@ares's banner p

ares


				

				

				
2 followers   follows 4 users  
joined 2023 June 26 16:22:57 UTC

Commander, USN (ret). Former Googler. Computer programmer. I'm here mostly to read.

Verified Email

				

User ID: 2527

ares


				
				
				

				
2 followers   follows 4 users   joined 2023 June 26 16:22:57 UTC

					

Commander, USN (ret). Former Googler. Computer programmer. I'm here mostly to read.


					

User ID: 2527

Verified Email

Nifty. I've been part of this forum since it was on /r/slatestarcodex, and this is my first AAQC. I guess I just needed to tell more sea stories.

2x almost all the time, except when it's music, the audio isn't clear (as is the problem with your linked video), or there's onscreen text I can't read fast enough. I also tend to watch movies at 1.5 speed when the platform supports it.

I managed my small company's NFC door system and yes: we had a database with every employee next to their NFC tag ID and we could revoke them without confiscating the key. Pretty sure that's standard on every system you'd buy. Probably if you're homebrewing a solution, too.

Great info. Thanks for sharing!

Ooh, strong point in favor of AWS. If you don't mind sharing, what AWS storage type are you using? What's your data size, rate, and cost?

Yeah, maybe I should. Part of it is also inertia since I have been pretty invested in Google infrastructure since their early days. But I also don't think Google actively polices your Drive files except for CSAM and people sharing movies through Drive. Having been on the inside, I just don't think there's that much active policing by Google of the sorts of wrongthink I participate in.

email@firstlast.tld or mail@firstlast.tld would work. If you're read Cryptonomicon you could use root@firstlast.tld. But that's actually why I don't own firstlast.tld for myself, is because there's no good email address that I'd share with friends and family. first@firstlast.tld is awkward.

It's not so much that I don't think they take security seriously, and more that I think their incentives are misaligned with people's data autonomy.

That's true, but I'm just not convinced that it's rational to swear off their services because of that alone. It's a mutually beneficial, slightly adversarial economic relationship, like everything in Capitalism. I do think the math is different for people who are breaking the law or actively working on cybersecurity stuff, but what I see most often (IRL) is "Google/FAANG bad!" grunting by people who have huge security vulnerabilities and data leakage through other methods. Maybe that's sampling bias, since my social circles don't include anyone who's been to DEF CON.

Like when Google decided to make Google Photos not unlimited any more, with it also being somewhat difficult to do a mass-export of your original, full-quality photo data. And Google's usually not too bad with making takeout possible, so that made a lot of people pretty mad.

My understanding of this change was that your photos now count against your Google account's storage limits, shared with Google Drive, gMail, and all other Google services. If you have a lot of full quality photos and run out of space, you can pay for more storage or compress them. That seems completely reasonable to me. I haven't heard about difficulties in using Google Takeout. I do so occasionally and it's always been straightforward. Are complaints about that change just some combination of "free stuff isn't free anymore" and "I hate Google", or is there something legitimate there?

We put a lot of our lives on our computers, I think having control over them and the ability to make our own choices with how we use and manipulate our thoughts and memories is important.

Hard agree. Time has shown that Stallman was right. I'm glad we can still compile our own OSs from source. In a lot of other areas, I think the battle is lost. I'm living and teaching my kids to deal with the world we're in, and I don't think abstinence-only can work if you want to have a healthy social life. I won't be the guy who refuses to open the menu from a QR code when out to dinner with friends.

Yeah, I feel like I recently saw a US court case where someone was found guilty for breaking a law that wasn't a law when they committed the acts. I can't find it now for the life of me.

There are plenty of not-straight furries at Google, so if there's a culture/legal shift I would expect Google (and other FAANG companies) to fight tooth and nail (heh) against court orders to reveal incriminating stuff related to that. For the CTRLPew stuff, yeah, I'd back up those files and notes in a way the cloud providers can't see them. The VeraCrypt file is annoying because I have to upload the whole thing when any small part of it changes, but I'm not sure there's a better solution. I have zero trust in any company's claims of zero-knowledge, unbreakable encryption, or resistance to government seizure.

