gattsuru
10d ago
I'd expect it's more likely that the UK just gets flooded with more CE crap, while the bottom end of the domestic or near-business market lifts its skirt up over the floodwaters, same as the rest of the EU user privacy data stuff. Sorry if that's cynical, but the last time I went to the UK a coworker got zapped because none of the three-prong power adapters he'd locally-purchased actually had connections between the input and output ground plugs.
Some of these restrictions, even some of the good ones, aren't that readily implemented. SecureBoot is only a recommendation, which is good, given that even a lot of mid-range microprocessors don't support it, nevermind the microcontroller world where it's gfl. I've got two projects I'm running now (STM32F103Cx- and Nuvoton NUC980) that don't support it at all, and these aren't exactly ancient PICs. Same, maybe even worse, for the recommendation for memory access controls. Mandating a default-off mode for any debug interface is understandable from a Serious IT Perspective, but it also makes a lot of stuff e-waste in a wide variety of circumstances, and makes a lot of useful prosumer and enthusiast concepts unavailable.
More broadly, this reads a bit like it was written by a mid-studies electrical engineering student, for better or worse. There's a lot of good recommendations, but trying to make a clear distinction between IoT and 'constrained' devices as a simple binary... it's bad enough trying to split microcontrollers from microprocessors, but from a quick read this reg would put harder restrictions on an ESP32 lighting controller than solar-powered NVR system.
On net, it's probably not bad to have a document people can look at, even if they end up shrugging on actual implementations at points, but it's frustrating.
gattsuru
11d ago
It's... had a lot of governance Issues for a long time, and there's the normal coastal politics (did you know NixCon had Anduril sponsorships, the sridhar ban). I don't grok the entire point of the Nix project, but from what I've seen via shlevy on twitter, the NixOS governance has been kinda the center of a turf war since ~2021 (with the first community team rfc, not enacted).
A lot of recent heat seems to be downstream of Eelco, the original dev, officially stepping down and handing control over to the Foundation Board. He's not been active much for a while, but the community was largely willing to overlook a lot of moderation and management decisions running very much by the seat of everyone's pants, under the auspices that he'd be kinda overlooking things. In theory, there's supposed to be constitutional convention and a foundation board meeting and a whole bunch of stuff about distribution of power and oversight, but in practice, there's not really much clear way for anything to happen beyond the Foundation writing whatever policies it thinks will be popular in California -- see the sponsorship policy snafu, and specifically how the forum auto-locked the discussion and moderators forbid opening new threads on it (and the thread OP was tempbanned for being a putz).
But the recent snafu is about more generally around the ethos that:
There's a code of conduct in place, people want it expanded significantly, and that people are allowed to question it are evidence that it should have been expanded years ago, if not evidence of governance failures or destructive to the reputation of the community; sprinkle in some mentions of sealioning and concern trolling, and you're done.
gattsuru
9d ago
Yeah. I think the more recent immigration bills also had to deal with the aftermath of the Gang of Eight attempt in 2013, which even contemporaneously was seen as Rubio getting punked by some embarrassingly useless compromises-in-name-only
FOSS and The XZ Problem
A critical vulnerability (CVE-2024-3094) was discovered in the XZ Utils library on March 29th, 2024. This severe flaw allows attackers to remotely execute arbitrary code on affected systems, earning it the highest possible score (10) on both the CVSS 3.1 and CVSS 4.0 scoring systems due to its immediate impact and wide scope.
The exploit would allow remote code execution as root in a wide majority of systemd-based Linux (and Mac OSX, thanks homebrew!) machines. There's some reasonable complaints that some CVE ratings are prone to inflation, but this has absolutely earned a 10/10, would not recommend. Thankfully, this was caught before the full exploit made it to many fixed release Linux distros, and most rolling-release distros either would not have updated so quickly or would not yet be vulnerable (and, presumably, will be updating to fixed versions of XZ quickly), with the exception of a handful of rarely-used Debian options. Uh, for the stuff that's been caught so far.
Summary and FAQ, for the more technically minded reader, the NIST CVE is here, background of initial discovery at here.
Ok, most of us who'd care remember Heartbleed. What's different here?
In this case, the exploit was near-certainly introduced intentionally by a co-maintainer of the library XZ Utils, by smuggling code into a binary test file, months apart from adding calls to execute that test file from live environments, and then working to hide any evidence. The combination of complexity in the attack (requiring fairly deep knowledge of a wide variety of Linux internals) and bizarreness of exploit steps (his FOSS history is sprinkled with a replacing safe functions with their unsafe precursors, or adding loose periods in cmake files) leaves nearly zero chance that this is unintentional, and the guy has since disappeared. He was boosted into co-maintainership only recently, and only after the original maintainer was pressured to pick him up by a strangely large barrage of very picky users. The author even pushed to have these updates shoved into Fedora early.
Most mainstream technical advisories aren't outright calling this a nation-state actor, but The Grugq is pretty willing to describe whoever did it as an 'intelligence agency', whether government or private, and with cause. Both the amount of effort and time put into this attack is vast, and the scope of vulnerability it produced extreme -- though this might be the 'cope' answer, since an individual or small-private-group running this level of complex attack is even more disturbing. It's paranoid to start wondering how much of the discussion aimed encouraging XZ's maintainer to take on the bad actor here as a co-maintainer, but as people are having more and more trouble finding evidence of their existence since, it might not be paranoid enough.
There's a lot of potential takeaways:
-
The Many Eyes theory of software development worked. This was an incredibly subtle attack that few developers would have been able to catch, by an adversary willing to put years into developing trust and sneaking exploit in piecemeal.
