Melody Fwygon

  • 0 Posts
  • 142 Comments
Joined 1 year ago
cake
Cake day: June 1st, 2023

help-circle
  • Actually; (basically) SIP over (basically) IPSec sounds pretty correct. Wish the dense technical manuals I read had explained it that way; makes a lot more sense to me as a Net Admin type of IT person.

    I do remember reading that the protocol was basically encapsulated. Dunno about any encryption; probably there’s not any at the IPSec level. I do know that the SIMs themselves probably contain certs that have some value; I just don’t know if they handle any encryption or if they’re just lightweight little numbers for authentication only.


  • If I’m understanding how 'WiFi Calling" works; it’s still “identifying you” to the cell provider the same way; via your SIM. The only difference is they don’t get an exact location because you’re not using any cell towers typically.

    I do suspect SIMs and eSIMs are still doing all the heavy cryptographic signing done on a typical phone network though…they’re just not screaming your IMEI/IMSI all over open or even encrypted airwaves; nor is a WiFI signal triangulate-able typically due to it’s short range.


  • I am glad to see it when the selfish people at the top fall so far down the hill. They orchestrate their own falling typically, much like Ikarus in his waxen wings, falling when he flew too close to the sun in direct sunlight at the height of a hot summer’s day.

    As for Google; I hope the DoJ not only pulls up all of the resultant weeds in the garden, but also makes sure to till and salt the soil thoroughly, so that no part of Google can ever hope to rejoin it’s other pieces to form a monopoly or ‘anything like a monopoly’ on anything, ever, again.

    Google must rightfully suffer a most painful and enduring ‘Corporate Death Penalty’ so to speak; in order to ensure that no company ever gets so bold again. We must also repeat this with several other large companies like Microsoft, Amazon and Apple too; as well as a few other companies I’m unable to name because I’m unaware of how ridiculously massive and monopolistic they are.


  • This is exactly the kind of task I’d expect AI to be useful for; it goes through a massive amount of freshly digitized data and it scans for, and flags for human action (and/or) review, things that are specified by a human for the AI to identify in a large batch of data.

    Basically AI doing data-processing drudge work that no human could ever hope to achieve with any level of speed approaching that at which the AI can do it.

    Do I think the AI should be doing these tasks unsupervised? Absolutely not! But the fact of the matter is; the AIs are being supervised in this task by the human clerks who are, at least in theory, expected to read the deed over and make sure it makes some sort of legal sense and that it didn’t just cut out some harmless turn of phrase written into the covenant that actually has no racist meaning, intention or function. I’m assuming a lot of good faith here, but I’m guessing the human who is guiding the AI making these mass edits can just, by means of physicality, pull out the original document and see which language originally existed if it became an issue.

    To be clear; I do think it’s a good thing that the law is mandating and making these kinds of edits to property covenants in general to bring them more in line with modern law.





  • Keybase is better than Signal. You may not like it’s current owners but it still works, still functions, and can be used to chat privately. It’s entirely OSS on the client side; and server-side software isn’t provided; but with an open Client; it’s likely trivial to reverse and re-implement your own. (Keybase itself doesn’t provide their server code; it’s private due to abuse constraints)

    Keybase is End to End Encrypted. It may not be as “feature rich” but all features are private.

    I’m not sure if it’s indev anymore though; and it does allow you to be as public or as private as you’d like to be about your identity.




  • I’m going to be bold enough to say we don’t have as wide of an AI/LLM issue on the Fediverse as the other platforms will have.

    I’m certain that if someone did collect data from the Fediverse; it would become a hot topic and it might not be enough data anyways as the Fediverse is not mainstream enough normally. So the data and language collected here might skew in a few imaginable ways that one might find undesirable for a general model of word frequencies.

    Also the fact that people might not appreciate that data being collected. Let’s be real. It’s too soon for such a project to begin. The AI TREND MUST DIE as it currently lives and it’s corpse must be rotted away completely. Now, in internet time that may not be all that long…a few to several years…the memory of the internet can be short-lived at times. It must, however, fade from the public conscience into some obscurity first.

    Once the technology no longer lies in greedy hands again; new development can begin anew.


  • It occurs to me that adding a visual watermark might actually serve to obscure a visual watermarking scheme that is otherwise invisible by providing data that scrambles or breaks the watermark decoder itself.

