@franklingraves @SaraKubik That’s a terribly misleading opening. Large language models inherently don’t understand anything. They’re statistical models trained to repeat things.
English
Zimmie
10.9K posts
Zimmie
@bob_zim
Former firewall tech support. Now, senior infrastructure admin at a financial institution.
DFW, Texas Katılım Kasım 2010
34 Takip Edilen331 Takipçiler
Dang… opening:
“The issue at the heart of this litigation is whether training [AI] to understand human knowledge violates copyright law. It is on that question that the parties fundamentally disagree, and on which the future of artificial intelligence may turn.”
English
Dang… it’s a BUSY night for #generativeAI 🤪
OpenAI reply memo just dropped in the Tremblay case 😎
I pulled from PACER…
English
@YarnoSG @SwiftOnSecurity Seems pretty straightforward to me.
• The company never has access to the biometric data
• Therefore the company never collected the biometric data
• Therefore the company doesn’t need to take special measures to protect data it never had in the first place
English
@bob_zim @SwiftOnSecurity Overly cautious/conservative lawyers is how, hence the question (I agree with your interpretation).
I am looking for an approach to refute their misinterpretation of the law
English
Windows Hello for Business facial biometrics is just the coolest thing. Sit in front of my computer and I’m signed in with an MFA token.
English
@YarnoSG @SwiftOnSecurity I don’t see how it would apply to Windows Hello. The whole point of the readers Hello supports is that the biometric data never leaves the reader. The reader only sends an asymmetric attestation that it was presented with authentic biometrics which match its local store.
English
@SwiftOnSecurity What did you do about BIPA?
Our company has trouble embracing anything with biometrics because of it....
English
@JBizzle703 @dillonwpatrick1 My environment has core firewalls instead of core routers. Basically every VLAN has only filtered access to basically every other VLAN. Before a terrible management decision, three people handled all of the firewall rule work. It was nice. *Great* visibility for troubleshooting.
English
@dillonwpatrick1 Gateways/Proxies/Edge Termination/LB's(possibly). I don't know that I have a great one size fits all, except for I would like to treat every zone/VLAN/subnet as a DMZ (i.e. monitoring traffic flow, specific allowed data flows, L7 inspection)
English
The idea that DMZ's are some magical security fortress with crazy increased security is funny. They don't have SUPER CYBER properties😂
It's just a security zone (VLAN(s)) that you can put stuff into. You should have many of these, and you should be intentional with what you are putting in each.
English
@arekfurt @SwiftOnSecurity My reading is it’s saying not to reduce the labels to magic incantations to ward off audits.
“It’s in a DMZ!”
Okay, but it hangs directly off your core router along with everything else with no filtering between anything.
“Yeah, but we call it the DMZ! Meets the requirement!”
English
@SwiftOnSecurity Expand on that last sentence. If you would care to.
(I think you're saying that we should be using segmentation zones as part of a defense-in-depth strategy where the server apps themselves still need to be decently hardened. But I might be wrong.)
English
Seen this first hand, as an app owner. DMZ transmutes into a business culture/compliance fantasy practice, a dumping ground for mismanaged mislaid children. There should be segmentation, but those zones should not become memes instead of carefully delineated paranoid architecture
John Breth (JB) | CyberInsight® on YouTube@JBizzle703
The idea that DMZ's are some magical security fortress with crazy increased security is funny. They don't have SUPER CYBER properties😂 It's just a security zone (VLAN(s)) that you can put stuff into. You should have many of these, and you should be intentional with what you are putting in each.
English
@dillonwpatrick1 @JBizzle703 It’s more that there shouldn’t be *a* DMZ. The use of singular implies there’s the outside, a few protected things, then a soft nougat center.
Instead, each application (or each part of each application) should have filtering between it and other stuff.
English
@JBizzle703 In a world shifting more and more to hybrid cloud what would you be prioritizing for your DMZ ?
English
@GerardThornley @SwiftOnSecurity That’s what Tay is saying: the general public thinks nuclear waste is a technical issue, but it isn’t. It is purely a political issue.
English
@SwiftOnSecurity I'm all for more nuclear power, but I don't see how the waste can not be a political issue. Any method for dealing with it (whether it's processing or storage) will touch on land use / planning, which will always be political.
English
What’s a “big problem” in your profession that isn’t actually a problem, and the public are wrong?
English
@sciliz @SwiftOnSecurity Every time we as a civilization shut down a nuclear power plant, it has been replaced with fossil fuel power plants. Nuclear waste is solid and compact. Fossil fuel waste goes into the air. How is that better?
English
@sorrynotsoryu @SwiftOnSecurity No, no. Tay is saying the general public has the impression waste management is a technical issue, but it’s not at all. It’s only a political issue.
English
@bob_zim @SwiftOnSecurity yeah that's what I thought, so I was wondering if it was somehow true that it was a technical issue
English
@sorrynotsoryu @SwiftOnSecurity The main place fossil fuel power plants “store” their waste is in the air.