-
Except it was caught because a Microsoft (Postgres!) developer, without looking at the code, noticed a performance impact. Shit.
-
This attack heavily exploited access through the FOSS community: the author was able to join sight-unseen through a year of purely digital communications, and the 'business decision' of co-maintainership came through a lot of pressure from randos or anons.
-
Except that's something that can happen in corporate or government environments, too. There are places where every prospective employee gets a full background check and a free prostate exam, but they're the outlier even for dotmil spheres. Many employers are having trouble verifying that prospective recruits can even code, and most tech companies openly welcome recent immigrants or international workers that would be hard to investigate at best. Maybe they would have recognized that the guy with a stereotypical Indian name didn't talk like a native Indian, but I wouldn't bet on even that. And then there's just the stupid stuff that doesn't have to involve employees at all.
-
The attack space is big, and probably bigger than it needs to be. The old school of thought was that you'd only 'really' need to do a serious security audit of services actually being exposed, and perhaps some specialty stuff like firewall software, but people are going to be spending months looking for weird calls in any software run in privileged modes. One of many
boneheadedcontroversial bits of systemd was the increased reliance on outside libraries compared to precursors like SysV Init. While some people do pass tar.xz around, XZ's main use in systemd seems to be related to loading replacement keys or VMs, and it's not quite clear exactly why that's something that needs to be baked into systemd directly. -
But a compression library seems just after cryptographic libraries are a reasonable thing to not roll your own, and even if this particular use for this particular library might have been avoidable, you're probably not going to be able to trim that much out, and you might not even be able to trim this.
-
There's a lot of this that seems like the chickens coming home to roost for bad practices in FOSS development: random test binary blobs ending up on user systems, build systems that either fail-silently on hard-to-notice errors or spam so much random text no one looks at it, building from tarballs, so on.
-
But getting rid of bad or lazy dev practices seems one of those things that's just not gonna happen.
-
The attacker was able to get a lot of trust so quickly because significant part of modern digital infrastructure depended on a library no one cared about. The various requests for XZ updates and co-maintainer permissions look so bizarre because in a library that does one small thing very well, it's quite possible only attackers cared. 7Zip is everywhere in the Windows world, but even a lot of IT people don't know who makes it (Igor Patlov?).
-
But there's a lot of these dependencies, and it's not clear that level of trust was necessary -- quite a lot of maintainers wouldn't have caught this sort of indirect attack, and no small part of the exploit depended on behavior introduced to libraries that were 'well'-maintained. Detecting novel attacks at all is a messy field at best, and this sort of distributed attack might not be possible to detect at the library level even in theory.
-
And there's far more varied attack spaces available than just waiting for a lead dev to burn out. I'm a big fan of pointing out how much cash Google is willing to throw around for a more visible sort of ownage of Mozilla and the Raspberry Pi Foundation, but the full breadth of the FOSS world runs on a shoestring budget for how much of the world depends on it working and working well. In theory, reputation is supposed to cover the gap, and a dev with a great GitHub commit history can name their price. In practice, the previous maintainer of XZ was working on XZ for Java, and you haven't heard of Lasse Collin (and may not even recognize xz as a file extension!).
-
((For culture war bonus points, I can think of a way to excise original maintainers so hard that their co-maintainers have their employment threatened.))
-
There's been calls for some sort of big-business-sponsored security audits, and as annoying as the politics of that get, there's a not-unreasonable point that they should really want to do that. This particular exploit had some code to stop it from running on Google servers (maybe to slow recognition?), but there's a ton of big businesses that would have been in deep shit had it not been recognized. "If everyone's responsible, no one is", but neither the SEC nor ransomware devs care if you're responsible.
-
But the punchline to the Google's funding of various FOSS (or not-quite-F-or-O, like RaspberryPi) groups is that even the best-funded groups aren't doing that hot, for even the most trivial problem. Canonical is one of the better-funded groups, and it's gotten them into a variety of places (default for WSL!) and they can't bother to maintain manual review for new Snaps despite years of hilariously bad malware.
-
But it's not clear that it's reasonable or possible to actually audit the critical stuff; it's easier to write code than to seriously audit it, and we're not just a little shy on audit capabilities, but orders of magnitude too low.
-
It's unlikely this is the first time something like this has happened. TheGrugq is professionally paranoid and notes that this looks like bad luck, and that strikes me more as cautious than pessimistic.
gattsuru
9d ago
Yes, not only do state criminal courts handle federal constitutional questions, it's actual necessary for a plaintiff or defendant to bring constitutional complaints to the trial-level court or they risk surrendering the question on appeal (with a few exceptions not relevant here).
gattsuru
22d ago
Texas' law was somewhat unusual in that it had originally had prohibited heterosexual sodomy, but had been revamped, possibly by accident, such that only same-sex sodomy was actually punishable. Anal sex, among other things, was defined as "deviate sexual intercourse" regardless of who did it with whom, but it was only an offense if done with "another individual of the same sex".
((It also restricted homosexual oral sex, and possibly using a dildo or a sounding rod on someone else, though I've not seen any evidence of it actually being used in this way.))