I did that with a second TitanKey for a while. Cars have wild temperature swings and aren't great for storing electronics, so I ultimately moved it to a safety deposit box with a small local bank. It also turns out that if something requires me to do things infrequently but consistently, I usually end up forgetting and failing to do it. So for me, right now, I would rather pay money than time for a backup solution.

How's everyone feel about OneDrive integration in Windows, or Google and Apple cloud in their phones?

Two is one, one is none, and three's a spare. I run multiple backup solutions on my data because I do not want to lose a bit if any one of them breaks.

For phones, I think you're pretty much stuck with Google or Apple owning your data. That's a large vulnerable surface of your Google or Apple account, so ensuring you set up 2FA (and not via phone number since those can be easily spoofed). I use a hardware key. I'll have to reassess if I ever decide I'd like to start committing felonies, because both of those companies share your data pretty freely when there's a legitimate request from law enforcement. That'll include GPS and location data, and "person who always brings their phone with them decided to leave it at home on the night in question" is very easy to tell from the records. Also important not to google incriminating things. The military uses cell phones a lot when targeting bad guys. Most of them had good OPSEC but their wives never did. My military career was mostly in intelligence, and being resistant to the techniques we used is just not practical for anyone who doesn't believe their life or freedom is in serious jeopardy from the US government (ala Snowden).

At home I'm using a ZFS array to protect against hard drive failure and bit rot. I have a TODO for exploring backblaze, AWS, and other places for offsite storage of large unchanging data sets since I want to keep my data in the event of a house fire. I keep my important stuff on Google Drive mirrored to my ZFS array. I have a VeraCrypt file that holds anything I want to backup but not let Google read. Examples of things that someone might not want Google to read include TOR accounts and bookmarks, "hacking" tools and scripts that have been used in violation of the CFAA, and cryptocurrency keys. Not that I have any of those.

Having seen how Google handles data privacy and security from the inside, I'm not at all worried about their cloud integration from a security perspective. I trust Apple and Microsoft similarly. The company is not going to blackmail you with your nudes or leak your social security number, and employees can't access those things on your account without getting caught. The company will cooperate with any and every government if they feel the request is legitimate, as I mentioned. I keep that in mind, but don't actually want to join up with the Proud Boys or kidnap the governor of Michigan, so I'm comfortable keeping my files with them. I am quite comfortable keeping my SSN and bank account information on my Google because I have the hardware 2FA key (and no other 2FA allowed) to protect against account takeover. The government and law enforcement can already get my SSN and bank account info if they want them. And if Google deletes my account, no biggie because I have a local copy of everything.

I moved my email off gmail and don't have a plan for email backups yet. Another TODO.

I was part of the 2023 Google layoff, and still have a lot of friends at the company. Everyone is nervous and stressed as the layoffs continue. Remember (or discover) that 2023 was the first time Google laid anybody off; prior to that, if your job disappeared you'd get 6-12 months to find a new one within the company. The Google engineers I know are all trying to keep their heads down and just do their job right now.

So I don't think its likely that any coordinated group of Googlers are purposefully allowing these fuckups. Instead, what I think has happened is that Google grew up with teams of rockstar nerds who cared about the company, and a culture that allowed them to call out shit when they saw it. This was the culture that made Damore feel like he could and should write that memo, and that you can read about in Schmidt's book How Google Works. That culture stopped, and Google shifted from being mostly rockstar nerds into being mostly rockstar PMC nerd-managers. All the safeguards and procedures and culture that would catch these fuckups before they're released is immature/absent, because 5 years ago the nerds would fix these sorts of things without having to be told.

I have not found a source that summarizes the James Alex Fields Jr. case in an unbiased way. Here are some sources with bias in the other direction:

The famous "120 mil to the govt or 40 mil to La Raza" option.

I have not heard of this, and my googling isn't coming up with anything. Can you provide more specifics?

Se my other comment for specifics on this particular incident, but in that sentence I was trying to speak more generally about how another country's court would rule compared to the US courts. I was thinking of things like death penalties for non-capital crimes, lack of due process, punishment for political or religious crimes, etc.

