• 0 Posts
  • 30 Comments
Joined 7 months ago
Cake day: June 5th, 2024
  • derek@infosec.pubtoLGBTQ+@beehaw.orgAtheism Should Leave Its Transphobia Behind in the New Year
    3·
    19 hours ago

    That would be apatheism. It’s not an alternative to the other claims but a disinterest in the problem space itself.

    Atheism is a spectrum of opinion ranging from “I neither accept claims including gods nor put forward alternatives” to “I claim no gods can exist and here’s why” with some wiggle room on both sides as the arguments devolve or extremify.

    Agnosticism is a strange participant as it lacks a cohesive definition. It’s more like a spectrum of reasons “adherents” think the claims made by others aren’t valid. It’s the last port of call for participants embroiled in philosophically rigorous metaphysical tedium and first stop for apatheists so disaffected they’ve never read a relevant text.

  • derek@infosec.pubtoAsk Lemmy@lemmy.worldDid non-RGB mechanical keyboards cease to exist? Can anyone recommend some?
    21·
    7 days ago

    TL;DR: Check out the KeyChron K3 V2 Non-Backlight edition. Decent quality, inexpensive, no lights, and no knowledge required.

    ZSA make good stuff, sell it at reasonable prices, provide incredible support, and give a shit about artists/humans/the world. Any time mechanical keyboards are mentioned I feel compelled to inject their name into the conversation. I’ve owned a Moonlander for a while now and I have nothing but good things to say about it. I’d recommend the ZSA Voyager for someone checking out not shitty keyboards for the first time.

    With that out of the way: it’s tough to find a lightless mech keyboard these days because backlights make sense and, so long as you’re putting lights behind keycaps, you might as well use full color range LEDs and let the user set a low brightness white color or turn them off if they don’t care for it. Some companies make non-backlight versions (KeyChron’s K series for instance) but they’re a rarity. Why produce and stock inventory that’s not moving?

    I recommend doing some research on how mechanical keyboards are built (watch a 10 minute video on the internet) and then using RTINGS’ keyboard table for some comparison shopping. You’re looking for a well rated keyboard with hot swappable PCBs designed to accommodate south-facing LEDs (they point down - less bright). One of the advantages of going mechanical is customization. Don’t want the LEDs at all? Remove them from your build. Even without PCB hot swapping: no one will stop you desoldering LEDs from your keyboard.

    Building out something like a Gem80 from NuPhy or a 60HE from Wooting will net you a high quality mechanical keyboard that won’t get in your way but is customizable enough for you to avoid RGB-induced eye sores.

  • derek@infosec.pubtoAsk Lemmy@lemmy.worldWhat are some (not illegal) ideas to make corporations feel the pain when they allow our data to be stolen?
    5·
    7 days ago

    The only effective answer to organized greed is organized labor.

    Unionizing every industry so there is nowhere for the owning class to practice naked greed sans consequence or feel any pressure to do otherwise is our only answer. It’s not one which matches the aesthetic or level of ease most are looking for. So that’s the current goal. Shift public perception of unions and collective bargaining from “talking about that will get me fired” to “unionization is essential for any working class person”. Shift the current climate from “violence is inevitable” to “striking is necessary”.

    Our owners cannot steal our wages if we refuse to produce goods and services for them. Yes this means workers will experience pain. Not being able to pay bills, buy groceries, etc. This is the intention of the current economic reality we find ourselves locked in mortal combat with. Keeping us too scared to bite the hand that feeds for us to realize we can starve out our oppressors by doing nothing and being loud about it. Picketing is a siege on the fortress of oligarchy.

    They concentrate wealth like dragons protecting a hoard not for the love of money. It’s not about the money. It’s about insulating themselves so securely from such a siege that we starve before they do. History tells us that’s a winning strategy. It’s how the aristocracy survived and evolved into the modern era. Knowing this we can reason about what is necessary to avoid repeating the past.

    One may argue for governing reforms, better voting systems, government-backed protections for workers, more public sector jobs/industries, kai ta hetera, et cetera, and so on… And these things may help voters weed out elitists/sympathizers or insulate an industry for a few decades. They are placations though. Not solutions. These capitulations leave workers in stasis and package today’s injustice up as an inheritance for those next in the human assembly line. That sounds like deja vu to me.