And O'Connor's concurrence pushed on this hard: she held that it mattered that the state was expressed moral disapproval not of an act, but of an act being done by a group:
This case raises a different issue than Bowers: whether, under the Equal Protection Clause, moral disapproval is a legitimate state interest to justify by itself a statute that bans homosexual sodomy, but not heterosexual sodomy. It is not. Moral disapproval of this group, like a bare desire to harm the group, is an interest that is insufficient to satisfy rational basis review under the Equal Protection Clause. See, e. g., Department of Agriculture v. Moreno, 413 U. S., at 534; Romer v. Evans, 517 U. S., at 634-635. Indeed, we have never held that moral disapproval, without any other asserted state interest, is a sufficient rationale under the Equal Protection Clause to justify a law that discriminates among groups of persons.
(emphasis added)
But only O'Connor signed onto that concurrence, which even at the time came across as a nitpick. The majority opinion, which received five votes but not O'Connors, didn't rest on it being a status-based offense, in no small part because the courts were still trying avoid committing to treating homosexuality as a special status, with even status-based SCOTUS matters like Romer hiding behind rational basis. Lawrence argued certain types of 'intimate contact' outside the scope of the general police power, so it invalidated not just bans on (consensual private non-commercial adult) sodomy, but also a wide variety of other private behaviors.
The laws involved in Bowers and here are, to be sure, statutes that purport to do no more than prohibit a particular sexual act. Their penalties and purposes, though, have more far-reaching consequences, touching upon the most private human conduct, sexual behavior, and in the most private of places, the home. The statutes do seek to control a personal relationship that, whether or not entitled to formal recognition in the law, is within the liberty of persons to choose without being punished as criminals.
This, as a general rule, should counsel against attempts by the State, or a court, to define the meaning of the relationship or to set its boundaries absent injury to a person or abuse of an institution the law protects. It suffices for us to acknowledge that adults may choose to enter upon this relationship in the confines of their homes and their own private lives and still retain their dignity as free persons.
In theory. Like a lot of that era of SCOTUS jurisprudence, there's a decent chance that these lofty principles get smothered under balancing tests. It's not clear how this applies to situations like extreme BDSM; so far, the only relevant cases have generally alleged consent violations, sometimes pretty credibly. But where courts have had cause to evaluate restrictions under the assumption they would be applied in a consenting framework, they often do so by reframing Lawrence post-hoc, generally by promoting the O'Connor concurrence:
Under the Lawrence methodology, history and tradition continue to inform the analysis. See id. at 2598 (“History and tradition guide and discipline [the implied fundamental liberty interests] inquiry but do not set its outer boundaries.”). Yet, courts must consider not only the history and tradition of freedom to engage in certain conduct, but also any history and tradition of impermissible animus that motivates the legislative restriction on the freedom in order to weigh with appropriate rigor whether the government's interest in limiting some liberty is a justifiable use of state power or an arbitrary abuse of that power. In this respect, the conclusion reached here under the Glucksberg line of reasoning that there is no deeply rooted history or tradition of BDSM sexual activity remains relevant and important to the analysis. Also relevant and important to the analysis is the absence of a history of impermissible animus as the basis for the restriction at issue here. Sexual activity that involves binding and gagging or the use of physical force such as spanking or choking poses certain inherent risks to personal safety not present in more traditional types of sexual activity. Thus, as in Cruzan and Glucksberg, a legislative restriction on BDSM activity is justifiable by reference to the state's interest in the protection of vulnerable persons, i.e. sexual partners placed in situations with an elevated risk of physical harm. Accordingly, consistent with the logic of Lawrence, plaintiff has no constitutionally protected and judicially enforceable fundamental liberty interest under the Due Process Clause of the Fourteenth Amendment to engage in BDSM sexual activity.
((Probably not helped by the guy in that case probably being a douchebag.))
gattsuru
8d ago
Wheeeeeeeeee. (details).
gattsuru
23d ago
If you're just trying to receive e-mails, Mail in a Box works pretty well 99% of the time. If you're largely just sending yourself notifications, with an account that's not used anywhere else of significance, it works 98%ish of the time. ((And even that's overkill; a basic postfix relay works.))
If you're trying to send e-mail, it can be messy, and worse unpredictably messy. Mailinabox tries to solve the absolute horror story that mail config turned into, and to be fair a lot of the tedious config-twisting stuff is no longer as frustrating as it once was. You can do it... for a while.
The issue is not that you might send enough e-mail to hit an automated spam filter yourself, or even the risk that you might misconfigure things in a way that a bad actor can abuse -- that's a concern with near-any server, and there's a lot of things like a SIP PBX where you just recognize and mitigate it. With e-mail, however, your domain and/or IP address can end up on sizable DNSBLs because some IP address half an octet away fucked up, or because some sysadmin in Europe had a stick up their ass that day. Surprisingly big-name people can misconfigure their own stuff, and break because you're not big enough to have been made an exception, and not even have reporting turned on: it's happened to me.
E-mail can be done fine for a toy project, or where you're measuring reliability by licking your finger and sticking it in the air rather than by count of nines. If you're going to move the system you use to handle your bank account's verification to it, or how you send bills to customers, you gotta be willing to put a lot of effort in and realize it may not work.
One part, about banning one person (JR), seemed to be a controversy over whether a defense contractor (Anduril) should be allowed to sponsor the project, with the losing faction being "NATO defense contractors are what prevent Russia from conquering Ukraine and the rest of the world", and the winning faction being "defense contractors kill people and are icky and we don't want their name near us" (various positions were put forth, but I can't come up with a coherent charitable interpretation)
The charitable steelman is that Anduril's products flirt increasingly closely with autonomous weapons, and the extent humans are in the loop (for autonomous weapons made by other people) has at best diffused responsibility regarding validity of target selection, and more practically put to a point where oversight and responsibility aren't enforceable. The... less charitable bit is that, like Palantir, the (surveillance) equipment and technology is also used by ICE and police, and a lot of Nix tech could be and/or could be driven to be very useful for that equipment and technology. The even less charitable one is that, while Palmer Luckey isn't as No Go politics-wise as Peter Thiel, it's known, in ways that kept people from supporting him.
