No, the ICE agent isn't "kneeling on his neck". Yes, yes, ICE is the modern gestapo, a bunch of thugs operating without accountability. What I'm arguing is that you cannot "see" what's happening here. You think you clearly see the ICE agent kneeling on his neck like with George Floyd, but you don't. What you see here is the approved, trained technique of kneeling OVER the neck. The difference is that the weight is still mostly on the other leg, and on the heels. The knee is extended over the neck to prevent the target from being able to lift their head, but the weight is not on the neck, it's on the heels and other leg. You can watch the agent leading up to this point, where the ICE agent is carefully placing his foot in the right position, so that the weight stays on his back heels and other leg, then extends his knee over the target's neck. This technique is extensively trained for and approved, and is included in most training manuals. That's why you know Chauvin's claim of using his training is false. His weight was on Floyds neck, not on his other leg or heels. He was definitely NOT trained to do this. The two procedures are different for exact the reasons shown, that one can injure the person, and the other simply immobilizes them without injury. The point of this tweet isn't to defend or attack Chuavin or ICE, but to point out that you and I can see the same videos but see completely different things, and that some education is important.

I left my MacBook on the plane and it was stolen. I’ve tracked it down to a flea market on south Atlanta. But while I know it’s in the building I don’t know where

The reason IT support people are so bitter is that YOU (I mean YOU) cannot rationally describe the problem: You: The Internet is down IT: How do you know the Internet is down? You: I can't get email. IT: Is it possible that the email servers are down and the Internet is working just fine? Can you visit Twitter on your browser? You: Yes, I can visit the twitter website. IT: Is there any reason other than email to believe the Internet is down? You: The last time I couldn't get email it was because the Internet was down. The fact that IT doesn't call you a blithering idiot on every support call demonstrates saintly restraint, even if a little bit of their frustration leaks through.

I'm going back there this morning at 11am and bringing Bluetooth location utilities with me. I give it a 70% chance of locating the MacBook.

Inflight wifi didn't work so of course I had to debug it. It appears the problem is lack of DHCP lease. The WiFi was using 8 hour leases, which was time enough for many planeloads of passengers to embark/disembark. A quick ARP scan at the time showed there were 55 devices on the network, almost entirely mobile devices (which randomize their MAC addresses, whereas laptops don't). Given the number of takeoffs and landings in the 8 hour period, the lease table can easily fill up. The fun fact about DHCP is that when this condition happens, it sends no response to the client. In other words, when trying to diagnose why " the wifi isn't working", there's no difference between this cause and half a dozen other causes. I have to guess this is the cause simply by looking at the fact lots of other people seem to have successfully gotten a DHCP response but I haven't. I told the flight attendant "the WiFi isn't working". She then "reset the Internet", after which I could get a lease. Apparently in the front near the entrance/exit, there's a button simply labeled "INTERNET RESET" that she presses whenever a customer complains. Obviously, one solution to the problem is that DHCP leases on planes should be drastically shorter, like at 1 hour intervals. Secondly, the number of leases should be drastically increased.

Your regular reminder that once a big newsworthy event happens, you'll start seeing reports of similar incidents that have been happening all the time, just without being reported.

Everyone: Telegram is encrypted. Experts: Telegram IS NOT an encrypted messaging app <CEO gets arrested> News: Telegram is an encrypted messaging app. Experts: Telegram IS NOT an encrypted messaging app.

You can't live debate crazy, they will always win. Live debate is just performance art. Somebody will make some new claim nobody has heard of before, and it'll be impossible to refute without having the time to go research what they just said. "Samuelsson's study from late 2021 proves you wrong". What study? I dunno, I just made it up. The only rational debate is via the written word. One side writes something, somebody else rebuts point by point, and so on. But for the most part, podcasts are for people who can't (or don't) read, so it's not going to happen for that audience. RFK and Rogan start with rejecting science, so there's really no way their points can be rebutted. If you only speak Japanese, you can't talk to somebody who only speaks French. This is especially a problem when the audience doesn't understand the basics of science, who'll believe that science is what RFK and Rogan claim it is. No, no, I don't mean you should believe scientists or a consensus (they've proven untrustworthy). I mean the science itself. In the end, the winner of the live debate isn't the one who is best at facts, but the one most willing to misrepresent facts. And that's RFK and Rogan. They will win any live debate. Serious debate is written, live debates is for fools (Rogan's audience).