You raise good points (here and below), and I'm sorry I glossed over that part. I tried not to let the real story get too much in the way of the one I was telling, but I forgot that this is the sort of forum where I can't get away with that.

This occurred back in 2005-2006: hunting Somali pirates before hunting Somali pirates was cool. Our ARG was initially deployed for OPLAT (oil platform) Defense over by the Gulf of Oman, but there were a few hijackings and we were redirected to the East coast of Somalia. Back then Somali piracy was in its infancy, and the world hadn't really reacted. International Maritime Law on piracy wasn't prepared for their tactics, and our JAG plus his more senior lawyer bosses ashore gave us some pretty shitty conclusions about what we could and couldn't do legally. We couldn't do anything to the skiffs while they were just driving around because as much as we knew they were pirates, the JAGs didn't believe the USA could prove it. They always claimed they were fishermen. After a hijacking, it was a civil issue between the ship owners and the pirates. We were only able to actually treat them like pirates if we caught them in the act of piracy, which of course we never did because, see ref A, we were a big warship that could be seen from 15 nautical miles away. Anyways, we had at least 1 large maritime vessel hijacked while we were in the area, and we couldn't do anything about it other than watch. I heard that got the ball rolling on actually updating the international laws (or, perhaps, the US Military's creative interpretation of those laws) so the US could actually do something about the pirates, but I never did much followup to check because I was never out on anti-piracy operations again. The Navy did send me back to the Horn of Africa for other stuff (such a shitty part of the world), but that's completely unrelated.

So who we caught, according to our JAG, was not a group of pirates. They were a group of fishermen who fired small arms and an RPG at a US Naval Vessel. Maybe I was wrong to mention "rules of war" since they weren't uniformed combatants, but we don't kill people who have surrendered and don't pose any more threat to us. After lots (lots) of training on the lawful use of deadly force, my gut tells me that shooting them all and sinking their skiff after they threw down their weapons would have gotten everyone a court martial. I can't cite which specific way they'd be charged, though. It's been too long, and at the time I was a lowly JO who wasn't privy to the actual JAG opinions or conversations about it.

Captains get a lot of leeway in judicial decisions on their ships, but they are generally smart enough to listen to their JAG, and JAG said no keelhauling. So the fishermen/pirates got about 10 days of excellent medical care, good food, comfortable beds, (relative to Somalia) and then were promptly executed by Yemen.

Thanks. A military career is good for, if nothing else, giving you a good story or two to tell.

Hard to search if you want to get it right. I can imagine a State Department convincing some Central or South American country to accept all immigrant criminals of uncertain Hispanic nationality in exchange for a few hundred million dollars of "humanitarian aid", or whatever euphemism we want to use. "Oh, my dear illegal immigrant rapist, you refuse to tell us your citizenship? Off to an El Salvadorian jail, then." A State Department (under the Executive branch, remember) that is not doing this must think it's not worth doing. I've had this thought in the back of my mind during all the politicking on immigration.

I don't disagree with you, but I feel like you're glossing over the parts that make this a complicated issue. Extradition treaties are complex, and don't exist between all countries. In many cases I'm glad that the more-free West can be a sanctuary for political "criminals" from the East. If Yeonmi Park jay walks, I don't want her sent back to North Korea to be executed, and I'd go so far as to say that yes, we do have an obligation to not send her back. But if she murdered someone in a State without the death penalty, should we put her in jail for life? What if it's reckless homicide? Or a refuge whose political persecution is less clear? I don't know where the lines should be drawn, and would love a good mistake-theory discussion about it. What we seem to get from the US government, though, is conflict-theory soundbites arguing for all-or-nothing solutions.

