The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.
Instead of hiring more staff, one of our departments started outsourcing some of their core operations to another company
this other company kinda sucks. not like horribly sucks. Just kinda The Medium Place, warm beer, Cannonball Run 2 sucks. Like the movie Wristcutters, cottage cheese and uncomfortable car sucks. Nothing fatal, just a million tiny mediocrities.
until today
today, we discovered something alarming about their internal cybersecurity practices. Like, "holy shit this violates so many rules" alarming. Like "you're doing what with our company secrets?" alarming. Like "what fucking planet are you on where you thought this was a good idea?" alarming
One of the multiple bad security practices I caught this company doing was exactly that: their own IT staff was giving out passwords to their users similar to "Passw0rd"
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
Sometimes you can go even further if it’s real top security stuff, and add a # to “passw0rd” at the end.
This is known as “hashing” a password.
bogart this is the kind of irresponsible attitudes towards data security we're taking about
any hacker could just come in here and learn these secrets!
Aioua on
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
Hm I watched the first couple episodes of steins;gate and I did not really get the appeal and stopped
That’s all I have to say about that really
It's not great, but it's a fun little time travel story. It has some very iffy bits and some well-done bits. It's the kind of show where the pace ramps up as it goes.
I recall not at all liking the character/role of the girl in it, at least at the beginning, but now I can’t recall why.
By the girl do you mean the scientist or the younger-sister-type-character.
Because both of them are pretty trope-y.
Though, I haven't finished it but I think there's a legitimate reading of the show where the younger-sister-type character has like a learning disability or is otherwise neuroatypical.
Also let's not touch upon how the trans character is ultimately treated....
I recall disliking the girl with the hat; this was probably 10 years ago but it was notable because it’s the only anime my ex ever suggested we watch rather than something I suggested. I don’t recall liking any of the women though.
The thing I recall liking about it were the guys in the nerd house.
Right, the girl with the hat is really spacey and childish and has the catch-phrase. As the show goes on and you get a sense for how protective of her the other characters are you also get a sense that it's perhaps because she isn't exactly all-there, for lack of a better way to put it.
I've worked at a lot of places where the corporate policies or handbook had verbiage similar to
"Health and safety in the workplace is everyone's responsibility."
For an immediate example, right now I have to follow specific COVID mitigation protocols when I go into one of my company's physical offices. If I were in the presence of my boss or an HR person, and I were to casually say "COVID isn't my responsibility" or even "I don't want responsibility for COVID prevention," I'd get a talking-to.
I also contribute to my company's cybersec policies and our mandatory all-hands cybersec trainings.
"Information security is everyone's responsibility" is a theme of our trainings, for a similar reason.
There are vastly different levels of that though. I'm expected to not click on phishing links. I'm not expected to secure servers
Yeah, when you say "infosec" I think of like institutional actions to increase security, which might mean things like have the data on servers in the institutions control. But like, that kind of shit isn't MY job. It's my job to not go around talking about my student's grades, but that doesn't strike me as anything other than an incredibly broad notion of "infosec" because it's not like I have to take any actions to not talk about grades. I have to comply with the policies of the people who do infosec, but I am not the one doing it.
So this idea that everyone does infosec seems born of someone where it IS there job and having a very liberal notion of what "infosec" refers to.
as for the idea of disease prevention there's nothing in my job description that makes me responsible for disease prevention. I think that if I were to start an outbreak at work it wouldn't be a failure as a teacher, it would be a failure as a fucking human being to not infect people. My job isn't disease mitigation, at least, my job re: what I get paid for. You could, euphemistically, say that it is my "job" as a human to consider the health of other people important and not expose them unnecessarily.
"The only way to get rid of a temptation is to give into it." - Oscar Wilde
"We believe in the people and their 'wisdom' as if there was some special secret entrance to knowledge that barred to anyone who had ever learned anything." - Friedrich Nietzsche
0
jungleroomxIt's never too many graves, it's always not enough shovelsRegistered Userregular
Sometimes you can go even further if it’s real top security stuff, and add a # to “passw0rd” at the end.