Hi. Cybersecurity expert here. I'm tweeting this from a public Wi-Fi network without a VPN. I never use a VPN when using public Wi-Fi. VPN company security claims are (mostly) scams. They sponsor a lot of podcasts to promote their claims. #CyberSecurityAwarenessMonth

Because somebody took it.

nVidia is in the same position as Sun Microsystems was in the early days of the dot-com bubble. Sun had the leading edge web servers, the smartest engineers, the most respect in the industry. If you were dot-com startup, you bought Sun servers. Smart engineers wouldn't come work for your startup if you were dumb enough not to buy Sun servers. And they charged a premium, their profits went through the roof. Except, well, there wasn't actually anything special about them -- they weren't actually "the best", nothing really was. It's just that they were the least risky option. You knew they'd work, that newly hired employees would be familiar with them, that they were good enough. As a startup, you don't optimize for the efficiency of your systems, you optimize for building the business, like selling pet food, doing auctions, selling books online, and so on. You want growth, not profits. Once you've dominated your market and have steady revenue, then you can afford to go back and fix the efficiency problems. It's funny because back in 1996, Windows NT 4 running on Pentium Pro was a vastly better web server than sun. It's just that Silicon Valley startups couldn't find anybody who knew the system. Techies looked down on "Windows" and considered it a "toy" operating system compared to the mighty Solaris, and Intel CPUs were "CISC" when everyone knew "RISC" was better. Everybody was wrong, of course. nVidia is in the same position. Everyone wants nVidia chips for AI because they are known to work, the techies know how to program for them, and so on. But Intel, AMD, and others makes competitive chips for part or all of the AI stack that cost a lots less. Indeed, Apple's own chips are quiet good -- their Private Cloud could in theory be serviced by racks of Mac Ultra servers. But they probably are buying nVidia, too. When the dot-com bubble burst, Sun crashed, and never recovered. Right now, VCs are throwing vast amounts of money at startups who are in turn sending it to nVidia. At some point, this will stop. Unsuccessful startups will go bankrupt and sell nVidia hardware and office chairs on eBay, successful companies will now work to attain profitability by reducing costs.

It's kinda like how Elon Musk has promising Full Self Driving on Teslas for years without delivering, he's also failing at delivering civil war in Europe.

How can I can for bluetooth signal strength? The MacBook has bluetooth enabled, my phone is talking to the bluetooth, but there's no strength meter.

1/n OK, let me explain what's going on with the Facebook right now. First, let's talk "routing". The Internet is a mesh of routers that forward packets. Packets go from source through a series of routers until they reach their destination.

I asked AI to draw a picture of a levitating super conductor and it gave me this

The Mac is either turned off or asleep.

The US Naval laboratories have just announced that they've been able to fully replicate the LK-99 results. They've released this image of a sample floating above a magnet proving the Meissner effect.

Installing old operating systems in virtual machines is hard.

For example, to prove my point, I opened the podcast (open.spotify.com/episode/3DQ…) and skipped forward to a random location, around 37 minutes into the thing (I can't bear to watch all 3 hours and debunk point by point). At this point, he's talking about a "Lazarus Report" that said 1 in 37 people had an adverse reaction to vaccine. I'm pretty sure he means this: digital.ahrq.gov/sites/defau… This is the sort of things that live, I can't rebut, but written, I can. I googled, I found the thing, I read the thing. It doesn't say what RFK claims it says. The way VAERS (vaccine adverse event reporting system) works is that you should report any event after a vaccine that happens 30 days after. This includes things that couldn't possibly by related to the vaccine, such as a pedestrian getting hit by a car. This floods VAERS with garbage, where 99.9% of the reports have nothing to do with vaccines, because on average, within 30 days, things happen to people. In other words, 1-in-37 is the same chance that in the next 37 months, you'll have one of the 890 conditions that VAERS wants reported: falling down the stairs, getting a cold, severe headache, ingrown toenail, and so forth. This is normal. If you get a placebo vaccine instead of a real one, there's a 1-in-37 chance in the month after you'll have some event that VAERS wants reported. The point of VAERS isn't the absolute numbers but relative numbers. There's a spike in the number of people getting ingrown toenails after a new measles vaccines, something so totally unexpected, this system will help find it. During the pandemic, lazy doctors who did a poor job reporting to VAERS suddenly got diligent, and the number of VAERS reports shot through the roof -- including all 890 categories, including getting hit by a car. It didn't mean covid caused anything, because almost all 890 categories went up mostly equally. It's how we know myocarditis was actually a problem, because those reports went up more than the rest. The point is that you really can't debate this sort of thing live. I'd never heard of the "Lazarus Study" before, though I have researched VAERS thoroughly, so I wouldn't be able to debunk it. Conversely, RFK just brings it up out of nowhere and misrepresents it. Moreover, the RFK/Rogan audience have such low levels of education, they simply can't follow the complex explanation debunking it. You can't live debate crazies. It just won't work.

