Notices by Tinker ☀️ (tinker@infosec.exchange)

@aral - So many comments continuing to "debate the technical minutiae of Threads" under a post decrying folks for "debating the technical minutiae of Threads."

Wow. 😐

Meta's Threads is to ActivityPub,
as
Google's Talk was to XMPP.

Embrace, Extend, Extinguish

#Threads #ActivityPub #EEE

Big shoutout to @jerry for setting up a Mobilizon server at https://meetups.infosec.exchange !

This is an analog to Meetup.com but is a part of the Fediverse and uses ActivityPub.

This has a few amazing implications...

So!!! You create a personal account on the server and then create a group. The group can then create events.

This is multiuser administration! So the group is separate from your personal account. So you don't have to share passwords for the group account. Instead, you have members join and then assign them administrative privileges. That's huge!

Further, whenever you create an event, it posts it via ActivityPub as well! So you don't need a separate Mastodon account to "crosspost". (Kinda like when we posted a meetup event, we would then cross post to Twitter. - You don't do that here. It's just one place and any fediverse account that follows you can interact with you via any other software / service.

So! I can follow my FXBG Hackers Mobilizon group from my Mastodon account. It just looks like a normal account from here. (you can view it at: @fxbghackers ).

We just created an event for our December meetup. That can be found here: https://meetups.infosec.exchange/events/60e32fc3-e098-4982-9e8b-155505d79f97

You can view that link through Mobilizon or through Mastodon and it will appear differently (see screen shots).

Here's the cool thing. I REPLIED to the Mobilizon event announcement with my Mastodon account via the Mastodon software and it shows up AS A COMMENT in the Mobilizon event page!!!!

That is the power of the Fediverse.

Fucking unbelievable.

#fediverse #feditips #mastodon #mobilizon #meetups

Reminder to go to your local library and volunteer to speak on their behalf. Let them know that if folks try to come and ban books that you'll speak publicly against them.

We found out folks were going to be commenting at our library calling for banning books.

So.

We all went and spoke out against them.

Only one person got up and called for a ban. She went first. Everyone after her started calling out her behavior and telling the library staff to keep the books.

The first woman and a couple others soon left before the end of comments.

Drive them out. Protect our libraries.

I'm at the point of my career that I'm embracing MS Excel and it's myriad of non-apparent powers.

eeesh....

You know it can parse XML (HT @infobex!)?

oh eris what have I become....

@doctormo - Oh, I like that. Thank you for sharing that!

@alcinnz

@alcinnz - Fully agree. Jargon is absolutely needed for those niche audiences that understand that jargon. Generalized language or "plain english" is absolutely needed for those general audiences whose experience or expertise falls outside of those niche groups that use the jargon.

For mixed audiences, I use jargon, followed by a quick generalized definition, where appropriate.

Thus did I read in an IRC chatroom:

A 1337 hacker and her apprentice were screensharing during a guided hack. The new hacker asked of his teacher, "How do I become root?"

The 1337 sage instructed her student, "Run 'su'."

The student ran 'su' and, when prompted, entered the root password. But as the young hacker did not know the root password, the command failed.

"I am not root," the student lamented.

The 1337 sage then instructed her student, "Run 'sudo su'."

The student did so, but instead of entering the root password as required by 'su' he entered his own password as required by 'sudo'.

The command succeeded.

Encouraged, the young hacker inquired 'whoami' and stdout responded with: "root".

The 1337 hacker smiled at her student and reminded him, "For it was not until you realized that you were already root, that you became root."

#hackerKoan #hacking #buddhism

@nlarson830 - I don't think so.

To be root, in this sense, is to have complete control and awareness of your own system. In addition to complete control and awareness, if any of your own actions cause you suffering, it is your responsibility alone, as you were the one to run the commands at root level. (note: this self imposed suffering is distinct and different from suffering imposed externally, such as via a ransomeware worm).

