sylver_dragon @ sylver_dragon @lemmy.world

Posts

4

Comments

960

Joined

2 yr. ago

Because the changes would likely require a Constitutional Amendment. For setting a term limit, Article 3 of the US Constitution establishes that judges serve while "in good standing". This has been interpreted as meaning "for life". And this interpretation has some pretty strong backing from Hamilton's writing in The Federalist Papers No. 78. While the Federalist Papers do not, technically, have legal standing in the US, they are often used to fill in the gaps left by the imprecise language of the US Constitution.

Enforcing a code of ethics is probably a muddier situation. Article 3 establishes that Judges serve during "Good Behavior". But how is that defined and who gets to define it? Technically, The House of Representatives can impeach a judge (and this has happened in the past). So, the Legislature could simply say, "we'll impeach judges for violating this list of things". At the same time, an impeachment is not self-executing. So, a judge would not be automatically fired for violating one of those things. At best, the list would be a guideline and the sitting House (at the time of the impeachment) would have to draw up and vote on articles of impeachment. Could the legislature pass a law making the removal of a judge self-executing by defining "Good Behavior"? Maybe, though the same Judaical Branch whom it would affect would be the one to make that decision. I strongly suspect they would say, "no". And that may not be the worst outcome.

In Federalist No. 78 Hamilton makes the argument that the Judiciary must be very independent from the Legislature and Executive branches to avoid becoming an arm of those branches. The claim is that the Judiciary must be free to judge the actions of the other two branches, and rule purely on the Constitution and the Law. If the Legislature and Executive get to start tinkering with the tenure of judges, via rule making, there will be some incentive for the Judaical branch to begin serving the will of the other two branches. That's fine, if you agree with the other two branches, it's less so when you don't. In the end, I suspect that an enforceable code of ethics is going to require a Constitutional Amendment as well.

The changes to Presidential Immunity are probably the worst one to evaluate. I'm convinced that this decision was very much the court picking a position and then papering over all the hideous gaps in it. Unfortunately, because the Judiciary is the final arbiter on this one, and they say the decision is based on the Constitution, any change will have to come as a Constitutional Amendment. I recognize the circular nature of that logic, but that's kinda where we are at. Unless and until the make up of the Supreme Court changes, Nixon was right.

And for fun irony, the US President is actually not involved in passing an amendment to the US Constitution. That process takes 2/3 of each House of Congress and then 2/3 of the States. The President doesn't get a chance to veto/sign the Amendment. And, that has about the same chance as a snowball fight in Hell of happening right now. So, everything around this subject is just useless posturing. Nothing is changing any time soon.

Huh and here I was complaining about the new episode of Futurama focusing on NFTs as being "out of date". Guess everything old is new.

I run OctoPrint in a docker container on my home server. They have an official docker image available. And they also have a docker-compose.yaml file available.

I'm quite happy with the setup. The server is more stable (for me) than a small board computer. I have the whole setup on a UPS. Management is dead simple. The only caveat is that the server and printer need to be fairly close to each other for the USB connection. In my setup that was already a given, they sit less than a foot apart because of where I wanted them.

I have wanted to try out Klipper , and may well do that in docker as well, but my printer is a proprietary nightmare and Klipper isn't currently an option.

That sounds like a feature, not a bug.

The Crypto Wars have never ended. Governments dream of a world without public access to encryption and privacy. And many government attacks on encryption are done "for the children".

The goal of any military is to build and maintain a technological edge over potential adversaries. Because of that, a lot of basic research happens in and around military organizations.

You mentioned the internet as one such technology and it's a great example. The Defense Advanced Research Projects Agency (DARPA) started a project to build a communications network which would be resilient in the event of a nuclear war. Their work created ARPANet. And for a long time, it was really just intended as a US DoD thing and no one really considered its potential uses for the civilian world. It wasn't until it was opened up to the civilian sector that its potential to change the world was recognized.

Many other technologies follow this trajectory. There is a need in the military and research is done to fulfill that need. If that research is successful, new technology can be created and may eventually move into the civilian market and be very useful. Though, as part of that technology transfer there is always pushback from the military that opening up that technology may reduce or eliminate the technological edge the military holds over potential adversaries.