It was a trick. All the robots were remotely controlled. All the robots were remotely controlled by humans. All the actions were performed by humans, remotely. When talking to the robot, you were talking to a human.

This is needed legislation. Chemtrails should only be used for mind-control, not weather modification.

Menu suggests the burger/fries cost $17 and the rest must be the whisker.

1/ In case you were wondering: Apple's replacement for Intel processors turns out to work really, really well. Some otherwise skeptical techies are calling it "black magic". It runs Intel code extraordinarily well.

A lot of good replies to my tweet, but so far this is the best: nitter.app/JaeronMerc/status/1803…

Okay, here's how this lie works: 1. everyone agreed that Russians did not hack election infrastructure 2. everyone agreed Russia meddled with the election in other ways, such as hacking the DNC and releasing emails from Podesta et al Tulsi intentionally confuses the two.

Cybersecurity expert here: no. The stories of teenage hacking are sensationalized. As far as we can tell, he didn't hack into the company using a FireTV stick. He accessed the company using his phone. Specifically, he connected his phone to the TV and its bluetooth keyboard, through the FireTV stick. This made things more convenient when accessing the Internet from his phone, but was by no mean such things were essential. Moreover, the story sounds like he'd hacked into the company and stolen the content weeks before. He then just logged into their Slack to taunt them while in the hotel room. Accessing Slack from you phone is not terribly difficult. As for his skills, most teenagers have no skill in general, but have been taught by other teenagers one specific skill. What makes it work isn't because the teenagers are smart but because their targets are dumb. The NSA already has all these skills. The one thing that would be valuable to the NSA is autistic obsession with tech. There are a lot of autism-spectrum people who you could just stick in a room and watch blossom with tech skills because they are obsessed with them. You don't have to 'train' them, they'll train themselves. But, their goals aren't aligned with the NSA. The NSA doesn't go romping through the Internet hacking whomever they find. NSA hackers are given specific tasks to achieve, they must play by the rules, and the paperwork involved is more arduous than the actual hacking. Such autistic kids would not do well in that environment. The kind kids the NSA wants to hire are those that are socialized enough they won't get so angry at the needless paperwork and roadblocks that they go off on a rampage (like Snowden). That's a rare enough skill to find. All the rest of the hacking skills can be taught. If you are an organization with zero skills of your own, then sure, hiring such kids will at least get you started. But you'll exhaust their value within 3 months, after which you've got a sociopath on your hands that you have to deal with.

I'll go back tomorrow morning and try it!

This simple tweet that I thought 10 people might notice has gone viral with 26 million views and counting. The consequence is that the Atlanta PD contacts me to file an official police report. That's kinda cool of them.

Telegram is a social media app like Twitter, Discord, Facebook, Reddit, and so on. It is not an end-to-end encrypted app like Signal or WhatsApp.

The flight attendant was unclear. On the way, back I'll ask if that button resets everyone.

Yea, I've got 3 hours to kill here in this airport lounge waiting for the next leg of my flight, so let's discuss the "OSI Model". There's no such thing. What they taught you is a lie, and they knew it was a lie, and they didn't care, because they are jerks.

