i would not trust hardware from a vendor that puts hardwired backdoors into physical memory… you’ld undermine any security the OS could give you.

antarctica:

• no bad politics
• no wars so far
• people there are mainly interested in science
• no economic abuse or exploitation
• pinguins!
• no air conditioning needed to survive the summer.
• winter is offline time, visitors won’t arrive or leave then.
• last place to stay cool during boomers heritage “heat death of our planet”

well sure, it has downsides too. Next Rollercoaster park is -tbh- unreachable, internet connection is sloo.oo…oow (or did they already finish the submarine fibre cable?) and sunbathing basically only brings you frost bites (if you’re lucky).

However i am not planning to migrate there.

i consider statistics to be a good tool in general - but of course only if used correctly (as with any tool, like using a hammer when you have to drill a hole might create a hole but more repair work would be needed and the hole would likely neither be of correct shape nor stability then)

so use the median to determine the middle, not the average. (because when A robs B everything he has, the average of what both have does not change a single quantum but poverty was increased, and that happens since invention of colonisation and other crimes a f***ing LOT and it did not stop yet)

so determine the middle class by median of what ppl earn/have over the whole world. if you limit to anything smaller than the world, you’re manipulating by maybe favoring robbers, betrayers, murderers and enslavers, so use the whole world median or you end up with lies only.

as i noted colonisation and slavery, the wealth that had build upon such, is in fact just part of (historic) debt.

well lets see, where i am when i guess the worldwide wealth median.

I do not live paycheck-to-paycheck any more for more than a decade, i own a 22year old economic car ( that does not look shiny but the mrchsnic says its secure), but i own no property and pay rent for a 60m2 flat where i live solo. thus i am rich. i neither feel safe financially nor feel rich, nor would i really know how to buy a house or a yacht, but compared to the majority of people on the world, i think i am to be considered rich. I can decide to buy smaller things from my monthly (40h/week) income without the need of thinking, that maybe most of worlds population (the median) would have to save money for in advance or would buy on debt. This alone more than often already is a luxury of the rich: “just buy it (if it does not ruin you)”. However, all of my “luxury” would not exist if i wouldn’t try to save money or be near to ‘nothing’ if i had any children to take care for. a generation ago it was possible to build a house, have a car, pay children, pay a bit extra for your non-working wife so she can go shopping AND go to holiday once a year in the expensive season together with the kids by only ONE person doing the same working hours per week as i do today. I do not see this even partly possible today and i do not feel rich enough to be able to finance a child. am i as poor as i am rich just because of how bad the world had beend changed since? maybe. i guess because of the “wealth transfer” to the rich (where i already “profit” a bit from, but also are ripped off by it) all humans on average(!) are more poor than one or two generations ago, while only a very small fraction of the world actually really profits from that transfer.

The more wealth the rich accumulate, the more quickly they spread more poverty day by day, and the more instability in general is created too. This is what i genuinely believe. But where exactly do i stand in this scenario, comparing myself with the median that i only can imagine what it probably is while all measurements for how rich or poor i am i come up with seem really unusable today.

The by far more easy way is to say “i am NOT rich”, point with the finger at someone else who is driving in his roaring and shiny luxury car to his private jet that will bring him to wherever his captain has maneuvered his billionaires yacht to just to jump into the water there. thats an easy view: the others are rich, but not me. this would be an easy view, but could it also be true? i guess not.

an experiment with words, first mixed (CAP ist first sentence, lower is second, but try to read all words first) then separated versions:

LET how ME does TRY it TO feel MAKE to YOU you COMPARE reading IT that TO sentence READING and TWO this SENTENCES question WITH in MIXED parallel? WORDS.

let me try to make you compare it to reading two sentences with mixed words.

how does it feel to you reading that sentence and this question in parallel?

actually reading this feels a bit similar to listening to different songs in parallel to me, but when reading these 1:1 alternating words (even with one sentence in CAPS) i do not recognise any meaning while reading, but when explicitly only reading CAP or noncap words. when listening to two songs in parallel this seems far more easy for me and seems to work. am i a musician?

