HackerTrans
トップ新着トレンドコメント過去質問紹介求人

dogman144

no profile record

コメント

dogman144
·7 か月前·議論
I’ve been in security for a while and I increasingly think understanding what the future looks like under this threat model is about the only security research that really matters fully above the rest (many topics also very important in their own ways).

The state change is just so significant and so under discussed because you learn about it via making an effort in a cybersec career, hitting conferences very years, eventually lucking out with who you met for a beer, and so on.

So how do policy leaders trying to understand this stand a chance at understanding it? How do local PD chiefs understand what they’re bringing in, who I really do believe deserve the benefit of the doubt wrt positive intentions?

There is really no counter-voice to an incredibly capable nationwide surveillance network that’s been around for at least 10-15 years. The EFF doesn’t really count because the EFF complains about these things, SEN Wyden writes a memo, and that seems to be the accepted scope of the work..

Just like man… the bill of rights… it’s a thing! Insane technology.
dogman144
·7 か月前·議論
Was fortunate to talk to a security lead who built the data-driven policing network for a major American city that was an early adopter. ALPR vendors like Flock either heavily augment and/or anchor the tech setups.

What was notable to me is the following, and it’s why I think a career spent on either security researching, or going to law school and suing, these vendors into the ground over 20 years would be the ultimate act of civil service:

1. It’s not just Flock cams. It’s the data eng into these networks - 18 wheeler feed cams, flock cams, retail user nest cams, traffic cams, ISP data sales

2. All in one hub, all searchable by your local PD and also the local PD across state lines who doesn’t like your abortion/marijuana/gun/whatever laws, and relying on:

3. The PD to setup and maintain proper RBAC in a nationwide surveillance network that is 100%, for sure, no doubt about it (wait how did that Texas cop track the abortion into Indiana/Illinois…?), configured for least privilege.

4. Or if the PD doesn’t want flock in town, they reinstall cameras against the ruling (Illinois iirc?) or just say “we have the feeds for the DoT cameras in/out of town and the truckers through town so might as well have control over it, PD!”

Layer the above with the current trend in the US, and 2025 model Nissan uploading stop-by-stop geolocation and telematics to cloud (then, sold into flock? Does even knowing for sure if it does or doesn’t even matter?)

Very bad line of companies. Again all is from primary sources who helped implement it over the years. If you spend enough time at cybersecurity conferences you’ll meet people with these jobs.
dogman144
·7 か月前·議論
Understanding crypto from this type of international context focused on these sorts of issues is where it indisputably makes much sense and is seeing indisputable adoption. Low and slow but end of the day to a very large and growing problem, bitcoin+ adoption or a mass civics readjustment in the US are the solutions. Which is more likely?

So it’s an inefficient tech with a mess of problems and uneven adoption but if you want to send $1-$1mm anywhere in the globe you can. That’s very powerful tech and the implications are about as important as anything else from cryptography hitting public adoption. And all of those have been consequential.. see 30 year fight about e2ee.
dogman144
·7 か月前·議論
If you work in cybersecurity, I’d table many views in this thread and just understand it’s the place to be to cut your teeth in fairly hard security problems and make money along the way. If 1980’s security culture seemed cool with a new BoF everyday and Bill Gates himself calling you a bad word for doing it, and toss in advanced threat actors, a sec career in crypto isn’t too far off of that. Of course company by company variations apply and the above could include explaining EDR to small teams with absurds amounts of funds tied to a private key in a .txt.

That said, much of the feedback in this thread applies to working in it imo, as the other side of keeping these companies and their treasuries not hacked and capitalized is it exposes you to a lot.

That said, I’ve done big tech too, and the nonsense in crypto just has a couple less rungs of management insulation than the rest of tech. The rest of tech lives with the consequences of asinine decisions over 4-5x quarters and in crypto you live with it month to month. Pick your poison on preferred version of nonsensical tech instability.

There’s a twitter comment that covers what I’ve come to think - natural state of crypto is just a more direct instantiation of what’s going on everywhere else, crypto just doesn’t hide it (sort of). Hard not to believe that with tech selling “trade in your IRA!” as if that’s not offering a beer to my 20 yr sober Uncle Bob, in terms of products that are cancerous for “the people.” So I see nothing in crypto that’s not reflected everywhere in tech and civics right now.