When I was a young SWO on deployment to the Horn of Africa for anti-piracy operations, we regularly came upon skiffs in open waters with a dozen Somalis crammed on. We'd drive our big warship close, then our VBSS team would take a RHIB over to see what they were doing. They always had one or two fishing poles and a few rotten fish aboard, having jettisoned their weapons as soon as they saw our big warship approaching. "We're fishermen" they'd tell us through a translator, in open ocean on a 12-foot boat with 20 men onboard. Well, one day one group of Somalis decided that they were not going to jettison their weapons, and instead opened fire on one of the ships in our ARG. They launched at least one RPG and somehow completely missed the giant, boxy, unmoving ship that was right next to them. The VBSS team shot them until they surrendered. We zip tied the Somalis, brought them onboard, and gave them a fair bit of medical care (and not just for the holes we'd seen fit to add to a few of them). So now we had these Somalis onboard, locked in our medical spaces (because while the US Navy apparently takes inspiration from jails when designing their berthing, they don't actually make any of those rooms secure for holding criminals). This was back when the US didn't recognize Somalia as a country, so our State Department was having the darndest time figuring out what to do with these guys. We drove around for a week, maybe more, before a deal was brokered to give them to Yemen. They were dropped off and (according to the scuttlebutt) promptly executed.

This was almost 20 years ago, and I still think about it regularly. Should it have gone different, from the moment the Somalis surrendered? Would have been a lot cheaper and easier to have just shot them all there and sunk their skiff, with the same outcome. But that's morally wrong, and not in keeping with the rules of war. We shouldn't've given them to Somalia; they're not a real country (still aren't, IMO) and they government would most likely use the pirates' lives to extort bribes from whatever warlords or families they could, and then free or execute them (flip a coin). We shouldn't've put them into an American jail or Gitmo because they weren't worth it.

The conclusion I keep reaching is that the Somalis (and, to bring it back to the point at hand, immigrant criminals) are a time when "don't flip the switch in the trolley problem" is the best answer. We can know that the "justice" they'll face in their homeland (or Yemen) will probably be unjust, but it's not us doing it and that absolves us of some of the moral responsibility - enough to make it the least shitty of a bunch of shitty choices. We remove them from our control and return them to a place where a government will claim jurisdiction over them, and if that government doesn't afford all the legal protections that we do for our citizens, well... that's on their government. And I know there would be extreme cases when we shouldn't give them over to the other government, like shipping our Jews off to the Nazis or our Lienz Cossacks to the Soviets (oops). But those seem like the extreme cases. As a rule, I think "make the other country deal with their citizens" is the right answer. Our State Department has the power to make every country on Earth do that, assuming we have the political willpower. I worked closely with the State Department later in my career, and there is no doubt in my mind that they're capable of brokering that deal. If the US is ever told by another country that they won't take possession of their citizens who have committed crimes in the US, it is only because the US State Department has decided against spending the effort/money to convince the other country.

I am teaching my children the importance of firearms in defending liberty. When they're old enough, I'll show them where we've "buried in your backyard" the family firearms that are illegal today (regardless of whether that cache grows, shrinks, or has become unnecessary due to changing laws). I think it's a bad assumption that most people hiding firearms aren't doing the same with their children.

I was pleasantly surprised that ChatGPT was able to produce real court cases where State Courts have ruled on Constitutionality:

  1. People v. LaValle (NY, 2004)
    The New York Court of Appeals struck down the state's death penalty law, citing the Eighth Amendment and the state's constitution. The court held that the death penalty statute violated constitutional protections against cruel and unusual punishment.
  2. Pruneyard Shopping Center v. Robins (CA, 1979)
    The California Supreme Court upheld the right to free speech under the First Amendment and California Constitution, allowing individuals to gather signatures in shopping centers despite private property rights. The U.S. Supreme Court affirmed the decision.
  3. State v. Santiago (CT, 2015)
    The Connecticut Supreme Court ruled that the state's death penalty law violated the Eighth Amendment due to its arbitrary application and evolving standards of decency.
  4. Commonwealth v. Wolfe (PA, 2016)
    The Pennsylvania Supreme Court addressed federal Eighth Amendment issues regarding sentencing juveniles to life without parole. The court applied the U.S. Supreme Court decision in Miller v. Alabama to ban such sentences.
  5. State v. Gregory (WA, 2018)
    The Washington Supreme Court ruled that the state's death penalty law violated both the Eighth Amendment and the state's constitution due to evidence of racial bias in its application.

Older LLMs would regularly hallucinate with this sort of question.