I applied for "Community Notes" access 6months ago and was finally accepted today. I can therefore see the proposed community notes on Elon's posts like this. There are three proposed notes. Two point to high quality sources debunking the notion that your tax dollars are paying for such flights (immigrants must pay for their own flights on commercial airlines). However, enough Musk supporters are voting them down that they don't appear publicly, even though they are factually correct. They are only visible to Community Notes people. There is a third post, citing partisan sites, that supports Elon's claim. The point is this: because of partisan defenders censoring community notes, obviously false statements like the one below from Musk are not getting Community Noted.

"We don't use signatures but use AI instead. Also, the bug was in a regex expression" -- CrowdStrike

“You hear a crunch - and then you keep going”

1/n If you are wondering if there will be anybody at Mike Lindell's cybersymposium who can confirm or refute his "packet captures", well, there's going to be me. I'm a well-known expert on packet captures, and somewhat knowledgeable about election systems. m.washingtontimes.com/news/2…

Note that "Wireshark" only captures non-promiscuous packets and broadcasts, things going in/out of my own machine, not anybody's private traffic. You have enable monitor mode to see everything, and even then, that''s tough with MIMO.

I hate you Twitters. After ragging on RFKjr yesterday in a tweet that went viral, people claim "but his book is well researched and reasonable". It's not. I just bought the book, starting reading the introduction, and immediately come across a stumbling block. The highlight portion deliberately misrepresents what's going on. It's not true that the [covid vaccine] is "so risky that manufacturers refused to produce it unless every government on Earth shielded them from liability". The truth is that juries are so easily swayed by emotion and charisma that they'll believe a vaccine is dangerous even when it isn't. The context is the "National Vaccine Injury Compensation Program", created in the 1980s. If somebody is harmed by a vaccine, they don't sue the maker, they go through the government program. Harm is determined by scientists rather than ignorant juries. The reason the program was created is because of a scare back in the 1980s over the DPT vaccine. Juries were handing out huge rewards against vaccine makers, despite no scientific evidence the vaccines caused harm. When a child dies, juries are easily convinced that a big uncaring corporation was at fault. Thus, the corporations stopped making vaccines. That's bad, because then kids wouldn't get vaccinated, the diseases would ravage schools, and hundreds of thousands of children would die. The fundamental danger here isn't from the vaccines, but from misinformation from the likes of RFKjr. Vaccines aren't perfectly safe, of course. Vaccine harm is real. Each year, the program pays out millions of dollars in compensation. No vaccine is perfectly safe for the same reason that no disease is perfectly safe. Even the most minor of colds can kill a person by triggering an unlikely set of events in the immune system. It's a one-in-a-million chance that you'll get killed by contracting the common cold, but it can still happen. But vaccines are "safe enough". If you are 10 times more likely to get into a traffic accident on the way to the doctors to get a vaccine than having a vaccine-caused complication, it's "safe enough". The government took shortcuts with the mRNA covid vaccines, of course. One can reasonable claim that they more risky than other vaccines. But still, it's overwhelmingly safe for vulnerable populations -- I've had 4 shots because I'm a scientist who understands the risks. I'm a centrist, so I actually agree with a lot of other RFKjr content. There was no evidence for covid mandates (they don't do enough to stop transmission, they wouldn't achieve herd immunity). They were inappropriate for young people, who were far less impacted by covid, and far more at risk from the vaccines (like myocarditis). Social-media did improperly censor people who raised such questions, who said things then that even Fauci admits now. My point is simply that one this one particular issue, RFKjr misrepresents what happened. It's on the first couple pages of his book. It's not just here, he frequently makes this misrepresentation about the vaccine injury compensation program -- that it's proof vaccines are dangerous. His book isn't a robust explanation of the issues, but rhetoric confusing the issues. No, I won't go on Joe Rogan to debate RFKjr live on this point. The point is already debunked, in writing, but me and a ton of fact-checkers. He's already lost in writing, where logic prevails. He's hoping to move the debate, to where rhetoric prevails. Serious people don't play this game and attempt to debate on podcasts, because they know they'll always lose to the crazies.

79/ Final verdict of this "cyber expert": Number of "packet captures" or "cyber pcaps" seen = 0 Amount of "Absolute Proof" seen = 0 Amount of any evidence seen = 0

It's stolen if somebody takes something that doesn't belong to them. That it's currently misplaced doesn't mean somebody can take it. It's not "lost" -- you can take any Apple product to the nearest store and have it reunited with its owner.

