gclef

@gclef@mstdn.social

Mostly Infosec stuff, though I also enjoy terrible puns, music, and science-y stuff. Twitter diaspora from @gclef_

This profile is from a federated server and may be incomplete. Browse more on the original instance.

neurovagrant, to random
@neurovagrant@masto.deoan.org avatar

deleted_by_author

    •
    gclef,

    @neurovagrant yeah. I tried to take a timelapse of the eclipse (yes, I had a filter), and my phone turned the sun into a circle the whole time.

    gclef, to random

    The company I work for (DomainTools) is hiring - we're looking for a Data Architect to help us wrangle all the data we collect about the Internet. If you're interested, the link is here: https://apply.workable.com/domain-tools/j/D2ACD240C6/

    I'm happy to answer questions about the gig, company, etc. Feel free to PM me here.

    Quinnypig, to random
    @Quinnypig@awscommunity.social avatar

    At AWS they’re hiring for in-office roles where you’ll unfortunately have to share oxygen with the kind of thirsty people who think S3 is a Generative AI service.

    Enjoy the 18 month post-employment non compete!

    gclef,

    @StOnSoftware @Quinnypig
    Apologies for seriously answering, but if you use their ML services, you can manually set a policy to tell AWS not to train their models on your data...but you have to know that policy's necessary, which they don't advertise terribly well.

    (I think you don't have to make the policy for custom-label Rekognition models, but don't quote me on that. It's also almost impossible to prove whether they're actually honoring the policy.)

    gclef, to random

    This is a super-interesting paper on ML safety & control.

    archiv.org: https://arxiv.org/abs/2310.01405

    summary: https://vgel.me/posts/representation-engineering/

    Basically they give it a pair of opposing prompts ("always lie when you answer." vs "always tell the truth when you answer") and then look at which parts of the hidden model layers activated differently because of those opposing prompts, and by how much. Then, they use those as a bias when doing later inference.

    neurovagrant, to random
    @neurovagrant@masto.deoan.org avatar

    deleted_by_author

    •
    gclef,

    @neurovagrant https://imgur.com/CQl4QoU

    hacks4pancakes, to random

    I AM GOING TO THE SHMOO THIS YEAR

    gclef,

    @hacks4pancakes Also, be very, very careful about time. Don't use your system clock, it may have drifted. Follow USNO's clock, and reload the ticket page a heartbeat after noon Eastern.

    hacks4pancakes, to random

    IT IS @ShmooCon HEART HEALTH TEST DAY FRIENEDSOS

    gclef,

    @hacks4pancakes @ShmooCon may your latency be low and your reflexes quick.

    gclef, to random

    bunch of comments making fun of the executive order on AI, but NO ONE LINKS TO IT. Gah. Here's the summary of it:

    https://www.whitehouse.gov/briefing-room/statements-releases/2023/10/30/fact-sheet-president-biden-issues-executive-order-on-safe-secure-and-trustworthy-artificial-intelligence/

    can't yet find the full text, but here's where they're putting the other stuff about AI:

    https://ai.gov/actions/

    gclef,

    Also, if this is a subject you're interested in, you have until tomorrow to make comments to the copyright office about the intersection of copyright and generative AI (how copyright applies to training data, whether it applies to generated output, etc)

    https://www.copyright.gov/policy/artificial-intelligence/comment-submission/

    gclef,

    Wait, I take part of the above back: you have until midnight, Eastern tonight to submit comments to the copyright office (https://www.govinfo.gov/content/pkg/FR-2023-09-21/pdf/2023-20480.pdf)

    gclef,

    Because I find this interesting, here's the questions the copyright office is asking people to comment on:

    1. Does using copyrighted work in AI training data constitute an infringement of copyright?
    • how is collected data used to train models
    • what are the sources of training data?
    • whether permission should be required from people whose data is used
    • if compensation is required, what kind of remuneration is necessary
    • record retention required to identify training materials
    gclef,
    1. copyrightability of generated works
    • They still believe that copyright is for humans only.
    • But, where to draw the line on how much human action is enough to qualify
    • is prompting enough human input to qualify?
    gclef,
    1. Liability for infringing works generated using AI systems
    • If a generative AI is used to create a work that is clearly infringing (mickey mouse endorsing a product, for example) how is liabilty apportioned between the user who prompted the system and the the developers of the system/collectors of the dataset?
    gclef,
    1. Style transfer/deepfake/voicefake rights (i.e. using someone else's likeness/voice/or style without their permission)
    • normally not covered by copyright directly.
    • does this violate the person's right of publicity (does a public person have the right to decline to have their likeness used in ways they disagree with)?
    • can this be said to be unfair competition (using a person's likeness and voice to compete against themselves)?
    neurovagrant, to random
    @neurovagrant@masto.deoan.org avatar

    Throwback meme for your Tuesday pleasure.

    gclef,

    @neurovagrant Oh, man, imagine the chaos if they started algorithmically putting gyms in the spots where no one brought their phones.

    hacks4pancakes, to random

    I had a mentoring session last night with a poc I’ve been working with who went to his first local cybersecurity con, recently. He had such a bad experience with people being cliquey there and ignoring him that he’s ready to stop trying to get into the industry. 😥😰 I knew there are some cultural issues at that con and area but had no idea they were so bad, and encouraged him to maybe look at other cities in the US and their cons. Pitch your city’s infosec community and scene and I’ll share with him?

    gclef,

    @hacks4pancakes If he's still a student, perhaps look into something like the Shmooze-a-student program at Shmoocon? They have you meet up with your sponsors and other students beforehand.

    In general, cons can be hard. I wouldn't recommend that people start there. I've been in the industry for > 20 years and I love the information I get at cons, but I've never managed to break into the "lobby-con" scene.

    gclef,

    @guitarfosec @hacks4pancakes @1o57 This is terrible advice. Even heros are people who can have bad days.

    Dan Kaminsky blew me off when I asked him a question at Defcon once. I just walked away.

    He may have been having a bad day, been overwhelmed with other people asking him for stuff, dunno. But I'm sure that coming after Dan Kaminsky for ignoring me would have been a terrible idea on my part.

    hacks4pancakes, to random

    We need to have a talk, and I’m having a really hard time having it with my awesome hacker friends, because everyone is super duper emotionally invested and is deeply hurt by it.

    I hope you all aren’t - because it involves all of us and it’s important. It’s not about any of y’all individually or your hard community work.

    The talk is about how to make all of our cybersecurity conferences and events and meetups more accessible and conformable for young hackers because I’mreallysosorry, we’ve somehow become Old, and the stuff that we are ingrained with as “hacker culture” like movies, music, and memes all were created before they were born - and they may or may not have any emotional attachment or enjoyment of them at all.

    That’s the conversation we need to have and that we are all responsible for and I swear it’s not aimed at any conference or person because we are all in this filter bubble of watching the Matrix and listening to Prodigy and remembering the hamster dance and all of that stuff while awesome was like a quarter century ago.

    Part of building a community is thinking about including everyone and their culture under a mantle of good ethics and goals. So we really, really need to start having a chat about when we lean on the 90s hacker aesthetic and memories to the exclusion of people under 30. I had a wake up call hearing some students complaining about it.

    gclef,

    @hacks4pancakes this was a central point in the Hegemony HowTo by Jonathan Smucker about political movements - groups where people see membership in the group as an identity tend to turn inwards, develop language that only they understand, and fight battles that only matter to other members of the group. It takes conscious effort to break that tendency.

    gclef, to random

    I realize folks usually announce grand successes with their personal projects. I'm not. Instead, I'm going to set these projects free - I'm not going to work on them anymore. But please do use/learn from them if you like.

    These are a set of interlocking projects to make a kubernetes-based home malware lab. You'll need a few servers for the cluster, and a filestore of some sort (I'm using SMB shares). Everything else should be automated installs.

