papasquat's recent activity
-
Comment on How to turn anything into a router in ~comp
-
Comment on "CEO said a thing!" journalism in ~tech
papasquat Link ParentSure, but this is sort of a "broken clock is right twice a day" situation. Most of the things Musk and Trump say will happen, do not happen. The fact that every so often, what they say will happen...Sure, but this is sort of a "broken clock is right twice a day" situation. Most of the things Musk and Trump say will happen, do not happen. The fact that every so often, what they say will happen does happen doesn't suddenly mean everything they say is news.
Given their track record, we'd be better off regularly reporting on the result of a coin flip.
-
Comment on Haliey Welch interview (Hawk Tuah) by Channel 5 in ~life
papasquat Link ParentI had a similar opinion a while ago, because I used to really like all gas no brakes. I looked into it further because I didn't really want to feel so conflicted about him. My conclusion was that...I had a similar opinion a while ago, because I used to really like all gas no brakes. I looked into it further because I didn't really want to feel so conflicted about him. My conclusion was that it looks really bad for him, and he almost certainly raped at least one woman, and had a long pattern of behavior that really rode the line of consent. I don't have time to dig it all back up right now but if I remember, I'll edit this comment.
-
Comment on "CEO said a thing!" journalism in ~tech
papasquat Link ParentIt's not really news. It's advertising. "CEO said a thing" is not something that actually happened, or will actually happen. It's press, released by the company. No different than the article...It's not really news. It's advertising. "CEO said a thing" is not something that actually happened, or will actually happen. It's press, released by the company. No different than the article "Breaking: Coca-Cola is refreshing on a hot day, according to The Coca-Cola Company".
If you want to make it news, you need to do some actual analysis of what the statement likely means.
-
Comment on Air Canada CEO will retire this year after his English-only crash message was criticized in ~transport
papasquat Link ParentThis is kinda crazy to me, but I admittedly don't have the cultural background, since I'm American. For most of our far saner history than the current administration, the US had no official...This is kinda crazy to me, but I admittedly don't have the cultural background, since I'm American.
For most of our far saner history than the current administration, the US had no official language, but we're a defacto bilingual nation as well; 19% of Americans speak spanish (not too far off from the proportion of Canadian French speakers, and way more in absolute terms). The idea of the CEO of a company being fired for not speaking Spanish is so wild of an idea to me.
I guess that may have something to do with the fact that Spanish language use in the US is growing, not shrinking, and maybe some racism thrown in.
I'm curious, do you think it would be a similar situation if it was the inverse? That is, if there were a CEO that only spoke French, would people ask for his resignation?
-
Comment on Haliey Welch interview (Hawk Tuah) by Channel 5 in ~life
papasquat Link ParentHonestly, I never had anything against Hailey Welch. I think she's totally fine as a person, and her crypto scam very obviously seems like something she signed up to do without fully understanding...Honestly, I never had anything against Hailey Welch. I think she's totally fine as a person, and her crypto scam very obviously seems like something she signed up to do without fully understanding the implications. She's about a thousand times better than many of the other influencers that are more successful than her who continually and intentionally use their audience as flocks of sheep to be harvested.
I didn't, and probably won't watch the interview because I can't really do Andrew Callahaghan anymore, but it feels really weird for him to do sit down, critical interviews with controversial figures. Usually someone who does that sort of thing has to have a positive or at least neutral moral standing to pull it off well, since you're effectively casting judgement on someone for something they did wrong.
The whole thing doesn't really work for me because yeah, Hailey did scam a lot of people out of their money on behalf of some people who scammed her too, but like... Andrew's a rapist.
-
Comment on Scientists uncovered the nutrients bees were missing -- colonies surged fifteen-fold in ~science
papasquat Link ParentCurious as to why you think it's related to the economic system. Like, if we lived in a socialist country, people would continue to need to grow crops, and the most efficient least labor intensive...Curious as to why you think it's related to the economic system.
Like, if we lived in a socialist country, people would continue to need to grow crops, and the most efficient least labor intensive way to pollinate them would still be to do that beehive shuffle.
Its done that way right now because it's more profitable, but that's just a translation for "least labor intensive" in a market economy.
How would a different system of governance/economy change that? -
Comment on I think Tildes moderators and admins may need to make a decision regarding how to handle Harry Potter related posts in ~tildes
papasquat Link ParentI mean if you want a more apt comparison, we could ask if we want this to be a safe space to discuss Kanye West's music without bringing up the things he's said publically. I would say no, most...I mean if you want a more apt comparison, we could ask if we want this to be a safe space to discuss Kanye West's music without bringing up the things he's said publically.
