𝙲𝚑𝚊𝚒𝚛𝚖𝚊𝚗 𝙼𝚎𝚘𝚠

“Let’s meme on them”

• Adolf Hitler, 1936.

A single server not booting should not usually lead to a loss of service as you should always run some sort of redundancy.

I’m a dev for a medium-sized PSP that due to our customers does occasionally get targetted by malicious actors, including state actors. We build our services to be highly available, e.g. a server not booting would automatically do a failover to another one, and if that fails several alerts will go off so that the sysadmins can investigate.

Temporary loss of service does lead to reputational damage, but if contained most of our customers tend to be understanding. However, if a malicious actor could gain entry to our systems the damage could be incredibly severe (depending on what they manage to access of course), so much so that we prefer the service to stop rather than continue in a potentially compromised state. What’s worse: service disrupted for an hour or tons of personal data leaked?

Of course, your threat model might be different and a compromised server might not lead to severe damage. But Crowdstrike/Microsoft/whatever may not know that, and thus opt for the most “secure” option, which is to stop the boot process.

Nah, but there were some Linux evangelists claiming this couldn’t possibly happen to Linux and it only happened to Windows because Windows is bad. And it was your own fault for getting this BSOD if you’re still running Windows.

And sure, Windows bad and all, but this one wasn’t really Microsofts fault.

The 3rd party service is AV. You do not want to boot a potentially compromised or insecure system that is unable to start its AV properly, and have it potentially access other critical systems. That’s a recipe for a perhaps more local but also more painful disaster. It makes sense that a critical enterprise system does not boot if something is off. No AV means the system is a security risk and should not boot and connect to other critical/sensitive systems, period.

These sorts of errors should be alleviated through backup systems and prevented by not auto-updating these sorts of systems.

Sure, for a personal PC I would not necessarily want a BSOD, I’d prefer if it just booted and alerted the user. But for enterprise servers? Best not.

And what guarantees that that “last known good config” is available, not compromised and there’s no malicious actor trying to force the system to use a config that has a vulnerability?

If AV suddenly stops working, it could mean the AV is compromised. A BSOD is a desirable outcome in that case. Booting a compromised system anyway is bad code.

Windows assumes that you installed that AV for a reason. If it suddenly faults, who’s to say it’s a bug and not some virus going ham on the AV? A BSOD is the most graceful exit you could do, ignoring and booting a potentially compromised system is a fairly big no-no (especially in systems that feel the need to install AV like this in the first place).

Better rebrand to Clownstrife I guess.

Or take the ad-supported option, where it prints out ads on your documents!

I’d say bombing children’s hospitals says a lot about someone’s personality.

The PR had some issues regarding files that were pushed that shouldn’t have been, adding refactors that should have been in separate PRs, etc…

Though the main reason is that Signal doesn’t consider this issue a part of their threat model.

It’s Base62 actually, misremembered that. It’s to avoid some special characters iirc. And no, performance is fine.

We’re using this: https://github.com/TheArchitectDev/Architect.Identities

https://github.com/TheArchitectDev/Architect.Identities

Here’s the package one of our former developers created. It has some advantages and some drawbacks, but overall it’s been quite a treat to work with!

At the company I work at we use UUIDv7 but base63 encoded I believe. This gives you fairly short ids (16 chars iirc, it includes lowercase letters) that are also sortable.

I think they’d nominate Newsom over Clinton tbh.

It’s only an Oxford comma if it’s from the region of Oxford. Otherwise it’s just sparkling interpunction.

That’s true, but Wikileaks does share at least some of the blame for making the encrypted documents accessible. They’re not immune to leaks themselves and should handle these incredibly sensitive documents accordingly. In this case, they failed to do so and an external party triggered a leak. Wikileaks should probably have deleted the documents alltogether.

IIRC a password providing access to some of the full, unredacted documents was leaked, so despite Wikileaks vetting the documents some names did still get out. It was fairly quickly scrubbed and its believed that nobody was harmed in the end, but it got pretty close.

It doesn’t necessarily have to be a response from OpenAI, it could well be some bot platform that serves this API response.

I’m pretty sure someone somewhere has created a product that allows you to generate bot responses from a variety of LLM sources. And if whatever is interacting with it is simply reading the response body and stripping out what it expects to be there to leave only the message, I could easily see a fairly bad programmer create something that outputs something like this.

It’s certainly possible this is just a troll account, but it could also just be shit software.

Aaand here’s your misunderstanding.

All messages detected by whatever algorithm/AI the provider implemented are sent to the authorities. The proposal specifically says that even if there is some doubt, the messages should be sent. Family photo or CSAM? Send it. Is it a raunchy text to a partner or might one of them be underage? Not 100% sure? Send it. The proposal is very explicit in this.

Providers are additionally required to review a subset of the messages sent over, for tweaking w.r.t. false positives. They do not do a manual review as an additional check before the messages are sent to the authorities.

If I send a letter to someone, the law forbids anyone from opening the letter if they’re not the intended recipient. E2E encryption ensures the same for digital communication. It’s why I know that Zuckerberg can’t read my messages, and neither can the people from Signal (metadata analysis is a different thing of course). But with this chat control proposal, suddenly they, as well as the authorities, would be able to read a part of the messages. This is why it’s an unacceptable breach of privacy.

Thankfully this nonsensical proposal didn’t get a majority.