This is known as “hashing” a password.
Did you know that security companies talk sometimes about "peppering" a password? This is where you try and use letters like p and q and b and d because they look similar and it can be confusing. password already has a p and d, though, so it's pretty good.
as for the idea of disease prevention there's nothing in my job description that makes me responsible for disease prevention. I think that if I were to start an outbreak at work it wouldn't be a failure as a teacher, it would be a failure as a fucking human being to not infect people. My job isn't disease mitigation, at least, my job re: what I get paid for. You could, euphemistically, say that it is my "job" as a human to consider the health of other people important and not expose them unnecessarily.
You keep using the phrase "job description." Job descriptions are specific for the particular role, but they do not encompass all of the responsibilities placed on the employee. Employees often have responsibilities that aren't explicitly enumerated in their job descriptions, because those responsibilities are more broad than the specific job. If these responsibilities are explicitly enumerated, it's in the employer's employee handbook or code of conduct.
In other words, my job description does not say (or example) "report instances of sexual harassment to HR". That's not 'in my job description.' However, it is in my realm of responsibility, as enumerated in other company policies.
Feral on
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
the "no true scotch man" fallacy.
+2
ChanusHarbinger of the Spicy Rooster ApocalypseThe Flames of a Thousand Collapsed StarsRegistered User, Moderatormod
my thoughts on data security at this point is just keep an eye on your credit report. it was too late ten years ago
This is true.
But there are still certain types of data that haven't been completely blown wide open yet. For example: voice recordings of private conversations I've had in my living room.
So if somebody is going to give me a device that is voice-activated, with the voice interpretation system running in the cloud, such that it is going to transmit arbitrary recordings of my living room conversations up to the cloud where the software can decide whether I was talking to my Xbox or to my partner, I'm going to be very leery of what it transmits and what gets stored.
And, that the moment, I'm probably going to say, "Uh, no thank you," and put that device in a drawer and forget about it until I do one of my periodic e-waste purges.
Like right now, I have a free Google Echo, and it's still in the box, and the box is doing a very important job on the floor holding open a long window drapery.
oh, yeah, i just meant specifically like credit cards and social security numbers and stuff
also not to just be cavalier about it because of that. i still use 2FA where i can and change passwords regularly and stuff
i'm just not under any illusion my personal data isn't already stolen in that regard
the damage that can be done is still relatively limited if all you have is my social security number but not current access to my bank or email accounts
Sorry for lack of response I was texting with my friend for a bit
You’ve both misinterpreted what I mean by infosec—or maybe I am mis-using the word.
What I mean is, I do not want to be responsible for setting up the secure environment where we work with the data, or for de identifying the data/removing PII+PHI, or for doing any sort of access management or security training.
I want to get the data already deidentified and a set of instructions for how to deal with the data securely. I will, obviously, follow the instructions meticulously. I hold a clearance; I have worked with data where I would go to jail if I did not follow proper protocol. I have also worked with (currently work on) a lot of health and health adjacent data and have made sure that never leaves the server by my hands and that I don’t get phished or stay logged on etc. However, I don’t wish to be the person protecting the server from being hacked, because I don’t know how to do that!
Hopefully that makes sense.
credeiki
That's totally legit. And that makes sense.
I hope(?) I made it clear in the prior thread that I wasn't primarily concerned with what you, personally, meant. I wasn't trying to say "credeiki probably meant this" or "credeiki probably meant that" because I figured you'd be around to clarify your comments eventually.
More that there's a general attitude out there (*gestures hands wildly*) of "not my problem" when it comes to infosec & info confidentiality.
Yeah this is what I meant, but I am horrible at not invoking enough separation from the "royal you" when I do things and need to be better about it.