The crypto tech or integrations to pay attention to - btc, atomic swaps cross-chain, trading firms, whatever finserv is testing for payment and settlement infra. All of these have deep building, are functional and funded. Wouldn’t bet against it over a career.
dogman144
·7 か月前·議論
“ The usual Monsanto claim involves patent infringement by intentionally replanting patented seed”

https://en.wikipedia.org/wiki/Monsanto_legal_cases

Edit - Can’t reply again looks like but to the response below, yes many view this approach as effectively leading to enforcing what you state. Which is why it is so horribly underhanded to me, and seeing supporting narratives in hackernews was striking.
dogman144
·7 か月前·議論
Good question
dogman144
·7 か月前·議論
https://en.wikipedia.org/wiki/Bowman_v._Monsanto_Co.
dogman144
·7 か月前·議論
Universally adopted in part by very well known strong arm business practices from Big Ag vs farmers. This is a bad faith framing imo. Source - live in ag country
dogman144
·7 か月前·議論
Haha very important disclaimer there, because reading your post sounds a lot like a person who works for big ag.

The other reason these laws exist is a long history by Big Ag (Monsanto, Cargill) doing the following, and has been done in the states for a while:

1) gmo/patented seeds in field on the left, community non-big ag seeds on the right field.

2) Cross-pollination occurs because we’re talking crops. Variations on this.

3) Monsanto sues Farmer John and Jane into the ground next season for stealing tech via the crops he’s growing.

Add in a little bit of fear (encryption backdoors for the children, laws to prevent dangerous counterfeit seeds!), and you have monopoly on farming run by big corps.

Also, US corps have a long history of POC’ing underhanded approaches in Africa.

What could be going on here!?

Edit - Man, rereading, “forced to plant [dangerous] saved seeds,” guess it’s Big Ag + tech startups now pushing this. Maybe… those farmers just want to control their “IP” (saved seeds) so they don’t have to buy them from a cartel of seed providers? This is such a well known problem in the states, is this marketing really working in Africa?

Final edit on the soapbox - other reason why this matters is genetic diversity. Crop blight is a thing. There is no way the natural “herd immunity” of a basket of seed variants in a community is outstripped in effectiveness by a growing monoculture of owned hybrid seeds that stay in front of the blights each season. Coffee rust already jumped the Atlantic from Africa to SA. Often feels like I’ve read this sci-fi novel already (there is a good one - Windup Girl).
dogman144
·7 か月前·議論
Not a great post, I’d not follow it if interested in leading teams long term.

A Self-admitted self taught manager learns the good parts about servant leadership via self-learning (nice!) but figures that is all there is instead of - “this is interesting, this seems to work but have gaps, what is there to this?”

If the author did that, they’d discover a massive body of knowledge to include the specific problem they point out - you solve problems for your team, how do they start to solve their own problems?

Servant leadership works if paired with the following, tuned to the capabilities and maturities of the specific employee:

- servant leadership: resource your team, umbrella your team, let the smart people you hired do smart things, or turn so so employees into great ones by resourcing them to learn, getting them mentorship, and “sun is strong than cold wind” sort of thinking.

- Left/right limits and target outcome: consistently inform your team their duty, in exchange for all the above manager work that’s way past the least-effort bar, is to get comfortable solving problems within the bounds of what the solution does and does not need to look like. Force this issue always, and they start solving their own problems at growing speed, and you have a QA check as a manager via documenting those boundaries per project etc

- train your replacement: part serving your team is reaching there’s probably another sociopath on it who wants to lead teams, wants raw power, and so on. Enable that! Teach them how to lead teams in the above fashion. They’ll realize it works. You’ll train someone who can take over the remaining problem solving. This won’t hurt your own job either.

Put it all together you’ll get very loyal productive teams of employees who’ll respect you outside of work in your industry where it matters for networking purposes, and you can live with yourself after the laptop closes as you know you’re treating your fellow man/woman the right way while surving in crazy corporate environments.

In short, bad advice in that article. There’s a whole corpus to leadership beyond what the author figured out in the side and describes here ha.

Edit - ironically the author then argues for arguably similar as the above, but claims it’s something else of their own invention. Engineers should really grok how there are existing bodies of very useful knowledge for all the things that seem easily dismissible as gaps or weak points from tho social sciences. It’d save them a lot of time.
dogman144
·7 か月前·議論
What am I missing? Risk acceptance is what you’re referring to - risk creation and reward creation.

Sec lead might have a pretty darn clear idea of an out of whack creation of risk v reward. CEO disagrees. Risk accept and move on.

When you’re technical and eventually realize there’s a business to survive behind the tech skills, this is the stuff you learn how to do.