An example of this would be the Global Positioning System (GPS). GPS was supposed to be a way for the military to be more accurate in the stuff it blew up. When they began opening GPS up for civilian use, there was the worry that adversaries would use GPS against US forces. And so, part of the initial opening up involved intentional inaccuracy in the GPS signal for civilian use. Over time, this has been removed; however, the US DoD does maintain the ability to introduce inaccuracies if considered tactically necessary.

you’d think some five or 6 star general would go “Yeah nah we don’t need this shit, waste of tax money just stick with what works”

So, this actually does happen. In 2013, the US Army famously said tanks, but no more tanks. And Congress overrode that request. At the same time, just "sticking with what works" is a tough thing to know ahead of time. Prior to WWII, air power was considered more of a niche thing. Useful for reconnaissance and not much else. And then the Luftwaffe adopted dive bomb tactics and started wrecking shit from the air. By the end of WWII aircraft had reworked a lot of military doctrine. For example, WWII navies were built around battleships. And then the Japanese rather definitively proved what air craft carriers were capable of (see: Pearl Harbor). Navies are now built around air craft carriers and battleships are largely museum pieces. But, this only happens when militaries are willing and funded to try new things out. Not everything works and that means a lot of money expended on failed projects. But, sometimes it pays off and a military is able to create or extend a technological edge.

So, why does the the bleeding edge tech seem to always come out of the military? It's because they often have the reasons and resources to do the research. As much as it sucks, the world is still a dangerous place. And so, militaries the world over will always be looking to push the boundaries on technology. And they will also be the first recipients of said technology and will guard it jealously to prevent losing the technological edge it gives them. Yes, the world would be far better off, if humanity was not hanging from a cross of iron. But, thanks to assholes like Putin, here we hang.

Once again, the format doesn’t work for me when the main topic is about a fad that nobody talks about anymore.

Ya, this is was a clear problem with the episode. Sure, all the NFT jokes were on point; but, given how much the issue has faded, it felt stale. I enjoyed the Bender story. But, I suspect this was a bit of grasping at straws. The best Futurama has been when the show focused on the characters. But, with a lot of the main stories about the characters wrapped up in previous seasons, there isn't a lot for the writers to explore. So, we get a Bender backstory which was ok, I guess.

I'm still looking forward to the rest of the season. But, I can see the room for criticism.

I currently do all of my 3d printing from Linux. My printer is physically connected to my server, which is running Ubuntu and has a docker container running Octoprint. The container is based on Debian. The printer itself is a crappy knock-off of the Ender 3. The only issue was identifying the port I needed to pass through to the container.. And by "issue", I mean I had to run ls -l /dev/serial/by-id and put the resulting device in the devices declaration of my docker-compose.yaml file.

My main machine is Arch and I use Prusa Slicer as an Appimage. The only issue there is that Prusa Slicer likes to SegFault while slicing some models with some settings on my system. It's not common, but it does happen. I think this is related to the Nvidia drivers; but, by using the Appimage it's just the application which crashes and I can't be arsed to spend the time to solve the issue. I also tried Cura, but ran into this bug (tl;dr: don't use Nvidia on Linux). Overall though, it just works and I don't really think about the fact that I'm on Linux.

For modeling, I personally use OpenScad, as I have all the artistic capabilities of a mortally wounded water buffalo. One of these days, I'll pretend to try to learn FreeCad, which runs just fine. Blender also runs great on Linux.

In short, so long as you aren't buying anything too proprietary, you should be just fine.

If you care about privacy and are running Windows, you don't care about privacy.

Does this mean that the main dashboard will go back to the original XBox 360 dashboard and not the ad laden abomination it quickly became?

Another solution is to accept that mistakes happen and do a phased rollout of updates. Heck, Windows Updates are known to be enough of a crapshoot that every place I've worked at, over the past decade or so, has had a plan for updating systems in batches. That CrowdStrike just YOLO'd their updates out (on a Friday, no less) to everyone at once, shows a mindset which didn't accept that bad stuff can happen.

At the very minimum, I'd suggest waiting until you are actually working that 9-5 office job, before considering giving up your weekends. You may feel very different about things, once you are in that position.

My own situation is that I work generally 8-4 in a fully remote position. I like what I do and often spend my personal time reading and learning within the same field, just because I like that sort of thing. Even still, when the weekend starts, I have zero desire to go work somewhere else. I have a family I want to spend time with, hobbies I want to engage in, and just generally not be "on the clock". There is a lot more to life than work, go do that.