But I fundamentally disagree on the idea that, if anything, companies should be digging up more data when most can't handle what they already have.
Oh yeah I suppose to me the ‘should’ is not what I focus on, because I don’t control that at all nor do I sit on the admissions board to heaven to decide whether someone should get in or not based on their data harvesting practices. I’m instead saying, given how it is, this is a thing I might want to do.
I think:
-It’s almost certainly worse for consumers in the short term for most companies to be doing this kind of data harvesting
-it’s likely bad in the long term as well but who knows what cool future tech might pop up
-There are probably currently some companies or divisions within companies that do something useful/good with their data (e.g. tech development) and it’s also probably true that in the future there will be more companies that do good things from the data
-I like working with giant datasets about people so would likely gain some pleasure in doing some sort of analysis involving a lot of data about people
Steam, LoL: credeiki
0
amateurhourOne day I'll be professionalhourThe woods somewhere in TennesseeRegistered Userregular
that is the cutest sea bug ever
are YOU on the beer list?
0
ChanusHarbinger of the Spicy Rooster ApocalypseThe Flames of a Thousand Collapsed StarsRegistered User, Moderatormod
My neighbor texted my wife and I to let us know that she managed to call the local hospital and get scheduled for a vaccine
We're all young and healthy, so it was like, eh
My wife just called me HEY DID YOU SEE V'S MESSAGE I CALLED AND GOT AN APPOINTMENT
And I'm just like....shittttttt we talked about not trying to leapfrog in front of the line, but here we are, I guess!
we're rapidly approaching the point where anyone who wants to be vaccinated is going to be
i wouldn't worry about jumping the line at this point. scarcity isn't really the problem anymore. it's just it takes time and resources to get them to people
My neighbor texted my wife and I to let us know that she managed to call the local hospital and get scheduled for a vaccine
We're all young and healthy, so it was like, eh
My wife just called me HEY DID YOU SEE V'S MESSAGE I CALLED AND GOT AN APPOINTMENT
And I'm just like....shittttttt we talked about not trying to leapfrog in front of the line, but here we are, I guess!
we're rapidly approaching the point where anyone who wants to be vaccinated is going to be
i wouldn't worry about jumping the line at this point. scarcity isn't really the problem anymore. it's just it takes time and resources to get them to people
I like working with giant datasets about people so would likely gain some pleasure in doing some sort of analysis involving a lot of data about people
I often think about a conversation that @winky and I had, in person, in a bar, in San Francisco many years ago.
(Remember in person conversations in bars? What the fuck was that like?)
We were talking some really bluesky ideas about quantitative psychometrics, applying rigorous quantitative analysis to human psychology and human behavior.
My argument, because I'm a pessimist, is that I think it's possible but the problem was going to be getting enough good-quality data. I was thinking in terms of psych studies: like sending questionnaires to people, or doing observations of people 'in the wild' and then coding their behaviors, or therapist case studies, or other common psych study methods. These things don't really scale, and the data you get back isn't particularly consistent.
A few years later we discovered that there was a company who had cracked that problem. It was Facebook, the data was gleaned from social media, and they sold it to people who used it to influence a Presidential election.
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
the "no true scotch man" fallacy.
+7
SummaryJudgmentGrab the hottest iron you can find, stride in the Tower’s front doorRegistered Userregular
I got Scout to 25 during a lunch DRG session today after leading around a bunch of nincompoops through a Hazard 4 Elimination
I ran up to the promotion console all excited, finally---
Turns out there's a promotion assignment you need to complete once you're 25. MotherFFFFFF
0
amateurhourOne day I'll be professionalhourThe woods somewhere in TennesseeRegistered Userregular
My neighbor texted my wife and I to let us know that she managed to call the local hospital and get scheduled for a vaccine
We're all young and healthy, so it was like, eh
My wife just called me HEY DID YOU SEE V'S MESSAGE I CALLED AND GOT AN APPOINTMENT
And I'm just like....shittttttt we talked about not trying to leapfrog in front of the line, but here we are, I guess!