And what really got my attention were the comments by people speaking in support of him that were "flagged by the community and temporarily hidden".
Yeah. On one hand, that's a Discourse (the forum software designed by CodingHorror's lead) default behavior, and one reason (among many) I'm glad that Zorba didn't base this forum off Discourse. On the other hand, the moderation team can override it, or allow successor threads, and didn't.
I still can't figure out what side of the culture war the people fleeing the project are on, and that's probably intentional.
Dunno. There's at least some text from big names in the github from the TotsNotBlueTriberJustUsingTheirAssumptions, and not much explicit red triber, but that doesn't exclude the porque no los dos.
gattsuru
24d ago
That seems a near-universal recipe to surrender any and every public to whatever jackass is willing to occupy it first, and then insist that they feel unsafe because The Wrong Person walked close to them or took pictures of their public protest. Dissolving 'starting a confrontation' at all makes the fundamental flaws of this framework, if anything, more apparent.
gattsuru
10d ago
Six months update:
As of 14 February 2024, 112 hostages had been returned alive to Israel, with 105 being released in a prisoner exchange deal, four released by Hamas unilaterally and three rescued by the Israel Defense Forces (IDF). Twelve bodies of hostages were repatriated to Israel, with three of the hostages killed by friendly fire from the IDF[22] and the bodies of nine hostages repatriated through military operations. 49 hostages were reportedly killed on October 7 or in Hamas captivity according to Israel. According to unconfirmed Israeli intelligence, at least 20 additional hostages may be deceased, with their bodies being held captive in Gaza. As of 3 May 2024, 132 hostages remained in captivity in the Gaza Strip, 128 of whom had been abducted on 7 October 2023; the other four hostages having been captured earlier.
About 130 hostages remain unaccounted for after being kidnapped by Hamas on 7 October last year - at least 34 of them are presumed dead. According to Israel, more than 250 Israelis and foreigners were taken during the attacks. Israel gives an official figure of 134 hostages because it includes four people taken hostage in 2014 and 2015. Two of these are believed to have died.
My sad working theory has been that one reason talks were stalled was that a deal would force Hamas to reveal that most of the hostages were either dead or pregnant. Now this: AFAIK, there are still ca 125 hostages in Gaza, and Hamas can't produce 33 who are still alive?
So more than I feared, less than I hoped, and it's become increasingly possible to say publicly among mainstream sources that it's probably not gonna look better.
There's some legal messiness about the standard of causation, but in an environment with any serious level of social trust, the Crumbley's would fall fast into the sphere where no one looks that closely at it, even had they just fallen down the stairs. Even gunnies whose literal jobs involve poking at the law agree with the moral question for this specific case. I'd be interested to know how consistently parents of teenagers who drive drunk are held criminally responsible, but I dunno that the data is really available in meaningful detail, and guns are different enough, and it'd still be a good arg in favor of tightening up the law then.
Part of that fall-through-cracks is because Michigan's statutes were pretty wonky: conviction for improper storage of firearm w/ a minor would have been far more clear-cut, but they didn't really clearly exist in 2021.
The court of appeals did, in fact try to spell this one out as good-for-this-ride-or-worse-only:
Finally, we share defendants’ concern about the potential for this decision to be applied in the future to parents whose situation viz-a-viz their child’s intentional conduct is not as closely tied together, and/or the warning signs and evidence were not as substantial as they are here. But those concerns are significantly diminished by several well-established principles. First, the principle that grossly negligent or intentional acts are generally superseding causes remains intact. We simply hold that with these unique facts, and in this procedural posture and applicable standard of review, this case falls outside the general rule regarding intentional acts because EC’s acts were reasonably foreseeable, and that is the ultimate test that must be applied.13 Second, our decision is based solely on the record evidence, and the actions and inactions taken by defendants despite the uniquely troubling facts of which they were fully aware. And this point is important, as although the judiciary typically recognizes that a decision’s precedent is limited by the facts at issue, it is particularly true when the court expresses that limitation.
The trouble's that there's not much social trust. The Crumbley's are going to prison for a decade because their kid had a hallucinations and intrusive thoughts that the parents blew off, and that's extremely bad. What if he'd just written a lot about depression, and they'd ignored that? If he'd had the same problems, but not gotten sent to the principal's office the same day? He was a 15-year-old they allowed to have effective control of a handgun, would that change if he was over 18? 21? 25? They didn't lock (or 'locked' with 0-0-0) firearms. If they used a cheap 20-USD trigger lock that doesn't actually work, would that have broken the chain of causation?
These are problems for any serious statute with where the caselaw involves a ton of phrases like 'reasonably foreseeable', but most serious statutes don't have a sizable lobby pushing for (and often getting!) laws enforcing blanket criminal consqeuences in related context. The parade-of-horribles where someone is criminally liable because 'obviously' the seller knew this guy shouldn't have a gun, he shot people is an implicit goal for the Brady Bunch. I'll give Rov_Scam props for stating outright "a number of requirements that seem onerous but that's the point", but that only makes Rov honest; it doesn't help with the general problem.
gattsuru
24d ago
There's been a number of other things going on in this space, either from financial drivers or more straightforward legal ones. You've already gotten a post on gumroad, but itch.io has been doing a slow-march version where they don't block adult content sales as a category, just individual pieces of adult content, which has kept going apace.
