So managers are starting to spew the whole "well I didn't do anything wrong, it affected everyone else, so we're not liable" bullshit.
Did you allow a third party vendor to have the highest privilege access to all of your systems AND let them run Remote Code Execution on your systems whenever they want?
You didn't have a test environment set up to test each update or patch that is applied to your systems before you push them to prod? No? Just let it auto-update?
Yeah, that "Risk Transference" didn't work so well as your GRC policy seemed to think it would, huh? I know they're a security company and they SHOULD have tested it, but they didn't, did they?
I know everyone else does it, but if everyone else jumped off a bridge, would you?
Just because everyone else fucked up, doesn't mean you didn't fuck up.
There's gonna be a lot of deep discussions in this post-mortem and hopefully orgs will change. Those that don't will just be hit again... and again... and again.
Thatβs because their entire operation is run from a bank of half a million BBC Micros all linked together in an enormous basement under Broadcasting House.
The whole of greater London takes its heating from that basement.
If a hacker had done this, we would be trying to put them in prison forever. If this were a company making a physical device that happened to kill people, the settlement numbers would be astronomical.
I predict that *at best,* there will be some kind of "hearing" along the lines of the Boeing inquisition, but I doubt even that will happen.
Which makes me wonder (among other things) why we have allowed software bugs and errors to occupy their own special moral category.
Something I love bringing up again from time to time: a little more than five years ago a friend and I found a functional microphone in a smart kitchen appliance that wasn't advertised to have one. The product in question was being promoted hard by Lidl because they sold it at a fraction of the price of similar devices.
It made national & european news and I was interviewed by the biggest TV news show at prime time.
All we wanted was run Doom on the thing. We installed Discord on it and hopped into a call because we thought it would be funny and fell off our chairs when it turned out the person on the other side could hear us just fine
"Please allow me a moment to clean this up. Rest assured, I will let no harm come to you."
I've been swooning over Von Lycaon for a while now, and @gearwurk surprised me with this awesome art of Von TK! I guess Mr. Von Lycaon decided it was time for a new recruit. ^^
"Linux would have prevented this!" literally true because my former colleague KP Singh wrote a kernel security module that lets EDR implementations load ebpf into the kernel to monitor and act on security hooks and Crowdstrike now uses that rather than requiring its own kernel module that would otherwise absolutely have allowed this to happen, so everyone please say thank you to him
Former President Donald Trump's political hopes may be in danger in a solidly Republican state with a significant haul of Electoral College votes if current polling trends stay consistent.
I don't know why people are so obsessed with ChatGPT and #AI. I know a lot of people who can spout absolute bullshit with a much lower carbon footprint. Funnily most of them seemed to be in the sales and marketing fields, but I'm sure that's a coincidence.
the saddest part of today? lots of lawyers are getting contacted for lawsuits against ClownStrike, but they can't take the cases because their computers aren't working either ;_;
"Five Just Stop Oil activists receive record sentences for planning to block M25"
"Roger Hallam, Daniel Shaw, Louise Lancaster, Lucia Whittaker De Abreu and Cressida Gethin were found guilty last week of conspiracy to cause a public nuisance for coordinating direct action protests on the M25 over four days in November 2022.
Hallam received a five-year sentence on Thursday, while the other four were each sentenced to four years.
The sentences are thought to be the longest sentences even given in the UK for non-violent protest, exceeding those given to the Just Stop Oil protesters Morgan Trowland (three years) and Marcus Decker (two years and seven months) for scaling the Dartford Crossing.
All five had spoken on a Zoom call trying to recruit potential volunteers for the actions, which involved activists climbing gantries at strategic points on the London orbital motorway."
Okay so first up here is the fact that these folks just caught 4 and 5 year raps for, organizing a protest on a zoom call. Not actually protesting mind you, but "conspiring to protest." The second issue of course is that the protest in question wasn't some kind of violent terrorism or anything - they were planning to block traffic, to protest fossil fuel companies and the governments that serve them in boiling us all like soup for a few extra points per share. This is of course bonkers, but also completely indicative of the fascist police state the UK has become after the Tories greatly enhanced police powers to prosecute protestors in response to student, BLM, anti-Tory, and anti-genocide in Gaza demonstrations over the past few years.
Please of course keep in mind that there is no jail time coming for fossil fuel executives who are knowingly driving us all towards a mass extinction event for profit. Conspiring to kill billions? Not a crime. Conspiring to block traffic? Well, read for yourself:
"judge Christopher Hehir said: βThe offending of all five of you is very serious indeed and lengthy custodial sentences must follow.β
Unbelievably the judge also chose to frame the existence of fossil fuel caused climate catastrophe as a matter of opinion, while acknowledging the near unanimous scientific evidence it is not:
"Hehir admitted there was a scientific and social consensus that human-made climate breakdown was happening and action should be taken to avert it. βI acknowledge that at least some of the concerns motivating you are, at least to some extent, shared by many,β he said."