    Similarly goes violent direct action. Yes, the civil rights movement was lifted by the pressure or the threat of violence from aligned and allied movements and, yes, such methods may yield short term results in any righteous struggle. No, workers do not require the same assistance for success. Labor is not fighting against any government. Governance is the medium through which the owning class wishes to arbitrate. Refuse this entrapment. No one is coming to save us.

    Organize, vocalize, and strike, or lose.

  • derek@infosec.pubtoAsk Lemmy@lemmy.worldI chipped my guitar finish, its only a 1k guitar brand new, what should I do?
    55·
    8 days ago

    Long time guitar owner here. You could get some wood glue and use a small amount to affix the chip back to the guitar pretty seamlessly so long as you’ve got a steady hand. In my experience it’s harder than it looks.

    My direct advice? Keep the missing chunk in a safe place and live with the guitar as-is for a month. There’s no rush and this will give you some time to process.

    If the gouge ends up sticking in your mind as something you want gone? Call a local luthier, explain what happened, that you’d like it restored, and ask for an estimate or evaluation if you want to budget for the expense. If you have a preference for a kind of repair you can ask for that too. Mending a wound on an instrument can be an opportunity to add beauty instead of simply removing a blemish. What kind of repair you want is entirely up to you and a temp fix now might make the repair more difficult / expensive.

    If none of that sounds appealing and if after a few weeks the idea of a nail polish scar or other punky hack makes you happy then go for it! It’s your instrument and best is conditional so go nuts. 🙂

    My only concern with leaving the natural wood exposed would be moisture and cracking/paint flaking over time. Even if you think the chip looks bad ass and you end up wanting to keep it: I would ask a luthier to seal it up to preserve the instrument (battle-scar and all).

  • derek@infosec.pubtoNo Stupid Questions@lemmy.worldHow do I make a domain account on Windows have administrative privelleges to use a particular app?
    4·
    18 days ago

    There’s some good advice in the comments already and I think you’re on the right track. I’d like to add a few suggestions and outline how I think about the problem.

    Ask if the vendor has installation administrator guides, whitepaper, training material, etc. If yes: ask that they send it to you. You may also be able to find these on the vendor’s website, customer portal, or a public knowledgebase / PDF repo.

    I would want to know three things.

    1. How do users authenticate through the application?
    2. What are all of the ways users may access the application (local only, remote desktop, LAN only, full server/client model)?
    3. Does the vendor have any prescribed solutions for defining who has access to the application, at what privilege level, with access to what features?

    i.e. What parts of the user access, authenticate, authorize pipeline do application admins or system admins have control over and how can we exercise that control?

    Based on some context I assume that the app is reading from Active Directory using RADIUS or LDAP for user auth and that people are physically logging into the machine.

    If this is the only method of authentication then I would gate the application with a second account for each employee who requires access for business reasons defined in their job description (or as close as you can get to that level of justification - some orgs never get there). You can then control who has access to the machine via group policy. Once logged in the user can launch the application with their second account (which would have the required admin access) via “Run as…” or whatever other methods you’d prefer. No local admins logging in directly and yet an application which users can launch as admin. Goal achieved.

    This paradigm lets us attempt balancing security concerns with user pain. The technically literate and daringly curious will either already know or soon discover they can leverage this privilege to install software and make some changes to the system. The additional friction, logging, and 1:1 nature of the account structure makes abusing this privilege less attractive and more easily auditable if someone does choose the fool’s path.

    I can imagine more complex set ups within these constraints but they require more work for the same or worse result.

    Ideally you run the app with a service account and user permissions are defined via Security Groups whose level of access is tied to application features instead of system privs. There are other reasonable schemes. This one is box standard and a decent default sans other pressures.

    If other methods of auth are available (like local, social, cloud, etc) then you’ll have more decent options. I would define the security objectives for application access, define the user access objectives from the Organization’s perspective, and then plot each solution against those two axes (napkin graphs - nothing serious). Whichever of the top three is the least administratively burdensome is then selected as my first choice for implementation with the other two as alternatives.