I've not found good proof that there's something Operation Chokepoint-like going on, but with the timing and the variety in impacted content, it's increasingly hard to believe that this is all occurring randomly.
On the direct legal attacks, in the furry sphere, some places have complied with local bans (eg, e621 blocks North Carolina, while others have largely ignored them and hoped they don't get made examples. There's good reason that they're rather paranoid about having to keep name-identifying records, since people have blown zero-days on FurAffinity.
gattsuru
24d ago
Students for Justice in Palestine and Jewish Voice for Peace, along with a couple other umbrella groups, have jointly claimed credit for both the Columbia-specific protest and the follow-on encampments at a number of other schools. There's a fair criticism that there's at least a few rando Garbage People in the hradzka sense running around, or even agent provacateurs, but this isn't some Stand Alone Complex where the simulacrum had no real original version.
((The less charitable take on 'umbrella group' is that they're both just front groups for the actual coordinating organizations, but by definition I can only point to the subchapters and related organizations giving extremely similar messaging on short notice, or other more subtle signs that they've got intercampus communication going on that doesn't match the paper or training from the public faces.))
gattsuru
15d ago
I'm not sure whether it's better to respond with a furry fandom joke, a Baldur's Gate joke, or with a Vintage Story joke.
gattsuru
13d ago
Any ideas for small electrical things that you use regularly that would make a good Project?
I've been running some students through designing a macropad variant, and someone in the tumblr rat-adj-adj sphere is building a small timer. But a lot of the field, including things I've run as student projects before, tend to be toys.
I like your basic two-wheel robot as much as the next person, but it's something that at best you make, put on the shelf, and never touch again. Same for infinity mirrors, and the best that can be said for epaper weather stations is that at least they'll change on the shelf. Or, alternatively, there's a ton of projects to build something that's really useful for somebody who wants to be an electrical engineer and needs something that'll work until they can buy a Real Tool.
Ideally, I'd have students long enough to see what they'd want, but I've gotten a lot of shrugs, or worse questions for stuff that seems deceptively easy (forget the ethics of DIY AppleTags, the TI MSP430 library for LoRA suuuuuuucks). And in more cases, I don't really have the timelines for it, as hilariously enough even if we're getting circuit boards done as students finish the CAD, I need to have the non-jellybean parts ordered months in advance or they'll get in slower than OSHPark or JLCPCB can turn something around.
Perhaps they'll issue a clarification, but from the note in this section, I think someone could read this as "memory"; it has "memory" right in the name!
Maybe, but so does CMOS RAM, and that's a central example of where you probably do want this rule to apply, and it's (usually) more volatile than FRAM. 5.4-1 to my read isn't about access modes or media type, but about storage volatility, and that makes some amount of sense for certain attack vectors -- you don't want someone reading cloud passwords by probing random SPI flash, as weird as that particular threat is.
But it also makes a lot of design spaces for low-power devices goofy, in ways that don't make sense. There's probably a class of low-power device where it's a really critical security problem is someone delid the main processors and inspects individual FRAM cells during a toggle-off state, but 99% of the time even if someone could hijack a session id from that it's less big of a deal than having access to the board to start with.
5.4-2 (unique IDs) : This one is conditional, and I imagine ultra-small or ultra-disposable devices won't qualify in the first place.
Yeah, but the condition is only that applies where ever "a hard-coded unique per device identity is used for security purposes". I think that includes virtually every LoRaWan (DevEUI) and probably every LoRa device, for one common example, but also technically at least most Bluetooth implementations. There's other places where it's a good idea to use hard-coded unique identities per device for security purposes even where it doesn't 'matter', and that's largely going to result in people just dealing with stupid hacks instead to avoid triggering the requirement whenever possible.
5.3.4/6/10 (updates): Same here; conditional. We'd at least have to get down to the level of thinking about each of the devices you've mentioned in terms of the conditions.
Yeah, but the conditions for 5.3-4 is "an update mechanism is implemented", 5.3-6 "an update mechanism is implemented" and "the device supports automatic updates and/or update notifications", and 5.3-10 that "updates are delivered over a network interface" and "an update mechanism is implemented". These are fine when you're talking a full web-UI/app-equipped device, but twenty sensors on a LIN line that can be updated still hit the requirement for 5.3-4, which is on its own a requirement for automatic updates so you now hit 5.3-6. Then you're trying to figure out how 5.3-10 works for devices that don't have user interfaces (and may not have user physical access!), and now you're either stuck tossing an authentication layer on your LIN, implementing a cryptographic security function for comms on said LIN, or spamming users with update notifications like they were running Arch Linux.
5.3-15: I think I would interpret this as, sure, you need to support any part of a product until you tell the customer that you're not supporting it anymore, and the type of support can vary.
Eh...
Let's take the example of a lightning switches attached to a base station, as a fairly common home automation setup where the switches and adapters are... not actually a central case of the constrained device model (they have wall power!) but are at least arguably close. If you build one of these, you're probably going to support a wide variety of light bulb sockets and switch types, but not all of those are going to make sense over the longer term -- maybe a socket type falls out of popularity, or a new lightbulb tech drops that doesn't play well with dimmer circuits, or a vendor you partner with stops selling a product that makes that particular device make sense.
