@mttaggart@infosec.town

mttaggart

@mttaggart@infosec.town

Displaced Philly boy. Threat hunter. Streamer. Educator. Dad. Captain in the fight against #llm insanity. #infosec, #programming #rust, #python, #haskell, and #webapp. #opensource advocate. Cofounder of https://infosec.exchange/@thetaggartinstitute. Made wtfbins.wtf. Not your bro. All opinions my own. #fedi24 #searchable

This profile is from a federated server and may be incomplete. Browse more on the original instance.

mttaggart, to random

This is either the most elaborate parody I've ever seen, or peak AI / VC nonsense: brainbridge.tech/

mttaggart,

@hrbrmstr I mean the video is fake but is the company?

mttaggart, to random

This story and timeline are just crazy. A 150-year institution is just folding basically without warning. 6abc.com/post/university-of-the-arts-philadelphia-closing-letter-accreditation-president-kerry-walk/14897571/

Viss, to random
@Viss@mastodon.social avatar

i would totally play the tabletop martok-voiced d&d game from lower decks.

mttaggart,

@Viss You know that's based on a real thing right

mttaggart,

@Viss In case not:

Except it was actually Gowron, but not as Gowron.

boardgamegeek.com/boardgame/5258/star-trek-the-next-generation-interactive-vcr-boar

www.youtube.com/watch?v=3_739DxrMOs

mttaggart, to random

Sci-fi sure loves an ancient race of circle-makers huh

mttaggart, to random

Rough week for the Goog. Couldn't have happened to a nicer company. www.theverge.com/2024/5/28/24166177/google-search-ranking-algorithm-leak-documents-link-seo

mttaggart, to random

Guess who broke the internet?

www.404media.co/google-says-ai-now-leading-disinformation-vector-and-is-severely-undercounting-the-problem/

mttaggart, to random

Once again the Verge totally misses the point on #Recall, as they dismiss the security and privacy concerns with "If someone has access to your computer, you're already screwed because your computer is already collecting all this."

Like...DFIR pros with full control over a system know how to get at most of what a constant stream of screenshots provides to attackers/abusers, but having a straight up database of images is a level of access I don't think they've thought through. And as I've said, many infostealers are already primed to pull these kinds of databases.

LinuxAndYarn, (edited ) to random
@LinuxAndYarn@mastodon.social avatar

#SamAsh is closing their stores nationwide. I only learned this today when heading past the one in King of Prussia. and I decided to buy myself a viola for $35. Now to figure out my neighbors' work and sleep schedules so I can figure out when I can try to learn to play this thing without driving them nuts.

(When I texted my wife to tell her I'd done this, I asked her not to buy a revolver, cf.
http://ireadashortstorytoday.com/richard-brautigan-the-scarlatti-tilt/ )

mttaggart,

@LinuxAndYarn I love every part of this, and then you topped it off with Brautigan. Thanks for making this place wonderful.

mttaggart, to random

I just got a TEXT MESSAGE from Google Gemini asking me to chat with it.

BLOCKED

mttaggart, to random

My wife tells me that she is observing conversations on X where regular, non-tech users are beginning to consider Linux because of Recall.

That's how bad an idea this is.

mttaggart, to random

Dang this is a long outage

mttaggart, to DuckDuckGo

Uh, is #DuckDuckGo broken for anyone else?

mttaggart,

They uh, appear to not have a status page.

mttaggart,

Okay so apparently Bing is down, Which also means Ecosia and a handful of other search engines that rely on that index will be down.

mttaggart, to random

Some more details on how works.

Config options: learn.microsoft.com/en-us/windows/client-management/manage-recall

Privacy: support.microsoft.com/en-us/windows/privacy-and-control-over-your-recall-experience-d404f672-7647-41e5-886c-a3c59680af15

mttaggart,

Snapshots are encrypted by Device Encryption or BitLocker, which are enabled by default on Windows 11. Recall doesn't share snapshots with other users that are signed into Windows on the same device. Microsoft can't access or view the snapshots.

Soooo just Bitlocker then? Like disk encryption? That means the snapshots aren't encrypted while the machine is up.

Anything with high enough permissions (like, say security tools) will have the ability to read these snapshots, if I'm reading this right.

mttaggart,

You might be tempted to read the Supported Browsers bit and think Firefox is invisible to Recall, but I don't think that's right. On the contrary, Firefox will show everything to it, and you can't filter anything out.

mttaggart,

Wait HOLD THE PHONE.

In two specific scenarios, Recall captures snapshots that include InPrivate windows, blocked apps, and blocked websites. If Recall gets launched, or the Now option is selected in Recall, then a snapshot is taken even when InPrivate windows, blocked apps, and blocked websites are displayed. However, Recall doesn't save these snapshots. If you choose to send the information from this snapshot to another app, a temp file is created in C:\Users[username]\AppData\Local\Temp to share the content. The temporary file is deleted once the content is transferred over the app you selected to use.

So if I write a piece of malware that kills Recall and relaunches it, the resulting screener will not be filtered at all? And I can just grab that temp file immediately?

mttaggart, to random

It is worth noting that the Recall feature is only going to work on newfangled PCs with that special NPU chip. So for now, a reasonable defense is to... not buy one of those laptops

mttaggart, to random

Listen.

It's not about whatever Microsoft is doing with these features today. Maybe it's apocalyptic, maybe it's not. But what we're seeing is next-level disregard for user choice about their OS. Yes, even for Microsoft, this is exceptional.

And in the constant pursuit of monetizing our data or extracting training sets, we must confront the question of what they will push on us next, without consent or reasonable recourse.

This is not an OS under owner control, and as such, should not be trusted for any purpose where data security is a concern.

I struggle to think of a use case where it isn't.

mttaggart, to random

I'd like to thank Microsoft for doing everything in its power to usher in the Year of the Linux Desktop.

mttaggart, to random

My new favorite hobby is to tell the middle/high schoolers I pass on walks that I had a pair of Jncos just like those, then watch their face warp into horror.

mttaggart, to random

Holy crap do not let LLMs write shell commands for you, and don't bake that functionality into your terminal!

iTerm2, what were you thinking?!

gitlab.com/gnachman/iterm2/-/issues/11470

  • All
  • Subscribed
  • Moderated
  • Favorites
  • megavids
  • khanakhh
  • rosin
  • ngwrru68w68
  • Youngstown
  • slotface
  • love
  • ethstaker
  • kavyap
  • everett
  • mdbf
  • InstantRegret
  • DreamBathrooms
  • magazineikmin
  • provamag3
  • tacticalgear
  • cubers
  • Durango
  • thenastyranch
  • cisconetworking
  • modclub
  • GTA5RPClips
  • Leos
  • tester
  • osvaldo12
  • normalnudes
  • anitta
  • JUstTest
  • All magazines
    •