Old Unix: everything is a file New Unix: everything is a file system

Anybody can run Wireshark and see for themselves how much "Encrypted Client Hello" is supported. It'll work between your Chrome browser and Google, but it's rarely supported otherwise. I'm at a public WiFi and just went to PronHub to demonstrate this. It's TLSv1.3, which supports ECH in theory, but not practice. The website name is right there in the packets. In other news, it appears the site is block in the state of Georgia due to age verification laws. This is probably why people actually use VPN, to make it appear they live in a different state. BTW, you don't have to trust me because I'm an expert (though I am), but because I show data.

Wow, pinging the #Juno spacecraft takes almost an hour for a reply!!

I mean, I don't want to make a blanket statement like "trust experts", but it's been a long running argument with fans. Telegram has fans, and by "fans" I mean "batshit crazy fanatics who'd probably murder you if they could come to this country".

Of course they were "de-banked". Once the evidence of their enormous defrauding of Deutsche Bank became public, no bank would do business with them. Yes, Trumpists claim that this was just lawfare against Trump, but real bankers know real fraud when they see it.

I forget to mention the subtext. The Vice article in question also contains written debunking of some of RFK's claims, and links to other written debunking of other claims. The premise here is that RFK/Rogan are refusing a written response, and are demanding instead a live debate. If a written debate is refused, there is no way you'll win a live debate against a crazy. We need to instead hold their toes to the fire and demand a written response. Rational people can read and write -- it's the ignorant that watch such podcasts. vice.com/en/article/k7zz9z/s…

is Trump's wife American?

It's RFK who refuses to debate. Hotez linked to the Vice article thoroughly debunking RFK: vice.com/en/article/k7zz9z/s… Rogan's/RFK's response isn't to write back, countering those things. His response is to demand a live debate. And the live debate will contain just as many falsehoods and misrepresentations as the original podcast. Then Vice will write an article debunking those, too. And Rogan/RFK (and their audience) will continue to ignore anything written debunking them. The likes of Rogan/RFK will continue to succeed by refusing to get into any serious debate (with the written work) and instead demand live performance where they get to make shit up. nitter.app/trelayne/status/…

Update: I’m pretty sure I know the exact location, what can I legally do? The police said there’s nothing they can do. Any suggestions?

It was stolen and is now at a flea market far from the airport. How will lost&found or unclaimed-luggage help?

Ask whom? It's a flea market with 50 independent stalls.

Ransomware is just a pentest engagement where you negotiate scope and payment afterwards instead of before.

you aren't scamming hard enough, if you were, you'd find plenty of use cases

Current status: There's a conflict between Google cybersecurity researchers and the @ffmpeg project that doesn't have the resources to fix the vulns Google finds. So I'm busy trying to understand the bug to figure out how to patch it. Google provided enough information to easily reproduce the bug, so I simply compile everything, then watch it crash in the debugger, then step through the code before it gets to that point to see what went wrong. I've spent about 5 hours so far on this, mostly getting everything built properly on macOS, which is my preferred environment for debugging. I should be learning how to use VSCode on the Linux desktop as my source-level debugger. Fuck using raw gdb without a GUI frontend -- my philosophy for (checks notes) over 30 years.

This is a very good tweet.

I very much like this rebuttal. I was think of "driving a car" analogy, but this tweet says it much better.

April "Fools Day" started from the Catholic tradition of breaking out into dance every April 1, a practice they still observe. Pope Francis demonstrated his moves this morning to reporters.

Sometimes it's easy to believe we haven't made progress in cybersecurity. We have. For example, this used to be a warning in Internet Explorer:

I’m know right? It’s right here!!! But I can’t find it

This story is nonsense. It's just normal criminal enterprise for sending SMS spam and anonymous messages. Somebody used this service to send SMS threats to some politicians, so the Secret Service traced it back here. They are describing it as some special political threat ("35 mile radius from the UN") when it's just perfectly normal criminal enterprise. We know it's a crap story because to the way the New York Times story on this cites anonymous sources in the administration, and then James A. Lewis to confirm it. This guy, formerly of the CSIS think tank, is the the NYTimes regularly trots out to confirm cybersecurity claims by anonymous government officials. Ir's just normal crime folks, there's absolutely none of the threats here that they claim.