This was our thought as well and TN was basically like "we've gotten the vulnerable third out of the way so if you're 20lbs overweight you qualify because we use pre WWII BMI standards in 2021." and we're on the list now.
Like, we didn't have to go to a doctor for that, we just checked the box online.
Sorry for lack of response I was texting with my friend for a bit
You’ve both misinterpreted what I mean by infosec—or maybe I am mis-using the word.
What I mean is, I do not want to be responsible for setting up the secure environment where we work with the data, or for de identifying the data/removing PII+PHI, or for doing any sort of access management or security training.
I want to get the data already deidentified and a set of instructions for how to deal with the data securely. I will, obviously, follow the instructions meticulously. I hold a clearance; I have worked with data where I would go to jail if I did not follow proper protocol. I have also worked with (currently work on) a lot of health and health adjacent data and have made sure that never leaves the server by my hands and that I don’t get phished or stay logged on etc. However, I don’t wish to be the person protecting the server from being hacked, because I don’t know how to do that!
Hopefully that makes sense.
credeiki
That's totally legit. And that makes sense.
I hope(?) I made it clear in the prior thread that I wasn't primarily concerned with what you, personally, meant. I wasn't trying to say "credeiki probably meant this" or "credeiki probably meant that" because I figured you'd be around to clarify your comments eventually.
More that there's a general attitude out there (*gestures hands wildly*) of "not my problem" when it comes to infosec & info confidentiality.
Yeah this is what I meant, but I am horrible at not invoking enough separation from the "royal you" when I do things and need to be better about it.
But I fundamentally disagree on the idea that, if anything, companies should be digging up more data when most can't handle what they already have.
Oh yeah I suppose to me the ‘should’ is not what I focus on, because I don’t control that at all nor do I sit on the admissions board to heaven to decide whether someone should get in or not based on their data harvesting practices. I’m instead saying, given how it is, this is a thing I might want to do.
I think:
-It’s almost certainly worse for consumers in the short term for most companies to be doing this kind of data harvesting
-it’s likely bad in the long term as well but who knows what cool future tech might pop up
-There are probably currently some companies or divisions within companies that do something useful/good with their data (e.g. tech development) and it’s also probably true that in the future there will be more companies that do good things from the data
-I like working with giant datasets about people so would likely gain some pleasure in doing some sort of analysis involving a lot of data about people
I think I wouldn't give a crap about data harvesting if companies had shown any kind of capability to do anything resembling security.
Having these giant server farms full of personal data sitting on the internet is just...
If your computer is on the internet, it can be hacked. Flat out.
The solution is of course private WANs that any company with enough hardware to need one could absolutely afford to set up, but that eats into dividends and investor revenue so will never happen.
Until you can decouple the practice of data collection from the practice of maximizing profits, it will always end poorly.
0
amateurhourOne day I'll be professionalhourThe woods somewhere in TennesseeRegistered Userregular
Okay so everyone we're safe because if y'all do have to come to Atomika and my compounds we can just use crabs to make computers so you'll still have internet
I should go work for the bad guys. They get to invent cool shit, like freeze rays, and shrink rays, and child-molesting robots, and medieval fast food chains with small beef sandwiches.
I just have to spend all day reminding people not to shit on the floor.
every person who doesn't like an acquired taste always seems to think everyone who likes it is faking it. it should be an official fallacy.
the "no true scotch man" fallacy.
+5
amateurhourOne day I'll be professionalhourThe woods somewhere in TennesseeRegistered Userregular
quantum crab computing will destroy the pincercoin market.... They're all going to run out and buy dollar general stock
as for the idea of disease prevention there's nothing in my job description that makes me responsible for disease prevention. I think that if I were to start an outbreak at work it wouldn't be a failure as a teacher, it would be a failure as a fucking human being to not infect people. My job isn't disease mitigation, at least, my job re: what I get paid for. You could, euphemistically, say that it is my "job" as a human to consider the health of other people important and not expose them unnecessarily.
