If people are tolerant, they're woke. If people are intolerant, they're nazis. Standards of conduct are oppressive, but the lack of them indicate a shithole. And of course, anything in-between is just performative fence-sitting.
Tough crowd over here. Cultural bankruptcy speedrun much?
Could implement a custom Teams client on top of that. My biggest concern would be TLS and media decoding, but could just proxy the traffic and roll a text only client.
I mucked about with Microsoft Graph a bit before, didn't seem too bad.
Ah yes, after muricans bad, let's have some euros bad.
I learn some amazing things on this site. Apparently the culture agnostic, historical practice of designating words and phrases as distasteful is actually a modern American, European, no actually Globalist, but ah no actually religious, but also no maybe Chinese?, no, definitely a Russian mind virus. Whatever the prominent narrative is for the given person at any given time.
Bit like when "mums is blaming everything on the computer". Just with political sophistry.
The trend of self-censoring words like 'dead' and 'kill' appears to be relatively new, motivated by TikTok and YouTube algorithms, but spilling over into the general internet.
I agree, although I was referring to asterisks like de*d and k*ll (or censoring with black bars, or using emojis) - euphemisms of course have always been part of language evolution.
I chose unalive because i didn't know google trends allowed searching for asterisks. Appears it does. k*ll was apparently used even before tiktok but usage increased markedly around the same time as unalive appeared. Interestingly d*ad and r*pe don't follow this pattern. I am not sure it treats asterisks correctly, nor that google trends is the right tool to research this, given people searching for the word is only a poor indicator of its usage.
Sidenote, I wish all websites supported markdown properly and not a custom weird subset they found convenient.
From what I have seen of the first few Epstein Files that have been released so far, the current administration has conceded that "Trump" is now an obscene word that must always be censored in its entirety, including all of the surrounding context.
Word filters are only the beginning. LLMs are being phased in to flag and filter content based on more sophisticated criteria.
I read somewhere that chinese people used the ability of their language to form new meanings by concatenating multiple symbols in many different ways to get around censorship and that each time the new combination was banned, they came up with a new one. I wonder how long that'll be possible.
I think you're not taking what I wrote nearly literally enough. Really, you should be showing me diagrams of the Von Neumann architecture missing a censorship module. Maybe even gasp at the omission of it in Babbage's letters.
But why stop there? Let's bring out the venerable Abacus! We could have riveting discussions about how societies even back then, thousands of years ago, designated certain language as foul, and had rules about not using profanities in various settings. Ah, if only they knew they were actually victims of Orwellian censorship, and a globalist conspiracy.
Evidence of no exploitations? It's usually hard to prove a negative, except when you have all the logs at your fingertips you can sift through. Unless they don't, of course. In which case the point stands: they don't actually know at this point in time, if they can even know about it at all.
Specifically, it looks like the exflitration primitive relies on errors being emitted, and those errors are what leak the data. They're also rather characteristic. One wouldn't reasonably expect MongoDB to hold onto all raw traffic data flowing in and out, but would absolutely expect them to have the error logs, at least for some time back.
I feel like that's an issue not with what they said, but what they did. It would be better for them to have checked this quickly, but it would have been worse for them to have they did when they hadn't. What you're saying isn't wrong, but it's not really an answer to the question you're replying to.
> "No evidence of exploitation” is a pretty bog standard report
It is standard, yes. The problem with it as a statement is that it's true even if you've collected exactly zero evidence. I can say I don't have evidence of anyone being exploited, and it's definitely true.
It's not really my bar, I just explored this on behalf of the person you were replying to because I found it mildly interesting.
It is also a pretty standard response indeed. But now that it was highlighted, maybe it does deserve some scrutiny? Or is saying silly, possibly misleading things okay if that's what everyone has always been doing?
I’m not sure I completely agree here. For private use, this seems fine. However, this isn’t how email encryption is typically implemented in an enterprise environment. It’s usually handled at the mail gateway rather than on a per-user basis. Enterprises also ensure that the receiving side supports email encryption as well.
Your mail either needs to be encrypted reliably against real adversaries or it doesn't. A private emailing circle doesn't change that. If the idea here is, a private group of friends can just agree never to put anything in their subjects, or to accidentally send unencrypted replies, I'll just say I ran just such a private circle at Matasano, where we used encrypted mail to communicate about security assessment projects, and unencrypted replies happened.
> Your mail either needs to be encrypted reliably against real adversaries or it doesn't.
It is, GPG take care of that.
> If the idea here is, a private group of friends can just agree never to put anything in their subjects, or to accidentally send unencrypted replies
That’s not what I’m talking about. It’s an enterprise - you cannot send non-encrypted emails from your work mail account, the gateway takes care of it. It has many rules, including such based on the sender and recipient.
Surely, someone can print the mail and carry it out of the company’s premises, but at this point it’s intentional and the cat’s already out of the bag.
If you're relying on a trusted gateway, you don't need any of this; just do TLS to the gateway to exchange messages. This is how 95% of corporate "secure email" systems work.
But you don't know how many SMTP relays the recipient has and if they are all secured. E2E encryption, be it via GPG or x.509/SMIME, is still good in that case.
Can you give an example of an email provider or technology that’s doing GPG or SMIME at the gateway? I’ve never seen that configuration and it doesn’t seem like it would make sense.