[…] reCAPTCHA […] isn’t to detect bots. It is more of stopping automated requests […]

which is bots. bots do automated requests and every automated request doer can also be called a bot (i.e. web crawlers are called bots too and -if kind- also respect robots.txt which has “bots” in its name for this very reason and bots is the shortcut for robots) use of different words does not change reality behind it, but may add a fact of someone trying something on the other.

isn’t even trying to keep an innocent behind bars already a type of kidnapping attempt and every second of delay that it caused an actual act of kidnapping?

that a moderately clever human can talk them into doing pretty much anything.

besides that LLMs are good enough to let moderately clever humans believe that they actually got an answer that was more than guessing and probabilities based on millions of trolls messages, advertising lies, fantasy books, scammer webpages, fake news, astroturfing, propaganda of the past centuries including the current made up narratives and a quite long prompt invisible to that human.

cheerio!

All who could have an idea of what to do with it could seek a way to get that data out of every company or gov that have it for their specific reasons, no matter if data was collected lawful or not, or if access to the data is then lawful or not.

1. search for source of evidences on crime scenes: if one of your relatives happened to have been (related to crime or just bad luck) at a place where later on some evidence was collected, you might cause trouble for them bcs your data is very similar to theirs and that is obvious to laboratories. depending on the the “later on” current state of technology it could affect relatives more than two or three steps away from you. if you live in a country where law enforcement gives a shit about truth and just seeks for one argument to punish just anyone they can point a finger at, that could become a huge problem for the whole family then just because there was data that could have been abused.
2. illegal organ traders could - once they have access to your data - think you or your relatives could be a source of nice income if a client of theirs happen to pay enough. however you will probably never know as the illegal organ traders are unlikely to ring the doorbell to ask nicely for a contract. How much do you think would a richie in personal needs pay for “spare parts” if those who deliver them wants him to just never ask where it came from ? does it matter if such organ teaders could know a “compatible match” by data only? maybe not because they might know tomorrow or someone might put up an AI to do the matching (does it matter if that matching by AI is correct then? i guess such traders don’t really care and their customers probably, but wouldn’t that be possibly too late then?)

For me the latter is actually enough to not willingly give my DNA data to anyone. for no reason. gov might already have it (covid probes had been collected and frozen at least) but actively pushing your data out inzo the world would be insane IMHO.

Laboratories often use Microsoft Windows, Microsoft Active Directory and Microsoft Exchange, thus i personally see no reason to NOT believe that any data they have received once in time would - sooner or later - end up rotating uncontrolled in the hands of uncountable criminals waiting for any chance to make quick or huge money out of it.

looking at the official timeline it is not completely a microsoft product, but…

1. microsoft hated all of linux/open source for ages, even publicly called it a cancer etc.
2. microsoft suddenly stopped it’s hatespeech after the long-term “ineffectivenes” (as in not destroying) of its actions against the open source world became obvious by time
3. systemd appeared on stage
4. everything within systemd is microsoft style, journald is literally microsoft logging, how services are “managed” started etc is exactly the flawed microsoft service management, how systemd was pushed to distributions is similar to how microsoft pushes things to its victi… eh… “custumers”, systemd breaks its promises like microsoft does (i.e. it has never been a drop-in-replacement, like microsoft claimed its OS to be secure while making actual use of separation of users from admins i.e. by filesystem permissions first “really” in 2007 with the need of an extra click, where unix already used permissions for such protection in 1973), systemd causes chaos and removes the deterministic behaviour from linux distributions (i.e. before systemd windows was the only operating system that would show different errors at different times during installtion on the very same perfectly working hardware, now on systemd distros similar chaos can be observed too). there AFAIK still does not exist a definition of the 'binary" protocol of journald, every normal open source project would have done that official definition in the first place, systemd developers statement was like “we take care for it, just use our libraries” wich is microsoft style saying “use our products”, the superflous systems features do harm more than they help (journald’s “protection” from log flooding use like 50% cpu cycles for huge amount of wanted and normal logs while a sane logging system would be happily only using 3%cpu for the very same amount of logs/second whilst ‘not’ throwing away single log lines like journald, thus journald exhaustively and pointlessly abuses system resources for features that do more harm where they are said to help with in the first place), making the init process a network reachable service looks to me like as bad as microsoft once put its web rendering enginge (iis) into kernelspace to be a bit faster but still beeing slower than apache while adding insecurity that later was an abused attack vector. systemd adding pointless dependencies all along the way like microsoft does with its official products to put some force on its customers for whatever official reason they like best. systemd beeing pushed to distributions with a lot of force and damage even to distributions that had this type of freedom of choice to NOT force their users to use a specific init system in its very roots (and the push to place systemd inside of those distros even was pushed furzher to circumvent the unstable->testing->stable rules like microsoft does with its patches i.e.), this list is very far from complete and still no end is in sight.
5. “the” systemd developer is finally officially hired by microsoft