You keep using the phrase "job description." Job descriptions are specific for the particular role, but they do not encompass all of the responsibilities placed on the employee. Employees often have responsibilities that aren't explicitly enumerated in their job descriptions, because those responsibilities are more broad than the specific job. If these responsibilities are explicitly enumerated, it's in the employer's employee handbook or code of conduct.
In other words, my job description does not say (or example) "report instances of sexual harassment to HR". That's not 'in my job description.' However, it is in my realm of responsibility, as enumerated in other company policies.
right, i am a mandated reporter, and always have been. But were you say that my job was reporting instances of abuse or assault, i would say that it most certainly is not my job. It's something i'm required to do but it isn't my job. Maybe it's just that I tend to sort my responsibilities. So my responsibilities qua teacher, are different than my responsibilities qua school employee generally, which are different than my responsibilities qua human being. I don't think that anything is gained by conflating all of those and saying anything that involves my work in any way is my job. And again, I think that even were you to persuade me of that, I am still unconvinced that the fact that I have a password on my account that lets me enter grades for students and see their grades is somehow me doing "infosec." It is just me doing what i need to get into the system, the person who set things up to require a password did the infosec, not me. If your definition of infosec is "anything that results in some information being more secure than it would be otherwise" then maybe the fact that I have exactly the friends I do is part of what contributes to my student's grades being more secure, or that I have never broken a bone? It seems like if you make the definition of infosec involve causation like that you make it uselessly broad.
"The only way to get rid of a temptation is to give into it." - Oscar Wilde
"We believe in the people and their 'wisdom' as if there was some special secret entrance to knowledge that barred to anyone who had ever learned anything." - Friedrich Nietzsche
I use the same password on multiple websites and you will never stop me
Happiness is within reach!
+2
AegisFear My DanceOvershot Toronto, Landed in OttawaRegistered Userregular
edited March 2021
My mother has a surgeon lined up, and will be going in for pre-op next week. Little confused if the surgery will also be the same day, but it doesn't make sense to me that they would do pre-op for 3 hours and then not do surgery shortly thereafter.
After a week and a half of having no date, and my mother bouncing off the walls about not having a date, it's so relieved to be one step closer.
And they're going to have to travel 2 hours, so hooray medical travel grant.
I like working with giant datasets about people so would likely gain some pleasure in doing some sort of analysis involving a lot of data about people
I often think about a conversation that and I had, in person, in a bar, in San Francisco many years ago.
(Remember in person conversations in bars? What the fuck was that like?)
We were talking some really bluesky ideas about quantitative psychometrics, applying rigorous quantitative analysis to human psychology and human behavior.
My argument, because I'm a pessimist, is that I think it's possible but the problem was going to be getting enough good-quality data. I was thinking in terms of psych studies: like sending questionnaires to people, or doing observations of people 'in the wild' and then coding their behaviors, or therapist case studies, or other common psych study methods. These things don't really scale, and the data you get back isn't particularly consistent.
A few years later we discovered that there was a company who had cracked that problem. It was Facebook, the data was gleaned from social media, and they sold it to people who used it to influence a Presidential election.
I wonder how good their data actually is and how that changes over time as fb users and modes of engagement shift. And making something of Instagram data seems so difficult, like trying to design that experiment, oof
It would be very interesting but fb is the one company where I got screened in the first conversation and didn’t make it to the first technical interview so ?? I will never know
My current company does not appear to be in the personal data harvesting business and I’m doing a govt health data thing within it anyway, so it’s all hypothetical
Posts
We're all young and healthy, so it was like, eh
My wife just called me HEY DID YOU SEE V'S MESSAGE I CALLED AND GOT AN APPOINTMENT
And I'm just like....shittttttt we talked about not trying to leapfrog in front of the line, but here we are, I guess!