He then put down protesting actions that are killing people, and will kill billions, as grandstanding:
βBut the plain fact is that each of you has some time ago crossed the line from concerned campaigner to fanatic. You have appointed yourselves as the sole arbiters of what should be done about climate change, bound neither by the principles of democracy nor the rule of law.
βAnd your fanaticism makes you entirely heedless of the rights of your fellow citizens. You have taken it upon yourselves to decide that your fellow citizens must suffer disruption and harm, and how much disruption and harm they must suffer, simply so that you may parade your views.β
Which of course brings me to the extremely fucked up reason this trial is even happening at all. Because the zoom call was infiltrated by Sun (a UK news rag) reporters who literally RECORDED it and CONTACTED police. This is a private newspaper. Journalists are supposed to PROTECT their sources, they're not supposed to function as unofficial secret police on behalf of a capitalist state that acts wholly in the service of billionaires trying to kill you for money.
Finally of course, we have the fact that the trial ITSELF appears to have been a complete sham with the verdict largely already decided by a hostile judge who denied the defendants the right to make reasonable legal arguments and told the jury they weren't allowed to consider the idea that climate catastrophe is real and caused by fossil fuel production and consumption:
"Supporters of the defendants expressed outrage at the sentences, which came after a two-week trial in which the judge denied them any of the defences in law for causing a public nuisance.
Hehir ruled that the jury should not take into account evidence about climate breakdown, which the defendants wanted to point to as the key motivation behind their actions, and which they said provided them with a reasonable excuse for them."
Folks, this too is fascism; and it's fascism in service of some of the largest, most murderous corporations on Earth. The new Labour government in the UK needs to intervene IMMEDIATELY or they're proving to you they're no better than the Tories and serve the same masters.
Let's cut the bullshit and spell out a few things. The IT security industry is about as trustworthy as the food supplement and vitamin industry, but somehow they escaped the same reputation. Their products are overwhelmingly based on flawed ideas, and the quality of their software is exceptionally bad. And while not everyone will agree with the harshness of my words, I'll say this: Essentially everyone in IT security who knows anything in principle knows this.
@cpswan And more recently by Ian Levy, who was the techincal director of NCSC at the time. Security vendors have been allowed to dominate the market and control the narrative. Everyone is worried about APTs, but the things most likely to bite you are script kiddies and common garden variety cockups. What we need is the basics like adequate governance. What we're getting is AI-powered bullshit.
Content warning: uspol, this election, actionable advice
Remember: Your friends cannot, by definition, boycott the election. This isn't a marketplace; parties and politicians aren't businesses. Failing to vote or voting in "protest" is just an abdication of their responsibilities as a citizen and gives politicians a free pass to ignore them: https://youtu.be/nSZjlCTyWJ4
That said: Focus on your friends who want to vote but can't because of practical reasons like a lack of childcare. According to a study mentioned above, there are about four "can't" voters to every "won't" voter. A single afternoon of babysitting might be 400% more effective at saving our democracy than any amount of yelling online.
What concrete plans have you made with family, friends, colleagues, and the like to get the willing ones, the ones who still hold out hope, to the polls?
SUPPORT more videos like this at http://patreon.com/rebeccaSUBSCRIBE at http://www.youtube.com/subscription_center?add_user=rkwatson+++Links + transcript ava...
U.S. cybersecurity agency CISA has acknowledged that while the CrowdStrike outage is *not* a cyberattack, it has observed malicious actors "taking advantage" of the s(h)ituation for "phishing and other malicious activity" and warned organizations to "avoid clicking on phishing emails or suspicious links."
you know how matpat brought the pope a copy of undertale? could someone bring him a copy of linux or something? I want to get the Pope into open source, so that he can petition god to open source humans. I got a lot of patches I need to make
As someone whose job is essentially doing production engineering for wetware hacks, there's a lot more compatibility challenges and code testing concerns for wetware. Not to mention the total lack of documentation, confusing (and closed) APIs and the presence of really arcane security software that hasn't been updated in a few thousand years. All of this means that our reverse engineering can have impacts on unexpected parts of the OS.
As someone who worked in life sciences I can tell you 90% of all research nowadays is "in-silico". So same shit, bits in bits out. Gone are the days of injecting random shit on people and see what happens.
and speaking as a reverse engineer, you have NO IDEA how often I've considered studying medicine instead. I can hack software and hardware all day, why can't I hack wetware?
@shroomie (if you don't know about her, she's really cool. Went from co-founding sirius-XM to curing a previously incurable disease all while being trans)
One of them does prefer the βcathedralβ model.