Edit: link updated to include follow up ChatGPT conversation, which included State courts that weren't State Supreme Courts ruling on Constitutionality:

  • People v. Mann (NY, 1992): Ruled on the Fifth Amendment.
  • People v. Lovelace (IL, 2002): Applied Fourth Amendment protections.

I do not have any experience with Linux certification programs. I do have experience with Linux, programming, sysadmin stuff, and government jobs/roles/contracts that require certifications. I also have experience with hiring, and with convincing large organizations to pay for training. With those caveats, I think something like Linux Foundation Certified IT Associate would be worth looking into.

Benefits:

  1. From a reputable org, so has some value on a resume
  2. Not too deep for a new-to-tech employee
  3. Covers the basics of what you've described

I would not count on the credential to be especially useful to your company unless you know of a project or customer who requires it already. The trend I see is for organizations to focus a lot more on actual ability rather than certifications until the org get really big, and often not even then. Government jobs/contracts are the exception, but if you're doing those then you would already know which certifications to work towards.

Nice! This seems pretty lightweight. I wonder if this would work on the free tier of some cloud hosting providers...

Hey, what do you know, I just migrated off Gmail last week, and would love to talk about my experience. I'm now using ProtonMail (https://proton.me/mail) with a Proton Unlimited subscription, and have my own domains through Cloudflare. Here's what I did:

Step 1: Create a free-tier Cloudflare account and transfer/buy a domain or three. I have had (mylastname).tech for a while, which makes my email address firstname@lastname.tech, and I like that. But if you want to buy a .vodka or .christmas domain for your primary email, go for it. I was using Gmail and Google Domains, but with Google Domains shut down I had to migrate, and ultimately Gmail doesn't play nicely with Cloudflare so I needed a new email solution. Domains will generally cost $10/year.

Step 2: Create a Proton account and buy at least Mail Plus so you can add your custom domain. You can do parts of this with a free account, but I decided it was worth paying a little for the extra features, especially the ability to send mail from my domains.

Step 3: Proton has a wizard that guides you through setting everything up to receive email from your domain, and a help center article with pictures specifically for Cloudflare. The steps include setting up SPF, DKIM, and DMARC so your emails don't get sent to spam, and enabling the catchall address so that you get all emails sent to your domain.

Step 3a (optional): You can also configure Cloudflare to receive your emails and forward them to your proton mail address. This gives you Cloudflare's protection and tracking. This is what I did, and this is what you'd do at the Proton free tier.

Step 4: You may experience some pain, because you get to change your email address on all your accounts to point to your new domain. I had already done this a while ago. The nice part about this step is that you can create a new email address for every place you interact with. I use amazon@mydomain.tech for Amazon, themotte@mydomain.tech for here, and linkedin2@mydomain.tech because I was starting to get spam at my old linkedin address and it's easy to set a rule to autodelete them now. But it's not actually that painful: you can change a few of your main accounts and worry about the rest later, because...

Step 5: Forward your Gmail to your ProtonMail. I did this in the Gmail settings, but you can also use ProtonMail's EasySwitch tool to do it for you.

Step 5a (optional): Set up a tag in ProtonMail for emails forwarded from Gmail, then rule to automatically set it. Any time you get an email that's not actually from Google the company telling you about your Google account, that's a reminder for you to update whatever account it is. Or, as I'm discovering, a reminder to unsubscribe because why was I actually subscribed to this shit in the first place?

And that's pretty much all I needed to do. I'm creating occasional filters, folders, and tags to sort things how I want, but it's been a very straightforward and easy process. And now I'm not tied to ANYONE. If Cloudflare and ProtonMail go out of business or decide to blacklist me, I can move my domain to another registrar and pick a different webmail host, and my online accounts will remain mine.

Edit to add additional thoughts: I continue to use a KeePass database for password management, and since it's encrypted at rest I am comfortable using Google Drive to backup and sync it. I'm not planning to switch to Proton's password manager since I like the open source option. I haven't moved my calendar yet, and that might involve moving my wife over to Proton since we share calendar items all the time. I may never do that. For now it's easy enough to just open the Google calendar when I want to see my schedule.