(you might be thinking of code vein?)
This is known as “hashing” a password.
Choose Your Own Chat 1 Choose Your Own Chat 2 Choose Your Own Chat 3
I would laugh about this, except
well, if anybody remembers when I posted this yesterday afternoon:
One of the multiple bad security practices I caught this company doing was exactly that: their own IT staff was giving out passwords to their users similar to "Passw0rd"
the "no true scotch man" fallacy.
bogart this is the kind of irresponsible attitudes towards data security we're taking about
any hacker could just come in here and learn these secrets!
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
Yes that's how you play Dark Souls
Right, the girl with the hat is really spacey and childish and has the catch-phrase. As the show goes on and you get a sense for how protective of her the other characters are you also get a sense that it's perhaps because she isn't exactly all-there, for lack of a better way to put it.
Yeah, when you say "infosec" I think of like institutional actions to increase security, which might mean things like have the data on servers in the institutions control. But like, that kind of shit isn't MY job. It's my job to not go around talking about my student's grades, but that doesn't strike me as anything other than an incredibly broad notion of "infosec" because it's not like I have to take any actions to not talk about grades. I have to comply with the policies of the people who do infosec, but I am not the one doing it.
So this idea that everyone does infosec seems born of someone where it IS there job and having a very liberal notion of what "infosec" refers to.
as for the idea of disease prevention there's nothing in my job description that makes me responsible for disease prevention. I think that if I were to start an outbreak at work it wouldn't be a failure as a teacher, it would be a failure as a fucking human being to not infect people. My job isn't disease mitigation, at least, my job re: what I get paid for. You could, euphemistically, say that it is my "job" as a human to consider the health of other people important and not expose them unnecessarily.
"We believe in the people and their 'wisdom' as if there was some special secret entrance to knowledge that barred to anyone who had ever learned anything." - Friedrich Nietzsche
Step it up one further
"passw0rd#NaCl"
This is salting the hash
No thats path of exile
Did you know that security companies talk sometimes about "peppering" a password? This is where you try and use letters like p and q and b and d because they look similar and it can be confusing. password already has a p and d, though, so it's pretty good.
You keep using the phrase "job description." Job descriptions are specific for the particular role, but they do not encompass all of the responsibilities placed on the employee. Employees often have responsibilities that aren't explicitly enumerated in their job descriptions, because those responsibilities are more broad than the specific job. If these responsibilities are explicitly enumerated, it's in the employer's employee handbook or code of conduct.
In other words, my job description does not say (or example) "report instances of sexual harassment to HR". That's not 'in my job description.' However, it is in my realm of responsibility, as enumerated in other company policies.
the "no true scotch man" fallacy.
oh, yeah, i just meant specifically like credit cards and social security numbers and stuff
also not to just be cavalier about it because of that. i still use 2FA where i can and change passwords regularly and stuff
i'm just not under any illusion my personal data isn't already stolen in that regard
the damage that can be done is still relatively limited if all you have is my social security number but not current access to my bank or email accounts
Oh yeah I suppose to me the ‘should’ is not what I focus on, because I don’t control that at all nor do I sit on the admissions board to heaven to decide whether someone should get in or not based on their data harvesting practices. I’m instead saying, given how it is, this is a thing I might want to do.
I think:
-It’s almost certainly worse for consumers in the short term for most companies to be doing this kind of data harvesting
-it’s likely bad in the long term as well but who knows what cool future tech might pop up
-There are probably currently some companies or divisions within companies that do something useful/good with their data (e.g. tech development) and it’s also probably true that in the future there will be more companies that do good things from the data
-I like working with giant datasets about people so would likely gain some pleasure in doing some sort of analysis involving a lot of data about people
we're rapidly approaching the point where anyone who wants to be vaccinated is going to be
i wouldn't worry about jumping the line at this point. scarcity isn't really the problem anymore. it's just it takes time and resources to get them to people
All thanks to America buying all the vaccine
*jet flyover intensifies*
It's called a crapple.
the butlers have had it coming to them for too long imo
I often think about a conversation that @winky and I had, in person, in a bar, in San Francisco many years ago.