That said, if money is an issue, I can certainly understand the desire to work more. My income is high enough that I don't have to stress over money. So, the pressure to earn more just isn't there. Any extra income would either just be used to pay stuff off faster or go into savings. If you are in a position where money is a significant stressor, then the extra work may make sense. Some extra time with your nose to the grindstone now could pay dividends in the future.

Overall, I'm in the camp of not spending all your free time working. Work to live, don't live to work.

As much "doom and gloom" as the article pushes, I kinda feel that the compromised keys being well known makes detection easier. The malicious binary needs to be signed with one of these keys, this means that there will be very specific structures (e.g. the public key) at well known locations in the file. This is exactly the type of threat which anti-virus is good at detecting. Assuming a network's security folks aren't completely asleep at the switch, these attacks should get picked up and blocked pretty fast.

There is a reason attackers spend so much time and effort obfuscating code and keeping files off the disk. While A/V may be a pretty terrible security control and easily bypassed in many cases, watching for files with well known patterns is one of the few things A/V tends to do well.

The company says that files and file passwords uploaded to its servers will be deleted promptly after scanning, and all collected data will be used only to boost download protection for all Chrome users.

Right, and that Nigerian Prince really needs my help moving money.

Humans are pretty terrible and we'll find any excuse to justify our terribleness. One of the parts of the French Revolution was the Dechristianization of France. While this may sound like a good thing, which should lead people to live their lives based on reason, it also led to violence against priests. And the lack of religion did nothing to stop the Reign of Terror. In short, it was less an atheist utopia and more just humans finding different excuses to be terrible to one an other.

Similarly, the Soviet Union was founded on the Marxist principal that "religion is the opiate of the masses". This meant that the Soviet Union was officially athiest. However, unlike some of the French Revolutionary governments, the USSR largely tolerated religious practices. At the same time, the officially a theist state got up to a lot of horrible stuff.

At the same time, there is an argument to be made that Christianity helped reign in some of the worst excesses of monarchs during the Middle Ages. It's important to remember that people really believed this stuff. Kings really did think about their immortal soul and what they would be forced to answer for on "judgement day". Fear is a powerful motivator and it may be that, for all their terrible selfishness, some monarchs may have been led to moderate the worst of it based on that fear.

All that said, I'm not sure how much differently history would have played out, without religion. As I led with, humans are pretty terrible. Many wars may have had a religious veneer, to get the people to go along with them, but they were more often about power, control and ego than religious conviction. Religion provides a convenient excuse to define "the other". The othering of people creates a permission structure where we will not only tolerate, but often gleefully engage in, truly horrible acts against "the other". And it doesn't require religion to do it. Take a look around the Lemmyverse and you'll find videos of Russian soldiers being blown apart by drone dropped munitions. And the comment sections will be talking about how "they deserve it" or making jokes and light of another human being ripped apart. And these comments will be defended because of the horrible actions of the Russian Government and some Russian soldiers. Russian soldiers have been placed firmly in "the other" and so we can celebrate their horrible deaths, and be cheered on for it in many corners of Lemmy. No religion required.

So ya. I'm not a fan of religion, nor am I religious myself. But, I have no illusions that religion has a lock on people being terrible to each other. It has absolutely been involved in making it happen throughout history. But, I am skeptical of the idea that history without it wouldn't have been just as filled with humans doing terrible things to each other. Human nature tends towards tribalism and the creation of "in groups" and "out groups". With those in the former more than willing to do anything and everything to the latter.

It's getting Fark'd

So how about hacking CrowdStrike and obtaining that access? I’m guessing it might be easier than hacking Microsoft?

Maybe. CrowdStrike is a company which specializes in security and has some pretty smart folks in that area. They also live and die by the perceived value of their security products. So, security is pretty important to the company. Microsoft is a conglomerate, and while it does have some arms which specialize in (and are pretty good at) security, the company's continued existence doesn't depend on their performance. So, the Microsoft President can go in front of Congress and promise to do better, and we all know this is bullshit and Microsoft will continue to be Microsoft.