People “will know” as you say because it’s all documented and professionally escalated.
dogman144
·7 か月前·議論
Servant leadership works just fine in business (as in a competitive non-church environment) as long you’re aware you you’re serving and who you’re working peer to peer with/against/whatever.

Another term for it somewhat is being a “players coach.”

End state is you will build loyal as heck teams with it, and if you want to take a very cynical business mindset, it produces with the least pain and suffering three very impotent outcomes - your team will produce output, they won’t hate you along the way, and your team will write you (well earned) manager perf reviews. A manager who has a loyal as heck team up and down the stack builds unique odds of corporate survival.

All it takes is a little EQ.
dogman144
·7 か月前·議論
Assuming a 101 security program past the quality bar, there are a number of reason why this can still happen at companies.

Summarized as - security is about risk acceptance, not removal. There’s massive business pressure to risk accept AI. Risk acceptance usually means some sort of supplemental control that’s not the ideal but manages. There are very little of these with AI tools however - small vendors, they’re not really service accounts but IMO best way to monitor them probably is that, integrations are easy, eng companies hate devs losing admin of some kind but if you have that random AI on endpoints becomes very likely.

I’m ignoring a lot of nuance but solid sec program blown open by LLM vendors is going to be common, let alone bad sec programs. Many sec teams I think are just waiting for the other shoe to drop for some evidentiary support while managing heavy pressure to go full bore AI integration until then.
dogman144
·7 か月前·議論
Manipulating this for creative accounting seems to be the root of Michael Burry’s argument, although I’m not fluent enough in his figures to map here. But, commenting that it interesting to see IBM argue a similar case (somewhat), or comments ITT hitting the same known facts, in light of Nvidia’s counterpoints to him.
dogman144
·8 か月前·議論
Why is that the problem for above the legal speed limit drivers?

A slow fleet of Waymo’s will impact your average 5-10 over same as your 20 over, and that’ll collectively impact traffic.

The implicit assumption you and many other in tech share is humans must adapt to the tech protocol, and not the other way around.

After 20 years of growing negative externalities from this general approach, which I see baked into your comment - are we seriously about to let this occur all over again with a new version of tech?

Fool me once, fool me twice… I think we’re at fool me 10 times and do it again in terms of civic trust of tech in its spaces.
dogman144
·8 か月前·議論
Already happening depending on if you live downwind of the dried up parts.
dogman144
·8 か月前·議論
Terraforming the area, so to speak, caused it to be how it is today.
dogman144
·8 か月前·議論
Cadillac Desert, Marc Reisner, worth a read!

Salton sea features heavily, and you’ll learn the whole American West is on as fragile a water setup with similar health, civil and economic problems to follow as what this Salton sea example, but imagine it applying LA-wide, central Oregon-wide, Salt Lake valley-wide.

Water issues out west will be a major issue of USA’s next 70 years. Very scary stuff.
dogman144
·8 か月前·議論
I think a lot of tech needs to go through that struggle.

From the perspective of a long career in infosec, what’s occurring now was enabled a longtime ago by broad-based industry consensus. Concerns then, which == awful stuff occurring now, were robustly dismissed by many many many devs with s/strong viewpoints/paychecks.

The only silver lining I can see is we’re taking our medicine now, but there’s a lot more to go through still, on the back of many significant tech capabilities.

For example, Flock was kept out of many cities, but Amazon was not, Flock just signed a data sharing deal with Ring. That’s a no-nonsense, nationwide, warrantless vehicular and pedestrian tracking network mechanism.

Not great, Bob! But RSUs for building it all sure was great.
dogman144
·9 か月前·議論
Reads like they’re doing one of several way to get mobile device IDs, and then x-ref those against anon’d adtech datasets that anchor on the mobile ID.

If your device privacy is a mess, mobile ID links you to all the good and bad things you do on a phone.

Had no idea this was part of the tool options, but backbone cell network makes sense.

Other TTPs I’d read about was variations on geo-fenced adserving to phish a mobile ID basically via user interaction or scroll past the ad. Small enough geofence and do it a few times, one could safely figure out the user being the ID. Googling “RTB surveillance” or “DSP surveillance” are ways into the topic.

Scary stuff! Pair that with this tech has been working for years, and is international. Frames a bit differently every action by a public figure - also at risk via the same threat model.

Also long have wondered what data analysis like this is done on technical forums… ran by a VC firm… with a lot of insider context (product market fit?) in the comments.