    The project repos:

    neurovagrant, to random
    @neurovagrant@masto.deoan.org avatar

    deleted_by_author

    •
    gclef,

    @neurovagrant Oh, but think of the fun you could have. You could have python open the current spreadsheet with Excel, which would run python & open the current spreadsheet with Excel...I'd never thought I could fork-bomb with Excel, but now I kinda want to try.

    neurovagrant, to random
    @neurovagrant@masto.deoan.org avatar

    deleted_by_author

    •
    gclef,

    @neurovagrant Shmoocon's submission guildelines are at https://shmoocon.org/call-for-papers/ . I've also found simply bouncing the writeup off of other people to be super useful.

    neurovagrant, to random
    @neurovagrant@masto.deoan.org avatar

    So it's been the lazy, easy work of a morning to get my Asus Zenbook Duo 14" working on Ubuntu.

    Most of the stuff just works. The second monitor above the keyboard is wicked handy while working on stuff.

    Someone just pointed me at Steam's proton runtime, to run windows games.

    I may never go back.

    gclef,

    @neurovagrant my experience for years has been the the desktop works really well…until I do a dist-upgrade. Then I end up rebuilding my x server config or some other insane thing. I’ve gotten to the point where I never dist-upgrade Linux anymore. Nuke and rebuild from scratch.

    hdm, to random

    Google Domains is shutting down after selling the business to Squarespace... any great registrar recommendations? https://9to5google.com/2023/06/15/google-domains-squarespace/

    gclef,

    @simplenomad @hdm FYI: Gandi just merged with TotalWeb a couple months ago, and just this week announced price increases for all registrations (https://www.gandi.net/static/documents/2023-july-usd-renew-price-increase.pdf)

    hacks4pancakes, to random

    So... I feel like a total dick for saying this, but 5 out of 7 of my last mentorship sessions have no-showed or cancelled within 10 minutes of their appointments in the past week. Only one person out of those has provided any reasonable reason. I'm really sorry - if this keeps up much longer I am not going to be able to continue the service.

    If you aren't respectful of my time, please, please be respectful of the time of others who help you along your career journey. I miss every single Sunday afternoon I could spend with my family for nothing but occasional tips. Some folks wait months for these appointments.

    gclef,

    @hacks4pancakes I’ve even seen it happen with paid internships - a few years ago my company ran a paid summer intern program for infosec-interested college kids. One of the two folks we selected was amazing. The other never showed up to their first day and ghosted us entirely.

    Pwnallthethings, to random

    Good morning everyone! Who wants to start the day with a deep dive into monetary policy and 31 USC 5112(k) and how it can be used to avoid separation of powers litigation🥳 🥳

    OK maybe not selling it there. But nevertheless, here we go...

    .

    How to do it. How it works. And why the President's 14th Amendment Plan to beat the is the wrong tool for the job.

    https://www.pwnallthethings.com/p/mint-the-coin

    gclef,

    @Pwnallthethings I feel like the core of your argument against the 14th amendment is based on a very narrow definition of the word "debt". Going by https://thelawdictionary.org/debt/ , I think all the things you listed as "non-debt" obligations, are actually "debts" by law.

    I don't think the executive has the power to unilaterally declare the it unconstitutional, they do have a case to ask for a judicial hold on the ceiling and a ruling that new debts incurred during this time will be honored.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • mdbf
  • InstantRegret
  • ethstaker
  • magazineikmin
  • GTA5RPClips
  • rosin
  • modclub
  • Youngstown
  • ngwrru68w68
  • slotface
  • osvaldo12
  • kavyap
  • DreamBathrooms
  • Leos
  • thenastyranch
  • everett
  • cubers
  • cisconetworking
  • normalnudes
  • Durango
  • anitta
  • khanakhh
  • tacticalgear
  • tester
  • provamag3
  • megavids
  • lostlight
  • All magazines
    •