(Remember in person conversations in bars? What the fuck was that like?)
We were talking some really bluesky ideas about quantitative psychometrics, applying rigorous quantitative analysis to human psychology and human behavior.
My argument, because I'm a pessimist, is that I think it's possible but the problem was going to be getting enough good-quality data. I was thinking in terms of psych studies: like sending questionnaires to people, or doing observations of people 'in the wild' and then coding their behaviors, or therapist case studies, or other common psych study methods. These things don't really scale, and the data you get back isn't particularly consistent.
A few years later we discovered that there was a company who had cracked that problem. It was Facebook, the data was gleaned from social media, and they sold it to people who used it to influence a Presidential election.
the "no true scotch man" fallacy.
I ran up to the promotion console all excited, finally---
Turns out there's a promotion assignment you need to complete once you're 25. MotherFFFFFF
This was our thought as well and TN was basically like "we've gotten the vulnerable third out of the way so if you're 20lbs overweight you qualify because we use pre WWII BMI standards in 2021." and we're on the list now.
Like, we didn't have to go to a doctor for that, we just checked the box online.
Bring the guy with the giant machinegun
the "no true scotch man" fallacy.
I think I wouldn't give a crap about data harvesting if companies had shown any kind of capability to do anything resembling security.
Having these giant server farms full of personal data sitting on the internet is just...
If your computer is on the internet, it can be hacked. Flat out.
The solution is of course private WANs that any company with enough hardware to need one could absolutely afford to set up, but that eats into dividends and investor revenue so will never happen.
Until you can decouple the practice of data collection from the practice of maximizing profits, it will always end poorly.
This was gonna be my other OP
I just have to spend all day reminding people not to shit on the floor.
the "no true scotch man" fallacy.
right, i am a mandated reporter, and always have been. But were you say that my job was reporting instances of abuse or assault, i would say that it most certainly is not my job. It's something i'm required to do but it isn't my job. Maybe it's just that I tend to sort my responsibilities. So my responsibilities qua teacher, are different than my responsibilities qua school employee generally, which are different than my responsibilities qua human being. I don't think that anything is gained by conflating all of those and saying anything that involves my work in any way is my job. And again, I think that even were you to persuade me of that, I am still unconvinced that the fact that I have a password on my account that lets me enter grades for students and see their grades is somehow me doing "infosec." It is just me doing what i need to get into the system, the person who set things up to require a password did the infosec, not me. If your definition of infosec is "anything that results in some information being more secure than it would be otherwise" then maybe the fact that I have exactly the friends I do is part of what contributes to my student's grades being more secure, or that I have never broken a bone? It seems like if you make the definition of infosec involve causation like that you make it uselessly broad.
"We believe in the people and their 'wisdom' as if there was some special secret entrance to knowledge that barred to anyone who had ever learned anything." - Friedrich Nietzsche
After a week and a half of having no date, and my mother bouncing off the walls about not having a date, it's so relieved to be one step closer.
And they're going to have to travel 2 hours, so hooray medical travel grant.
Currently DMing: None
Characters
[5e] Dural Melairkyn - AC 18 | HP 40 | Melee +5/1d8+3 | Spell +4/DC 12
I wonder how good their data actually is and how that changes over time as fb users and modes of engagement shift. And making something of Instagram data seems so difficult, like trying to design that experiment, oof
It would be very interesting but fb is the one company where I got screened in the first conversation and didn’t make it to the first technical interview so ?? I will never know
My current company does not appear to be in the personal data harvesting business and I’m doing a govt health data thing within it anyway, so it’s all hypothetical