By the text, is a lighting hub "isolable and hardware replaceable" if the vendor doesn't want to sell every attachment for the hub's life cycle? Removing one attached device doesn't make the attached device 'isolable', because turning on and off that light is its core feature. Nor is removing the entire hub from the internet, since there's no sane way to call that a "self-contained environment with other devices if and only if the integrity of devices within that environment can be ensured", when the especially if the entire reason to pop them off the internet has to do with their ability to communicate securely with the local hub. Would it be hardware replaceable is the only hardware replacement doesn't actually fit into the same socket, just because something attaches to the same hub?
Yes, in practice your interpretation is the sane one, and hopefully it's probably going to end up as the sort of asterisk that just confuses people, like vendors just putting out generic 'support may stop without notice for some devices' clauses. But at best that turns the requirement into aspirational text instead of the actual policy.
(5.5-3) How easy is that? You don't even have to update it at all. But if you do, then at least make sure your shit isn't trivially broken, at least so long as you're telling the customer that you're still supporting it.
I think the interpretation of that standard is closer to page 45-46 here, if not on the exact same timelines, and that quickly turns into an eWaste and version hop mandate for a lot of stuff pretty quickly in order to theoretically prevent the plausibility of certain attack classes, rather than blocking trivial ones. But even for its steelman of "don't use WPA2-only chips in new products", I think it's still costly even if well-intended, and a lot of those costs don't make a ton of sense. There's a number of chips and equipment that can't connect on WPA3 at all, and even where it's something that can be implemented in software that doesn't mean it's exactly easy.
More broadly, though, it seems like overbroad application of a rule. A presumption toward encrypting everything makes sense when it's free or nearly-free, but there are a lot of entire devices where it's just not that relevant. If your equipment does literally nothing but relay temperature and humidity values over ISM bands, you might want some amount of authentication to prevent spoofing, but it's really not that big a deal if someone can listen in. And there's a lot of IoT stuff that goes into that category.
There's some parts of the rules that motion around this -- 5.5-1's "Appropriateness of security controls and the use of best practice cryptography is dependent on many factors including the usage context" or the exceptions for ARP, DHCP, DNS, ICMP, and NTP in 5.5-5 -- but again that turns the requirement into aspirational text.
gattsuru
24d ago
Visa and MasterCard see pornography as high risk because they get a lot of chargebacks, so they charge adult services producers a much higher rate for payment processing.
I think this would be plausible for a wide-spectrum ban on porn, if still uncertain since these companies have little trouble working with businesses that have increased chargeback risks otherwise and just slamming on fees.
I don't think it's remotely plausible for the common levels of specificity involved, here. There may well be higher (or lower) rates of chargeback for incest porn, or hypnosis or forced TF kink, or dragon dongs with too much red dye, but I'm incredibly skeptical that a) card companies have the data to actually know that, b) that these rates are so much higher that they can't be resolved by fees, and c) that there's no more immediate and less-financially-direct motivation.
I can't find any records involving either person in the Pennsylvania court system, though given how crappy most court records are, that doesn't mean much.
The underlying complaint is here, and seems to be resting heavily on past adjudications by the State Board in 2010 (for Herr) and 2018 (for Wentworth). Like most state licensing laws, the definition of veterinary practice in Pennsylvania is very broad :
"Practice of veterinary medicine" includes, but is not limited to, the practice by any person who (i) diagnoses, treats, corrects, changes, relieves or prevents animal disease, deformity, injury or other physical, mental or dental conditions by any method or mode, including the prescription or administration of any drug, medicine, biologic, apparatus, application, anesthetic or other therapeutic or diagnostic substance or technique, (ii) performs a surgical operation, including cosmetic surgery, upon any animal, (iii) performs any manual procedure upon an animal for the diagnosis or treatment of sterility or infertility of animals, (iv) represents himself as engaged in the practice of veterinary medicine, (v) offers, undertakes, or holds himself out as being able to diagnose, treat, operate, vaccinate, or prescribe for any animal disease, pain, injury, deformity, or physical condition...
It's not obvious that ultrasounds (or possibly(?) selling bull semen?) are covered, and there's not a ton of great pragmatic arguments for it, but the courts have given near-complete carte blanche to regulatory agencies to anything even remotely near the borders. And for a wide variety of reasons this sorta thing is near-impossible to practically challenge even were courts willing to push back on it.
Given some of the coverage, though ("both men were advised by their former attorneys not to pay the fines or appear in court"), I'm not sure what happened was completely without any court behavior -- this may be referring to the 'court' of the board licensing group, which is more court in the kangaroo sense, but it also could be about enforcement summons for a conventional court. An actually fake arrest warrant wouldn't be unprecedented, but it's left me noticing I'm confused.
That said:
Rusty Herr was arrested the very next morning, April 11, at 6:30 a.m. at his home in Christiana.
gattsuru
23d ago
MindGeek claims to have the tech fully ready to go for a UK-standards version (and that's the subtext behind PornHub, a MindGeek subsidiary, not complying with the American age verification versions), and MindGeek says that it's actually in use in Germany since 2015. It's definitely the political economy of things.
gattsuru
16d ago
I would... not be so sure the administration can avoid it if Biden wanted. See the Kincaid v. Williams denial of cert (starts at page 39) from last year as an example of what's going to start coming down the pike in earnest: a very broad law with expansive reads of standing, on a matter extremely sympathetic to progressive-leaning and left-leaning judges, and where individual private actors can bring a private right of action with staggeringly high penalties, and a ton of opportunity to forum shop.
Philosophically, there's a fun question about the difference between sending in the troops and charging 150k for each violation, but there's a point where the practical difference gets pretty small, and it happens pretty quick when the target's main assets will also be the tools necessary to not comply.
Against A Purely HyperDunbarist View
World’s for FIRST is in a week.