I would say no, most people on this site probably do not want that. Is it possible to discuss Kanye's music without touching on the terrible person he's become? Yeah it's possible. It's probably not a good idea or desirable in any way to do that though, even if you like his music.
-
Comment on Welcome to a multidimensional economic disaster - the AI boom wasn’t built for the polycrisis (gifted lnk) in ~tech
papasquat LinkThe frustrating thing about this situation we're all in is that after the inevitable crash happens, and we face pain that makes 2008 seem like a mild annoyance, mountains of think pieces,...The frustrating thing about this situation we're all in is that after the inevitable crash happens, and we face pain that makes 2008 seem like a mild annoyance, mountains of think pieces, newscasts, movies, and other media will come out with the main thesis of "HOW COULD WE NOT SEE THIS COMING???".
It was as plain as day two years ago that basing the entire economy on a single industry that is totally untested and not actually profitable anywhere was a bad idea. Doubly so when it relies on goods manufactured by literally a single small island nation that has thousands of Chinese nukes pointed at it.
People have been warning about this till they've turned blue and people in power have done literally NOTHING about it. They've done worse than nothing. They actively encourage more and more pigeonholing into the AI wagon, and the overall risk mitigation strategy is basically just cross your fingers and hope for the best.
Normal people should be outraged and frustrated that we've let the world come to the precipice in this way just to make a couple of hundred people richer than God.
-
Comment on How China forgot Karl Marx: The Chinese economy runs on labor exploitation (gifted link) in ~society
papasquat Link ParentYeah I think that's something that's often missed in critiques of capitalism. Income inequality is often treated like the mother of all statistics and proof of extreme exploitation, and maybe in...Yeah I think that's something that's often missed in critiques of capitalism.
Income inequality is often treated like the mother of all statistics and proof of extreme exploitation, and maybe in some ways it is. Shouldn't the actual thing we're trying to optimize for be general human well being though?
Like, is a society where the rulers live in golden floating places, but everyone else lives in huge, comfortable homes without any medical issues, economic anxiety or crime worse in any way to a society where everyone is dirt poor and starving?
The thing I care about is if rich people are making life horrible for poor people. I don't really care about the fact that rich people are richer than everyone else in isolation.
I think a lot of people get hung up on an abstract idea of fairness versus overall general well-being.
-
Comment on Interesting material types for fantasy resources/macguffins other than crystals or metals? in ~creative
papasquat LinkI think it's neat when the super powerful crazy object is just a sliver or refuse of some unimaginably powerful entity. Like the tear of some long dead god from hundreds of thousands of years ago...I think it's neat when the super powerful crazy object is just a sliver or refuse of some unimaginably powerful entity. Like the tear of some long dead god from hundreds of thousands of years ago in a vial gives you insanely ridiculous powers if you wear it on your neck. Or the eyelash of some ancient dragon that lets you breathe fire or something.
It makes your imagine run wild about how crazy the world must have been back then if someone is running around destroying armies with a tiny discarded sliver of a being that existed long ago.
-
Comment on Android to debut "advanced flow" for sideloading unverified applications in ~tech
papasquat Link ParentEr... No. I don't use chatbots to make comments on the internetEr... No. I don't use chatbots to make comments on the internet
-
Comment on US regulator bans imports of new foreign-made routers, citing security concerns in ~tech
papasquat Link ParentI guess that depends on if the US market is lucrative enough that the small amount of purchases they'd get for replacing broken hardware is enough to justify continuing to support an old router...I guess that depends on if the US market is lucrative enough that the small amount of purchases they'd get for replacing broken hardware is enough to justify continuing to support an old router that no one in the rest of the world wants.
The only reason most people buy a new router is if the one that have broke, or if they want faster speeds/better wifi. If you cut off the possibility of the latter reason being a motivating factor, do enough people have broken routers to make it worth a company's time to keep manufacturing them and releasing security updates?
In reality, I think the most likely scenario is realistically that people continue to import foreign routers that aren't FCC certified after retailers figure out that the federal government is not staffed to enforce this. Either via blatantly just doing it, having some grey area loophole like rebranding some white label or shipping blank hardware that has an easy flash button or something, or via some sort of bribe to the president allowing them to get on the exception list.
Either way though, it's a really bad thing for consumer internet costs, security, and American competitiveness in the tech market. I also suspect it's just yet another grift by the Trump administration to enrich Trump and his family, like a good half of the federal policy decisions made nowadays.
