While the broader cybersecurity field has seen rapid advancements, such as AI-driven endpoint security

Ya, about that "AI-driven endpoint security", it does a fantastic job of generating false positives and low value alerts. I swear, I'm to the point where vendors start talking about the "AI driven security" in their products and I mentally check out. It's almost universally crap. I'm sure it will be useful someday, but goddamn I'm tired of running down alerts which come with almost zero supporting evidence, pointing to "something happened, maybe." AI for helping write queries in security tools? Ya, good stuff. But, until models do a better job explaining themselves and not going off on flights of fancy, they'll do more to increase alert fatigue than security.

That's a common indication that the CMOS battery is dead.
If you open up the system and look around the motherboard, there should be a coin cell battery in a holder somewhere on the board. That battery keeps the BIOS powered and prevents it from losing it settings when the system is powered off. Test and replace that battery if it's dead.

One idea to always go back to is:

Extraordinary claims require extraordinary evidence

• Carl Sagan

This can be tough to evaluate sometimes, but it's a good general idea.

Does the claim sit outside the natural world as currently understood by scientific theory?
If yes, then there's going to need to be a lot of evidence. If not, the level of evidence is lower.

Does the claim involve a low probability event?
If yes, then more evidence is needed of that event.

Does the claimant have a stake in the claim?
For example, does the person get money, fame or other stuff by getting people to believe the claim? If so, more evidence should be required.

What type of evidence would you expect to see, if the claim were correct?
When things exist, they tend to leave evidence of their existence. Bones, ruins, written records, etc. If someone says something exists, or used to exist, but they should have archeological/anthropological evidence to back it up.

Sure, it's always going to be a bit subjective as to what requires proof. And for a lot of low stakes things, there's no point in going after it. If someone claims to be from Pitcairn, then what's the point of questioning it? Just say, "huh, cool" and move on. If someone is trying to convince you that an historical figure existed, and that should effect how you see the world, maybe ask for as bit more evidence.

While I hate the idea of people losing their jobs, stepping back for a moment and looking at what they are claiming, its not terribly surprising:

Spencer said the roles affect mostly corporate and support functions

When companies merge, this is kinda needed. You don't need two fully functional HR departments. While the HR staff from the buying company will likely need to expand, it won't be by the same amount as the HR department of the company being bought. As network functions are merged, you probably don't need all of the IT staff which came with the merger. A lot of management functions likely end up merged, meaning redundancies. And this sort of thing is going to move through a lot of the non-project work functions of the company.

Yes it sucks. But, it's to be expected in a merger. Now, whether or not we want this level of consolidation, that's a different ball of wax entirely. The last thing we need is more studios falling under the sway of these massive companies. That's the thing which should be drawing our ire.

The fact that the OS is replaceable sealed the deal for me.

And the default OS isn't locked down and doesn't try to prevent you from doing other stuff with it. What you want to do isn't in the Steam interface? Switch over to desktop mode and you have full access to the underlying OS.

My only complaint with the Steamdeck is that I find using the touchpad on the right side for long gaming sessions hurts my hands. I 3d printed some grips which help; but, I think my hands just don't like the orientation. Still love my deck though.

Not really. IP addresses are really easy to change. And doubtless the threat actors will see that their IPs have been identified and will roll them over soon. The solution is to go after the tactics the attackers are using:

The attack chains exploit known security vulnerabilities and misconfigurations, such as weak credentials, to obtain an initial foothold and execute arbitrary code on susceptible instances.

1. Install your updates. If you have a server open to the internet and you haven't patched known exploited vulnerabilities, you deserve to have your network ransomed.
2. Many products have either vendor provided or useful third party security configuration guides. While there are situations where business processes prevent some configuration changes, these guides should be followed when possible. And weak passwords should not be on that list.

EDIT: for Oracle Web Logic, you do a lot worse that going through the DoD STIG for it.

