November 2, 2023

someday

                            November 2, 2023

                November 2, 2023

                        November 2, 2023
two years ago today pic.twitter.com/82chotW9FM
— depths of wikipedia (@depthsofwiki) November 1, 2023

Now you're thinking with relays:https://t.co/OF31xOaxWk pic.twitter.com/7CQftWXLJ8
— lcamtuf (@lcamtuf@infosec.exchange) (@lcamtuf) November 2, 2023

Linux kernel now supports Intel CEThttps://t.co/JlOZzS9SnF pic.twitter.com/6aMuIw1pGz
— Law (@L4w) November 1, 2023

Coin Center appears to have lost its lawsuit against OFAC over its Tornado Cash sanctions.https://t.co/rUhdCZ0PSp pic.twitter.com/UvGMV9o72Q
— John Paul Koning (@jp_koning) November 1, 2023

            evacide: "I have often wondered why, when stores close, lan…" - Hachyderm.io
            I have often wondered why, when stores close, landlords leave the spaces empty for years at a time instead of lowering rents. The answer, apparently, is banks often won't let them: 

https://www.businessinsider.com/bank-financing-urban-planning-pandemic-retail-apocalypse-vacant-storefront-2023-10

            Artemesia: "@freemo@qoto.org @evacide@hachyderm.io 

> if lan…" - TechHub
            @freemo@qoto.org @evacide@hachyderm.io 

> if landlords arent making the most of their property by leaving it empty, then why would banks want to avoid the chance of profit as well.

The banks' problem is that as long as the landlord maintains the fiction that the property can be leased out at $50/foot, the banks can carry the loan on the books at full value even if the property has sat unleased for years, so long as the landlord continues to make payments on time. But the moment the landlord leases it at a more realistic price (say $25/foot), that creates a mark to market event where the bank has to reduce the book value of the loan, and revalueing loans lower tends to interfere with one's annual bonus. So you see banks have a powerful incentive to maintain the fiction that it will lease at $50/foot someday, even though a property pulling in at least some income is arguably the more valuable loan. 1/2

            Nitasha Tiku: "New dataset deep dive with @kevinschaul@tilde.zon…" - Mastodon
            Attached: 1 image

New dataset deep dive with @kevinschaul@tilde.zone and Szu Yu Chen, this time we looked at AI image generators trained on web-scraped data and found they operate essentially like stereotyping machines, perpetuating American bias https://www.washingtonpost.com/technology/interactive/2023/ai-generated-images-bias-racism-sexism-stereotypes

            Taylor Lorenz: "Excellent story on how HBO execs used an army of …" - Mastodon
            Excellent story on how HBO execs used an army of secret fake accounts on Twitter to harass TV critics who gave poor reviews to their shows

It shows why people shouldn't just write off anonymous comments online as just "trolls" — some of them are coordinated campaigns by extremely powerful people with an axe to grind. 
https://www.rollingstone.com/tv-movies/tv-movie-features/hbo-casey-bloys-secret-twitter-trolls-tv-critics-leaked-texts-lawsuit-the-idol-1234867722/

            mcc: "Fascinating both for what it says about dev & wha…" - Mastodon
            Fascinating both for what it says about dev & what it says about statistics:

A gamedev realized Linux users were just 5.8% of their sales, but represented 38% of bug reports.

Then they looked at those numbers closer, and realized. Linux users were not experiencing more bugs. Almost none of the Linux-user bugs were Linux-related. Linux users were simply more likely to file bugs.

Their conclusion: A linux port pays for itself bc it nerdsnipes ppl into giving u free QA

https://techhub.social/@ozone89/111337250473454154

            Kevin Beaumont: "Mandiant has a new blog out on #CitrixBleed which…" - Cyberplace
            Mandiant has a new blog out on #CitrixBleed which backs up a key point from my blog https://www.mandiant.com/resources/blog/session-hijacking-citrix-cve-2023-4966

The initial exploit string isn’t logged.. at all. 

There’s some good hunting stuff in the blog (ICA sessions)  - I’d say combine it with the GetUserName thing in my blog for assurance. 

The other big take away is a ton of orgs have been compromised and don’t know yet. #threatintel

            Kee Hinckley: "“AI discourse thus remains stubbornly rooted in a…" - Infosec Exchange
            “AI discourse thus remains stubbornly rooted in a simplistic anthropocentric mindset that regards human intelligence as the very paradigm of any intelligence (ignoring the diverse intelligence of, for example, nonhuman animals). The same mindset conceives of human intelligence as a fundamentally calculative and measurable capacity located in the brain—an assumption that encourages researchers to mobilize the atomized abstractions of narrow utilitarianism, economics, and game theory, while ignoring more complex and situated perspectives (including the impact of physical embodiment, emotions, webs of relationality, relations of care, cultural contexts, and/or philosophical assumptions).14 In its reductive form, “intelligence” harks back to pseudoscientific hierarchies and norms derived from the long histories of biometrics, eugenics, imperialism, and their totalitarian outcomes.15 By contrast, critical perspectives recognize the plurality and contextualism of intelligence, human and otherwise.16 With respect to “AI,” critical perspectives perceive how anthropomorphic analogies misrepresent the functionalities of data-driven machine systems when they conflate predictive analytics with human decision-making and equate massive datasets with human knowledge, social experience, and cultural commitments. The point of rejecting such flawed assumptions is as much to capture robust understandings of machine intelligence as it is to complicate mechanistic simplifications of biological life.” https://mastodon.social/@CriticalAI/111217298111656105

            Zack Whittaker: "New, by me: Two U.S. lawmakers have asked retail …" - Mastodon
            Attached: 1 image

New, by me: Two U.S. lawmakers have asked retail giant Costco why it continues to sell surveillance equipment made by Lorex, despite warnings of cybersecurity risks and links to human rights abuses.

The letter comes two years(!) after a joint TechCrunch and IPVM investigation found big box retailers were selling Lorex gear. Home Depot, Best Buy, and Lowe’s ended up pulling the tech from its shelves, but Costco did not. 

Now lawmakers want to know why. 

More: https://techcrunch.com/2023/11/01/lawmakers-costco-lorex-dahua-entity-list/

                            Don't miss what's next. Subscribe to the grugq's newsletter:

November 2, 2023

November 2, 2023

evacide: "I have often wondered why, when stores close, lan…" - Hachyderm.io

I have often wondered why, when stores close, landlords leave the spaces empty for years at a time instead of lowering rents. The answer, apparently, is banks often won't let them: https://www.businessinsider.com/bank-financing-urban-planning-pandemic-retail-apocalypse-vacant-storefront-2023-10

Artemesia: "@freemo@qoto.org @evacide@hachyderm.io > if lan…" - TechHub

Nitasha Tiku: "New dataset deep dive with @kevinschaul@tilde.zon…" - Mastodon

Taylor Lorenz: "Excellent story on how HBO execs used an army of …" - Mastodon

mcc: "Fascinating both for what it says about dev & wha…" - Mastodon

Kevin Beaumont: "Mandiant has a new blog out on #CitrixBleed which…" - Cyberplace

Kee Hinckley: "“AI discourse thus remains stubbornly rooted in a…" - Infosec Exchange

Zack Whittaker: "New, by me: Two U.S. lawmakers have asked retail …" - Mastodon