The following tweet is false. EVERY engineer in the real world makes a tradeoff between safety and cost. It's part of risk planning for any large project. Lives are valued between about $2 million and $10 million. If it costs $20 million to reduce the number of lives lost in a big project (like a suspension bridge or oil refinery), then you likely don't spend the money. The airline industry already overspends to avoid lives lost, which is why there hasn't been a life lost due to an airline accident in the last 6 years. I'm not saying this as some of partisan or defending Boeing or whatever. I'm saying as an engineer who knows how the world works. Risk analysis is a discipline, and part of the discipline involves putting a value on human life. This is a statement of fact: engineering in the real world means safety/security isn't perfect and evaluating the balance between safety and finances.

This is wrong. You shouldn't know more about IPv6. But in case you wanted to know more, I thought I'd write up a quick thread.

A quick FAQ: Q: What actually was FTX? and why did it collapse? A: A scam. because it was a scam.

I called them and met them at the location. They said there's nothing they can do.

All I'm saying is, that when there's a pcap fight, don't bring a pillow.

AGI is here.

Most genocides are against people who look the same.

It was a bit confusing for the poor guy contacting me, because he's told just to call this number with no context, without any idea why he's calling me. I don't know why precisely he's calling, and neither does he.

WHAT THE EFFING F!!! I don't understand anything about networks. As you know, Google shook the beehive that is infosec by providing a .zip domain. The community has exploded in outrage over the fact that this makes a lot of phishing-style attacks easier. This excellent post shows the dangers with a GitHub URL. This would confuse even experts. medium.com/@bobbyrsec/the-da… The problem is less .zip and more the fact we allow URLs of the form http://username:password@website.com. This has long been used to confuse people, the .zip domain only makes this slightly easier. But this really has no valid functionality. A password inside a URL is not a password. It's almost entirely used for hacker attacks. Not only should Google Chrome remove the feature, so should we write an RFC explicitly deprecating the functionality. So I went back to re-read the RFC 1738 that standardizes the format of URLs. What I find is that while username:password is specified for things like FTP, it's not allowed for HTTP. Let me repeat: THE USERNAME:PASSWORD FEATURE IS ALREADY A VIOLATION OF THE STANDARD. We don't need to write an RFC deprecating the feature. We need to write an RFC clarifying that we really mean it -- that doing so is bad, and that everyone should really change their products to be compliant with RFC 1738. I feel as a so-called "expert" in such things I should already have known this.

I was war walking the stalls pushing beep. Nothing happened.

What? Microsoft still using HTTP instead of HTTPS/SSL for produce updates? I wonder why. i mean, updates are signed, so it's not inherently a security risk. But at the same time, layered protection etc. I suspect it's because a lot of corps have firewalls that sometimes break HTTPS. Critical security updates are so important that they have to succeed. But even then, it still should be HTTPS with SSL, backing off to HTTP if there's a failure. This would give good telemetry about how often HTTPS/SSL fails so that we can fix it.

Because everything important is SSL/TLS/HTTPS these days. These protocols can safely be used on public wifi.

Statistically, your safe deposit box is more likely to be robbed by the FBI than bank robbers. Not because they charged you of a crime. Not because they suspected you of a crime. They just come and take it. And don't give it back.

9/ Facebook did that.

I was an early 1980s Internet hacker. Let me explain why "Bugtraq" is probably the most important achievement in the world of cybersecurity.

RFK is the coward, refusing to write up a response to the written debunking of his statements. He wants a forum where he can instead lie and mispresent things as much as he did on the Joe Rogan podcast.

If you send out a phishing email to test your employees, and 500 fail, it probably means something is wrong with your organization, not with the employees.

1/x: So I bought a surveillance camera

The "Wordle" webpage runs completely on the client-side in JavaScript. You can just hit F12 and read the source and see all the correct answers.

Apple's most important innovation yet.