Yup, this right here from the blogspam:

he not only failed to challenge the core of Covid ideology—that other human beings are pathogenic so we need to restrict our freedoms and isolate

It was pretty well demonstrated that COVID was spread via airborne particles and the best way to limit exposure and spread was to keep people away from each other. Unfortunately, people are selfish and don't understand risk well. So, actual enforcement was necessary.

And this guy gets funnier.:

As a final and devastating blow to the traditional understanding of market mechanisms, advertising itself became corporatized and allied with state power. This should have been obvious long before big advertisers attempted to bankrupt Elon Musk’s platform X precisely because it allows some measure of free speech.

Free speech and freedom of association goes both ways, bucko. When X decided to give platform to Nazis, advertisers are free to say, "ya, fuck you" to that platform. And that shows up again in:

Similarly, Tucker Carlson’s show at Fox was the most highly rated news show in the US, and yet faced a brutal advertising boycott that led to its cancellation.

Turns out advertisers don't want to be associated with Russian assets. Ironically, that's a case of the free market working the way libertarians claim. Someone does something bad and the market punishes them for it. Unlike the major failure of markets which was stage 4 smog alerts in the '70's because no one gave a fuck about air quality. So, the EPA was created to actually deal with a "tragedy of the commons" problem which the "free market" would have continued to ignore.

This is not how markets are supposed to work but it was all unfolding before our eyes: big corporations and especially pharma were no longer responding to market forces but instead were currying favor with their new benefactors within the structure of state power.

No actually, it is. The advertising boycotts weren't about "state power", it was about companies responding to their potential customers. When major market segments are basically saying, "we don't want to associate with Nazis", companies respond. Again, that's actually libertarian ideals in action.

...while Koch-backed FastGrants cooperated with crypto-scam FTX to fund the designed-to-fail debunking of Ivermectin as a therapeutic alternative.

And, we're back to the "pants on head" , anti-science idiocy. It's funny that this guy seems pretty well read on history and economics, but is falling for all of the anti-vax crap, hard.

It should go without saying that lockdown is the opposite of libertarianism, regardless of the excuse. Infectious disease has been around since the beginning of time. Are these libertarians just now coming to terms with this?

Or maybe, they have actually read a history book on the Black Death and were hoping to avoid repeating the joys of cities running out of places to put dead bodies and just shoving them in empty buildings.

Honestly, if one’s libertarianism cannot manage to oppose decisively a global lockdown of billions of people in the name of infectious disease control, complete with track-and-trace and censorship, even though the disease had a 99-plus percent survival rate, what possible good is it?

Boeing workers tell boss, "no shit".

Been using the beta for a while and I gotta say, it's pretty awesome. I just hope they have the purchasing as sorted as they claim. I've had so many issues in the past letting my kids purchase games.

I was always terrible with knots growing up. My father spent far too much time trying to teach me a basic trucker's hitch and sadly never got to see me really "get it". Then, when my own son was in Cub Scouts and supposed to learn some basic knots, something just clicked in my mind and I took an interest. The bowline was the gateway knot for me and learning that led me to finally apply myself to the trucker's hitch. Just such a useful pair for tying up a load. I can understand why my father really wanted me to learn it.

Now, I keep a length of paracord on my desk and will fiddle with it, practicing knots whenever I'm doing something that leaves my hands free. And ya, having a basic set of knots down is just damned handy.

I live in a county, without an incorporated city; so, our budget reflects the whole county. And thankfully, the county already breaks the budget down by percentages:
#1 - Public schools - 50%
#2 - Capital Improvements - 7.7%
#3 - Debt Service - 7.6%
#4 - Fire, Rescue and Emergency Services - 7.4%
#5 - Law Enforcement - 6.3%
#6 - Social Services - 5.6%
Everything else drops off sharply from here

Honestly, not all that unexpected. Education is expensive and is mostly done at the State and Local levels. So ya, that's most of the budget. "Capital Improvements" could probably be titled "roads, and a couple other things which barely count". So again, not a surprise. Roads are not cheap to maintain, especially in a rural county. I was surprised that law enforcement was as far down the list as it is. And also seeing Social Service being more than a rounding error was nice. All in all, not terrible.

