parkern

@parkern@infosec.exchange

Tinkerer of systems. Google Chrome Security team, USDS. Opinions mine... or graciously donated from people smarter than me.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

_dm, to random

I'm stealing the joke from "Hard Fork", but I have to say, I love the idea of putting on a pair of ski goggles and wandering around the city waving my arms in the air like I'm interacting with some virtual reality world.

parkern,

@_dm ya I so want to do that.

parkern, to random

Damn, NPR is going hard on Biden

_dm, to random

Someone at Google changed the Takeout download format, so you can't download it via a curl command. Seems like instead there are single-use XSRF tokens in the request or something?

Annoying. Now I have to download to my desktop and rsync to my NAS.

I assume this was meant to protect users against some threat (XSS?), but, sigh, here we are.

parkern,

@_dm I've really struggled to use Google Takeout. The export-to-Dropbox has been broken for more than a year (I've filed a bug). I tried to use a VM in GCP and I repeatedly get hit with "you've reached your download limit for this export" for an unknown reason. Maybe some kind of overzealous throttling, or abuse detection? So I'm using my home ISP to down/upload, which takes about a half day.

parkern,

@_dm I really like Google Photos. The search functionality is great. I try to ignore the fact that I'm unsure if my photos are used to train a public ML model.

_dm, to random

https://thehustle.co/one-big-benefactor-of-the-ai-boom-the-tiny-island-of-anguilla/

parkern,

@_dm They were playing a long game.

lcamtuf, (edited ) to random

deleted_by_author

    •
    parkern,

    @lcamtuf Jack Dawson never actually existed, and was just a figment of Rose's imagination. She saved herself from that sinking ship.

    lcamtuf, to random

    deleted_by_author

    •
    parkern,

    @lcamtuf more posts about hobbies please.

    lcamtuf, to random

    I recently rewatched season 1 of Westworld (2016). When I first watched it, I though the science was somewhat sloppy. Today, I think it was prophetic.

    In the series, you have incredibly lifelike automatons who nearly flawlessly approximate human behavior and can improvise, but somehow aren't sentient. Back then, it seemed like an improbable combo. Today, we have LLMs: statistical token predictors capable of reasoning and mind-blowing mimicry.

    Heck, in Westworld S01E06, there's a scene showing that the automatons generate speech sequentially, word by word (pic). Lazy writing, right? Surely, the conversion from thought to speech would be more complex. Well, about that - LLMs...

    The automatons of Westworld derive complex identities and behaviors from what the show calls "cornerstones" - simple, singular ideas or memories. Again, seemed sort of dumbed-down, right? Except, this is essentially how system prompts work for LLMs. You tell an LLM it's a fisherman, and off it goes.

    In the show, what eventually enables true sentience is the addition of an inner monologue - a sort of a persistent context that anchors the model to something more than just a fixed system prompt and external stimuli. Back in 2016, that seemed like mumbo-jumbo. Today, it might credibly be what the LLMs lack...

    parkern,

    @lcamtuf I haven't seen it (but now I'm interested)... so what else do they foretell? Like, does Dogecoin make a big comeback?

    lcamtuf, to random

    Hell is other people: performance management at Big Tech - https://lcamtuf.substack.com/p/hell-is-other-people-performance

    parkern,

    @lcamtuf I do still feel like it's the least bad bad idea. The only thing better, if indeed hell is other people, might be to retire and go live in the woods.

    parkern, to random

    NPR, you should have run the first version. I think folks would prefer that variety of "social contagion."

    lcamtuf, (edited ) to random

    deleted_by_author

    •
    parkern,

    @lcamtuf The bag comes from organic plants and algae, processed for millions of years under ground.

    briankrebs, to random

    If you've ever wondered why some Wi-Fi is free (like in hotels), it's because typically data about your browsing is sold to countless ad companies that will happily buy it.

    Had to use the hotel WiFi recently on a trip, and after clicking "agree" to their terms of service, the Little Snitch firewall on my Mac went bonkers. I must have denied 20-30 outbound requests to advertising networks. It still worked, though, so I'm guessing I didn't manage to block all of it.

    parkern,

    @_dm @briankrebs I wonder if the captive portal page was loading trackers from ad networks and communicating your hotel registration info to them (since it probably ID'd you off of the room+name you entered). If you used an existing browser profile, that'd join valuable info to existing ad profiles, or add it to new ones. After that the VPN would be irrelevant if those cookies or browser fingerprint were following you around. That'd imply it's safest to load the captive portal page in an incognito window.

    It is possible even then that ad networks could correlate your IP with your hotel registration (which a VPN would hide), though I suspect that'd be low entropy given many guests are NAT'ing into the same IP. The hotel wifi could sniff destination IPs and some hostnames from SNI and sell that, but is that really monetizable? I wonder.

