I made a very small change to this web page. See if you can spot it. I just made it a bit clearer.

I somehow don't think this person has read my blog. If you think that my blog on has something to do with homeowners insurance, that's ridiculous.

@natecull @htimsxela @thamesynne

So this is an interesting point: "potential energy". Like what is held in an unlit stick of dynamite. That's what your security information is. And some stockpiles of information are like the giant pile of fertilizer in a warehouse in Beirut. But do we tighten the regulations on how you manage and store fertilizer? Or do we ban fertilizer as a substance because it contains too much potential energy?

@natecull that’s funny. But I was one of those “smart money” consultants. The conversation was never “Don’t worry about nation states attacking your supply chain, it won’t happen.” The conversation was “you know how none of your apps use MFA? Spend time and money solving that before you address nation states in your supply chain.”

Between eyeglasses, conference call headset, and occasional COVID masks, it feels like my ears are as much a handle for my face as they are a way to hear things.

@natecull sure. But the question is to what extent all of us should be governed by the fears of the most fearful or least fearful. Ethics, philosophy, moral study: these things exist. There is no need to start from first principles. Things like GDPR, which grant rights over data are a good start. Again: granting enforceable rights to humans that cause humans to act. Not governing “data” or information. That’s the path to book burning.

@thamesynne @natecull We don't want the locus of responsibility to lie with an inanimate concept ("data", "information", "knowledge"). That leads to regulating those concepts. We should centre the locus of responsibility on the human agent. Think of everyone who knows things and doesn't act in a bad way. That's the whole backdrop that makes irresponsible bad actors stand out. People act. We judge them on their actions. We can't judge people on their access to data.

@natecull I just want to be pedantic on one point: every example you gave was an action: revealing knowledge. In a particular context with a specific purpose. That act might constitute "violence" in some way. But it wasn't the knowledge that was the threat. It was the act. People owning guns are different from people pointing them. People knowing things are different from people acting in certain ways with their knowledge. Ethics is the framework by which we judge the acts, not the knowledge.

@natecull I can't tell how serious you are. Is information a kind of "violence"? No. Knowledge is power. Is power violence? No. Is power a threat? Sure. With great knowledge comes great responsibility.

@msh I'm sympathetic to some of these blacklists, but others are a bit ridiculous. I ran on an AWS EC2 instance for a few years, and it's IP came from a /8 allocated to Amazon. So some blacklists, if they get anything in that entire /8 that looks spammy, will look up the netblock and mark everything spammy. Their excuse is "Amazon should police it better." Sigh.

@msh Yeah, me too. I registered paco.to in 1995 and have run email on it since then. Not only do we have the hamster-wheel of DKIM, SPF, DMARC, etc. We also have individual providers (e.g., AT&T, AOL/Yahoo, Verizon) just deciding to put my IP on some mysterious blacklist, with an opaque/slow process to get them to fix it.

I've been running iRedMail for my mail server for a while. Running your own mail server is a lot of work, if you do it right. But I think iRedMail makes it about as easy (and free) as possible.

Can we just admit that "special gift guide" is little more than advertisements elbowing out the content that I pay a subscription for? And it's either paid advertisements that are masquerading as spontaneous "news" about products for me to buy, or it's unpaid advertisements. And we don't free adverts that in an online world already overrun with adverts.

I'm amused that my blog post "Cosmic Rays Did Not Change Election Results" got a lot of hits in November 2020. :) blog.paco.to/2017/cosmic-rays-

I think this is a dumb take on passwords. There's the flip side: if you're intimate (or married) and everything is going well, you might NEED that access. And lots of companies don't LET you have 2 logins (e.g., telephone, power, insurance). And even if they did, it wouldn't protect you from a bad partner. It's just not well thought out.


@TheGibson @docskrzyk sure. Stuff goes wrong. I’m not bothered by people being mad at the outage. Heck, they can poke fun if they want to. But I roll my eyes when people who can do little more than spell AWS write one more article proclaiming what a terrible idea “other people’s computers” are. CloudFlare, Level3, all sorts of major providers have outages. Dodging the big ones means coping with zillions of little ones instead. Six of one, half dozen of the other.

@docskrzyk @TheGibson in the long ago time of 10 days ago, they published and article about an outage 3 years ago? It’s written by someone who barely understands cloud computing (or if they do, they put very little of that understanding into the article)

Show older

General purpose mastodon instance