@InfoTeddy's banner p




1 follower   follows 3 users  
joined 2022 September 04 17:54:56 UTC
Verified Email


User ID: 43



1 follower   follows 3 users   joined 2022 September 04 17:54:56 UTC


No bio...


User ID: 43

Verified Email

Yes, you need to detect and monitor threats. But no, an antivirus is not the sole solution for doing so and I have doubts that an antivirus alone is an adequate solution for this task. I am not arguing against the need for detection and monitoring, and there are better ways to do detection and monitoring that don't come with the added attack surface of an antivirus.

Would antivirus have actually detected this infection? Ignoring the fact that phones don't usually run antivirus (because they employ sandboxing security measures), in the case of FORCEDENTRY, the exploit was discovered because Citizen Lab specifically examined the phone of an anonymous Saudi activist. They don't say what exactly led to the phone being examined by them, but I'm willing to bet that it exhibited signs of infection that any general-purpose antivirus like McAfee wouldn't have detected.

Yes, sandboxing technology can still be vulnerable, but antiviruses are not a better security practice than sandboxing. Moreover - since you brought up a targeted spyware attack - if you're being specifically targeted by nation-state actors aided by NSO Group, you need to up your security anyways. So your comment that

You really can't expect every boomer pecking at a computer to know the ins and outs of security.

immediately after discussion of FORCEDENTRY confused me, because if your threat model includes zero-day attacks like FORCEDENTRY (for example, you're a political activist, journalist, or whistleblower), then yes, I do expect such a person to know the ins and outs of security. They should stay on top of their game, because their life literally depends on it. At that level of threat modeling, if you're genuinely worried about attacks from well-funded nation-states, then security is not something you can just ignore and expect to have taken care of for you.

Bad example? If you're targeted with zero-days like Pegasus, an antivirus software is not going to stop it. In fact the standard defense for this sort of thing is what I've advocated - isolation of system components via sandboxing/virtualization. I'm not sure what your argument is.

I have the opinion that the more data you give out, the more likely it will just get breached. Especially personal data meant to authenticate your identity. The best thing to do would be to not give data out at all - data that doesn't exist, can't be stolen - but most of the rest of the world doesn't think the same way, and are extremely unlikely to question why we have normalized people giving away their data without a second thought.

I have always been of the opinion that antivirus is a poor idea, and at best, a half-baked solution preventing you from adopting better solutions, such as sandboxing/virtualization and general human security hygiene. I haven't run an antivirus (besides Windows's built-in Defender) in years on any of my computers or phones, and I've never gotten malware on my systems simply because I don't open any sketchy apps or files, and if I do, it's in a virtual machine isolated from the rest of my system.

That an entire industry (the antivirus industry) exists based on the premise of a bad idea that is not only ineffective but adds massive attack surface simply because attackers can exploit what is essentially a privileged system component with deep access to all parts of the system - a cure worse than the disease - should be a lesson in how easy it is for someone to get the basics of a skill (such as security) wrong.

Media sources are identifying the deceased gunman as 20-year-old Thomas Matthew Crooks. Seems to not have had an internet presence. Strange. +1 for nominative determinism though.

I will agree that it is a problem if one reflexively disagrees with a contrarian and doesn't elaborate on why the default hypothesis is better. But, provided that one actually gives a specific argument, I think there is value in arguing against a contrarian hypothesis in support of the status quo. It tends to reveal what I like to call silent successes - the places where you don't even realize something is working well, which you only realize when a new solution is tried and fails in said places. Chesterton's Fence is a good formulation of this phenomenon.

For example, I appreciate pieces like this one by Yassine Meskhout which pushes back against some of Aella's position on polyamory (itself a contrarian position). While I don't agree with everything in the piece, it's much more valuable for it to exist than to not because it illuminates some of why monogamy (the default position) is actually good.

Java Edition mods are in Java. Bedrock Edition is in C++ and I'm not as familiar with their modding scene but it appears to be much more difficult, so the vast majority of Minecraft mods are Java. Even still, that doesn't mean they can't be malicious. There was an incident last year where a Fediverse instance got compromised because the owner ran a malicious Minecraft mod on her computer.

Not completely dead yet. Many instances have essentially died but some instances have resorted to directly using accounts for scraping and are buying in them in bulk. Of course, this is expensive as those accounts will eventually get banned sooner or later.

As the saying goes, the optimal amount of a bad outcome is not zero.