I would assume they have some basic stuff running 24x7. I can't imagine a network which doesn't have Endpoint Detection and Response (EDR) running 24x7 these days. There's also things like firewall logs, which are almost certainly being captured (or at least netflow). Stuff like screen recording and mouse monitoring is probably saved for extreme cases. That said, my own experience has been pretty close to:

We’re not going to look over your shoulder while you watch YouTube videos but if we notice you’re watching a lot of or you start visiting porn sites, we’re going to start monitoring you.

Quite frankly, no one's got time for that shit. I work at an organization with a bit north of 25,000 employees, and we have less than a dozen security analysts. While I could run a search against our firewall logs and see evidence of folks dicking around. I have much better things to do, like running down abnormal processes and writing up reports on users who got their systems infected while dicking around. And that's really the way it comes to our attention, most of the time. Someone is out trying to download movies or software on their work laptop (you'd think people would know better....) and they pickup malware. We get an alert and start investigating. While trying to determine the source, we pull browser history and see the user out on "SketchyMovieSite[.]xyz". And then their dicking around becomes our problem, mostly because the site had a malicious redirect, which is where the infection came from.

So ya, they may not be looking, but I'd always bet they are recording. Logging isn't useful if it isn't recording at the time of the compromise.

Remote work and pay. I was already interested in getting a remote gig when COVID hit. We went to a hybrid schedule and I realized that I really liked working from home. Also that my job was pretty much built for it. While many of the folks I used to work with are still hybrid, fully remote was never an option. I worked with Classified systems and I could never convince them to put a SIPR drop in my home. I guess you need to get elected President for that.

As the world was opening back up, many companies saw remote work as a carrot to offer cybersecurity folks and I started to see a lot more job postings with it as an option. So, I put my LinkedIn profile to "looking for work" and started getting recruiters messaging me on a regular basis. One hit me up with "REMOTE WORK OPPORTUNITY" (yes, all in caps) as the lead for an offer. What followed that sounded interesting and I started talking with him. A few week later, I put in my notice and started working in the private sector. Got a pay bump in the move as well.

My time in the FedGov space was overall a positive thing. I learned a lot and got to see systems locked down in a way that actually mattered (I never thought I would miss STIGs). At the same time, I don't see myself ever going back. The bureaucratic nature of everything is soul crushing. And sitting in an OSS all day long sucks. It especially sucks when you're the only one in the container and need to go out and take a piss. Clear the room, arm the alarm, spin the lock, sign the sheet, go piss. Open the lock, sign the sheet, disarm the alarm, get back to wishing for the sweet, sweet embrace of death.

When I worked as a US FedGov contractor, I was greeted with a long warning banner every time I logged into my computer. The tl;dr version of it is "fuck your privacy". Being that I was part of cybersecurity for the site I was working at, I was one of the people doing the fucking. While we didn't read everything from everyone all the time, we were logging it and could pull it up, if we were performing an investigation. We also had some automated stuff scanning for patterns and keywords on a regular basis, which could trigger an investigation.

While I'm no longer in the FedGov space (thank the gods), I still assume that everything I do on my work system or with work accounts is being logged. Also, I'm still working in cybersecurity and am often still the one doing the privacy fucking. Yes, everything is being logged. We may not look at it today, we may not look at it tomorrow. But, when HR and Legal ask us about a user's activity, we can usually be pretty detailed. Act accordingly.

NextCloud running in docker on my server. I can then sync folders from both my desktop and phone.

It is now functionally impossible to detect anything about the traffic or the Wi-Fi router without some serious or illegal methods.

You should really spend some time learning about WiFi signals. Tracking down rogue Access Points is a pretty common thing and having the SSID turned off does fuck all to prevent it. On the easy end, many enterprise wireless network controllers have rogue AP detection built right in and will show you a map of the location of the rogue AP. Harder, but still entirely possible, is running around with a setup just detecting the signal and triangulating it.

I took up indoor rock climbing a couple years ago, partly because I have a similarly sedentary job and hate most forms of exercise. I can certainly understand the draw. I go 2-3 times a week and have stuck with it for so long because it forces me to get out of my head, but also doesn't require dealing with strangers as much. It's just a clam, focused activity which also happens to work my body.

