@dsalo@digipres.club
@dsalo@digipres.club avatar

dsalo

@dsalo@digipres.club

Mutinous #librarian, iSchool educator, jack-of-all-trades. She/her. BS Johnson designed my notional machine. digipres.club co-mod.

Save your 20th-century creations if you value them. If it's not printed, it's likely in danger. #retrocomputing #MediaArchaeology #DigitalForensics #DigitalArchives

Ethicists are scalpels; I am a buster sword. #ethics #DataEthics #privacy #DataPrivacy #infosec #LibraryPrivacy

Former #scholcommer. #ScholarlyCommunication #OpenAccess

#nobot #metafilter #nobridge

This profile is from a federated server and may be incomplete. Browse more on the original instance.

kissane, to random
@kissane@mas.to avatar

the street found its own uses for your protocol tho

dsalo,
@dsalo@digipres.club avatar

@kissane thank you.

gordon, to random

bridges two permissionless protocols

“noooooo nobody asked my permission!! nooooooo!!!”

dsalo,
@dsalo@digipres.club avatar

@robin I'm a little surprised at you.

I know that you of all people are aware that "nobody told me not to!" is not a conspicuously great ethical defense against overreaching.

dsalo,
@dsalo@digipres.club avatar

@robin My understanding of fediverse-style federation is that it involves deliberate choice -- indeed, that where the protocol is causing difficulties, it's precisely where choice is becoming too cumbersome to reasonably cope with, or where choice toggles don't exist but should.

I can absolutely maximize my available choices by running my own instance.

The Bluesky bridge as proposed isn't a choice, it's a gotcha.

dsalo,
@dsalo@digipres.club avatar

@boris @robin That's good to know. I'm not sure it's clear to everyone that this is the case.

No, heck, I'm pretty sure it's not. It'd be worth explaining better?

I think a bridge badge (like the current bot badges) could be a good idea also.

dsalo,
@dsalo@digipres.club avatar

@boris @robin Technically it may be the same.

Socially it is absolutely not. Size/scale, ownership model (and actual ownership), and moderation model matter.

For good or ill, there's also a mental model of fedi boundaries at issue here. Agree with it or not, understanding it seems wise.

I don't like mega-apocalyptic pronouncements, but: if the fedi keeps hiding behind "technically the same" -- "technically" anything really -- I think it is liable to end up in a death spiral.

dsalo,
@dsalo@digipres.club avatar

@0x1C3B00DA @robin

How many fedi users understand that? Know what RSS is? If it were explained to them, how might they react?

That too comes down to mental model of fedi sociality, I think, though.

I hypothesize that many wouldn't much mind the person-using-a-feedreader use of RSS, but could have big issues with public aggregators.

(I myself, back in the day, 403d one such aggregator via .htaccess because I had beef with the org running it.)

I'll keep saying: SOCIAL, not TECHNICAL.

dsalo,
@dsalo@digipres.club avatar

@boris I'm not seeing that every server does.

Servers and services that expose fedi content beyond what its users understand to be usual-for-the-fedi are seeing the protests.

Is user understanding technically insufficient? Sure. But their social model seems pretty coherent to me, and my contention is that where the technology contradicts it, the technology has been designed wrong.

The passive voice you used is interesting. Who will adopt a putative new protocol?

dsalo,
@dsalo@digipres.club avatar

@0x1C3B00DA @robin I don't think their view is wrong except technically, is the thing.

I reject the supremacy of code and standards over social norms. A social norm is not incorrect merely because the tech doesn't work that way or the standard doesn't spell it out.

Again, this may be an intractable difference between us, and if it is, I do not believe what I currently think of as the fedi will survive.

dsalo,
@dsalo@digipres.club avatar

@0x1C3B00DA @robin Pretty sure I didn't make that claim.

snarfed.org, to random

Fediverse! I’ve been building a bridge to Bluesky, and they’re turning on federation soon, which means my bridge will be available soon too. You’ll be able to follow people on Bluesky from here in the fediverse, and vice versa.

Bluesky is a broad network with lots of worthwhile people and conversations! I hope you’ll give it a chance. Only fully public content is bridged, not followers-only or otherwise private posts or profiles. Still, if you want to opt out, I understand. Feel free to DM me at @snarfed (different account than this one), email me, file a GitHub issue, or put #nobridge in your profile bio.

A number of us have thought about this for a while now, we’re committed to making it work well for everyone, and we’re very open to feedback. Thanks for listening. Feel free to share broadly.

dsalo,
@dsalo@digipres.club avatar

@snarfed.org@snarfed.org Congratulations! You convinced me to block your entire domain!

Well done, you exploitative git.

platypus, to random
@platypus@glammr.us avatar

/sigh explaining the 100 vs 700 to a faculty member. :goose_honk:

dsalo,
@dsalo@digipres.club avatar

@Sylvhem @platypus It's an artifact of the limitations of card catalogs.

100 is main author; 700 is any other author.

dsalo,
@dsalo@digipres.club avatar

@platypus @jonny @Sylvhem bah humbug again

do the conversion and sort out the exact type of work-creator relationship LAAAAAAATER

for like seven out of ten things "creator" is good enough anyway

dsalo,
@dsalo@digipres.club avatar

@platypus @jonny @Sylvhem you couldn't do worse than RIC-O

dsalo, to random
@dsalo@digipres.club avatar

Just for fun, though:

Tell me your worst stories about research data security. Leave out anything identifying, of course.

Asking for a presentation I'm putting together (unpaid) which I will make public when it's done.

dsalo,
@dsalo@digipres.club avatar

@hakamadare WHAT.