    Audio watermarks can be distorted in any number of ways; and it could be that some of the wildly poor audio quality in most cam-rips is probably the only way you can defeat the watermark; by using a LQ microphone and encoding the audio to a very limited bitrate and then re-upsampling; to defeat any subtle alterations a digital watermark might make to the audio waveform.


  • Watermarks are only an issue in-as-much as it is used to trace down which copy was leaked.

    With modern digital projection systems; you don’t get a reel of film; you get a briefcase of [SS/HD]Ds containing the raw, encrypted, footage. The digital projection system will decrypt using provided keys. There’s no output except the standard ones for the theatre projectors and sound systems…so capturing the output is difficult.

    If you do intercept the signal; the projection system might detect it; and refuse playback or wipe the decryption keys. Watermarking is also a danger; since your theater can get identified as the leak source and sued.


  • Now we wait for someone to build an absolutely wonderful chat app on top of this wonderful bit of PoC code…

    I genuinely hope someone does. Imagine what this could do if this was routed over Tor using Private Services.

    Run this over that; and you’d have a bullet-proof text chat. Wrap a nice GUI client around all of that and you have a proper secure, anonymous messenger with no problems. With a little more build-out; you could even implement the Matrix protocol over this wire-line and basically have full inter-federation and moderation over a secure wire protocol; allowing for complete privacy and client integration.

    TL;DR: Matrix over PQChat over Tor. Think about it. A Post-Quantum Dark-Matrix web.


  • Can it? Maybe. It’s not impossible; but it isn’t practical and most ISPs limit their shenanigans to grabbing your unencrypted DNS requests.

    Will it? Probably no; aside from the previously mentioned DNS redirections; they’re not interested in most people’s packets, only in how many they deliver.

    Should you care? I won’t tell you not to take precaution, but I do urge you to consider your threat model carefully and consider the tradeoffs. When Security & Privacy goes up, Convenience and Functionality WILL go down. Balance your needs. Don’t put yourself in a state of Privacy fatigue.

    Are there easy fixes? Maybe. I think a VPN or using Tor would solve your concerns here anyways; it’s not required that your modem be running OSS that you can control. If you can achieve it; that’s still good for you; but it’s not something to be sweating if your modem isn’t capable and your invasive ISP is the only effective option.


  • I’m not accounting for State laws; which may in fact be stricter. I’m talking about Federal Laws which might not explicitly forbid such things; so long as they’re done in an actually safe manner by professionals.

    But, as I said before, if the DEA believes it has the power to stop that none-the-less; that’s what they will do, without respect to if the law is actually legally unclear or borderline. Unfortunately many pharmaceutical places don’t care to invite the wrath of the DEA; even if what they’re doing could be considered permissible; so long as they do not synthesize an exact drug that the Feds specifically name as a controlled substance.

    Again; IANAL either. But I do think there’s a lot of room for small compounding pharmacies to synthesize various drugs to meet a patient’s needs quickly while waiting for proper shipments to arrive. There’s lots of compounds that are life-sustaining that do not fall under the DEA banner of authority.



  • I firmly think this would be a boon for many people; owning one of these is likely a lifeline that even small town physicians could utilize to dispense drugs freely or cheaply to patients in need.

    This is something that I think small-town pharmacies could use to create compounds in cases of drug shortages. I think tools and programs and small labs like what are discussed in the article are a positive force for good; and that they should be not only allowed, but encouraged, for many drugs that are expensive, unavailable to someone in need and can be readily synthesized safely with a basic college level of chemistry training by someone in a pharmacy.

    I think the potential risks and downsides are small right now; and I think more of it should be encouraged gently so that we can find out quickly what the flaws and limitations are so that we can put regulatory guardrails around it so that people do not harm themselves.


  • It feels like this vulnerability isn’t notable for the majority of users who don’t typically include “Being compromised by a Nation-State-Level Actor.”

    That being said; I do hope they get it fixed; and it looks like there’s already mitigations in place like protecting the authentication by another factor such as a PIN. That helps; for people who do have the rare threat model issue in play.

    The complexity of the attack also seems clearly difficult to achieve in any time frame; and would require likely hundreds of man-hours of work to pull off.

    If we assume they’re funded enough to park a van of specialty equipment close enough to you; steal your key and clone it; then return it before you notice…nothing you can do can defend against them.