Bad moves from both sides here. Coach literally livetweeted that he was going to cross at a specific border checkpoint with Hungary hours before he actually did so, and surprise surprise, he was caught and jailed. Ukraine should've kicked him out instead of keeping him because it's not like he could do actual harm to the war effort.

I don't know if this will have significant material repercussions for Ukraine. I was under the impression that Ukraine funding was slowed if not dried up entirely due to the focus on the new hot thing, the Israel-Palestine conflict.

Why do people who want to scare women with pictures of trans-identified females always go for the photoshopped ones, and not for a more realistic one that shows that Buck Angel is actually pretty tiny and nonthreatening compared to her male counterparts?

It's a crucial tactic that trans rights activists use. Many of their arguments derive from a foundational assumption that the trans person passes as the gender that they want to be (I've heard the bathroom argument turned in favor of the trans people by arguing that there's just as much danger if not more to a transgender woman being in the men's restroom than a man in the women's restroom), but much of the evidence to substantiate this assumption are photos taken using very specific angles and very specific lighting, if not photoshopped entirely. Candid, unaltered photos almost always show the trans person looking weird and out of the ordinary, if not failing to pass entirely.

Website with large library of pro final exit material. According to OP, PDFs do count as books :P

The site is controversial mostly for frequent accusations that it facilitates suicides; the standard formula is a suicidal person seeking methods joins the forum, posts a few times getting help, and then successfully carries out their suicide, then their family goes to the news media and an article is written about their plight blaming it on the forum. Arguably if it was just a library of suicide method PDFs it would get less heat because there's no interactivity (with other humans) with PDFs. At least, that's the way I see it, but it's entirely possible that people would still dislike the site just as much even if it only contained PDFs and had no interaction. Then again, I don't see this level of controversy over sites like LostAllHope (although there was a Change.org petition to shut down LAH that, surprisingly enough for a Change.org petition, resulted in the host terminating services, although the site just moved hosts), so I could be right.

This thread?



Technically, that's a website :P

Some big music YouTuber made a video on it, and there's a Kiwi Farms thread refuting several blatant lies in said video. Shame that the thread hasn't spread much, but that's likely owed to the YTer's influence and generally positive reputation and KF's generally negative reputation.

He's written a post on the forum of a tier list of internet services that he recommends.

While I sympathize with the argument that it's tyrannical to require crypto exchanges to adhere to KYC, I would imagine that the immediate and obvious objection from Pornhub's side would be that this would substantially cut into their bottom line, from the principle that providing stuff for free paradoxically increases the revenue of it (look at how piracy of video games boosts their sales). If they can't provide free videos, then they'll get less money.

That's true, but I see this as a form of evolution, the same way that 99.99% antibacterial soap ends up producing superbugs through natural selection. It's just a matter of consequence that trans activists' deplatforming efforts would end up hitting on one guy who just happened to have the smarts, wits, etc. to figure out how to effectively resist censorship and would want to dedicate enough time and effort to doing so.

Kiwi Farms isn't a monolith; there are some people on there who are sympathetic to transgender concerns. That said, the overwhelming majority are definitely anti-trans. I'm not implying that this means that the site is deliberately anti-trans or anything; it's a combination of their thread subjects being disproportionately transgender (as previously mentioned), but also the fact that many other gender-critical spaces elsewhere on the internet have been shut down thus funneling many would-be GC Reddit/Tumblr users onto the site, as well as the fact that many don't even care about trans issues and just want to laugh at weird people but have essentially been forced into caring due to the many attacks on the site (no doubt by the same activists shutting down anti-trans thought on the rest of the internet). If they were left alone, half of the anti-trans sentiment would disappear overnight.

The War on Kiwi Farms: The Kiwis Fight Back

I'm sure everyone here knows of the controversial site Kiwi Farms, which has been endlessly accused of facilitating online harassment, and endlessly deplatformed. The site's defense has always been that it doesn't do that, the content is completely legal in the United States, and it's just a neutral observer, and with very limited exceptions (namely protecting Chris Chan until 2021, and interfering with zoosadists), I've found that to largely be the case. But I always wondered if this attitude left them vulnerable to just being attacked endlessly like this. Like, if bad actors know that this site won't actually fight back in any way, wouldn't you expect that they would just relentlessly attack it, since they're more-or-less free to do it?