-
Comment on US regulator bans imports of new foreign-made routers, citing security concerns in ~tech
papasquat Link ParentSure, but if this ruling stands, eventually, none of them will. If you find out your router is compromised, it's not like the average consumer would be able to go out and buy a new one that...Sure, but if this ruling stands, eventually, none of them will. If you find out your router is compromised, it's not like the average consumer would be able to go out and buy a new one that doesn't have unpatched vulnerabilities.
-
Comment on US regulator bans imports of new foreign-made routers, citing security concerns in ~tech
papasquat Link ParentThey will when the models that are currently approved stop receiving security updates.They will when the models that are currently approved stop receiving security updates.
-
Comment on Nvidia CEO declares AI could start, grow, and run a successful technology company worth more than a billion dollars—excerpt from Lex Fridman Podcast in ~tech
papasquat Link ParentWhat a ridiculous statement. If it's "now", then where are the billion dollar companies started by AI agents? If the technology is capable of it, the market should absolutely flooded with ai...What a ridiculous statement. If it's "now", then where are the billion dollar companies started by AI agents?
If the technology is capable of it, the market should absolutely flooded with ai companies. There's not even a single successful company started by an AI agent, let alone a billion dollar one.
-
Comment on Android to debut "advanced flow" for sideloading unverified applications in ~tech
papasquat Link ParentLots of ways. Accessibility services allowing screen scraping, file system access allowing apps to grab local files, OS vulnerabilities allowing sandbox escapes, keyboard access allowing input...How? Because apps are sandboxed on phones. If they escape the sandbox, it's an issue with the sandboxing and should be rectified promptly.
Lots of ways. Accessibility services allowing screen scraping, file system access allowing apps to grab local files, OS vulnerabilities allowing sandbox escapes, keyboard access allowing input recording and so on.
Side loading right now already requires disabling a security control that people are coached through. Having a check to confirm you're not being coached, requiring a device restart to force a hard reauthorization, and then forcing a wait period are all valid speed bumps that make the process more difficult to circumvent.
Will it stop all malicious sideloaded apps? Obviously no, but no security measure will, aside from the Apple style nuclear option of just completely disallowing third party application installs. They are fairly effective security measures against the specific thing they're trying to stop though.
-
Comment on US regulator bans imports of new foreign-made routers, citing security concerns in ~tech
papasquat Link ParentYes, as an American I'd agree with you. The US has amazing capabilities in hardware design and software development. We no longer have decent manufacturing capabilities though. I'd be very wary of...Yes, as an American I'd agree with you. The US has amazing capabilities in hardware design and software development. We no longer have decent manufacturing capabilities though. I'd be very wary of anything actually built in the US, especially electronic components manufactured en masse for a competitive price. We just have no realistic way to do that without putting out complete crap.
If this ban is something thats actually enforced, it's going to mean a lot consumers being totally priced out of the market, or a lot of new reliability issues that never existed before. (How often does your home router just straight up die to due a hardware failure now? Probably not often).
The thing that the trump admin doesn't seem to understand is that the biggest beneficiary of globalization, and by a long shot, is the US. If we had to manufacture everything domestically, Americans quality of life would plummet. We managed to have a strong global economy, and a ridiculously strong domestic economy because we allowed countries to specialize in what they could efficiently produce. China creates cheap high quality electronics. Germany produces reliable automobiles, Taiwan fabs advanced chips, the EU produces luxury goods and services, Japan produces high end machine parts, and so on. If everyone has to go back to producing everything themselves, we're all worse off, but the US suffers the most out of everyone. We've built our economy on extremely high end financial services, entertainment, and technology. When no one buys from us because we won't buy from them, we need to go back to building low margin manufactured goods. But I digress.
-
Comment on US regulator bans imports of new foreign-made routers, citing security concerns in ~tech
papasquat (edited )Link ParentShort answer, yes it does. I'll be honest with you though, much of it comes from executives or laymen who have no real cybersecurity experience, or especially threat modeling experience. I would...Short answer, yes it does. I'll be honest with you though, much of it comes from executives or laymen who have no real cybersecurity experience, or especially threat modeling experience.
I would say that the norm these days for most organizations is to assume China=bad. I can't think of a single US company nowadays that would be willing to run Huawei networking equipment, for instance.