So as I blogged before, the emails contained DKIM information, which the original reporters could and should have verified. So I eventually got a copy of the email and run DKIM verification on it. It passed:

More

So I wrote up a blogpost explaining how secret dots printers put on documents outed NSA leaker Reality Winner. blog.erratasec.com/2017/06/h…

But the lesson here is that I should've called them and filed a police report (I suppose by dialing 311) first thing. He asked why I didn't file a police report, and my answer was that I didn't really understand what I should do.

There is no "the Japanese". Different Japanese think differently. Just because Al Jazeera interviews an anti-American historian doesn't mean the rest of the Japanese feel that way. If you actually go to Japan and see their Hiroshima museum, you'll find they describe many of the same issues you mention in your post. It's not as anti-Japanese as your tweet, but it's anti-militarism. It's not about assigning blame, but about pointing out that militarism of the early 20th century left no good choices.

I don't want a system that blocks incoming spam calls. I want a system that shunts them to an AI running on AWS that interacts with them and wastes their time.

I’m at HomeDespot. Self service terminal is down due to CrowdStrike failure.

Everyone in tech should watch this gut wrenching video because at some point this may be you. You should understand how business works going in so that you understand the process for when they push you out. The underlying cause RIGHT NOW is likely the same problem that all tech companies are experiencing in 2024: the government pulled a surprise tax rule on them this year that's causing all of them to scramble for a big wad of cash. So layoffs happen. The trick to long term survival at any mega tech company is to transfer to more successful products. If the product you are on keeps missing ship dates, or fails revenue goals, is badly marketed, or whatever else, when it gets shut down, those working on it often get canned even if objectively they are best employees of the company. In other words, it's not you, it's them. When layoffs come, it's often the bad decisions of your immediate manager and all the chain up to the CEO. Sure, it's a little bit you, this salesperson hasn't made a sales in 4 months since she was hired, but as she explains, that might be an unreasonable expectation. If only part of your group is getting laid off, it's what's perceived as the least valuable employees. When the layoffs come, that's it. There are no more words to say. None of your questions are really going to get answered. That's why HR does the layoffs. They go through layoff training in order to be able to tell the (now former) employee that there aren't going to be answers. The reason is that the legal system overwhelmingly favors employees in any dispute. No matter what the HR person says it can and will be used in a lawsuit against the company. Whatever is said will be twisted out of context. As a result, the company has no choice but to say nothing. You really need to know this going on, when you get hired. A tech company becomes a big part of your life. You'll make life long friends there. You'll put in long hours when necessary. You'll buy a house to optimize your commute to work. Your financial planning is based upon that steady income. There is now great uncertainty about your future. Such layoffs come out of the blue. Obviously, a company is going to hide the fact that they are even considering layoffs. Companies frequently consider this step before rejecting it, so publicizing this fact all the time just breeds discontent. After they decide, they don't delay in taking action. You are responsible for managing your own career. The information management uses to decide layoffs is fairly public. Companies report their financial results. Within the company, employees know which departments are making money and growing and which departments are not. it's not your manager's job to maintain a relationship with you, it's your job to manage the relationship with your manager. In this example, the employee claims the manager praised her work. Well, yes, all managers do that. In order to soften the blow when pointing out the areas needing improvement, manages will also praise the areas that don't. There's rarely a good match between the praise/criticism the manager is trying to convey and the praise/criticism employees hear. Your manager largely doesn't know how you are performing. End-of-year reviews are nonsense because a manager of many people only remembers that last month for each person. It's up to you to track all your accomplishments over the year to remind your manager. Managers are stupid. They this expectation they must praise and criticize even the most irrelevant things. One arrogant co-worker looked at his year end review once, agreed that yes indeed those were all areas that could be confused, but told his manager that he wasn't going to improve any of them, that he was already one of the company's most valuable employees without fixing them. He probably was the company's most valuable employee. It's not just year-end-reviews, but layoffs, where the manager doesn't know as much about your work performance as you do. If you suspect they might be coming, schedule a one-on-one with your manager and go over your list of accomplishments for the year. If you don't remind them, they may forget, and once the decision has been made, it's pretty much cast in stone. This one time, our whole department got canceled, either laid off or transferred to other departments. My boss got laid off, so I got to handle all of his reports instead. It's a horrible experience. I didn't have any answers to ease their pain. I mean, it's always worse being on the other side of the table, but it's also painful for those doing the laying off. They aren't jerks, they have empathy, they just don't have the ability to answer your questions. By the way, the answer to their question was that the CEO of a company had an ongoing scam where every 3 months he'd buy another company, and then shove other losses into the "one-time-loss" of the acquisition and claim a pretend that if not for acquisitions, the company was profitable. That meant another round of layoffs every 3 months, especially in the companies being acquired. The tricks caught up to them eventually and they went an entire quarter with zero revenue (according accounting, with all the actual revenue backfilling all the previous accounting shenanigans). The point of this tweet is simply to point out that if you get a job at a tech company the size of Cloudflare, this is how you are going to get laid off or fired. You are going feel the way she feels in the video. You are going to get the same answers that the HR people give in this video. And there's really no way around it, so set your expectations. BTW, small companies aren't really any better so much as poorly run. They haven't yet had the employment lawsuits that teach them to stop giving employees so much information when fired or laid off.