Unfortunately, as a hobby, rock climbing is going to work your hands and arms. I would say that, as I have gotten better, I do a better job of using body position to prevent having to hang by my hands. But, just the other day, my foot slipped and I was hanging on by my fingertips for a couple seconds. And harder climbs may require you to engage your hands more. Though again, body position and technique counts for a lot.

Best advice I can give is: talk to your doctor. They will know more about how your condition will be affected by climbing and what your options are. Certainly more than random idiots on the other side of the internet.

Game: Quest for Glory I: So you want to be a Hero
Book: Colour of Magic, by Terry Pratchett
TV Show: Babylon 5
Movie: Spaceballs

All fairly old, but still some of all time favorites.

If you are located in the US and aren't currently a complete fuck-up, the Federal Government can be a way into the GRC side of cybersecurity. Between civilian and DoD sites, they have analysts and auditors all over the place and always seemed in need of folks willing to pour over checklists and OQE artifacts. This first place to look for positions in that vein would be on usajobs.gov. Though unfortunately, the FedGov made the decision to classify both GRC and sysadmin positions under the 2210 category; so, you'll probably have to dig through a lot of sysadmin listings.

Another path into similar positions is to look for FedGov/DoD facilities in your area. Once you find one, take a drive around the area and look for the names of businesses in the area and start researching those businesses and their open positions. There will almost certainly be the big ones, like Booze-Allen Hamilton, BAE, Boeing (yes, that Boeing. They do a lot outside of crashing aircraft), etc. But there will be a plethora of smaller companies with seemingly random names and little public facing who supply the local site with hordes of contractors. And, while these are contractor positions, they are a lot more stable than contract positions in the private sector. I spent 6 years as such a contractor and only stopped being one when I took a job elsewhere.

I will say that "entry level" is going to be harder. No one wants to hire an train someone without experience, which puts you in a catch-22. For all the suck involved, you may want to consider putting in some time working a help desk. At minimum, it keeps you in proximity to the field, teaches you something about systems and provides related, if not direct, cybersecurity experience.

Best of luck.

Playtron’s CEO, Kirt McMaster, added, “We are thrilled to join forces with such a legendary games publisher as Square Enix. The PC we know is morphing into new forms that require a purpose built OS for gaming that meets the demands of powerful new gaming hardware such as handhelds and new players who have grown up in a mobile 1st world with much more sophisticated UX sensibilities. This investment will accelerate the development and deployment of GameOS and create new experiences for players around the globe.”

Huh, so Playton's CEO is an early example of an AI being used to replace people.

But, the coupon says, "half off"!

But they pinky promised that only the "good guys" would use the "front doors". /s

I'll add Kingdom Come: Deliverance to the list. Great story, fun (if challenging to learn) gameplay and really amazing environments.

What do you do to feel like you're part of everyone else and in a way cope with some of the pressures of life around you?

I stopped giving a fuck about everyone else. I do what makes me, my wife or my kids happy. The rest of the world can go stuff a sock in it. Sure, I like to keep up on news and politics and will go read related sites when I have time and energy. I also listen to several podcasts and follow several Youtube channels. But, those are all things I do because I want to do them. If I'm not feeling like doing one of those things, I don't. I also work and so have to keep up on the aspects of life related to that; but, I don't pretend to be interested in things just to make coworkers happy. I am employed to do a job, they are employed to do a job. Sometimes we do a job together and I focus on the work at hand. And yes, I do socialize a bit with my coworkers as we have some shared hobbies and interests. But, if they start going off about basketball, I let them say their peace and then move on. It's not my cup of tea and I feel no need to engage with it.

One of the most important secrets to life is learning to set boundaries. Don't let other peoples' wants become your needs. Be who you are because it's who you want to be. If other people can't deal with that, then they can go put their problems somewhere uncomfortable for them.

I also don’t want to go back there after seeing season 1

Why? Honestly?

