blakejustblake's comments

blakejustblake | 4 years ago | on: Okta’s Investigation of the January 2022 Compromise

Was coming around to make this point that in the cybersecurity world the word "breach" can have a very particular meaning with legal implications. As a cybersecurity professional, we are trained not to refer to anything as a breach while communicating findings of investigations or alerting organizations to activities that we see unless that has already been legally established.

There is plenty concerning about their response to this situation, and this phrasing can be confusing, but from my POV in the industry this choice of words is understandable.

blakejustblake | 4 years ago | on: Ohio GOP ends attempt to ban municipal broadband after protest from residents

And if by subsidizing other people's internet they have better access to higher quality connections then it will be a net benefit for your community, which will in turn improve your life while interacting with and in that community.

blakejustblake | 5 years ago | on: New malware found on 30k Macs has security pros stumped

@malwaremustd1e @malwrhunterteam @0xrb @capesandbox @malware_traffic

blakejustblake | 5 years ago | on: New malware found on 30k Macs has security pros stumped

The infosec community at large is well aware of how unreliable just using md5 checksums to identify malware is. If anything it is the absolute first line of defense for identifying malware, in that it is easy to implement quickly and has a decent enough chance of filtering out low hanging fruit. The biggest use for the checksums between malware researchers is for identifying if they have the same strain of malware as someone else. Identification is mostly not based on checksums, but rather things like YARA rules where different identifying factors of malware are outlined to be compared against binaries. This isn't foolproof either, but there is a rather large ecosystem of malware researchers out there constantly taking samples and releasing rules. I follow a lot of these folks on Twitter and the majority of what they post are their findings on the bajillionth strain of whatever malware is in vogue at the moment. This sort of stuff is going to catch the majority of what will be coming at most people and anything that slips by the first lines of detection usually gets picked up somewhere along the way and passed on to researchers who do an exceptional job of reversing and identifying new malware or strains of old ones. But of course the reliability of that whole ecosystem depends on sensible organization security policy to start with.

In short, md5 sums and signatures are there to protect against the low hanging fruit, spray and pray type malware that's pretty common. If someone wants to target you with uniquely signatured malware they can. Identifying it isn't going to be what stops it, but proper opsec can.

blakejustblake | 7 years ago | on: Thousands of Russians protest against internet restrictions

>The protests in Moscow, the southern city of Voronezh and Khabarovsk in the far east had all been officially authorized.

How subversive.

blakejustblake | 7 years ago | on: Amazon to Shut All U.S. Pop-Up Stores as It Rethinks Physical Retail Strategy

Welp, so much for that hope.

https://www.theguardian.com/us-news/2019/mar/06/whole-foods-...

blakejustblake | 7 years ago | on: FCC threatens carriers with 'regulatory intervention' over robocalls

I would not suggest people try to waste scammers time, or do anything but hang up on them. A lot of calls that just hang up on you are putting out the feelers for phone numbers that have humans answering on the other line so that they know that's a viable target for attempting to scam. Showing any sign that your phone number belongs to an actual human just ups the chances that you're going to get an increased amount of phone spam, regardless of if you got the chance to waste someone's time or not. Also, people should be wary of saying anything at all the these suspicious phone calls, some of them try to get recordings of you saying some key words to make it easier to steal your identity. For instance, if someone asks if you are who you are by name and you say yes, then they've got decent confirmation that they've got a recording of a particular person saying "yes" which can be used against you in stealing your identity or credit card fraud.

blakejustblake | 7 years ago | on: Basic income in Finland did not lead to finding work, researchers said

I wonder if the rise of gig-economy type work has dirtied the employment data pool? If you're out of work and looking for a employment, yet you're still scraping by a few bucks every week due to Uber or Lyft or something similar, and you're a part of a significant percentage of people doing the same then unemployment numbers probably aren't as pretty as some would like us to believe.

blakejustblake | 7 years ago | on: Robot automation will 'take 800M jobs by 2030' (2017)

I think you'd still be faced with a lack of truck-driver-to-research-scientist pipeline. There are already a lot of people that are qualified, or if not they're close to qualified, to be in these research roles so that if a lot more funding went toward these areas it'd still be hard for someone making the move from much more unrelated industries and educations at later points in their lives would still be at a disadvantage. The children of these people, given a good education along with having easier access to higher education, might have an easier time getting into these positions. But it seems like there'd be a labor shortage gap for those that aren't remotely qualified for a research position now.

This also seems to ignore that research science itself is increasingly becoming automated, and such positions that are less efficient on the dollar per fundamental insight scale may disappear at around the same time as our hypothetical truck driver's.

Personally, I think that we as a culture need to change our thought processes on the necessity of everyone doing work. So what if some people just end up in the sitting around watching Netflix all the time category? Not everyone's going to do that, there are a ton of different outlets I would pursue if I didn't have to worry about working or money. And they're mostly things that I'm only money limited on because if I didn't work and pursued these things then I wouldn't be able to eat or have a place to sleep.

Work on giving people quality educations and the open-ended opportunities to explore, play, and pursue, and I think we'd all be surprised at what people will end up doing with their time.

blakejustblake | 7 years ago | on: My Parents Are Flat Earthers

While the author of this post focuses on the idea of a flat earth conspiracy leading to their conclusion that people believing in conspiracy theories don't have much influence over our everyday lives and that they're "fun", I can't help but disagree with an example that he even mentions shortly in the post: Anti-vaccination. The WHO has named anti-vaccination as a top 10 global health threat. Right now in Clark County Oregon there's an evolving problem with the spread of measles. I can understand the author's attempts to reconcile his parents' weird beliefs, but I can't agree with his conclusion that they're mostly fun and harmless. People who deny climate change enact that belief in the way they vote and in their every day consumption. That's not just a fun point to argue with. It's affecting everyone's lives.

blakejustblake | 7 years ago | on: Ideology Impairs Sound Reasoning

What you're saying and the conclusions of the study are one in the same. Though I would disagree that their questions were like presenting 1+2=68445788. I would suggest they're more like 1 is 32119592 and 2 is 36326196 thus 1+2=68445788. 1 and 2 are not those numbers, but to be premised such a way formally the results of the logic check out.

Regardless of whether it's revealing or not it's a good thing to work towards establishing these sorts of conclusions through studies so that someday we can hope to have fewer terrible premises.

blakejustblake | 7 years ago | on: How to Be a Programmer: A Short, Comprehensive, and Personal Summary (2002) [pdf]

Ha, so it's a pretty good example of how to be a programmer then huh?

blakejustblake | 7 years ago | on: ‘Salt, Fat, Acid, Heat’ Is a Love Letter to Amateur Cooks

Well, this is all obviously speculation, but here are some things that I think contributed to it: First of all I think that it's a reaction to a generation of people growing up with chain restaurants and ready to cook meals. They see that it's unhealthy, there's more to food, and they want to move past that. Similarly they maybe didn't have someone to teach them about food and cooking growing up so they have to fill that space and lack of experience. Notice how a nearly every book or show has to involve some line about how cooking this way, or the inspiration for this or that, has been passed down from generation to generation? Also, you could look at it partially as an environmental/economic thing. People feel good consuming local/seasonal/organic/natural/whatever food. But knowing how to do that properly requires some amount of knowledge that they don't have. Lastly there's a certain amount of cultural cache to knowing things about food that other people might not know. You feel like you get brownie points for knowing about a local spot no one's been to that has good food. Being able to make a good meal has been built up as a sort of unique and desirable skill to have, while at the same time being a really easy skill to attain. People take pride in things like being able to make the "best" barbecue sauce or bake a decadent, attractive cake.