i said that systemd was a microsoft product long before its developer was then hired by microsoft in 2022. And even if he wasn’t hired by them, systemd is still a microsoft-style product in every important way with all what is wrong in how microsoft does things wrong, beginning with design flaws, added insecurities and unneeded attack vectors, added performance issues, false promises, usage bugs (like i’ve never seen an already just logged in user to be directly be logged off in a linux system, except for when systemd wants to stop-start something in background because of it’s ‘fk y’ and where one would 'just try to login again and dont think about it" like with any other of microsofts shitware), ending in insecure and instable systems where one has to “hope” that “the providers” will take care for it without continueing to add even more superflous features, attack vectors etc. as they always did until now.

systemd is in every way i care about a microsoft product. And systemd’s attack vectors by “needless dependencies” just have been added to the list of “prooven” (not only predicted) to be as bad as any M$ product in this regard.

I would not go as far to say that this specific attack was done by microsoft itself (how could i ?), but i consider it a possibility given the facts that they once publicly named linux/open source a “cancer” and now their “sudden” change to “support the open source world” looks to me like the poison “Gríma” used on “Théoden” as well as some other observations and interpretations. however i strongly believe that microsoft secretly actually “likes” every single damage any of systemd’s pointlessly added dependencies or other flaws could do to linux/open source very much. and why shouldn’t they like any damage that was done to any of their obvious opponents (as in money-gain and “dictatorship”-power)? it’s a us company, what would one expect?

And if you want to argue that systemd is not “officially” a product of the microsoft company… well people also say “i googled it” when they mean “i used one of the search engines actually better than google.com” same with other things like “tempo” or “zewa” where i live. since the systemd developer works for microsoft and it seems he works on systemd as part of this work contract, and given all the microsoft style flaws within from the beginning, i consider systemd a product of microsoft. i think systemd overall also “has components” of apple products, but these are IMHO none of technical nature and thus far from beeing part of the discussion here and also apple does not produce “even more systemd” also apple has -as of my experience- very other flaws i did not encounter in systemd (yet?) thus it’s clearly not an apple product.

Before pointing to vulnerabilities of open source software in general, please always look into the details, who -and if so - “without any need” thus also maybe “why” introduced the actual attack vector in the first place. The strength of open source in action should not be seen as a deficit, especially not in such a context.

To me it looks like an evilish company has put lots of efforts over many years to inject its very own overall steady attack-vector-increase by “otherwise” needless increase of indroduction of uncounted dependencies into many distros.

such a ‘needless’ dependency is liblzma for ssh:

https://lwn.net/ml/oss-security/20240329155126.kjjfduxw2yrlxgzm@awork3.anarazel.de/

openssh does not directly use liblzma. However debian and several other distributions patch openssh to support systemd notification, and libsystemd does depend on lzma.

… and that was were and how the attack then surprisingly* “happened”

I consider the attack vector here to have been the superlfous systemd with its excessive dependency cancer. Thus result of using a Microsoft-alike product. Using M$-alike code, what would one expect to get?

*) no surprises here, let me predict that we will see more of their attack vectors in action in the future: as an example have a look at the init process, systemd changed it into a ‘network’ reachable service. And look at all the “cute” capabilities it was designed to “need” ;-)

however distributions free of microsoft(-ish) systemd are available for all who do not want to get the “microsoft experience” in otherwise security driven** distros

**) like doing privilege separation instead of the exact opposite by “design”