The writing for Rings of Power is just bad. It comes off as someone's self-insert fan fiction. Let's start off with Mary "Galadriel" Sue. Solving all of Middle Earth's problems single-handedly while making googly eyes at Sauron. There's also the entirely forgettable plotline around the people in the town being overrun by orcs being guarded by an elf with the emotional range of a fence post. It seems an entirely contrived plot to get a magic sword in the right place and nothing else. The characters involved are flat, and predictable. We also get to see Numenor, yay! Except it's filled with another bland plot which is like someone really loved the Grima Wormtounge plot from LotR and wanted to spend a couple hours doing the same thing while also giving Galadriel another chance to Mary Sue her way through the city's problems. And all of those issues are shot through with dialog which sounds like a 16-year old LARPing around a girl he has a crush on. Completely stiff and unnatural.

Really, the only things the show has going for it are incredible CG artwork in the backgrounds and the Lord of the Rings association. Forget that this is based on the LotR connection for a moment, and the show looks like really well funded fantasy shlock from the height of the SyFy channel. Sure, if you're dead drunk on the couch and the TV remote is across the room, it's good enough to not put in the effort to go change the channel. But, as a tent-pole show on a streaming site? Ya, they need to can the entire writing staff and try again.

Welcome to AI:

It really depends on the show, it's scope and the characters. When a show adds more, important characters, time will need to be dedicated to developing those characters and playing out their story arc. Also, when a show is telling a story which encompasses a large scale, with many sub-plots, that all needs screen time. And all those sub plots and threads need time to really pay off. There is also a matter of scale for events. If a particular event has been built up, over many episodes or even seasons, it probably needs to play out over a couple episodes to give it the scale and gravitas which is expected of it.

Ultimately, the number of episodes per season is really part of the story telling decision. And that decision is going to be different for different shows. But, I'd argue that, if show writers are finding themselves turning to played out tropes like "us, but evil" or "time travel to the current time" or "musical numbers in a show which isn't a musical" then there's probably too many episodes that season.

LA will be "car-free" for the Olympics. For definitions of "car-free" which include crippling car traffic everywhere except tiny islands around a few select locations. Said locations being strategically placed to make the crippling traffic worse everywhere else. And once it's all over, everything which was built out will be allowed to fall into disuse and disrepair. As is the Olympic Tradition. But, at least, a bunch of large companies will make a lot of money, with all of the expenses covered by California and LA tax payers. Again, in the best Olympic Tradition.

On the NES, I always enjoyed Base Wars. It was baseball, except not boring. Instead of a player being "out" when you got the ball to the base ahead of him, you fought for the base.

Soon to be "air delivered" by Israel to civilians in Gaza.

Can't wait for the details to come out. My money is on half the systems running operating systems which are old enough to drink, along with an understaffed, underpaid security team who spends all their time chasing people opening phishing emails. And that will be coupled with management which "cares about security". And by "care" they mean "don't have a clue and don't actually give a fuck".

Yes, but that is also going to require a ton of extra effort to track and assumes the nozzles themselves wear consistently. There would probably also need to be modifiers based on materials used, and even brands. For a professional print farm or a business trying to squeeze every last dollar out of the operation, this might be worth it. For a hobby where we expect a lot of waste? Eh, fuck it, just replace it when prints start going south.

Re-read what I wrote, but hop down off your high horse first, it's obvious you weren't able to read it clearly from up there. I'm neither promoting nor defending piracy. Quite the contrary, I'm praising the legitimate services (and Steam in particular) for understanding that competition with piracy isn't all about money, it's often about the quality of service. Funny enough, your own comments are actually a point in favor of this:

You ever wonder why these companies don’t operate in countries that don’t have strict piracy laws and can’t shut down sites with court orders? Because it’s still easier to pirate than face criminal charges.

