Alec is a technologist, writer & security consultant who has worked in host and network security for more than 30 years, with 25 of those in industry.
The RSS's url is : https://alecmuffett.com/feed
2024-05-18 10:25:14
> The Washington Post reports that 17 states are currently “weighing” bills that would remove long-standing exemptions protecting librarians from prosecution for distributing material deemed inappropriate for minors, a carve-out that allows them to offer books containing accurate information on things like sex education without having to worry about going to prison. Those bills, per …
Continue reading "17 States Are Considering Laws That Would Imprison Librarians | Vanity Fair"
2024-05-17 16:27:11
This is culinary high drama: https://www.reuters.com/world/india/indias-butter-chicken-battle-heats-up-with-new-court-evidence-2024-05-17/
2024-05-16 16:39:31
A few months ago Meta followed Apple’s lead and announced in-app nudity detection for Messenger to attempt to dissuade teenagers from getting themselves into trouble by acting unwisely and without regard for their own privacy. Various people approached me, asking questions like: THEM: Look at this! Isn’t this client-side scanning (CSS)? Doesn’t this break end-to-end …
2024-05-16 04:01:45
2024-05-15 16:38:13
Gosh, maybe the people who invented the Dublin to New York Portal need to talk to the age verification & child safety lobby who have got this all sorted out and who are simply waiting for their fixes to land in all the world’s platforms. “social problems require social fixes” https://news.sky.com/story/dublin-new-york-livestream-portal-to-be-switched-off-following-inappropriate-behaviour-13136067
2024-05-15 07:36:52
I don’t agree with the attached, in the same way that I acknowledge that the human body* is extremely badly designed but “fixing” it would bring other problems. So I’ll start calling this perspective — along with its “rewilding” cousin argument — the “digital eugenics” approach to network architecture & cybersecurity: telling folk after the …
2024-05-14 19:04:28
From the “No Shit, Sherlock” department: But at what point does matching China at its own game become a betrayal of American values?These charges of hypocrisy will resonate beyond China’s borders. After Twitter deleted a tweet by the Nigerian president in 2021, which intimated violence against an ethnic group, Nigeria banned the app. The government …
Continue reading "The End of TikTok Is a Win for Beijing | The New York Times"
2024-05-14 18:43:08
4 minutes of comedy and insight, time well spent if you choose to watch it:
2024-05-14 14:29:57
It’s almost as if all of the doomerism schtick was not a realistic picture of how the world works. We set aside worrying about so many other things (war, famine, disease, racism, education…) in order to worry about AI, and as a hostile actor it is clearly under-delivering. It’s a shame because if the world …
2024-05-14 10:27:21
Because of course the way you get a £1tn tech industry is to mess with stock market rules whilst fearmongering & regulating tech out of existence. Also: “a decade”? “What’s my yardstick of success? I’d like to see a British Alphabet, I’d like to see a British Microsoft” Hunt told the Financial Times. … “It might …
Continue reading "Jeremy Hunt bets on creating a $1tn ‘British Microsoft’ | …oh, bless…"
2024-05-13 23:20:31
And now I’m literally wondering if Elon sees Telegram as the exit strategy for X https://www.businessinsider.com/elon-musk-encrypted-messenger-app-wars-telegram-signal-2024-5
2024-05-13 19:33:55
> Pavel Durov, the CEO of Telegram, has recently been making a big conspiracy push to promote Telegram as more secure than Signal. This is like promoting ketchup as better for your car than synthetic motor oil. Telegram isn’t a secure messenger, full stop. That’s a choice Durov made. https://threadreaderapp.com/thread/1789687898863792453.html
2024-05-13 15:58:11
Silkie Carlo on Twitter: > Today’s leader in the Times (!): The “sinister irony of the disinformation industry” is that in posing as “neutral arbiters of accuracy” it “risks creating a new form of misinformation”.