The issue is that the entire IT hardware supply chain is Chinese. Outside of extremely expensive TAA compliant hardware (even then though in some cases) almost all of the base electronic components are either manufactured in China, or by Chinese companies operating elsewhere. High performance CPUs and GPUs are still fabbed in Taiwan, but your average IC or dimm module or transistor or whatever is going to come from China at some point.
In many cases the hardware is just straight up Chinese.People won't buy Huawei because it's on the covered list already and "sounds Chinese", but ZTE? Sure, go right ahead.
In sober, informed organizations where cybersecurity decisions are left to professionals, the situation is a little different. The risk is dependent on a few different variables.
One, is your organization a likely target of state level actors? I don't mean ransomware gangs that operate out of China; those types of actors wouldn't get access to the CCPs juicy vault of supply chain compromised hosts (if they exist). I mean does your company operate critical infrastructure like oil and gas production, nuclear fuel enrichment, power generation? Do they operate within the defense industrial base? Do they make up a major platform for financial transactions like banking or securities exchanges?
If not, you're probably not going to be targeted by Chinese state hackers. China has not interest in potentially blowing the lid off of very valuable vulnerabilities to learn what the burger of the month is at your fast food chain.
Two, exactly which components are manufactured in countries of concern? If the chassis is made with Chinese steel, but the ICs and SOC are coming from Taiwan, you're probably ok. Same goes for passive electronic components like diodes or resistors or capacitors. (Supply chain compromise is a thing still, but that has other mitigating controls and is a whole other conversation).
Third, where are the devices going to be deployed, and what's their use case?
A digital sign that's deployed in an isolated VLAN without internet access? Not a real concern worth considering in most places.
Your core router? Probably something to look into.
Fourth, and probably the biggest ones, are regulatory constraints. For many of these organizations, it's already just straight up illegal to use devices from certain manufacturers, or components built in certain countries. This is the biggest actual constraint, because it's no longer a matter of opinion or subjective risk analysis, it's a law that you'll be fined or go to jail if you violate.
So yes, it does come up, and it probably comes up more often than it should, in my opinion.
It's a concern in certain situations, yes, but not nearly as much of a concern as the random 10 year old "built in america" firewall that no one knows about anymore running 8 year old firmware that every organization seems to have somewhere in their production network.
-
Comment on US regulator bans imports of new foreign-made routers, citing security concerns in ~tech
papasquat LinkThis doesn't make any fucking sense. I have some expertise in this area, and I can say that the supporting information the administration is citing to justify this is nonsensical. There have been...This doesn't make any fucking sense. I have some expertise in this area, and I can say that the supporting information the administration is citing to justify this is nonsensical.
There have been major attacks linked to compromised routers used in botnets, yes. Actually quite a lot of them. The reason why is because routers inherently sit on the open internet, listening for traffic to forward to the local network.
The thing is, foreign routers are no more vulnerable than the theoretical American consumer router that doesn't exist.
Those routers are exploited because of security vulnerabilities; CVEs. The manufacturers aren't intentionally handing them over to botnet owners. That would make no sense; they'd be screwing their customers over for no reason.
Usually, a new vulnerability comes out, starts being exploited in the wild, manufacturers come out with a hotfix to address them and... no one applies it. Because who logs into their router to check for updates regularly? Some of them update themselves automatically, but not all of them.
The thing is US built routers would have the exact same problem. How do I know this? Because enterprise grade routers designed in the US and built to spec are compromised all the time.
If a US company can't design a $200,000 next gen firewall to never include exploitable CVEs, how in the hell could they do it on a $60 consumer grade router?
Secondly, we have the exact same problem with any device with a network interface. TVs, thermostats, hot water heaters, garage door openers, security cameras, audio assistants, hell, fucking refrigerators have IP addresses nowadays. They all can, and do get compromised and used in botnets.
If instead of randomly decided that routers are what needs to be banned simply because they're built somewhere else, the Trump administration hadn't completely gutted CISA (you know, the agency directly responsible to ensure this kind of stuff doesn't happen), we could get actual supply chain security while not completely fucking over a market and not jeopardizing internet access for millions of Americans. That would be rational and level headed though, and we don't do that sort of thing around here anymore.
I've gotta say, it's cool to know how to do all of this stuff manually, but for most people, this would be completely impractical. It's the whole reason why firewall/router distributions like pfsense exist.
You can install an ISO, and have all of these features instantly available with a great cli configuration system and web GUI to manage it.
There's no well in hell I'd ever manually install and configure each individual component of a router/firewall myself. It doesn't seem practical just about anywhere.