As for an attacker actually leveraging the CrowdStrike platform as part of an attack. It's entirely possible. Security products have been found to have vulnerabilities in the past. IIRC, McAfee's ePO server was vulnerable to Log4j. And given CrowdStrike's engine runs in Ring 0 on the endpoints, it's certainly an attractive target. Finding a Remote Code exploit in it seems like something an APT like the NSA or PLA Unit 61398 might get up to. That said, as I mentioned above, CrowdStike also employs a lot of smart folks and is likely doing it's level best to find those vulnerabilities first and fix them.

Are there other companies having the same access level as CrowdStrike? How vulnerable are they?

Ya. Really, any EDR or A/V product is going to run in Ring 0. And any such kernel level driver crashing is going to cause a BSOD. That's just the way Windows is designed. I have personally dealt with bad updates from several other products causing BSODs. Including one which brought down the entire site I was working at, at the time. I believe it also took down a number of other sites as well. Since, once I figure out how to get the bad update out of our system, the folks responsible for the update actually reached out and asked me what I did.

Ultimately, products like these exist in a very trusted state on systems, because they have to. if and when they crash, you can expect a BSOD. In this case, I suspect CrowdStrike is going to receive (and they deserve) a lot of shit for the way this one went down. The reporting I've seen states that the update file was just a mass of null bytes. And it seems there was no sanity checking or error handling for a corrupt update being pushed by CrowdStrike. I suspect that's gonna get fixed pretty quick, but it was a pretty bad oversight for a product with regular, live updates.

Fantastic write up. I'd just add something to this bit:

Basically companies wouldn’t use CS unless they are too lazy to change away, or they think it’s really that good.

I work in Cyber Security for a large organization (30,000+ end points). We're considering moving to CrowdStrike. Even after this cock-up, we're still considering moving to CS. I've had direct experience with several different A/V and EDR products, and every single one of them has had a bad update cause systems to BSOD. The reason this one hit so hard is that CS is one of the major EDR/XDR vendors. But ya, it's generally considered that good. Maybe some folks will move away after this. And maybe another product is nipping at their heels and will overtake them in the near future. But, for now, it's not surprising that it was everywhere for this situation to get really FUBAR.

Thank fuck. Biden's actually been a pretty good President and I say that after strongly supporting Bernie over him. He's got some flaws and (including some pretty big ones, e.g. Gaza). But, he's also had some good accomplishments and finally recognized that continuing to steer this ship intro the dirt wasn't the best plan. So, Thank you President Biden and let's all now pull together and get whoever replaces him elected. It's probably Harris. Again, not my first choice, and I suspect the selection process isn't going to be terribly Democratic. But, we missed that boat by not having a real primary. But, we now have a chance for someone without one foot in the grave and the other on a patch of ice, to beat Trump. Let's not squander it.

I didn’t actually think about what all these wild AV systems could do, but that’s incredibly broad access.

Always has been. I've clean Symantec A/V off way too many systems in my time, post BSOD. That crap came pre-loaded on so many systems, and then borked them. The problem is, that in order to actually protect system from malware, the A/V has to have full, kernel level access. So, when it goes sideways, it usually takes the system down. I've seen BSODs caused by just about every vendor's A/V or EDR product. Shit happens. Everyone makes mistakes, but when that mistake is in A/V or EDR, it usually means a BSOD.

Maybe I’m just old, but it always strikes me as odd that you’d spend so much money on that much intrusive power that on a good day slows your machines down and on a bad day this happens.
I get that Users are stupid. But maybe you shouldn’t let users install anything. And maybe your machines shouldn’t have access to things that can give them malware. Some times, you don’t need everything connected to a network.

It's tough. The Internet and access to networks provides some pretty good advantages to users. But, it also means users making mistakes and executing malware. And much of the malware now is targeted at user level access; so, you can't even prevent malware by denying local admin/root. Ransomware and infostealers don't need it. A/V ends up being a bit of a backstop to some of that. Sure, it mostly is a waste of resources and can break stuff when things go bad. But, it can also catch ransomware or alert network defenders to infostealers. And either of those can result in a really, really bad day. A ransomed network is a nightmare. And credentials being stolen and not known about can lead to all kinds of bad stuff. If A/V catches or alerts you to just one or two of those events and lets you take action early, it may pay for itself (even with this sort of FUBAR situation) several times over.