For those unfamiliar with the organization, For Increasingly Retrobuilt Silly Term For Inspiration in Science and Technology runs a series of competitions for youth robotics, starting from a scattering of Lego Mindstorm-based FLL competitions for elementary and middle schoolers, to the mid-range 20-40 pound robots of FTC that play in alliances of 2v2 across a ping-pong-table-sized space, and for high schoolers FRC running 120-pound robots in 3v3 alliances around the space of a basketball court. Worlds will have thousands of teams, spread across multiple subcompetitions. (For a short time pre-pandemic, there were two Worlds, with all the confusion that entailed.)
If you’re interested, a lot of Worlds competition will streamed. And a lot of both off-season and next-season competitions and teams are always looking for volunteers.
The organization’s goal... well, let’s quote the mission statement:
FIRST exists to prepare the young people of today for the world of tomorrow. To transform our culture by creating a world where science and technology are celebrated and where young people dream of becoming science and technology leaders. The mission of FIRST is to provide life-changing robotics programs that give young people the skills, confidence, and resilience to build a better world.
There’s a bunch of the more normal culture war problems to point around. How goes the replacement of the prestigious Chairman’s Award with Ignite Impact? If not, complain at least that it’s a missed opportunity on the level of POCI/POCI for replacing a bad naming with a worse one? How do you end up with events playing the PRC’s theme song before the US national anthem?
There's even internal culture war stuff, which may not make a ton of sense to outsiders. Does the move away from commercial automotive motors to built-to-FIRST and especially-brushless motors privilege teams with more cash, or compromise safety or fair play? Should regional competitions, which may be the only official field plays small teams get, also accept international competitors? Should mentors white glove themselves, should they only do so during official competition events, or should the possibility of the Mentor Coach be abolished?
But the biggest question in my mind is how we got here.
Worlds competition is an outstanding and massive event, with an estimated 50k-person attendance at a ten-million-plus square foot convention center. And it’s a bit of a football game: there’s a lot of cheering and applause, and a little bit of technical work. There will be a number of tiny conferences, many of which will focus on organizational operations like running off-season events. People network. That’s not limited to Worlds itself, though the dichotomy is more apparent there: there might be one or two teams per regional competition that have a custom circuit board on their robot, but I'd bet cash that the average regional bats under 1.0 for number of teams with custom polyurethane or silicone parts.
Indeed, that football game is a large part of how teams get to Worlds. The competitions operates as a distributed tournament, where players who win certain awards may elect to continue to the next event in a hierarchy. The exact process and what exact awards count as continuing awards are pretty complex and vary by location (especially post-COVID), but as at the FRC level, the advancing awards prioritize two of the three teams that won a local competition's final, and then the team that has done the most recruitment and sponsoring of FTC or FLL teams over the last three (previously five) years, and then the team that has done the most for the current year. (Followed by the most competent Rookies, sometimes, and then a whole funnel system rolling through more esoteric awards.) In addition to the inherent randomness of alliance field play, there's a rather telling note: the 'what have you done for FIRST today' award, if won at the Worlds level, guarantees an optional invite to every future Worlds competition. By contrast, teaching or developing esoteric skills or core infrastructure is an awkward fit for any award, usually shoved into the Judge's Award, which with 3.5 USD won't buy you a good cup of coffee at Worlds.
There’s reasons it’s like this, and it’s not just the Iron Laws of Bureaucracy, or the sometimes-blurry lines between modern corporate infrastructure and mid-level-marketing. The organization hasn't been hollowed out by parasites and worn like a skinsuit (at least not in this context): it's the sort of goal that the founders and first generation would have and do consider a remarkable victory. I’m not making the Iscariot complaint, because it’s not true.
FIRST couldn’t exist in the form it does without these massive events and the political and public support they produce, not just because you wouldn’t hear about any smaller organization, but because the equipment and technology only works at sizable scale. Entire businesses have sprung up to provide increasingly specialized equipment, FIRST got National Instruments to build a robotics controller that resists aluminum glitter a little better, even the LEGO stuff has some custom support, and they can only do so because an ever-increasing number of teams exist to want it. SolidWorks, Altium, dozens of other companies donate atoms and/or bits on a yearly basis; the entire field system for FRC wouldn’t work without constant support and donation by industrial engineering companies. WPI might devote a couple post-grad students to maintaining a robotics library without tens of thousands of people using it, but I wouldn’t bet on it. States would not be explicitly funding FIRST (or its competitors) unless those programs can show up on television and have constituents that can show up at a state politician’s door.
Those demands drive not just how FIRST operates today, but what its interests are looking toward the future, not just in what it does, but what it won’t do. From a cynical eye, I wouldn’t say with certainty that FIRST would drop ten community teams for a school system buy-in, or twenty for a state program, but I wouldn’t want to be on the community team for any of those hard choices. There is no open-source motor controller or control board available for FIRST competition use, and there’s not a procedure available to present one, and there won’t be. There’s a lot of emphasis on sharing outreach tricks, and a little for sharing old code or 3d models, and a lot of limits to providing skills.
Because throughout this system, the most impactful thing you can do is always getting more people. It’s not Inspiring, it’s not Chairmanny Impactful, but that's what those awards are, with reason. Shut up and multiple: the math, in the end, is inevitable.
And I’m going to deny it.
There's a story that goes around in the FIRST sphere, where one of FIRST's founders bargained or tricked Coca-Cola into in exchange for developing some other more commercial technology. The exact form and valence tends to vary with who tells the story, whether to highlight the speaker's anti-capitalist frame, to gloss over some of the frustrations with the Coca-Cola Freestyle (tbf, usually more logistic and maintenance than with the pumps themselves), or to wave away the rough question of whether it paid off).
