- Rest assured, he's also trying that route. That mastodon article links to parliamentary requests for clarification of aforementioned quote. In article 1425 he responds (google translate):
"We know that social media and encrypted services are unfortunately largely is used to facilitate many forms of crime. There are examples on how criminal gangs recruit completely through encrypted platforms young people to commit, among other things, serious crimes against persons. It is an expression of a cynicism that is almost completely incomprehensible.
We therefore need to look at how we can overcome this problem. Both in terms of what the services themselves do, but also what we from the authorities can do. It must not be the case that the criminals can hide behind encrypted services that authorities cannot access to."
[...]
"I also note that steps have been taken within the EU towards a strengthened regulation of, among other things, digital information services and social media platforms. For example, the European Commission has proposed a new Regulation on rules for preventing and combating sexual abuse of children."
[...]
"The government has a strong focus on eliminating digital violations – it applies especially when it comes to sexual abuse of children – and supports the proposed regulation, unlike the opposition."
- Asking somewhat obscure hard data (like a date) from a LLM is pretty much futile even without knowing anything about LLMs: They are smaller than all the factual knowledge in the world so a lot of it won't be there. If it answers, it's probably a hallucination.
The current offerings of OpenAI and Anthropic can be asked to support their claims by for example reaching out to the internet and citing reputable sources. That improves the answer quality for questions like this immensely and in any case they can be verified.
Also the question asked is spurious: It appears there never was a release date for this particular SKU given by Cisco. The whole series (Cisco 1000 Series Integrated Services Routers) was released on 06-OCT-2017.
https://www.cisco.com/c/en/us/support/routers/1000-series-in...
- That is kind of doubtful. The video clearly shows a small puff of smoke presumably above the ejection port when he fires the gun for the first time. The Welrod and its modern descendants have a bolt which is locked in position when the gun is fired and it has to be cycled manually. Thus no gas would escape the gun at the ejection port when the gun is fired.
It is more likely that this is a semi-automatic pistol which will not cycle properly for one reason or another and the shooter has to manually complete the cycle by racking the slide.
- Mentioned in the article, the Pure Food and Drug Act of 1906 has an interesting history. It came about due to the work of Harvey Washington Wiley who used healthy volunteers to test and document the effects of then used preservatives like borax and formaldehyde. The volunteers were called "The Poison Squad". There's a PBS documentary about them: https://www.dailymotion.com/video/x8jbub8
- > Turbo Pascal was in the running with assembly language for my favorite language to program the IBM PC in the 1980s.
Teaching myself programming as a kid in the late 80s I encountered the limits of BASIC and then Turbo BASIC pretty soon. Everyone I knew was dabbling in Turbo Pascal but for some reason I can't really recall I rented K&R at the local library and went for Turbo C. I got an incredible amount of mileage out of that decision.
Learning x86 assembly was par for the course back then. Everything was so slow and that was the way to get everything out of the machine. I even remember me going to some length dabbling with the timer for the CPU hogging DRAM refresh cycle to squeeze out the last few percent of CPU power that poor 8086 had. Basically moving away from the conservative settings towards a point where the DRAM was just not becoming "forgetful".
- That was in fact one of the promises of IPv6: Restore the network of peers where every host is in principle a server and a client and communication between peers is unhindered unless a policy is enforced saying otherwise (on the machine, on a firewall, etc.).
> having a public address is actually a security and privacy risk.
Services can be turned off or a firewall instructed not to pass traffic from the internet (by default). That represents exactly the same attack surface as having a service enabled and nobody being able to get to it from the internet because of NAT.
The privacy risk is mitigated by RFC4941 "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". Granted that does not deal with the (delegated) prefix staying the same and when there are only one or very few users in that prefix, some individual behavior could be inferred. Because of that at least in Germany we have the peculiar horror of getting the IPv6 address and all delegated prefixes changed on every redial. That eliminates all privacy concerns while also continuing to make residential internet connections useless for hosting any services.
Anyway. The internet is already way down the road of functioning only as the delivery conduit for a few cloud / service providers mediating all user communication and access to content.
- Weird that you have to do an extra step for IPv6. Other ISPs in Germany have enabled it for every customer at some point. Unless your router asks for IPv6 addresses, nothing really changes anyway. So maybe just enable IPv6 on your router and see what happens?
On a side note, there seem to be ways to get out of CGNAT when you got condemned to use it: It is sometimes an annoying source for client VPN instabilities and from what I heard, users can just ask to be switched over from DS-Lite to classic dual stack to improve application compatibility.
- > lack drive and take longer PTO and their work isn't really that adequate.