Yet somehow, with a lot of time, money and effort put into shutting down piracy, the pirates were able to provide a better service. Seriously, step back from the whole "napster bad" for a moment and think about the dissonance of the situation. Large companies, pulling in millions of dollars a year, with no need to worry about law enforcement or monied interests coming after them, somehow failed to create anything resembling a functional digital marketplace. They were stuck in the physical distribution paradigm and fought tooth and nail to avoid digital distribution. At the same time, a few kids, with little money, and law enforcement trying to shut them down created a pretty good user experience. Sure, some of that is not having to worry about licensing. But, a large part of it is understanding what the users want and giving it to them.

It wasn't until Apple came along and basically created "Napster, but legitimate" that music piracy really fell off. Netflix pulled off something similar with video (though that is rebuilding some rough edges at the moment) and Steam did it for games. Sure, piracy still exists, and it will always be a problem. But, a lot of piracy can be tamped down by having a good service available.

One thing that we have learned is that piracy is not a pricing issue. It’s a service issue. The easiest way to stop piracy is not by putting antipiracy technology to work. It’s by giving those people a service that’s better than what they’re receiving from the pirates. -- Gabe Newell, 2011

Time and again, digital distribution platforms have proved this. Apple Music became a dominant music distribution platform at the height of Napster, LimeWire and other peer to peer sharing apps. They did it, because it was easier to just buy the tracks/albums you wanted than to dig through trackers and websites which may or may not actually have what you want. Netflix became the de-facto source for streaming movies at a time when BitTorrent was common and well known. Again, they made it easy and convenient, while not charging an arm and a leg. Steam also faced competition from BitTorrent piracy. But again, Steam made buying, downloading and running games easier than the pirates. And people are willing to pay for that convenience and not dealing with the crap which floats around the high seas.

And, so long as Steam continues to treat it's customers right, those customers will keep coming back. And that's the problem with Pitchford's whole premise. Developers will go where the customers are. Sure, you'll get the odd case of a publisher/developer doing an exclusivity deal. But even then, it's probably limited, because the customers are on Steam. If another storefront wants to draw customers, they need to start with treating customers well. They will still face headwinds, as Steam has a large "first mover" advantage. But, success is going to start with making customers want to come back.

There may also be a (very weak) reason around bounds checking and avoiding buffer overflows. By rejecting anything longer that 20 characters, the developer can be sure that there will be nothing longer sent to the back end code. While they should still be doing bounds checking in the rest of the code, if the team making the UI is not the same as the team making the back end code, the UI team may see it as a reasonable restriction to prevent a screw up, further down the stack, from being exploited. Again, it's a very weak argument, but I can see such an argument being made in a large organization with lots of teams who don't talk to each other. Or worse yet, different contractors standing up the front end and back end.

I don’t know how anyone makes it without a password manager at this point.

Password reuse. Password reuse everywhere.

Ok, good luck with that! Can't wait for this guy to start whining that he can't find employees.

I would add the admittance of China to the WTO as another proximate cause. And one which probably had more of a material effect than NAFTA; but, NAFTA had already become a GOP talking point and it just stuck. China's entry to the WTO was also moved over the finish line by Bush II, though most of the ground work was laid by Clinton. So, it wouldn't have had the same clean narrative as NAFTA. US Employment in manufacturing went into freefall in late 2000 and early 2001. This was also during a recession, so that is intermixed with the effects of those changes in international trade. But, even as the recession receded and the US entered an economic boom, leading up to the 2008 crash, manufacturing employment in the US either held steady or decreased slightly. It's unsurprising that the same period saw a lot of offshoring of manufacturing to China. And this was also the period of Neoliberal economists pushing "comparative advantage" and how the US losing all those manufacturing jobs was a good thing.

So it's not surprising then that they get bitter, they cling to guns or religion or antipathy to people who aren't like them or anti-immigrant sentiment or anti-trade sentiment as a way to explain their frustrations.
-- Barack Obama, 2008

Perhaps a bit on the campy side, the opening theme song of the original Highlander was always one of my favorites:
Princes of the Universe by Queen.

So, they are trying to speed run the failure of McDonald's experiment with Redbox. Instead of creating a massively successful brand that eventually gets bought up and run into the ground by Christian nutjobs, the Christian nutjobs are starting a video business to crater on their own.