The corollary of this koan to one's life is that we have within us, already, the buddhahood. Instead of seeking to become awakened, we realize that we are already awake and just need to be aware of that state. And so it's by understanding the tools we already have and seeking to be mindful of who we are as we are, that we shed the fog and see that we are awake.

Question for my #infosec folks:

My friend is looking for a next step in her career and isn't sure where to go. Need advice on which roles she might look into.

Her background is a solid mix of both technical and client facing / managerial roles. She's been client lead and account manager for very high end and large clients. She has technical experience in intrusion detection / SOC analytics, patch / vuln management, and systems administration.

She's very good at bridging the divide between technical concepts / initiatives and business decision makers.

She's wanting to move from the reactive side of SOC analytics into a more proactive and sustainable side of things. Something where the benchmark is more in the months than the minutes/hours.

Ideally this would be part of an in house team rather than consulting, but consulting works if it has those focuses.

I've suggested things like Vuln / Patch Management, Governance Risk Compliance, or even security engineering or cloud engineering / administration with focus on security.

Y'all have any other ideas?

.______
#infosecJobs #fediJobs

For those wondering about the John Mastodon meme, here is the publication that claimed:

• John Mastodon was banned from twitter (it was JOIN... Join Mastodon... not John.)
• Mastodon was named after this fictitious man.
• Confusing Mastodon the software with a centralized social media company.

They're just making up things now, lol.

._______
#JohnMastodon

One other core of the message in the MCU and other similar forms of propaganda is more insidious...

• The ability to dream of better worlds and the ability to dream of ways to achieve those better worlds... is severally constrained, limited, badgered, and distorted away.

None of the stories in the MCU allow for greater thought, greater ideas, than violence and abuse and trauma with only one outcome... the maintaining of the current oppressive status quo.

This is probably the greatest goal of propaganda... don't just produce lies and bullshit for people to think. CONSTRAIN the ability of people to think outside of the narrow confines presented by the propaganda.

By limiting the words and the scenarios presented as choice... any outcome within the narrow selection of choices is ideal to the oppressor.

This is why I love solarpunk and hopepunk and similar speculative fiction.

We are creating our own narratives, our own languages, and therefore, our own possibilities and choices.

._____
#solarpunk #hopepunk #mutualAid

@alcinnz - Compelling ideas. I appreciate you mentioning them. I haven't seen Thor Ragnorok. I'll check it out with this in mind.

I remember studying Soviet propaganda in college.

I was always so amazed at how obvious it was. Wondering how people could sit through it.

But looking at my own country's propaganda gives me insight into this.

The wonderfully brilliant manipulation tactic is this:

1. Take a legitimate concern and build the story from that.
2. Take the ideal outcome (from the perspective of those in who want to maintain power / the creators of the propaganda) and make the hero advocate for that.
3. Take honest and good efforts by those not in power to address the legitimate concern, strawman them, and make them the villain.

One such corpus of propaganda is the Marvel Cinematic Universe:

• All the heroes are superhuman cops or vigilantes enforcing the status quo through violence.
• All the villains are trying to address societal concerns... but the realistic approach in the real world is twisted in these fictions to where their approach always includes genocide, violence, changing the current oppression to another oppressor of their choice, and other strawmen caricatures.

The propaganda messages conveyed are:

• The status quo and your current oppressors are here to stay and are the best you can hope for
• Fear and distrust any attempt to fix the current problems
• The only way to change is through violence (this is conveyed as bad)
• If anyone tries to change, they'll be stopped with violence (this is conveyed as good)
• The only people that can participate in the world (either fixing problems or maintaining systems of control) are superhuman demigods. The powerful. The rich. - Never you. Never the normal person trying to improve their and their neighbors' lives.

Pop Culture Detective recently release a video essay on this very thing. Watch it below.

Pop Culture Detective's "Marvel's Defenders of The Status Quo"

https://m.youtube.com/watch?v=LpitmEnaYeU

.______
#solarpunk #mututalAid #fiction