People sometimes come to realize important things when they mature. This may include insights like "there's a life happening outside work waiting to be lived". Or acquiring a better sense where it pays to spend time and energy for maximum effect and where it is wasted.
> Blaming interns or junior engineers for simple mistakes, which the senior which also should have seen.
Juniors making simple mistakes really doesn't rhyme with the rest of what you said. Are they
a) Brilliant people, able to replace seniors while being paid a pittance for working their ass off?
or
b) Actually inexperienced and still have to learn a lot until their output has the required quality?
> Not training interns or junior engineers to become senior and be given more responsibility
Any junior waiting to be taken by the hand and shown the path to greatness through careful and detailed tutoring by colleagues I can recommend only one thing: Learn to learn by yourself. Fast. Your colleagues are busy with their own work and tutoring you very often has very little bearing on their current goals, compensation or career prospects. It is thus one of these areas where they have learned not to spend much time and energy. (Though some people have strong altruistic tendencies and/or find it satisfying to mentor and teach, but that's an intrinsic motivation which is either there or it isn't. When you run into someone like that: Lucky you!)
On a more calculating note: As you have let on that you think juniors are viable replacements for senior while being cheaper, the seniors might not be very motivated to bring their replacements up to speed...
> we are all aware of the bus factor here
As an employee, that's generally not much of a concern.
> All the while where some really smart interns or junior engineers come out of prestigious institutions
I suggest you attempt to hire them. I wish you the best of luck!
> I am a senior engineering manager looking to take on interns.
Do it. It's going to be a valuable learning opportunity for everyone involved. Including you.
- > If I can't run FreeBSD on my machine, I won't runt it on my servers.
How does offering a laptop or desktop OS experience relate to being a great server OS?
Anyway, the last time I was using FreeBSD on a client was in the late 90s. I am still running FreeBSD servers. It never bothered me that running that particular OS on a laptop maybe could be a challenge. The FreeBSD project has limited resources in terms of money and developers and I'm quite content seeing that going towards building a great server OS.
Diverting people and money towards a better laptop support just means competing with Linux and I don't see FreeBSD bringing something really compelling to the table. At best it'll just do everything Linux already does.
- That there is no such mechanism can be explained pretty well with this extreme scenario:
- Browsers would come with the no tracking signal enabled by default (why wouldn't they?) so that tracking would become opt-in.
- Nobody chooses to be tracked.
- The whole industry built on tracking users collapses, namely advertisement
- Web sites who based their business model on advertisement go under
Because of this I bet that the industry is lobbying extremely hard for solutions that are maximally useless and inconvenient for the user. Unless the user "chooses" to be tracked of course.
In that vein, another proposal for stemming the flood of cookie consent banners comes from the German government and outlines a multi vendor strategy with very little technical guidance for centralized consent management systems:
https://www.heise.de/en/news/Consent-management-German-gover...
- Golden rice is a solution which works in a specific context by virtue of it being rice. People who will benefit from it already eat rice, know how to grow rice, how to store it and how to distribute it. When they could produce a fresh vegetable like lettuce and distribute it year round at a price that everyone can afford, they could very likely grow and distribute any vegetable. Particularly those which are already rich in beta carotene.
Hence my question: What problem does golden lettuce solve...
- I don't think that anyone from that community would ever stoop so low.
For years now Germany is having an issue with organized trolls who target live streamers with swatting. A live stream of the resulting police action appears to be the main motivation.
I cannot find anything in English about the phenomenon so here's an article from the German police union GdP: https://www.polizei-dein-partner.de/themen/internet-mobil/de...
- > Instead, trying to access a blocked website gets me a wrong/unsafe certificate warning followed by a Fortinet/Fortiguard blockpage when I click continue.
This is likely the Fortigate SSL/TLS deep inspection (<https://docs.fortinet.com/document/fortigate/7.6.0/best-prac...>). In short: The Fortigate conducts an organizationally sanctioned MITM attack on your web browsing. You would not get any warning if the public key of the certification authority on the Fortigate had been installed on your client. In corporate Windows environments this is usually done via group policies.
Some websites may appear not to be subjected to deep inspection if those websites were exempt from SSL/TLS deep inspection. They'd be using SNI or the CN / SAN contents of the certificate presented by the website to make a policy decision against an allow or deny list of sites.
Another possible scenario would be that you have the MITM CA installed but the block page your browser gets redirected to by the Fortigate was signed by another CA / self signed. But that would certainly be a misconfiguration on the Fortigate.
Anyway. Your web browser allows you to inspect the certificate and more crucially the certificate chain used to verify the validity of a certificate. Look at the root certificate when you suspect a connection to be inspected. If the name of the root CA isn't already giving it away, you should be able to verify that it is a benign public CA by googling for it.