Either it’s just theatre, encrypting emails internally and then stripping it when they’re delivered, or you still need every recipient to be managing their own keys anyways to be able to decrypt/validate what they’re reading.
I will not name it, but I worked on such product for some time. In fact it is still being sold, maybe 3rd decade already.
> you still need every recipient to be managing their own keys anyways to be able to decrypt/validate what they’re reading.
Nope, that is handled at the gateway on the receiving side.
edit: Again, the major point here is to ensure no plain text email gets relayed. TLS does not guarantee that plain text email doesn't get relayed by a wrongly configured relay on its route.
There's like one or two use cases where encrypting email could work. The best case I've come across--Bugzilla has the ability to let the user upload a public key to encrypt emails for updates to non-public bugs. It's not a big use case--pretty much the intersection of "must use email" and "can establish identity out of band," which does not describe most communication that uses email. (As tptacek notes in a sibling comment, you pretty much have to limit this to one-and-done stuff too, not anything that's going to be in an ongoing discussion, because leaks via unencrypted replies are basically guaranteed).
Even my doctor's office and local government agencies support PGP encrypted emails, and refuse to send personal data via unencrypted email, but tech nerds still claim no one can use it?
I'm yet to finish watching the talk, but it starts with them confirming the demo fraudulent .iso with sequoia also (they call it out by name), so this really makes me think. :)
Sequioa hasn't fixed the attack from the beginning of the talk, the one where they convert between cleartext and full signature formats and inject unsigned bytes into the output because of the confusion.
The latest version of a bad standard is still bad.
This page is a pretty direct indicator that GPG's foundation is fundamentally broken: you're not going to get to a good outcome trying to renovate the 2nd story.
There are people who use GPG for more than that. Those that are fine with just those two features, sure. Heck, you can encrypt with "openssh", no need for age. :D I have a bash function for encryption and decryption!
> Plot twist; here was never a gAMA chunk to begin with!
But I do see a gAMA chunk in the file?
> 00 00 00 04 67 41 4d 41 00 03 5b 5e 5c ff 26 78
Which decodes to a value of 2.19998. Conversely, I don't see any bundled ICC profiles (iCCP chunks).
Mind you, I am able to reproduce the different colors, so something is indeed wrong. Chrome (Windows) and the Photos app (MS Store) both present it as a washed out, ghostly image (I wouldn't describe it as foggy, as that to me suggests a blur as well, but alas). In contrast, when I open it in MS Paint (the modern, MS Store app version), I do get saturated colors.
UPDATE:
The gAMA chunk not only exists, its value is wrong! That's the author's issue. Either they authored the image incorrectly, or their authoring software is getting it wrong.
> Aha! Surely this is a gamma correction issue. Chrome must be applying gamma math differently than desktop apps.
And so the author was actually correct here, just the wrong way around. The actual gAMA value stored in the picture is ~2.2, while 0.45455 would be the correct value for a typical sRGB gAMA chunk (1÷2.2). Gamma is 1÷display_exponent, and so the usual "~2.2 gamma" you hear is actually that display_exponent in this context; see: https://www.w3.org/TR/2003/REC-PNG-20031110/#12Encoder-gamma...
After hex editing the gAMA chunk to actually feature the "default" 0.45455 instead, the image now renders correctly everywhere for me.
For those looking to repro, these are the bytes I substituted in:
> 00 00 00 04 67 41 4D 41 00 00 B1 8F 0B FC 61 05
The actual difference then is that apparently some apps simply ignore this chunk and just force 0.45455 anyways.
Right, I guess that's our full story then. I further found some quibbles about that chunk being historically fraught specifically, so many decoders would intentionally ignore it under specific circumstances. I guess this file met the criteria.
gAMA dates back to the days when hardly anyone had a clue about color primaries and colorspaces, let alone commonly tried to synchronize them across displays. It's explicitly ignored by everyone if the file uses any more modern method of signaling colorspace information, so really OP needs actually to write a colorspace to the file (cICP, iCCP, even an sRGB chunk) instead of merely claiming on their blog they wrote a colorspace.
“He just hates GenAI so everything is virtue signaling/a cudgel” is not an assessment. It’s simply dismissing him outright. If they were talking about the merits, they would actually debate whether or not the environmental concerns and such are valid. You can’t just say “you don’t like X so all critiques of X are not just wrong but also inauthentic by default.”
The part where they specifically address Pike's "argument" [0] is where they express that in their view, the energy use issue is a data center problem, not a generative AI one:
> nothing he complains about is specific to GenAI
(see also all their other scattered gesturings towards Google and their already existing data centers)
A lot can be said about this take, but claiming that it doesn't directly and specifically address Pike's "argument", I simply don't think is true.
I generally find that when (hyper?)focusing on fallacies and tropes, it's easy to lose sight of what the other person is actually trying to say. Just because people aren't debating in a quality manner, doesn't mean they don't have any points in there, even if those points are ultimately unsound or disagreeable.
Let's not mistake form for function. People aren't wrong because they get their debating wrong. They're wrong because they're wrong.
[0] in quotes, because I read a rant up there, not an argument - though I'm sure if we zoom way in, the lines blur
Tough crowd over here. Cultural bankruptcy speedrun much?
reply