Did he get caught?

briankrebs, to random

Just had another breach notification/quote request go sideways in an icky way. I'm only mentioning it because this has happened to me more times than I care to remember, and it infuriates me every time.

Here's the scenario. I hear from a researcher who finds bad thing, data exposure, etc. If I can confirm the researcher's findings, I'll then seek comment from the organization in question. Mind you, this effort usually includes both written and oral communications clearly stating that I am a journalist, and that I am working on a story about the problem and its hopeful resolution.

The response in this scenario involves a reply from a senior executive -- often the CEO -- thanking me for the information, and in the same breath asking if I do any consulting work.

I can't pretend to know what's going on in the mind of the person who asks me this question in this situation, but as a journalist it always sounds and feels like a thinly veiled bribe offer.

To my mind, it's bit like getting pulled over for plowing through a red light, and then handing the cop a $100 bill along with your license.

I always try to respond charitably, by politely declining and explaining that's not really something I do. If I'm not totally insulted at that point, I may even suggest some competent experts. Because god knows anyone who responds this way needs all the help they can get.

dsalo,
@dsalo@digipres.club avatar

@briankrebs Could be bribery, could also be panicked "can you fix our shit, since you found it?" could also be "can I turn you into the blame target somehow?"

Any of those is gross, of course.

dsalo, to random
@dsalo@digipres.club avatar

Me: puts ice water in tumbler

Lancelot: watches

Me: goes upstairs puts tumbler on table next to armchair sits

Lancelot: You are going to drink water! Watch this! hops up on armchair arm drinks earnestly out of cat-designated water glass See? Water! I am drinking it! Just like you!

Me: drinks out of tumbler in solidarity with silly loving cat

dsalo, to random
@dsalo@digipres.club avatar

Appreciation to MalwareBytes for the chuckle-snort. Via @metacurity

"How to tell if your toothbrush is being used in a DDoS attack"

https://www.malwarebytes.com/blog/awareness/2024/02/how-to-tell-if-your-toothbrush-is-being-used-in-a-ddos-attack

dsalo, to random
@dsalo@digipres.club avatar

Code4Lib Journal editorial discussing their data breach: https://journal.code4lib.org/articles/18040

thatandromeda, to random
@thatandromeda@ohai.social avatar

oh my god however bad you think a site's security can be, spoutible's is worse https://www.troyhunt.com/how-spoutibles-leaky-api-spurted-out-a-deluge-of-personal-data/

dsalo,
@dsalo@digipres.club avatar

@kissane @thatandromeda
MFA falls apart; the firewall cannot hold;
All credentials are loosed upon the world,
The JSON tide is loosed, and everywhere
The ceremony of authentication is drowned;
The best lack all insurance, while the worst
Are full of harvested permissions.

SURELY SOME REVELATION IS AT HAND

kissane, to random
@kissane@mas.to avatar

involuntary grumbleswearing levels of wtf

https://www.troyhunt.com/how-spoutibles-leaky-api-spurted-out-a-deluge-of-personal-data/

dsalo,
@dsalo@digipres.club avatar

@kissane incoherent screaming

douglevin, to ukteachers

Leaked Active School Shooter Plans Revive Scrutiny of Ed Tech Privacy Pledge https://www.the74million.org/article/leaked-active-school-shooter-plans-revive-scrutiny-of-ed-tech-privacy-pledge-2/ @PogoWasRight @brett @funnymonkey @michaelfklein via @mkeierleber

dsalo,
@dsalo@digipres.club avatar

@douglevin @PogoWasRight @brett @funnymonkey @michaelfklein @mkeierleber I'm fond of the FPF -- applied to work there once, legit enjoyed the interview -- but that pledge was never gonna be any more than empty grandstanding without some kind of audit process attached.

dsalo, to random
@dsalo@digipres.club avatar

I'm told, and believe, that there's a social-engineering scam targeting students from China studying in the US. Here's what I was told:

"Recently, there have been frequent calls to Chinese students’ mobile phones with the caller number showing as +86-96110, pretending to be China’s National Anti-Scam Center.

"The caller informs the student that they have been involved in major criminal cases such as money laundering d/t theft of identity info and using forged official documents, seals, etc."

dsalo,
@dsalo@digipres.club avatar

"They have a lot of student info such as their school history, their bank transaction history and their address. They connect students with fake Chinese police officers via Skype and they educate students how to protect their personal information.

"Once they gain victims' trust, the scammer then tricks the victim into transferring money in the name of ensuring the safety of funds."

dsalo,
@dsalo@digipres.club avatar

"Scammers threaten students that if they don’t transfer money soon they will be arrested and threaten them not to talk to anyone. Please be vigilant. Such calls should not be answered and you should block the sender right away.

"A helpful tip: All hotline numbers are for the public to call in. Officials will never use the hotline number to make calls. Never transfer large amount to people you don’t know."

So yeah, my higher-ed folks, maybe warn your students about this one. I am.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • mdbf
  • ngwrru68w68
  • tester
  • magazineikmin
  • thenastyranch
  • rosin
  • khanakhh
  • InstantRegret
  • Youngstown
  • slotface
  • Durango
  • kavyap
  • DreamBathrooms
  • megavids
  • tacticalgear
  • osvaldo12
  • normalnudes
  • cubers
  • cisconetworking
  • everett
  • GTA5RPClips
  • ethstaker
  • Leos
  • provamag3
  • anitta
  • modclub
  • lostlight
  • All magazines
    •