    An aside: unless there is only one reasonable choice most folks find one option insufficient, two options difficult to decide between, and four options as having one option too many - whenever possible, if another party’s buy-in is desired, present either three options or three variations on one option. This succeeds even when the differences are superficial, especially when the subject is technical, and 2x if the project lead is ignorant of the particulars. People like participating.

    I’d then propose these options to my team/direct report/client, decide on a path forward together, and plan the rest from there. There’s more to consider (again dependent on org maturity) but this is enough to get the project oriented and off the ground.

    Regarding FOSS alternatives: you’re likely locked in with the vendor’s proprietary software for monitoring the cameras. There are exceptions but most commercial security system companies don’t consider interoperability when designing their service offerings. It might be worth investigating but I’d be surprised if you find any third party solutions for monitoring the vendor’s cameras which doesn’t require either a forklift replacement of hardware, flashing all of the existing hardware, or getting hacky with the gear/software.

    I hope this helps! <3

  • derek@infosec.pubtoNo Stupid Questions@lemmy.worldHow do I get over fear of cooking?
    9·
    2 months ago

    I haven’t experienced what you’re describing. Previous experience suggests exposure is the next step for you. If a cooking class isn’t feasible right now then start with watching some videos online (best if they’re home cooks - you want to watch common cooking of foods you like to eat).

    You’re not trying to memorize anything or learn hard skills during this time. You’re only trying to become more familiar with people working in a kitchen so it doesn’t feel as alien and maybe not quite as scary.

    Do that regularly for a while. If it’s too much for you: dial it back. You do want to push your boundaries but only when you’re feeling ok about it. Small wins will turn into more small wins and eventually you might be interested in trying to cook something.

    If that happens, and I suspect it will, know that it is OK to start cautiously and take your time learning how to use the oven and stove top. Try turning a burner on with no pan or pot on top. Let it get hot. Turn it off. Let it cool down. Repeat that across a few days if the first one helps you.

    Once you’re comfortable you should do that practice again and add water to a pan until its half full. Once the burner is hot: place your pan of water on top of the stove burner. Let the water come to a boil. Remove the pan from the stove top. Let the pan and water cool down. Note how much water is missing (some of it will have steamed away while boiling). Add that much water back to the pan and practice this again.

    You can build your experiences, step by step, with safe extensions and new footholds, until you’re feeling confident about cooking something with the boiling water. You’re going to boil an egg!

    Complete your practice again but instead of taking the water off right after it boils: leave it on the burner for 6 minutes. Then remove it and let it cool. Success? Do that again using a pot instead of a pan. Pot half full of water. Grab a serving spoon or similar item. Once the water comes to a boil:

    1. Lower the burner temperature to half / medium. The water should be moving and steamy but the bubbles should be very gentle or cease. Dropping the egg into actively boiling water may cause the egg to crack prematurely.
    2. Use the serving spoon to gently place the egg in the center of the boiling water.
    3. Wait six minutes.
    4. Remove the pot of water from the burner.
    5. Turn the burner off.
    6. Use the serving spoon to lift the egg out of the hot water.
    7. Run the egg under cold water (this helps it from over cooking and helps make peeling easier).
    8. Enjoy your egg.

    You can absolutely boil any kind of pasta, lots of vegetables, and almost all starchy foods. Boiling is very safe because the water regulates the temperature for us. So long as there is water in the pot the pot is unable to meaningfully exceed 100 degrees Celsius (the boiling point of water / ~212F). It is very difficult to burn anything or start a fire while boiling water.

    Best of luck my friend.

  • derek@infosec.pubtoTechnology@lemmy.worldA TikTok alternative called Loops is coming for the fediverse | Users own their content, and Loops doesn’t sell or provide videos to third-party advertisers or train AI on them. It will be open sourceEnglish
    131·
    2 months ago

    That’s a problem. Absolutely. It’s not the problem though. I’m not sure the problem can be summarized so succinctly. This is the way I’ve been putting it:

    These are the top reasons humanity needs successful, decentralized, open social media platforms:

    1. Collecting and selling user’s private data is dangerous and unethical.
    2. Using that data to intentionally and directly manipulate user’s thinking is even worse.
    3. All of the major centralized social media companies have been proven to either allow these illicit information campaigns or coordinate them directly. TikTok is the focus right now but Sophie Zhang exposed Facebook for doing exactly what TikTok has been exposed for recently. Can you recall any meaningful consequences for Facebook? Do you think Facebook is now safe to use?
    4. It’s clear that most political leaders are either too ignorant, too corrupt, or too inept to meaningfully legislate against these problems.
    5. The concerned public can’t shut Pandora’s box. No one is coming to save us from big tech or the monied interests and nation-states that wield it.
    6. The concerned public can’t easily and legally audit the platforms big tech builds because they are closed and proprietary.
    7. Personal choice is not enough. Not using centralized social media increases personal safety but does little to curb its influence otherwise.

    These are listed by order of intuitive acceptance rather than importance. I find it aids the conversation.

    The best reasonable answer to these problems I’ve seen proposed is for the public to create an open and decentralized alternative that’s easier to use and provides a better user experience.

    Will that kind of alternative be a force for pure good? I’m not sure. To your point: I’m not convinced social media of any kind can be more than self-medication to cope with modernity. Then again I’ve had incredible and meaningful conversations with close friends after passing the bong around and spent time on Facebook/Reddit, and now Mastodon/Lemmy/etc, doing the same. Those interactions were uplifting and humanizing in ways that unified and encouraged all involved.

    I think the truth lies somewhere in the middle. We need to take care of each other, refuse pure hedonism, and protect the vulnerable (and we’re all varying degrees of vulnerable). At the same time: humans aren’t happy in sterile viceless productivity prisons. Creating spaces for leisure which do no harm in the course of their use isn’t just a nice idea… It’s necessary for a functional and happy society.

  • derek@infosec.pubtoSysadmin@lemmy.worldMy thoughts on Proxmox
    1·
    2 months ago

    That’s no different from VMware or Hyper-V if you switch the specifics around. There are many more administrators running virtualization clusters that have very little knowledge of the internals than there are subject matter experts or weekend deep divers. The barrier to entry for these things is low because they’re designed well enough and half decently documented. Proxmox isn’t unique in this respect.

  • derek@infosec.pubtoTechnology@lemmy.worldMicrosoft Recall is now an explorer.exe dependencyEnglish
    3·
    3 months ago

    That’s a fair take. Silver Blue is great and, in the spirit of the thread, if I were helping an interested but hesitant lifelong Windows/Intel/Nvidia user migrate to Linux today I would:

    1. Buy them a new SSD or m.2 (a decent 1tb is ~$50 & a good one only ~$100).
    2. Have them write down what applications, tools, games, sites, etc they use most often.
    3. Swap their current Windows OS drive with the new drive and, if needed, show them how and why that works or provide an illustrated how-to (so this choice is not a one-way street paved with anxiety. If they want to swap back, or transfer files, or whatever else; they can. Easily). Storage drives are just diaries for computers. The user should know there’s nothing scary or mystical about them.
    4. Install Fedora Kinoite on that new drive.
    5. Swap them from Fedora’s custom Flatpak repository to Flathub proper. A decision that should be given to the user on install IMO but I digress.
    6. Install their catalogue of goodies from step 2 so they’re not starting from scratch.
    7. Install pika and configure a sane home directory backup cadence.
    8. Ask them to kick the tires and test drive that Linux install for at least a month.

    Kinoite is going to feel the most like Windows and, once configured, stay out of the way while being a safe, familiar, transparent gateway to the things the user wants to use.

    My personal OS choices are driven by ideals, familiarity, design preferences, and a bank of good will / public trust.

    I disagree with some of Red Hat’s business model. I fully support the approach SUSE takes. I’m also used to the OpenSUSE ecosystem, agree with most of their project’s design philosophies, and trust their intentions. I’m not a “fan” though and will happily recommend and install Silver Blue or any other FOSS system on someone’s computer if that’s what they want and it makes sense for them! Opinionated discussion can be productive and healthy. Zealotry facilitates neither.

    That said: Aeon has been out of beta for a while. The latest release is Release Candidate 3 and they’re closing in on the first full release. Nvidia drivers work after a bit of fiddling. 🙂

    I’m going to edit my previous post to add the Kinoite suggestion for posterity’s sake.