2024-05-13 01:39:06
Once they gained access to the portal, Menelik told BleepingComputer they had created a program that generated 7-digit service tags and submitted them to the portal page starting in March to scrape the returned information. As the portal reportedly did not include any rate limiting, the threat actor claims they could harvest the information of …
2024-05-13 01:09:13
Interesting essay, especially for anybody who has previously read The Victorian Internet https://engelsbergideas.com/essays/undersea-cables-and-the-vulnerability-of-american-power/
2024-05-11 17:02:38
Starts at about 07:50 https://www.bbc.co.uk/sounds/play/m001yxqh?partner=uk.co.bbc&origin=share-mobile
2024-05-11 03:56:58
> “Do you now, or have you ever, worked with TikTok to help defend its rights?” That McCarthyism-esque question is apparently being asked by members of Congress to organizations that have been working with TikTok to defend its Constitutional rights. https://www.techdirt.com/2024/05/10/congressional-committee-threatens-to-investigate-any-company-helping-tiktok-defend-its-rights/
2024-05-10 19:12:56
TWFY is a stalwart of British online democracy, a tool for tracking MPs and their voting interests and enabling their constituents to contact them directly. Their new project: WhoFundsThem — is self-explanatory in its importance. https://www.linkedin.com/posts/mysociety_support-whofundsthem-activity-7194275068888186880-cfd7
2024-05-10 16:32:34
The data protection act generally requires personal information to be gathered and used for specific purpose. School records are not gathered to pursue benefit investigations: > The DfE said the data-sharing agreement was “designed to provide confidence that the right and fair amount of benefit is being paid to the right claimant and any children …
2024-05-10 09:52:26
So now we have a House Un-American Internet Activities Committee?
2024-05-09 20:54:22
Imagine that you’re a cool, high-school, technocultural teenager; you’ve been raised reading Cory Doctorow’s “Little Brother” series, you have a 3D printer, a soldering iron, you hack on Arduino control systems for fun, and you really, really want a big strobe light in your bedroom to go with the music that you blast-out when your …
2024-05-09 16:08:38
2024-05-08 14:00:28
On Mastodon I’m encountering people dismissing creative commons and demanding new open source licences which are… open except to people or organisations they don’t like. For lack of this they are earth-scorchingly demanding the removal of their previously-shared wisdoms from StackOverflow under GDPR terms. Fortunately the thread contains a link to this essay from 2021 …
2024-05-08 03:33:05
> Congress has taken the unprecedented step of expressly singling out and banning TikTok: a vibrant online forum for protected speech and expression used by 170 million Americans to create, share, and view videos over the Internet. For the first time in history, Congress has enacted a law that subjects a single, named speech platform …
Continue reading "TikTok countersue US government on grounds of 1st amendment and bill of attainder"
2024-05-08 01:28:46
Unrolled at: https://threadreaderapp.com/thread/1787850791719460933.html
2024-05-08 01:12:31
https://www.techdirt.com/2024/05/07/raging-ignorantly-at-the-internet-fixes-nothing/
2024-05-07 19:06:28
The UK Medicines and Healthcare products Regulatory Agency (MHRA) is issuing DNS and search result takedown requests to suppress websites that have been selling off-prescription, DIY hormone treatment. I suspect that the dark web will be the next evolution of the story.
2024-05-07 14:03:50
Well, this should be fun, but it also sounds familiar from last few years in the USA: > The cyberattack was on a payroll system with current service personnel and some veterans. It is largely names and bank details that have been exposed. https://news.sky.com/story/china-hacked-ministry-of-defence-sky-news-learns-13130757
2024-05-07 13:41:42
Western governments are missing a trick: > Following the enactment of the Cybercrime (Prohibition, Prevention, etc) (amendment) Act 2024 and under the provision of Section 44 (2)(a) of the Act, a levy of 0.5 per cent (0.005) equivalent to a half per cent of all electronic transactions value by the business specified in the Second …
2024-05-07 02:40:02
> When it comes to tech policy, it seems that there are two increasingly diverging interpretations of today’s world. On the one hand, we are told that technology is challenging our economy, our democracy, our very humanity. We are told that large digital monopolies have stifled innovation and progress, that these platforms are incentivised to …
2024-05-06 05:02:19
> They feature war hero Marian Rejewski, the 1st person to crack the Enigma code, describing major breakthroughs before and during WWII (which the British rarely, if ever, gave proper credit to Poland): https://www.flyingpenguin.com/?p=56989
2024-05-06 02:26:43