But that last point is a bit unfair: Solving Problems In Extreme Poverty is the sort of difficult and low-odds environment where high-variance options make sense to take, and you should expect a high-variance low-odds option to fail (or at least not succeed wildly) most of the time, and at least it wasn't as dumb an idea as the lifestraw. Maybe (probably!) enough of the steps that combine to keep FIRST running fall into the same category.
I'm hoping teaching kids isn't a low-odds environment. And ultimately, most volunteers and teams and sponsors signed up more for that than for the flashing lights and the fancy banners. But teaching, in matter involving true interaction, can not be done at the scales and directions that turn a roll of the dice from gambling to a variance strategy. It's difficult enough as a mentor to remember all the names the students and family for even a moderately-sized FRC or FTC team; few in a team that "support 128" teams (not linking directly: these are teenagers) can name every one or even a majority. These organizations have, by necessity, turned to maximize how many opportunities they present to their affiliates, without much attention to what that opportunity is. Few turn to the full argumentum ad absurdum where the recruitment exists solely to get more recruiters, but they’ve not left that problem space behind, either.
((There are other nitpicks: the same economies of scale that make these answers work eliminate many less-difficult problem whose presence is necessary to onboard and upskill new learners, the focus on bits over atoms breaks in similar ways that the outreach-vs-teaching one does.))
Dunbar proposed an upper limit to how large a social group the human mind readily handles. There's a lot of !!fun!! questions about how well this will replicate, or how accurate the exact number is, or what applicability it has for a given level of interaction: suffice it to assume some limit exists, that some necessary contact increments the counter at some level of teaching, and that it can't possibly be this high. At some point, you are no longer working with people; you're performing a presentation, and they're watching; or you're giving money and they're shaking a hand. At best, you're delegating.
These strategies exceed the limit, blasting past it or even starting beyond it. They are hyperdunbar, whether trying to get fifty thousand people into a convention center, or trying to sell ten thousand books, or 8k-10k subscribers. There are things that you can't do, or can't do without spending a ton of your own money, without taking these strategies! Whether FIRST getting NI's interest, writing or drawing, building or playing video games full-time, you either take this compromise or another one, and a lot of the others are worse.
But they're simultaneously the most visible strategies, by definition. I do not come to kill the Indigestion Impact Award; I come to raise the things that aren't in the awards. Even if FIRST could support a dozen teams that emphasized bringing new technologies forward in a one-on-one basis, and if your first exposure to the program selected from teams randomly, you'd be much more likely to hear from the hyperdunbarists -- hell, it could well be that way, and I've just missed the rest of them.
Yet they are not the only opportunity. You don't have to be grindmaxxing. One team, even in FIRST, can share skills simply for the purpose of sharing skills. It’s why I volunteer for the org. You can go into an artistic thing knowing you want a tiny audience, or to cover costs and if lucky your time, or as a hobby that's yours first. It shouldn't be necessary to say that outright, as even in hyperdunbar focuses, most fail down to that point. Yet even in spheres where Baumol's hits hardest, it can be a difficult assumption to break.
gattsuru
21d ago
Yeah, that's absolutely fair, and 'constructive possession' is in many ways just the tip of the iceberg, as bad as the shoestring machine is. Stuff like autokeycard, the various recent regulatory changes, Abramski, so on, very much show the limits of textual formalism as a control protecting the actually disfavored, even to the point of blocking defendants from raising the text.
gattsuru
1mo ago
MR. FLETCHER: So there's a lot packed in there. I want to give you one very specific answer first and then step back out to the proper context. So specifically you mentioned demanding an answer right away and cursing them out. The only time that happens is in an email that's about the President's own Instagram account. It's not about moderating other people's content.
Here's the context Fletcher is trying to maneuver around. It's far from the most egregious stretch of the duty of candor to the court, but it's a pretty overt example of reframing the argument away to what he wants it to be, rather than what was asked, and it's not even honest at that.
I'm hoping that it will be a narrow ruling, with Roberts spearheading a tailoring doctrine that focuses on the putative lack of traceability and distinguishes between coercion as unacceptable, but strong encouragement being fine.
Maybe they'll try to split the baby between this case and Vullo, but like punting on Remington v Soto it just invites massive efforts. Even if coercion is officially banned, if the jawboning in this case isn't enough to be coercion, it'll be so impossible to actually prove traceability or coercion that the protection will be meaningless.
And the more morbid revelation is that it's probably pretty meaningless even if they do rule expansively. If Missouri wasn't funding this case, or if the bad actors has tried even slightly harder to keep the worst (discoverable) behavior to phone, it wouldn't be getting anywhere; Vullo only got as far as it did because whistleblowers (allegedly) provided specific details about tiny closed-door meetings. No one's going to do something similar against Gumroad. The courts aren't built for fishing expeditions, even if anyone can spot the fins with the naked eye and there's a constant Jaws theme in the background.
There's a few vendors that passed USDA clearance last year, though they've had production and funding problems that have kept its products from having too much of an impact on the store shelves, and it's not clear the tech is going to get there very soon.
On the other hand, when or if the tech does get there, there's not much trust that it's gonna be left for people to choose. Whether for environmental, animal suffering, or macroeconomic reasons, there's going to be a massive push to 'regulate the unpriced externalities' of conventional meat, and many routes for that, like restricting grazing permits, will be near-invisible to normal people.
More options
Context Copy link