Given the rest of your experience, I'm guessing the IT staff wants to increase control over what applications and sites can be used over the school network. It is rather easy to detect and block DoH and other possible filter evasions when you can decrypt all communication.
> Also I find it disconcerting that my school blocks hrw.org (i. e. human rights watch) which I believe sends a wrong message.
You can check how a site is categorized by the Fortigate here: https://www.fortiguard.com/webfilter
Currently https://www.hrw.org/ is categorized as "Advocacy Organizations" in the group "Adult / Mature Content". I'm going to guess the whole "Adult / Mature Content" group has been blocked and you found a striking example of over blocking.
Now... what can you do about it? The easiest and least troublesome solution would be to just ignore the nosy IT infrastructure and use the school computers and their network just for the work assigned to you. I'm guessing you have unfiltered access to the Internet off campus anyway. Or you could tether you device to your mobile phone and bypass all filtering that way.
Subverting the school's attempts to limit your access is certainly a possibility given sufficient tenacity to learn and a certain kind of creativity with a tendency to cause mischief. But I'll leave it to you to figure out the details. When your actions get you into trouble: You have asked for it. Act accordingly.
- If you just want to maintain or operate what's already there on a RHEL (clone): https://docs.redhat.com/en/documentation/red_hat_enterprise_...
If you want to dive deeper: "SELinux System Administration" by Sven Vermeulen.
- Because pretty much everyone on the internet tells you to disable SELinux instead of trying to understand it. I'm always rolling my eyes when I open some deployment instruction for RHEL (clones) and they have as step one: Disable SELinux.
Few will instead read the RHEL provided documentation. Then they could maybe figure out whether there's simply a tunable (getsebool -a) which would enable the desired behavior, or if properly labeling files (semanage fcontext / restorecon) would do it, or even take the steps to add to an existing policy to allow for a specific scenario which somehow was not implemented. Even adding your own policies "from scratch" is certainly doable and provides a great safety net especially for networked applications.
Anyway... we all know disabling security or not implementing it in the first place can really save you a lot of time. At least in the short run.
- As this particular issue of DNS blocking pertains to Germany: By law (EU Commission Directive 2008/63/EC and national law TKG § 73 Abs 1) the ISP must allow the free choice of routers and has to provide all access codes. So even if an ISP provided router would be uncooperative, there is always the choice of just not using it.
- While that is correct they could at any point in the last 15 years have implemented an API for security software which does not require to load executable code into kernel space. Kind of like Apple did: https://developer.apple.com/documentation/endpointsecurity
Then Microsoft would have proceeded to only use this documented user land API themselves for their own Defender product and thus have no undocumented API or access advantage over other security software. The EU ruling only cares about a level playing field and not about the implementation details.
- > Problem with climate discussions is that 99.9% of people don’t have any impact whatsoever
Individually certainly nobody has any appreciable impact. But seen as a collective, everyone's individual decisions add up to pretty much all of the impact.
> People who could make an impact won’t because it’s not in their personal interest
And this is true for everyone as long as the incentives are aligned as they are: It is cheaper, more convenient and generally allows for a more interesting lifestyle to pollute.
- I have very little experience with the threat model associated with the macOS keychain and how its promises are enforced. A cursory look into its features reveals an export/import function for elements (except passwords) secured in the keychain. An attacker could just export the keys then.
The next question would be, if the keychain just hands out the keys to the application to be used? How would it ever identity a program as being eligible to receive a certain key? An attacker could just ask the keychain for the key.
A user is commonly able to read the process memory of any process running under his account. An attacker could extract the keys from process memory. And so on and so forth.
So you are very likely again where you were before: An attacker being able to execute code in the context of a user can steal his data. The only thing that varies is how much work it is.
In theory Apple may have exposed a security processor akin to a smart card with which Signal could generate public/private key pairs where the private key resides in the hardware and cannot be extracted. It does not appear the MacOS key chain works that way.
- What is the threat model here?
When the device is stolen or lost it better protects data at rest with full disk encryption.
When the account operating Signal or the machine as a whole was taken over, the attacker can observe everything the user does and can do everything the user is entitled to do. When the data is accessible to the user, it will be accessible to the attacker and there's nothing anyone can do about it.
- > Some of this movement is funded by Germany Governement.
At first I thought you were joking, but of course you were absolutely right: https://www.howsolargotcheap.com/germany
The real issue for non-publication is the one he cites: "additional reflections in a more personal and light-hearted tone". This matches the general type of content in Zeit Magazin. They weren't looking for a scathing criticism of societal ills but some entertaining piece that goes well with the other easily digestible articles.
And as a German I have to say: He's bang on.