Carey’s entirely plausible analysis of the actual problem with AI and GDPR which is currently being trumpeted by Max Schrems’ project: https://www.linkedin.com/pulse/complexity-law-noyb-suing-openai-carey-lening-cdpp-nxxoe
2024-05-05 20:51:16
Nadella’s Microsoft approach is leaning the right ways and is great copy for media, but it’s bland and meaningless when stripped from the context of a proper information security management system. What he means is that stuff ought to be secure by default and it’s time for Microsoft to let go of previously higher goals …
2024-05-05 12:40:35
From April 10th > “Fake news” legislation that governments around the world have written in recent years to combat mis- and disinformation does little to protect journalistic freedom. Rather, it can create a greater risk of harm. https://www.niemanlab.org/2024/04/fake-news-legislation-risks-doing-more-harm-than-good-amid-a-record-number-of-elections-in-2024/
2024-05-05 05:43:27
When content moderation and online safety gets the wrong end of the stick; this is a massive problem which we are only going to see more of but which will remain underreported due to embarrassment and lack of traction in popular media https://www.wired.com/story/what-happens-when-a-romance-author-gets-locked-out-of-google-docs/
2024-05-04 02:41:31
:facepalm: https://www.techdirt.com/2024/05/03/hours-after-aussie-govt-greenlights-online-age-verification-pilot-mandated-verification-database-for-bars-is-breached/
2024-05-03 16:05:04
Tyrian Purple is one of those materials that I’ve read about in any number of books but never actually seen; this is amazing and helps contextualize how valuable it really must have been: https://www.bbc.co.uk/news/articles/cjje132jvygo
2024-05-03 06:03:50
Bravo. In a Delhi High Court proceeding last Thursday, WhatsApp said it would be forced to leave the country if the court required traceability, as doing so would mean breaking end-to-end encryption. https://restofworld.org/2024/exporter-whatsapp-encryption-india/
2024-05-02 22:35:09
Read this. Just read it. https://threadreaderapp.com/thread/1785972533386244106.html
2024-05-02 03:30:09
“Hello, my name is Ethan and I would like the US Government to compel platforms to write/maintain code providing an immutable, unchanging API that my friends can use to inefficiently and in a failure prone manner, run half-assed badly written tools to fuck up their friendships and group subscriptions while choking the performance of backend …
2024-05-01 21:27:43
This resonates with my experience of people using Facebook from inside repressive and censorial regimes when I was working there 2013-16 Meta is wisely reticent about such activity in order to not disconnect those users, and “the greater good is served by lawful surveillance to protect children”-types are talking out of their hat. > “We …
Continue reading "Tens of millions secretly use WhatsApp despite bans | BBC News"
2024-05-01 16:20:54
Via Vess: https://infosec.exchange/@bontchev/112364787685708164
2024-05-01 03:58:27
A common failure mode in the past 40 years of communication is for automated billing to be triggered by an unauthenticated request to a service; I saw examples in the 1980s on PSS. That Amazon would make the mistake nowadays of billing people for failed and unauthenticated delete requests, does seem sloppy. Thus this is …
2024-05-01 03:52:44
If you believe that digital signatures require a network of federated trusted third parties, clap your hands: https://www.cyberleagle.com/2024/04/the-corn-laws-go-digital.html
2024-04-30 10:54:16
Pretty much the same advice applies to both; the cryptography & infosec industries are riven with people who did [something cool] once and who want to milk it forever, and … exceptions exist, but generally you will advance further because of what you do rather than for what you have done. Don’t sit on your …
2024-04-29 15:31:43
> One of the assumptions built into these calls is that if the tech community would just nerd harder, a solution could be somehow magically found that preserved privacy and security while letting the ‘good guys’ have access. With all respect to the valuable work that law enforcement does to protect society, it’s equally as …
Continue reading "No One Should Have That Much Power | Mark Nottingham"
2024-04-28 20:04:06
This is a hilarious step back into the Neanderthal days when people believed that they could tell others on the open web that it was not permitted to hyperlink to them. (excusing newspapers, which are obviously are a very special case that distinguishes them from normal websites) https://malcolmcoles.com/no-linking/
2024-04-27 15:05:13
How did I only now discover this? HT: dancol
2024-04-27 07:18:03
This is a classic. I have a print edition. Many software development truths (and myths) from the 1960s and 70s are still alive today, if slightly mutated and less obvious to those for whom it is “just a job”. https://www.mit.edu/~xela/tao.html