i don't get people who insist on powering their computer down (re: post complaining about the new mac mini having a silly location for the power button)

x4nw@cathode.church

@aud oh webcams have always been a source of pain for me

there've been good ones for years but there never stopped being bad ones

aud@fire.asta.lgbt

@[email protected]

you, walking into your office, seeing me elbow deep in your desktop with thermo gloves and goggles on, freezing and unsocketing your RAM: "aw shit"

aud@fire.asta.lgbt

@[email protected] intel: "what if... what if they weren't connected via an internal USB type interface... but instead something proprietary? oh ho ho, intel, you're a genius"

ireneista@adhd.irenes.space

@aud @x4nw people with that threat model (hi) should be making sure high-impact credentials never live in RAM on user-facing machines.

unfortunately, servers do not have that luxury since they must be able to do unattended operations. servers also do not have the luxury of turning off. so in the final analysis, suspend is not highly relevant.

ireneista@adhd.irenes.space

@aud @x4nw (we do think that anyone involved in political organizing should up their threat model, to the extent that they can do so practically.)

aud@fire.asta.lgbt

@[email protected] @[email protected] I have my server encrypted, but then it's up for 99% of the time anyway, so sometimes I just have to grumble and walk over to the headless machine, plug in a keyboard, type in the password, hit enter, then see if the IP pops up on my router. I'm like, hm. I suppose it's a defense against a raid (which I wouldn't be targeted for anyway) or a smash and grab and it's easy so good, but considering the server is usually on there are definitely other ways to nab the data.

aud@fire.asta.lgbt

@[email protected] @[email protected] (100% agreed. Shit, I think even talking about politics you should increase your threat model to a certain extent. It doesn't matter that you've said perfectly 'benign' things).

I used to give this advice to people going to protests when I could but like, you're not worried about the machine learning capabilities of today, you're worried about the machine learning capabilities of tomorrow. It's the same for the legal framework. Although to be fair, if they've changed the laws to retroactively make what you said punishable, the legal framework is so fucked that they probably don't need to come up with anything legit to get rid of you.

ireneista@adhd.irenes.space

@aud @x4nw yes. governments, even supposed democracies, do not ignore political activity. the relevant agencies would be neglecting their core mission if they did.

we should all, as activists, hope that we will never get to know to what extent we personally are a focus of attention. we shouldn't be fear-driven about it; knowledge and planning are the antidotes to fear. once we've put in that work, we should try to put it out of our mind... but we should do the work first.

aud@fire.asta.lgbt

@[email protected] @[email protected] still. "Cover up your identifying features!" is always a good idea. You don't want to be the signal in the noise.

aud@fire.asta.lgbt

@[email protected] @[email protected] this is sort of unrelated but it's also why I'm quite visibly trans (well that and I can't hope to pass lmao (also passing is a toxic concept but we don't have to get into that here)). Like, come at me fuckers. I am who I am. If it's a problem, I will not regret having been myself and speaking my mind and trying to do the work I do and voicing what is important to me.

aud@fire.asta.lgbt

@[email protected] @[email protected] (this makes me sound cooler than I am but mostly it just seems to make me unemployable as tech companies are not currently hiring outspoken bitches)

ireneista@adhd.irenes.space

@aud @x4nw yes. we flatter ourselves that that this ongoing capital strike in the industry may be partly an attempt to demotivate and intimidate labor organizers. to whatever extent that may be true, sorry about that.

aud@fire.asta.lgbt

@[email protected] @[email protected] well, I'm hardly a labor organizer (although I was probably considered an agitator as I did openly say pro-union stuff on the GitHub slack).

Actually, I'm sure they viewed me as an agitator or instigator because I would openly talk about the importance of labor organizing on giving employees the ability to push back against contracts and work that are socially damaging or, you know, war crimes. They really, really do not like that, I suspect.

ireneista@adhd.irenes.space

@aud @x4nw yeah, like, if you do things that need a server, you do things that need a server.

at that point, from the defender's side the next port of call (... on the metaphorical pilgrimage to accepting any remaining risks and welcoming the inevitability of death into your heart, we guess....?) is data minimization, minimum necessary privilege, all that stuff.

ireneista@adhd.irenes.space

@aud @x4nw oh for sure. yeah that pisses off C-suite no end. or, rather pisses off the HR cronies who C-suite hire to compartmentalize information so that C-suite can credibly claim to have no idea who you are if a Congressional inquiry asks (happened to someone we know).

aud@fire.asta.lgbt

@[email protected] @[email protected] brilliant career move to do that without other employees backing you, for the record.

ireneista@adhd.irenes.space

@aud @x4nw yeah, sorry

aud@fire.asta.lgbt

@[email protected] @[email protected] I do wish we lived in a paradigm where "data minimization" was still considered good practice, rather than a world where "data maximization" can be turned directly into profits while any failures to protect are externalized costs.

aud@fire.asta.lgbt

@[email protected] @[email protected] jesus fuck. I shouldn't find that shocking but god. So disgusting.

aud@fire.asta.lgbt

@[email protected] @[email protected] relatedly: the HR cronies at Microsoft are fucking awful for reasons I don't think I can say, but goddamn.