do the “but actshuly” bit, start adding that info and point out how the person should do it and what to consider. Build, instead of just tearing down.