    Does anyone have experience with these devices or the market? I suspect it's similar to the worries about ISPs selling your data. I guess the question is, is the metadata that's outside of TLS encryption these days sufficiently identifiable to a person that it could be monetized for ad targeting over a short time window? Personally I don't care if my data is used for aggregate traffic analysis, though some people do care.

    parkern,

    @_dm @briankrebs Your name (and maybe the last 4 of your CC?) could let them look you up in other databases -- i.e. it's a super cookie you can't clear. That sort of backend-joining feels especially powerful to me after reading https://www.consumerreports.org/electronics/privacy/each-facebook-user-is-monitored-by-thousands-of-companies-a5824207467/

    SwiftOnSecurity, to random

    At some point we need to start ignoring bomb threats unless they take a selfie with it. What if I make a black hole generator threat are you going to lock down the campus for that too.

    parkern,

    @SwiftOnSecurity but what if it were real this time? Need to play it safe, just in case. You don't want to be the administrator who got that one wrong. It'd totally end your career, and much of the planet.

    lcamtuf, to random

    deleted_by_author

    •
    parkern,

    @lcamtuf conspiracy theory: some of those have been stretched to slightly longer than advertised, to increase ad revenue.

    parkern, to random

    "The bottom line is that the human mind is prepared for tribalism. Human evolution is not just the story of individuals competing with other individuals within each group; it’s also the story of groups competing with other groups––sometimes violently. We are all descended from people who belonged to groups that were consistently better at winning that competition. Tribalism is our evolutionary endowment for banding together to prepare for intergroup conflict. When the “tribe switch” is activated, we bind ourselves more tightly to the group, we embrace and defend the group’s moral matrix, and we stop thinking for ourselves. Independent thought becomes heresy, heresy leads to ostracism, and ostracism could be a death sentence. In tribal mode, we seem to go blind to arguments and information that challenges our team’s narrative. Merging with the group in this way is deeply pleasurable—as you can see from the pseudo-tribal antics that precede and accompany college football games."
    -- From Jonathan Haidt and Greg Lukianoff's post last month, https://www.afterbabel.com/p/victim-oppressor-mindset

    parkern,

    @_dm I noticed both that article (non-paywall'd here: https://www.susan-neiman.com/wp-content/uploads/2023/10/20231001_LINW_NYRB_A3_klein.pdf) and Haidt's both quote Dr. King. All the analysis and theory is fascinating, but that's really what we need -- a skillful orator who understands how to bring people together (everyone together, rather than just one group at the expense of another).

    lcamtuf, to random

    deleted_by_author

    •
    parkern,

    @lcamtuf it's just °F-or-°Ck'in cold.

    parkern, to random

    How do I get infosec.exchange to show sequences of self-replies ("threads?") with the original post first? On the web and on my Android client it shows me people's self-replies out of order unless I click on one to see how they're threaded. It makes it awkward, when I generally read ~once a day and would prefer to read whole threads in order.

    parkern,

    @_dm Oh phanpy.social is so much better. Solves all my problems! Well, ok, solves all my Mastadon threading problems. Thank you.

    _dm, to random

    deleted_by_author

    •
    parkern,

    @_dm I have a set of three work-measures that are similar, but with a twist. I think about, 1) the day-to-day -- this is your tasks mostly, 2) the mission (same), and, 3) the people. I've worked on teams where the tasks are super interesting and the high-level mission is motivating, but the people are a drag, or worse. I've stayed too long on teams like that, thinking that the other two dimensions should be able to carry it for me, but it doesn't work. I've also noticed that when I feel great at the end of the day, it's often because of positive people-interactions, more than because I accomplished some task/project.

    _dm, to random

    deleted_by_author

    •
    parkern,

    @_dm Nadella at his staff meeting, "ok, I want to see everyone's big AI plans." An eager hand shoots up from the VP-of-Keyboards.

    parkern,

    @lcamtuf @_dm you never know... This might be the key that has staying power, and will just get bigger, subsuming all other keys till we just have one button to mash for every action.

    fugueish, to random

    Bought a frozen pizzoid, and its crust turns out to be sourdough instead of honest, God-fearing real dough. Our respective counsel shall be in correspondence anon, Whole Foods

    parkern,

    @fugueish sourdough is deliciously-partially-digested bread.

    lcamtuf, to random

    deleted_by_author

    •
    parkern,

    @_dm @lcamtuf I've learned enough to know that felling large trees is like rolling your own crypto.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • provamag3
  • InstantRegret
  • mdbf
  • ethstaker
  • magazineikmin
  • GTA5RPClips
  • rosin
  • thenastyranch
  • Youngstown
  • osvaldo12
  • slotface
  • khanakhh
  • kavyap
  • DreamBathrooms
  • JUstTest
  • Durango
  • everett
  • cisconetworking
  • Leos
  • normalnudes
  • cubers
  • modclub
  • ngwrru68w68
  • tacticalgear
  • megavids
  • anitta
  • tester
  • lostlight
  • All magazines
    •