Also Git, we need a lot of code control.
Maybe a drive-by-confession or transfiguration injection? Cardinal Robert Tables? Evil nun? Spear of Longinus Phishing? NOP Sled? Ministrant-In-The-Middle?
@jackemled frankly if I did figure out how to hack the human body and DIDN'T do tails and animal ears, I think the entire furry internet would be justified in assassinating me.
Channel 4 News, in talking about today's #Microsoft #CrowdStrike fuckup, stated that the expected Y2K effect was imaginary.
No! No! NO!
We* did a massive amount of work to update and ensure systems would keep on working. And more importantly WE TESTED EVERYTHING FULLY BEFORE GOING LIVE.
(* As in everyone responsable for operating computer systems around the world!) (added note: Channel 4 is a UK national television station, not local)
It was an obscure cross-compiler which checked the timestamp on its source and object files whilst deciding what to recompile, and got it wrong after Y2K. In those days it was simple enough to just set the clock back on the one PC that needed to run that compiler (back then it was a pain to set up NTP manually - these days it's the default and I wouldn't know how to start going about turning it off).
@TimWardCam @FurryBeta Yes, the "do this if date now greater than date recorded" switch was a major fault zone.
A previous company used an internal date format of 5 digits, which had reached 99900 when they realised there was a problem. Lots of contractors taken on who joined, looked at the code, and quit.
(I was in the network dept so not responsible, but still left before the rollover)
I personally fixed two consequential instances of the Y2K bug in banking software. This small body count is somewhat noticeable only because *I entered the industry in the year 2007.*
Yeah, they were retrospective calculations that went bad only after loans written in the new millennium started to mature. It really pushed home how many instances of the problem had existed, to have such a long tail years "after."
No. The shitstains that prevent normal working folks from getting to work, or school, or to doctor's appointments are far worse than whatever climate catastrophe they're protesting to prevent. I'm a big supporter of being as green as you can (hell I don't even own a car and take mass transit everywhere I go), but to say the "minor" inconvenience of a bunch of shitty people making themselves a nuisance for the greater good is ok proves that most of these shit piles have more in common with the corporate ass lickers that are doing the earth dirty. You want to camp out in front of a senators house or have a sit in in their office, or chain yourself to a tree in a forest, feel free... but when you start impacting hard working folks from living their lives, you're worse than the corporate shitbags that are destroying the environment.
@calsnoboarder worse than oil execs who's documented plans already kill millions, and will likely kill billions if left unchecked? Okay then. Keep in mind, no disruption happened. There was discussion of doing so on a zoom call, and for just discussing it, the group was sentenced to 5 years.
It occurred to me while reading today's Suitor Armor this morning (which, incidentally, was being very nicely trans-positive today!) that many of the fictional characters I most like are, in fact, AIs (or a fantasy equivalent):
- Modeus from Suitor Armor - Rambley from Indigo Park - Wall-E and EVE - Astro from Astro Boy - SecUnit from The Murderbot Diaries - Ronb1n5cat5co from Ron's Gone Wrong - R Daneel Olivaw from an awful lot of Isaac Asimov's books - Baymax from Big Hero Six - Bender from Futurama - 9 from⦠well, 9 - Alpha 5 from Mighty Morphin Power Rangers - Chappie - Chip from the Not Quite Human book series - D.A.R.Y.L. - etc.
And I realised a little while ago when I remembered to actually write this post, that the reason for this may be that AIs are probably most likely to be Ace.
Later on during my run I took another pic, this time showing some old gasometers (not sure if they're even still in use, but I suspect not) with dramatic sunlight. This one should be titled something like "Solar Eclipses Gas" or "Solar Leaves Gas in the Shade".
@Aatheus I remember seeing them at different heights when I was young, but that was back in the 1970s/80s and it's a very different world now. Hopefully the whole concept of burning hydrocarbons will soon be a historical mistake that we've moved on from.
The buildings actually rose and fell within the frame as they filled up with gas...and then emptied as it was burned. Very simple mechanical system, replaced by pressurized pipelines
@Aatheus Yep, they are basically like a bell jar upside down in a circular trough of liquid, to seal it. The weight of the jar maintains the pressure in the gas pipes.
I went for a run earlier this week and actually paused long enough to take some photos. These are the local tower cranes being used to build some new tower blocks (in an area where there are no tall buildings, so they'll stick out like a sore thumb, but anyway). When I see them at night, I mentally refer to them as the eyes of Sauron, because of the red lights on the top.
I took these pics because the light was pretty good. First pic I tried to get all the cranes in the frame and yeah, that worked, but it looks bland. Second pic doesn't really show the cranes properly, but the dramatic lighting works!