Fact-check: no. Hamas was the largest victor in the 2006 election with 44% of the vote, so not a "majority" back then. There hasn't been a vote since. The median age in Gaza is 18, meaning nearly half the population wasn't even born then. Moreover, half the population back then wasn't eligible to vote. Back of napkin calculation shows that only around 10% of Gaza's current residents ever voted for Hamas. There hasn't been an election since 2006 because Hamas is despotic. They are not the will of people, but subjugate the people. They are more like a criminal mafia than a government. There are plenty of books that delve into this. I recommend the book "Son of Hamas". Polls showing "support" for Hamas are difficult to interpret, because what's the alternative? In any event, this article describes a poll taken back in July 2023 that shows the unpopularity of Hamas's policies: washingtoninstitute.org/poli…. In that poll, 70% said they'd rather PLA from the West Bank take over the administration of Gaza, with Hamas giving up its military units. 50% wants Hamas to accept Israel and work toward a 2 state solution. 62% want a permanent cease fire with Israel. Blaming a population for atrocities of their despotic rulers and bombing them in punishment is a warcrime.

You think your Thanksgiving is bad, my sister and her husband are arguing about best way to structure an SQL table/queries. So in order to bring harmony, I interrupted and suggested NoSQL/MongoDB instead.

So in "Stark Trek: Discovery", they have the Vulcan debug some code. Apparently, Starfleet still runs on Windows.

1/ So what is a "reverse engineering" tool like Ghidra? Well, I'm going to describe it in a few tweets, with screen shots.

No question that this shot changed movies forever.

I gave a made-up name to Uber when I signed up. I think the most important security precaution is to lie to computers compulsively.

So let's discuss SSL encryption algorithms for the moment. If you are using Chrome, you've got a choice between AES, Triple-DES, and ChaCha20. This pic shows the list that Chrome sends to web servers saying which algorithms it'll support.

I wrote up a quick blogpost why this SIM farm story is bogus and why you journalists should feel embarrassed for not questioning such obvious propaganda. cybersect.substack.com/p/tha…

I’ve exhausted all my options getting my laptop from the Mart. If anybody can get evidence it’s there - like a picture of the serial number, I’ll give a reward if I get it back. I have the (almost certain) store, it just can’t be me (I’ve already been there)

33/ This is incredibly frustrating. Lindell invited "cyber experts" and "fact checkers" to come and confirm the "packet captures" -- and has yet to provide us any packet captures and it's 4pm already. #ReleaseThePacketCaptures

🧵"Twitter 2.0" is trending. I'm a foremost expert on this and let me tell you what you should do: quit, take the 3 month severance with your friends, and build the 2.0 version yourself. Musk will give up and buy your company in a couple years.

If I had a chance to rewire my house, I'd also put 240v in a lot more places. But there's a plug for this, so that you get hot-hot instead of hot-neutral, depending upon how you plug in.

Lindell: "It was valid data from the 2020 election and nobody who came out of those [cyberexpert breakout rooms] can say anything different". I was in the room. I say something different. None of it was valid 2020 election data.

I'm going to have to grow up and accept that fact that more people will get listen to the Hawk Tuah girl for cybersecurity advice than will listen to me. :-)