In contrast, nuclear waste is solid and compact. There are some complexities to dealing with it because it’s still radioactive, meaning it’s actually still fuel. They’re very manageable, though.
English
@jeffmcjunkin @SwiftOnSecurity Yep. When you log in to a box which you don’t recognize to see what it is, you are giving that box your cleartext credentials. Inventory scanners which try to authenticate are so leaky it would be funny if it weren’t so terrifying.
English
The large majority of client environments I see have their vuln scanners set up as 1) authenticated, 2) administrative for *every* domain / IDP, and 3) happily fall back to NTLM (v1, v2, or both)
SwiftOnSecurity@SwiftOnSecurity
Today I started on the path of removing a scenario where a privileged account is using NTLM to authenticate to hundreds of machines. Today was a good day.
English
@SwiftOnSecurity I’m nearing the completion of a multi-year project to:
1. Make sure all the nodes in each of my clusters actually have the same configuration
2. Routinely test each cluster’s redundancy
3. Get all of my systems onto code released less than a year ago
Basics at scale are hard!
English
hurr durr all you talk about is basic shit anyone could do
⚠️ YES YOU IDIOT ⚠️
English
I’m super fucking serious about the blocking advertising thing by the way. It’s not like I get cyber clout from talking about browser extensions.
English
@warrbo @SwiftOnSecurity @wombat_socho The SCotUS *should be* accountable to congress, yes.
Unfortunately for all of us, “should be” is different from “is”.
English
@bob_zim @SwiftOnSecurity @wombat_socho No. Congress is supposed to be able to respond efficiently! Scotus was never intended to be the end of anything other than the one case and controversy before it. Looks to the Lucy Ledbetter Fair Pay Act as quick response to court for how this is supposed to work but it's broken!
English
My middle school library had a whole series of books on pivotal American court cases like the Scopes monkey trial so I may have a distorted understanding of how much the public appreciates everything is just fucking case law.
English
@wombat_socho @SwiftOnSecurity Fundamentally, the law is whatever the SCotUS says it is. They can freely contradict themselves at any time. After all, where are you going to appeal to reverse a decision you don’t like? And Thomas’ decades-long tenure clearly shows none of them will ever be held accountable.
English
@SwiftOnSecurity I don't think most Americans understand how SCOTUS works to begin with, much less the mountains of case law that affect decisions.
English
@guyrleech @SwiftOnSecurity Assuming the expression language in use allows anchors. A shocking number don’t, or reconstruct URLs in a way which makes anchoring extremely difficult.
All this is ultimately just another reason dotted decimal is the worst possible notation for expressing IP numbers.
English
Don't forget to escape a . with a \ if you are looking for an actual dot. Also be aware of anchors as even 10\. will match 10. anywhere like in 200.210.42.42 whereas ^10\. only matches at start of string
SwiftOnSecurity@SwiftOnSecurity
You ever wonder how many security products allow all 10* traffic like 101.25.26.94 because the admin/programmer didn't realize 10.* is a RegEx
English
@Esc_Mike @SwiftOnSecurity It’s fundamentally about computing power. “GPUs” actually have very little to do with graphics anymore. That just happens to be the first craze which led to their development. They are extremely powerful general-purpose computers, so now they’re being used for HPC things.
English
@SwiftOnSecurity We *just* got out of crypto hell. Is this one of those "GPU hype trains will expand to fill any available hardware capacity" things?
English
When I think PC gaming has a future, then see GPU prices
English
@SwiftOnSecurity A big and really widely known vendor has rug-pulled my company *three times* by removing features critical to how we use their product. We don’t have a way to move away because we made a bad decision years ago to use functionality which they don’t allow anyone else to provide.
English
@SwiftOnSecurity While tools are often capable of a lot more than you do with them, using a broader set of capabilities does come with some risk: what if the vendor pulls the rug out from under you in some way? Can you switch away if needed?
English
IT career advice:
The tools you already have do a LOT more than your company uses them for. Often products are purchased to do ONE thing. Tools need both a motivated admin + one with time.
Learn what you already own and master it. I see this CONSTANTLY. Volunteer responsibility.
English
@mitchellmebane @quasi42 @JustinLardinois @FatElvis04 @SwiftOnSecurity iMac Pro and 2019 Mac Pro are believed to use the same modules. Mac Studio definitely uses different modules (physically shorter). Not sure about 2023 Mac Pro.
Modules are raw flash, not NVMe. Apple sells them loose. No 3rd-party manufacturers, but no reason one couldn’t start.
English
@mitchellmebane @quasi42 @JustinLardinois @FatElvis04 @SwiftOnSecurity Mac Studio also has replaceable modules, though they are not officially user-accessible, just like iMac Pro. The replacement process is the same for iMac Pro, 2019 Mac Pro, Mac Studio, and 2023 Mac Pro: back up your data, swap modules, use another Mac to reset the SSD controller.
English