Well, recently, they've actually started doing it. They're using the tactics that have been most effective in deplatforming them, and turning it on others. Namely, filing abuse complaints with upstreams and accusing sites of violating their AUP (which stands for Acceptable Use Policy). Their first target, thematically enough for an anti-trans site, is DIY HRT, as in HRT (Hormone Replacement Therapy) that isn't dispensed directly from a licensed pharmacy, often homemade and imported in to the country from shady international sources.

DIY HRT sites exist in a very legal gray area, because they more-or-less undeniably facilitate the sale of unlicensed pharmaceuticals. There have been credible reports of the drugs being manufactured in really unsafe and unclean conditions, leading to issues like clearly visible human hair in a vial that's meant to be injected into your bloodstream. Furthermore, the demographic they serve raises child welfare concerns - children are the demographic most likely to be unable to access legal HRT and/or want to keep their HRT on the down low from others - and some of the marketing/labeling on the items is quite blatant (in one case, text reads "Keep away from parents" and the image is of a childlike figure). Naturally, these are the reasons Kiwi Farms uses to file abuse complaints with upstreams. And they're doing it quite openly - there's a public thread on the site where they coordinate and give information on filing abuse complaints. So has it worked?

Looking at the DIY HRT wiki, they list several DIY HRT sites that have been taken down by complaints, so certainly looks like it has. It's gotten to the point that I had to look through an archive of the DIY HRT wiki, because I couldn't connect to the live site. The irony is that, just like Kiwi Farms themselves, the sites haven't actually been taken down for good - they just hop to another web host, domain registrar, email provider, and they're back in business. And the biggest irony of all is that the DIY HRT camp don't have any recourse for this. On their subreddit, one person asks "What is stopping doing the same to KF?" and the answer is "It has been done to KF already." What are they going to do exactly, attempt to take down a site that has spent years hardening itself against being taken down? One is reminded of the Chinese parable where the penalty for being late is death. They can't be more mean to Kiwi Farms, because trans activists have already spent years being as maximally mean as possible to Kiwi Farms, kicking them out of almost every single web host and domain registrar in the world, and all that has resulted in is a horde of people pissed off that their site is being taken down by trans activism, now radicalized against the trans movement. They've been put in a situation where they can either lose, or lose but also take down others with them, and in that respect I don't blame them for finally, finally, starting to fight back.

I don't know anti-car people who want to totally abolish personal cars.

This must be a selection effect or something (cf. Scott Alexander comparing conservatives to dark matter), because when I think of anti-car people, my mind immediately recalls the various people who have stated in no uncertain terms that they do in fact want to abolish cars (e.g. BritMonkey). And then I don't know what to make of the movement as a whole because they seem reluctant to disavow their more radical sections and/or improve their messaging to be more palatable to the average person.

To be fair, this isn't anything special to urbanism; I have similar problems with the trans activist movement too. At least white nationalists are honest and don't hide how radical they are.

I think that a large part of it has been downvotes affecting your participation. If you get downvoted too much, you're restricted from commenting, so you're always incentivized to say whatever gets you upvotes, which will always be what the majority consensus is. This is also where the judginess comes from, because if you have a differing opinion, people don't want to seem like they are the ones with a minority opinion, so they will attack you to keep the consensus afloat. Contrast that to TheMotte where downvotes don't affect your participation at all.

This is more or less unfalsifiable reasoning, because whatever evidence I give of other justifications for their ban you will dismiss as motivated reasoning/manufactured.

Yes, because any number of websites could fall under the same reasoning or worse, but it's only Kiwi Farms that they apply the standard to. This is besides the fact that in particular for Kiwi Farms, many of the justifications are outright lies.

Also, FWIW Kiwifarms is still up and active.

Not without an uphill battle. They're still being attacked by the same ex-Googler transgender trans activist who spends all day sending emails reporting the site for violations of every single provider's AUP.

The point being is that "start your own website" is a huge fig leaf, because they can't just come out and admit that they are opposed to ideologically-opposed groups merely existing, so they always have to find another socially-acceptable reason for shutting the site down.

Screwing up the dating market, for one. China has the opposite problem with vastly more men than women as a result of their former one-child policy, and that leads to a ton of men being unable to find a partner. Analogously, an excess of women would leave a ton of them unable to find a partner. Of course China has more demographic problems beyond that (namely having more old people than young) but you get the point.

My immediate objection is to the lopsided gender ratios that this would produce. As seen in China, lopsided gender ratios are not good demographics to have for a country.

I don't give out details like that so I'll answer no.